2 This file is part of GNUnet.
3 Copyright (C) 2012-2018 GNUnet e.V.
5 GNUnet is free software: you can redistribute it and/or modify it
6 under the terms of the GNU Affero General Public License as published
7 by the Free Software Foundation, either version 3 of the License,
8 or (at your option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Affero General Public License for more details.
15 You should have received a copy of the GNU Affero General Public License
16 along with this program. If not, see <http://www.gnu.org/licenses/>.
18 SPDX-License-Identifier: AGPL3.0-or-later
21 * @author Martin Schanzenbach
22 * @author Christian Grothoff
23 * @file src/gns/gnunet-gns-proxy.c
24 * @brief HTTP(S) proxy that rewrites URIs and fakes certificats to make GNS work
25 * with legacy browsers
28 * - double-check queueing logic
31 #include <microhttpd.h>
33 #include <curl/curl.h>
34 #elif HAVE_GNURL_CURL_H
35 #include <gnurl/curl.h>
37 #include <gnutls/gnutls.h>
38 #include <gnutls/x509.h>
39 #include <gnutls/abstract.h>
40 #include <gnutls/crypto.h>
42 #include <gnutls/dane.h>
45 #include "gnunet_util_lib.h"
46 #include "gnunet_gns_service.h"
47 #include "gnunet_identity_service.h"
53 * Default Socks5 listen port.
55 #define GNUNET_GNS_PROXY_PORT 7777
58 * Maximum supported length for a URI.
59 * Should die. @deprecated
61 #define MAX_HTTP_URI_LENGTH 2048
64 * Maximum number of DANE records we support
65 * per domain name (and port and protocol).
70 * Size of the buffer for the data upload / download. Must be
71 * enough for curl, thus CURL_MAX_WRITE_SIZE is needed here (16k).
73 #define IO_BUFFERSIZE CURL_MAX_WRITE_SIZE
76 * Size of the read/write buffers for Socks. Uses
77 * 256 bytes for the hostname (at most), plus a few
78 * bytes overhead for the messages.
80 #define SOCKS_BUFFERSIZE (256 + 32)
83 * Port for plaintext HTTP.
90 #define HTTPS_PORT 443
93 * Largest allowed size for a PEM certificate.
95 #define MAX_PEM_SIZE (10 * 1024)
98 * After how long do we clean up unused MHD TLS instances?
100 #define MHD_CACHE_TIMEOUT GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 5)
103 * After how long do we clean up Socks5 handles that failed to show any activity
104 * with their respective MHD instance?
106 #define HTTP_HANDSHAKE_TIMEOUT GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 15)
112 * @param level log level
113 * @param fun name of curl_easy-function that gave the error
114 * @param rc return code from curl
116 #define LOG_CURL_EASY(level,fun,rc) \
118 _("%s failed at %s:%d: `%s'\n"), \
122 curl_easy_strerror (rc))
125 /* *************** Socks protocol definitions (move to TUN?) ****************** */
128 * Which SOCKS version do we speak?
130 #define SOCKS_VERSION_5 0x05
133 * Flag to set for 'no authentication'.
135 #define SOCKS_AUTH_NONE 0
139 * Commands in Socks5.
144 * Establish TCP/IP stream.
146 SOCKS5_CMD_TCP_STREAM = 1,
149 * Establish TCP port binding.
151 SOCKS5_CMD_TCP_PORT = 2,
154 * Establish UDP port binding.
156 SOCKS5_CMD_UDP_PORT = 3
161 * Address types in Socks5.
163 enum Socks5AddressType
173 SOCKS5_AT_DOMAINNAME = 3,
184 * Status codes in Socks5 response.
186 enum Socks5StatusCode
188 SOCKS5_STATUS_REQUEST_GRANTED = 0,
189 SOCKS5_STATUS_GENERAL_FAILURE = 1,
190 SOCKS5_STATUS_CONNECTION_NOT_ALLOWED_BY_RULE = 2,
191 SOCKS5_STATUS_NETWORK_UNREACHABLE = 3,
192 SOCKS5_STATUS_HOST_UNREACHABLE = 4,
193 SOCKS5_STATUS_CONNECTION_REFUSED_BY_HOST = 5,
194 SOCKS5_STATUS_TTL_EXPIRED = 6,
195 SOCKS5_STATUS_COMMAND_NOT_SUPPORTED = 7,
196 SOCKS5_STATUS_ADDRESS_TYPE_NOT_SUPPORTED = 8
201 * Client hello in Socks5 protocol.
203 struct Socks5ClientHelloMessage
206 * Should be #SOCKS_VERSION_5.
211 * How many authentication methods does the client support.
213 uint8_t num_auth_methods;
215 /* followed by supported authentication methods, 1 byte per method */
221 * Server hello in Socks5 protocol.
223 struct Socks5ServerHelloMessage
226 * Should be #SOCKS_VERSION_5.
231 * Chosen authentication method, for us always #SOCKS_AUTH_NONE,
232 * which skips the authentication step.
239 * Client socks request in Socks5 protocol.
241 struct Socks5ClientRequestMessage
244 * Should be #SOCKS_VERSION_5.
249 * Command code, we only uspport #SOCKS5_CMD_TCP_STREAM.
254 * Reserved, always zero.
259 * Address type, an `enum Socks5AddressType`.
264 * Followed by either an ip4/ipv6 address or a domain name with a
265 * length field (uint8_t) in front (depending on @e addr_type).
266 * followed by port number in network byte order (uint16_t).
272 * Server response to client requests in Socks5 protocol.
274 struct Socks5ServerResponseMessage
277 * Should be #SOCKS_VERSION_5.
282 * Status code, an `enum Socks5StatusCode`
292 * Address type, an `enum Socks5AddressType`.
297 * Followed by either an ip4/ipv6 address or a domain name with a
298 * length field (uint8_t) in front (depending on @e addr_type).
299 * followed by port number in network byte order (uint16_t).
306 /* *********************** Datastructures for HTTP handling ****************** */
309 * A structure for CA cert/key
316 gnutls_x509_crt_t cert;
321 gnutls_x509_privkey_t key;
326 * Structure for GNS certificates
328 struct ProxyGNSCertificate
331 * The certificate as PEM
333 char cert[MAX_PEM_SIZE];
336 * The private key as PEM
338 char key[MAX_PEM_SIZE];
344 * A structure for all running Httpds
351 struct MhdHttpList *prev;
356 struct MhdHttpList *next;
359 * the domain name to server (only important for TLS)
366 struct MHD_Daemon *daemon;
369 * Optional proxy certificate used
371 struct ProxyGNSCertificate *proxy_cert;
376 struct GNUNET_SCHEDULER_Task *httpd_task;
379 * is this an ssl daemon?
386 /* ***************** Datastructures for Socks handling **************** */
395 * We're waiting to get the client hello.
400 * We're waiting to get the initial request.
405 * We are currently resolving the destination.
410 * We're in transfer mode.
412 SOCKS5_DATA_TRANSFER,
415 * Finish writing the write buffer, then clean up.
417 SOCKS5_WRITE_THEN_CLEANUP,
420 * Socket has been passed to MHD, do not close it anymore.
422 SOCKS5_SOCKET_WITH_MHD,
425 * We've started receiving upload data from MHD.
427 SOCKS5_SOCKET_UPLOAD_STARTED,
430 * We've finished receiving upload data from MHD.
432 SOCKS5_SOCKET_UPLOAD_DONE,
435 * We've finished uploading data via CURL and can now download.
437 SOCKS5_SOCKET_DOWNLOAD_STARTED,
440 * We've finished receiving download data from cURL.
442 SOCKS5_SOCKET_DOWNLOAD_DONE
449 struct HttpResponseHeader
454 struct HttpResponseHeader *next;
459 struct HttpResponseHeader *prev;
473 * A structure for socks requests
481 struct Socks5Request *next;
486 struct Socks5Request *prev;
491 struct GNUNET_NETWORK_Handle *sock;
494 * Handle to GNS lookup, during #SOCKS5_RESOLVING phase.
496 struct GNUNET_GNS_LookupWithTldRequest *gns_lookup;
499 * Client socket read task
501 struct GNUNET_SCHEDULER_Task *rtask;
504 * Client socket write task
506 struct GNUNET_SCHEDULER_Task *wtask;
511 struct GNUNET_SCHEDULER_Task *timeout_task;
516 char rbuf[SOCKS_BUFFERSIZE];
521 char wbuf[SOCKS_BUFFERSIZE];
524 * Buffer we use for moving data between MHD and curl (in both directions).
526 char io_buf[IO_BUFFERSIZE];
529 * MHD HTTP instance handling this request, NULL for none.
531 struct MhdHttpList *hd;
534 * MHD connection for this request.
536 struct MHD_Connection *con;
539 * MHD response object for this request.
541 struct MHD_Response *response;
544 * the domain name to server (only important for TLS)
549 * DNS Legacy Host Name as given by GNS, NULL if not given.
554 * Payload of the DANE records encountered.
556 char *dane_data[MAX_DANES + 1];
574 * HTTP request headers for the curl request.
576 struct curl_slist *headers;
579 * DNS->IP mappings resolved through GNS
581 struct curl_slist *hosts;
584 * HTTP response code to give to MHD for the response.
586 unsigned int response_code;
589 * Number of bytes in @e dane_data.
591 int dane_data_len[MAX_DANES + 1];
594 * Number of entries used in @e dane_data_len
597 unsigned int num_danes;
600 * Number of bytes already in read buffer
605 * Number of bytes already in write buffer
610 * Number of bytes already in the IO buffer.
615 * Once known, what's the target address for the connection?
617 struct sockaddr_storage destination_address;
622 enum SocksPhase state;
625 * Desired destination port.
630 * Headers from response
632 struct HttpResponseHeader *header_head;
635 * Headers from response
637 struct HttpResponseHeader *header_tail;
640 * X.509 Certificate status
645 * Was the hostname resolved via GNS?
650 * This is (probably) a TLS connection
655 * Did we suspend MHD processing?
660 * Did we pause CURL processing?
667 /* *********************** Globals **************************** */
670 * The address to bind to
672 static in_addr_t address;
675 * The IPv6 address to bind to
677 static struct in6_addr address6;
680 * The port the proxy is running on (default 7777)
682 static uint16_t port = GNUNET_GNS_PROXY_PORT;
685 * The CA file (pem) to use for the proxy CA
687 static char *cafile_opt;
690 * The listen socket of the proxy for IPv4
692 static struct GNUNET_NETWORK_Handle *lsock4;
695 * The listen socket of the proxy for IPv6
697 static struct GNUNET_NETWORK_Handle *lsock6;
700 * The listen task ID for IPv4
702 static struct GNUNET_SCHEDULER_Task * ltask4;
705 * The listen task ID for IPv6
707 static struct GNUNET_SCHEDULER_Task * ltask6;
710 * The cURL download task (curl multi API).
712 static struct GNUNET_SCHEDULER_Task * curl_download_task;
715 * The cURL multi handle
717 static CURLM *curl_multi;
720 * Handle to the GNS service
722 static struct GNUNET_GNS_Handle *gns_handle;
727 static int disable_v6;
730 * DLL for http/https daemons
732 static struct MhdHttpList *mhd_httpd_head;
735 * DLL for http/https daemons
737 static struct MhdHttpList *mhd_httpd_tail;
740 * Daemon for HTTP (we have one per X.509 certificate, and then one for
741 * all HTTP connections; this is the one for HTTP, not HTTPS).
743 static struct MhdHttpList *httpd;
746 * DLL of active socks requests.
748 static struct Socks5Request *s5r_head;
751 * DLL of active socks requests.
753 static struct Socks5Request *s5r_tail;
756 * The CA for X.509 certificate generation
758 static struct ProxyCA proxy_ca;
761 * Response we return on cURL failures.
763 static struct MHD_Response *curl_failure_response;
768 static const struct GNUNET_CONFIGURATION_Handle *cfg;
771 /* ************************* Global helpers ********************* */
775 * Run MHD now, we have extra data ready for the callback.
777 * @param hd the daemon to run now.
780 run_mhd_now (struct MhdHttpList *hd);
784 * Clean up s5r handles.
786 * @param s5r the handle to destroy
789 cleanup_s5r (struct Socks5Request *s5r)
791 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
792 "Cleaning up socks request\n");
793 if (NULL != s5r->curl)
795 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
796 "Cleaning up cURL handle\n");
797 curl_multi_remove_handle (curl_multi,
799 curl_easy_cleanup (s5r->curl);
804 s5r->suspended = GNUNET_NO;
805 MHD_resume_connection (s5r->con);
807 curl_slist_free_all (s5r->headers);
808 if (NULL != s5r->hosts)
810 curl_slist_free_all (s5r->hosts);
812 if ( (NULL != s5r->response) &&
813 (curl_failure_response != s5r->response) )
815 MHD_destroy_response (s5r->response);
816 s5r->response = NULL;
818 if (NULL != s5r->rtask)
820 GNUNET_SCHEDULER_cancel (s5r->rtask);
823 if (NULL != s5r->timeout_task)
825 GNUNET_SCHEDULER_cancel (s5r->timeout_task);
826 s5r->timeout_task = NULL;
828 if (NULL != s5r->wtask)
830 GNUNET_SCHEDULER_cancel (s5r->wtask);
833 if (NULL != s5r->gns_lookup)
835 GNUNET_GNS_lookup_with_tld_cancel (s5r->gns_lookup);
836 s5r->gns_lookup = NULL;
838 if (NULL != s5r->sock)
840 if (SOCKS5_SOCKET_WITH_MHD <= s5r->state)
841 GNUNET_NETWORK_socket_free_memory_only_ (s5r->sock);
843 GNUNET_NETWORK_socket_close (s5r->sock);
846 GNUNET_CONTAINER_DLL_remove (s5r_head,
849 GNUNET_free_non_null (s5r->domain);
850 GNUNET_free_non_null (s5r->leho);
851 GNUNET_free_non_null (s5r->url);
852 for (unsigned int i=0;i<s5r->num_danes;i++)
853 GNUNET_free (s5r->dane_data[i]);
858 /* ************************* HTTP handling with cURL *********************** */
861 curl_download_prepare ();
865 * Callback for MHD response generation. This function is called from
866 * MHD whenever MHD expects to get data back. Copies data from the
867 * io_buf, if available.
869 * @param cls closure with our `struct Socks5Request`
870 * @param pos in buffer
871 * @param buf where to copy data
872 * @param max available space in @a buf
873 * @return number of bytes written to @a buf
876 mhd_content_cb (void *cls,
881 struct Socks5Request *s5r = cls;
882 size_t bytes_to_copy;
884 if ( (SOCKS5_SOCKET_UPLOAD_STARTED == s5r->state) ||
885 (SOCKS5_SOCKET_UPLOAD_DONE == s5r->state) )
887 /* we're still not done with the upload, do not yet
888 start the download, the IO buffer is still full
890 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
891 "Pausing MHD download %s%s, not yet ready for download\n",
894 return 0; /* not yet ready for data download */
896 bytes_to_copy = GNUNET_MIN (max,
898 if ( (0 == bytes_to_copy) &&
899 (SOCKS5_SOCKET_DOWNLOAD_DONE != s5r->state) )
901 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
902 "Pausing MHD download %s%s, no data available\n",
905 if (NULL != s5r->curl)
907 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
908 "Continuing CURL interaction for %s%s\n",
911 if (GNUNET_YES == s5r->curl_paused)
913 s5r->curl_paused = GNUNET_NO;
914 curl_easy_pause (s5r->curl,
917 curl_download_prepare ();
919 if (GNUNET_NO == s5r->suspended)
921 MHD_suspend_connection (s5r->con);
922 s5r->suspended = GNUNET_YES;
924 return 0; /* more data later */
926 if ( (0 == bytes_to_copy) &&
927 (SOCKS5_SOCKET_DOWNLOAD_DONE == s5r->state) )
929 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
930 "Completed MHD download %s%s\n",
933 return MHD_CONTENT_READER_END_OF_STREAM;
935 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
936 "Writing %llu/%llu bytes to %s%s\n",
937 (unsigned long long) bytes_to_copy,
938 (unsigned long long) s5r->io_len,
944 memmove (s5r->io_buf,
945 &s5r->io_buf[bytes_to_copy],
946 s5r->io_len - bytes_to_copy);
947 s5r->io_len -= bytes_to_copy;
948 if ( (NULL != s5r->curl) &&
949 (GNUNET_YES == s5r->curl_paused) )
951 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
952 "Continuing CURL interaction for %s%s\n",
955 s5r->curl_paused = GNUNET_NO;
956 curl_easy_pause (s5r->curl,
959 return bytes_to_copy;
964 * Check that the website has presented us with a valid X.509 certificate.
965 * The certificate must either match the domain name or the LEHO name
966 * (or, if available, the TLSA record).
968 * @param s5r request to check for.
969 * @return #GNUNET_OK if the certificate is valid
972 check_ssl_certificate (struct Socks5Request *s5r)
974 unsigned int cert_list_size;
975 const gnutls_datum_t *chainp;
976 const struct curl_tlssessioninfo *tlsinfo;
977 char certdn[GNUNET_DNSPARSER_MAX_NAME_LENGTH + 3];
979 gnutls_x509_crt_t x509_cert;
983 s5r->ssl_checked = GNUNET_YES;
984 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
985 "Checking X.509 certificate\n");
987 curl_easy_getinfo (s5r->curl,
988 CURLINFO_TLS_SESSION,
990 return GNUNET_SYSERR;
991 if (CURLSSLBACKEND_GNUTLS != tlsinfo->backend)
993 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
994 _("Unsupported CURL TLS backend %d\n"),
996 return GNUNET_SYSERR;
998 chainp = gnutls_certificate_get_peers (tlsinfo->internals,
1001 (0 == cert_list_size) )
1002 return GNUNET_SYSERR;
1004 size = sizeof (certdn);
1005 /* initialize an X.509 certificate structure. */
1006 gnutls_x509_crt_init (&x509_cert);
1007 gnutls_x509_crt_import (x509_cert,
1009 GNUTLS_X509_FMT_DER);
1011 if (0 != (rc = gnutls_x509_crt_get_dn_by_oid (x509_cert,
1012 GNUTLS_OID_X520_COMMON_NAME,
1013 0, /* the first and only one */
1014 0 /* no DER encoding */,
1018 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1019 _("Failed to fetch CN from cert: %s\n"),
1020 gnutls_strerror(rc));
1021 gnutls_x509_crt_deinit (x509_cert);
1022 return GNUNET_SYSERR;
1024 /* check for TLSA/DANE records */
1025 #if HAVE_GNUTLS_DANE
1026 if (0 != s5r->num_danes)
1028 dane_state_t dane_state;
1029 dane_query_t dane_query;
1030 unsigned int verify;
1032 /* FIXME: add flags to gnutls to NOT read UNBOUND_ROOT_KEY_FILE here! */
1033 if (0 != (rc = dane_state_init (&dane_state,
1034 #ifdef DANE_F_IGNORE_DNSSEC
1035 DANE_F_IGNORE_DNSSEC |
1037 DANE_F_IGNORE_LOCAL_RESOLVER)))
1039 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1040 _("Failed to initialize DANE: %s\n"),
1042 gnutls_x509_crt_deinit (x509_cert);
1043 return GNUNET_SYSERR;
1045 s5r->dane_data[s5r->num_danes] = NULL;
1046 s5r->dane_data_len[s5r->num_danes] = 0;
1047 if (0 != (rc = dane_raw_tlsa (dane_state,
1054 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1055 _("Failed to parse DANE record: %s\n"),
1057 dane_state_deinit (dane_state);
1058 gnutls_x509_crt_deinit (x509_cert);
1059 return GNUNET_SYSERR;
1061 if (0 != (rc = dane_verify_crt_raw (dane_state,
1064 gnutls_certificate_type_get (tlsinfo->internals),
1069 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1070 _("Failed to verify TLS connection using DANE: %s\n"),
1072 dane_query_deinit (dane_query);
1073 dane_state_deinit (dane_state);
1074 gnutls_x509_crt_deinit (x509_cert);
1075 return GNUNET_SYSERR;
1079 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1080 _("Failed DANE verification failed with GnuTLS verify status code: %u\n"),
1082 dane_query_deinit (dane_query);
1083 dane_state_deinit (dane_state);
1084 gnutls_x509_crt_deinit (x509_cert);
1085 return GNUNET_SYSERR;
1087 dane_query_deinit (dane_query);
1088 dane_state_deinit (dane_state);
1094 /* try LEHO or ordinary domain name X509 verification */
1096 if (NULL != s5r->leho)
1100 if (0 == (rc = gnutls_x509_crt_check_hostname (x509_cert,
1103 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1104 _("TLS certificate subject name (%s) does not match `%s': %d\n"),
1108 gnutls_x509_crt_deinit (x509_cert);
1109 return GNUNET_SYSERR;
1114 /* we did not even have the domain name!? */
1116 return GNUNET_SYSERR;
1119 gnutls_x509_crt_deinit (x509_cert);
1125 * We're getting an HTTP response header from cURL. Convert it to the
1126 * MHD response headers. Mostly copies the headers, but makes special
1127 * adjustments to "Set-Cookie" and "Location" headers as those may need
1128 * to be changed from the LEHO to the domain the browser expects.
1130 * @param buffer curl buffer with a single line of header data; not 0-terminated!
1131 * @param size curl blocksize
1132 * @param nmemb curl blocknumber
1133 * @param cls our `struct Socks5Request *`
1134 * @return size of processed bytes
1137 curl_check_hdr (void *buffer,
1142 struct Socks5Request *s5r = cls;
1143 struct HttpResponseHeader *header;
1144 size_t bytes = size * nmemb;
1146 const char *hdr_type;
1147 const char *cookie_domain;
1149 char *new_cookie_hdr;
1152 size_t delta_cdomain;
1156 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1157 "Receiving HTTP response header from CURL\n");
1158 /* first, check TLS certificate */
1159 if ( (GNUNET_YES != s5r->ssl_checked) &&
1160 (GNUNET_YES == s5r->is_tls))
1161 //(HTTPS_PORT == s5r->port))
1163 if (GNUNET_OK != check_ssl_certificate (s5r))
1166 ndup = GNUNET_strndup (buffer,
1168 hdr_type = strtok (ndup,
1170 if (NULL == hdr_type)
1175 hdr_val = strtok (NULL,
1177 if (NULL == hdr_val)
1182 if (' ' == *hdr_val)
1185 /* custom logic for certain header types */
1186 new_cookie_hdr = NULL;
1187 if ( (NULL != s5r->leho) &&
1188 (0 == strcasecmp (hdr_type,
1189 MHD_HTTP_HEADER_SET_COOKIE)) )
1192 new_cookie_hdr = GNUNET_malloc (strlen (hdr_val) +
1193 strlen (s5r->domain) + 1);
1195 domain_matched = GNUNET_NO; /* make sure we match domain at most once */
1196 for (tok = strtok (hdr_val, ";"); NULL != tok; tok = strtok (NULL, ";"))
1198 if ( (0 == strncasecmp (tok,
1200 strlen (" domain"))) &&
1201 (GNUNET_NO == domain_matched) )
1203 domain_matched = GNUNET_YES;
1204 cookie_domain = tok + strlen (" domain") + 1;
1205 if (strlen (cookie_domain) < strlen (s5r->leho))
1207 delta_cdomain = strlen (s5r->leho) - strlen (cookie_domain);
1208 if (0 == strcasecmp (cookie_domain,
1209 s5r->leho + delta_cdomain))
1211 offset += sprintf (new_cookie_hdr + offset,
1217 else if (0 == strcmp (cookie_domain,
1220 offset += sprintf (new_cookie_hdr + offset,
1225 else if ( ('.' == cookie_domain[0]) &&
1226 (0 == strcmp (&cookie_domain[1],
1229 offset += sprintf (new_cookie_hdr + offset,
1234 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1235 _("Cookie domain `%s' supplied by server is invalid\n"),
1238 GNUNET_memcpy (new_cookie_hdr + offset,
1241 offset += strlen (tok);
1242 new_cookie_hdr[offset++] = ';';
1244 hdr_val = new_cookie_hdr;
1247 new_location = NULL;
1248 if (0 == strcasecmp (MHD_HTTP_HEADER_TRANSFER_ENCODING,
1251 /* Ignore transfer encoding, set automatically by MHD if required */
1254 if ((0 == strcasecmp (MHD_HTTP_HEADER_LOCATION,
1259 GNUNET_asprintf (&leho_host,
1260 (GNUNET_YES != s5r->is_tls) //(HTTPS_PORT != s5r->port)
1264 if (0 == strncmp (leho_host,
1266 strlen (leho_host)))
1268 GNUNET_asprintf (&new_location,
1270 (GNUNET_YES != s5r->is_tls) //(HTTPS_PORT != s5r->port)
1274 hdr_val + strlen (leho_host));
1275 hdr_val = new_location;
1277 GNUNET_free (leho_host);
1279 if (0 == strcasecmp (MHD_HTTP_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN,
1284 GNUNET_asprintf (&leho_host,
1285 (GNUNET_YES != s5r->is_tls) //(HTTPS_PORT != s5r->port)
1289 if (0 == strncmp (leho_host,
1291 strlen (leho_host)))
1293 GNUNET_asprintf (&new_location,
1295 (GNUNET_YES != s5r->is_tls) //(HTTPS_PORT != s5r->port)
1299 hdr_val = new_location;
1301 GNUNET_free (leho_host);
1304 /* MHD does not allow certain characters in values, remove those */
1305 if (NULL != (tok = strchr (hdr_val, '\n')))
1307 if (NULL != (tok = strchr (hdr_val, '\r')))
1309 if (NULL != (tok = strchr (hdr_val, '\t')))
1311 if (0 != strlen (hdr_val)) /* Rely in MHD to set those */
1313 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1314 "Adding header %s: %s to MHD response\n",
1317 header = GNUNET_new (struct HttpResponseHeader);
1318 header->type = GNUNET_strdup (hdr_type);
1319 header->value = GNUNET_strdup (hdr_val);
1320 GNUNET_CONTAINER_DLL_insert (s5r->header_head,
1326 GNUNET_free_non_null (new_cookie_hdr);
1327 GNUNET_free_non_null (new_location);
1333 * Create an MHD response object in @a s5r matching the
1334 * information we got from curl.
1336 * @param s5r the request for which we convert the response
1337 * @return #GNUNET_OK on success, #GNUNET_SYSERR if response was
1338 * already initialized before
1341 create_mhd_response_from_s5r (struct Socks5Request *s5r)
1344 double content_length;
1346 if (NULL != s5r->response)
1348 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1349 "Response already set!\n");
1350 return GNUNET_SYSERR;
1353 GNUNET_break (CURLE_OK ==
1354 curl_easy_getinfo (s5r->curl,
1355 CURLINFO_RESPONSE_CODE,
1357 GNUNET_break (CURLE_OK ==
1358 curl_easy_getinfo (s5r->curl,
1359 CURLINFO_CONTENT_LENGTH_DOWNLOAD,
1361 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1362 "Creating MHD response with code %d and size %d for %s%s\n",
1364 (int) content_length,
1367 s5r->response_code = resp_code;
1368 s5r->response = MHD_create_response_from_callback ((-1 == content_length)
1375 for (struct HttpResponseHeader *header = s5r->header_head;
1377 header = header->next)
1379 if (0 == strcasecmp (header->type,
1380 MHD_HTTP_HEADER_CONTENT_LENGTH))
1381 continue; /* MHD won't let us mess with those, for good reason */
1382 if ( (0 == strcasecmp (header->type,
1383 MHD_HTTP_HEADER_TRANSFER_ENCODING)) &&
1384 ( (0 == strcasecmp (header->value,
1386 (0 == strcasecmp (header->value,
1388 continue; /* MHD won't let us mess with those, for good reason */
1390 MHD_add_response_header (s5r->response,
1395 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
1396 "Failed to add header `%s:%s'\n",
1401 /* force connection to be closed after each request, as we
1402 do not support HTTP pipelining (yet, FIXME!) */
1403 /*GNUNET_break (MHD_YES ==
1404 MHD_add_response_header (s5r->response,
1405 MHD_HTTP_HEADER_CONNECTION,
1407 MHD_resume_connection (s5r->con);
1408 s5r->suspended = GNUNET_NO;
1414 * Handle response payload data from cURL. Copies it into our `io_buf` to make
1415 * it available to MHD.
1417 * @param ptr pointer to the data
1418 * @param size number of blocks of data
1419 * @param nmemb blocksize
1420 * @param ctx our `struct Socks5Request *`
1421 * @return number of bytes handled
1424 curl_download_cb (void *ptr,
1429 struct Socks5Request *s5r = ctx;
1430 size_t total = size * nmemb;
1432 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1433 "Receiving %ux%u bytes for `%s%s' from cURL to download\n",
1434 (unsigned int) size,
1435 (unsigned int) nmemb,
1438 if (NULL == s5r->response)
1439 GNUNET_assert (GNUNET_OK ==
1440 create_mhd_response_from_s5r (s5r));
1441 if ( (SOCKS5_SOCKET_UPLOAD_DONE == s5r->state) &&
1444 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1445 "Previous upload finished... starting DOWNLOAD.\n");
1446 s5r->state = SOCKS5_SOCKET_DOWNLOAD_STARTED;
1448 if ( (SOCKS5_SOCKET_UPLOAD_STARTED == s5r->state) ||
1449 (SOCKS5_SOCKET_UPLOAD_DONE == s5r->state) )
1451 /* we're still not done with the upload, do not yet
1452 start the download, the IO buffer is still full
1453 with upload data. */
1454 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1455 "Pausing CURL download `%s%s', waiting for UPLOAD to finish\n",
1458 s5r->curl_paused = GNUNET_YES;
1459 return CURL_WRITEFUNC_PAUSE; /* not yet ready for data download */
1461 if (sizeof (s5r->io_buf) - s5r->io_len < total)
1463 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1464 "Pausing CURL `%s%s' download, not enough space %llu %llu %llu\n",
1467 (unsigned long long) sizeof (s5r->io_buf),
1468 (unsigned long long) s5r->io_len,
1469 (unsigned long long) total);
1470 s5r->curl_paused = GNUNET_YES;
1471 return CURL_WRITEFUNC_PAUSE; /* not enough space */
1473 GNUNET_memcpy (&s5r->io_buf[s5r->io_len],
1476 s5r->io_len += total;
1477 if (GNUNET_YES == s5r->suspended)
1479 MHD_resume_connection (s5r->con);
1480 s5r->suspended = GNUNET_NO;
1482 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1483 "Received %llu bytes of payload via cURL from %s\n",
1484 (unsigned long long) total,
1486 if (s5r->io_len == total)
1487 run_mhd_now (s5r->hd);
1493 * cURL callback for uploaded (PUT/POST) data. Copies it into our `io_buf`
1494 * to make it available to MHD.
1496 * @param buf where to write the data
1497 * @param size number of bytes per member
1498 * @param nmemb number of members available in @a buf
1499 * @param cls our `struct Socks5Request` that generated the data
1500 * @return number of bytes copied to @a buf
1503 curl_upload_cb (void *buf,
1508 struct Socks5Request *s5r = cls;
1509 size_t len = size * nmemb;
1512 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1513 "Receiving %ux%u bytes for `%s%s' from cURL to upload\n",
1514 (unsigned int) size,
1515 (unsigned int) nmemb,
1519 if ( (0 == s5r->io_len) &&
1520 (SOCKS5_SOCKET_UPLOAD_DONE != s5r->state) )
1522 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1523 "Pausing CURL UPLOAD %s%s, need more data\n",
1526 return CURL_READFUNC_PAUSE;
1528 if ( (0 == s5r->io_len) &&
1529 (SOCKS5_SOCKET_UPLOAD_DONE == s5r->state) )
1531 s5r->state = SOCKS5_SOCKET_DOWNLOAD_STARTED;
1532 if (GNUNET_YES == s5r->curl_paused)
1534 s5r->curl_paused = GNUNET_NO;
1535 curl_easy_pause (s5r->curl,
1538 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1539 "Completed CURL UPLOAD %s%s\n",
1542 return 0; /* upload finished, can now download */
1544 if ( (SOCKS5_SOCKET_UPLOAD_STARTED != s5r->state) &&
1545 (SOCKS5_SOCKET_UPLOAD_DONE != s5r->state) )
1548 return CURL_READFUNC_ABORT;
1550 to_copy = GNUNET_MIN (s5r->io_len,
1555 memmove (s5r->io_buf,
1556 &s5r->io_buf[to_copy],
1557 s5r->io_len - to_copy);
1558 s5r->io_len -= to_copy;
1559 if (s5r->io_len + to_copy == sizeof (s5r->io_buf))
1560 run_mhd_now (s5r->hd); /* got more space for upload now */
1565 /* ************************** main loop of cURL interaction ****************** */
1569 * Task that is run when we are ready to receive more data
1572 * @param cls closure
1575 curl_task_download (void *cls);
1579 * Ask cURL for the select() sets and schedule cURL operations.
1582 curl_download_prepare ()
1589 struct GNUNET_NETWORK_FDSet *grs;
1590 struct GNUNET_NETWORK_FDSet *gws;
1592 struct GNUNET_TIME_Relative rtime;
1594 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1595 "Scheduling CURL interaction\n");
1596 if (NULL != curl_download_task)
1598 GNUNET_SCHEDULER_cancel (curl_download_task);
1599 curl_download_task = NULL;
1605 if (CURLM_OK != (mret = curl_multi_fdset (curl_multi,
1611 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1612 "%s failed at %s:%d: `%s'\n",
1613 "curl_multi_fdset", __FILE__, __LINE__,
1614 curl_multi_strerror (mret));
1618 GNUNET_break (CURLM_OK ==
1619 curl_multi_timeout (curl_multi,
1622 rtime = GNUNET_TIME_UNIT_FOREVER_REL;
1624 rtime = GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MILLISECONDS,
1628 grs = GNUNET_NETWORK_fdset_create ();
1629 gws = GNUNET_NETWORK_fdset_create ();
1630 GNUNET_NETWORK_fdset_copy_native (grs,
1633 GNUNET_NETWORK_fdset_copy_native (gws,
1636 curl_download_task = GNUNET_SCHEDULER_add_select (GNUNET_SCHEDULER_PRIORITY_DEFAULT,
1640 &curl_task_download,
1642 GNUNET_NETWORK_fdset_destroy (gws);
1643 GNUNET_NETWORK_fdset_destroy (grs);
1647 curl_download_task = GNUNET_SCHEDULER_add_delayed (rtime,
1648 &curl_task_download,
1655 * Task that is run when we are ready to receive more data from curl.
1657 * @param cls closure, NULL
1660 curl_task_download (void *cls)
1664 struct CURLMsg *msg;
1666 struct Socks5Request *s5r;
1668 curl_download_task = NULL;
1669 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1670 "Running CURL interaction\n");
1674 mret = curl_multi_perform (curl_multi,
1676 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1677 "Checking CURL multi status: %d\n",
1679 while (NULL != (msg = curl_multi_info_read (curl_multi,
1682 GNUNET_break (CURLE_OK ==
1683 curl_easy_getinfo (msg->easy_handle,
1694 /* documentation says this is not used */
1698 switch (msg->data.result)
1701 case CURLE_GOT_NOTHING:
1702 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1703 "CURL download %s%s completed.\n",
1706 if (NULL == s5r->response)
1708 GNUNET_assert (GNUNET_OK ==
1709 create_mhd_response_from_s5r (s5r));
1711 s5r->state = SOCKS5_SOCKET_DOWNLOAD_DONE;
1712 if (GNUNET_YES == s5r->suspended)
1714 MHD_resume_connection (s5r->con);
1715 s5r->suspended = GNUNET_NO;
1717 run_mhd_now (s5r->hd);
1720 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1721 "Download curl %s%s failed: %s\n",
1724 curl_easy_strerror (msg->data.result));
1725 /* FIXME: indicate error somehow? close MHD connection badly as well? */
1726 s5r->state = SOCKS5_SOCKET_DOWNLOAD_DONE;
1727 if (GNUNET_YES == s5r->suspended)
1729 MHD_resume_connection (s5r->con);
1730 s5r->suspended = GNUNET_NO;
1732 run_mhd_now (s5r->hd);
1735 if (NULL == s5r->response)
1736 s5r->response = curl_failure_response;
1739 /* documentation says this is not used */
1743 /* unexpected status code */
1748 } while (mret == CURLM_CALL_MULTI_PERFORM);
1749 if (CURLM_OK != mret)
1750 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1751 "%s failed at %s:%d: `%s'\n",
1752 "curl_multi_perform", __FILE__, __LINE__,
1753 curl_multi_strerror (mret));
1756 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1757 "Suspending cURL multi loop, no more events pending\n");
1758 if (NULL != curl_download_task)
1760 GNUNET_SCHEDULER_cancel (curl_download_task);
1761 curl_download_task = NULL;
1763 return; /* nothing more in progress */
1765 curl_download_prepare ();
1769 /* ********************************* MHD response generation ******************* */
1773 * Read HTTP request header field from the request. Copies the fields
1774 * over to the 'headers' that will be given to curl. However, 'Host'
1775 * is substituted with the LEHO if present. We also change the
1776 * 'Connection' header value to "close" as the proxy does not support
1779 * @param cls our `struct Socks5Request`
1780 * @param kind value kind
1781 * @param key field key
1782 * @param value field value
1783 * @return #MHD_YES to continue to iterate
1786 con_val_iter (void *cls,
1787 enum MHD_ValueKind kind,
1791 struct Socks5Request *s5r = cls;
1794 if ( (0 == strcasecmp (MHD_HTTP_HEADER_HOST,
1796 (NULL != s5r->leho) )
1798 GNUNET_asprintf (&hdr,
1802 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1803 "Adding HEADER `%s' to HTTP request\n",
1805 s5r->headers = curl_slist_append (s5r->headers,
1813 * Main MHD callback for handling requests.
1816 * @param con MHD connection handle
1817 * @param url the url in the request
1818 * @param meth the HTTP method used ("GET", "PUT", etc.)
1819 * @param ver the HTTP version string (i.e. "HTTP/1.1")
1820 * @param upload_data the data being uploaded (excluding HEADERS,
1821 * for a POST that fits into memory and that is encoded
1822 * with a supported encoding, the POST data will NOT be
1823 * given in upload_data and is instead available as
1824 * part of MHD_get_connection_values; very large POST
1825 * data *will* be made available incrementally in
1827 * @param upload_data_size set initially to the size of the
1828 * @a upload_data provided; the method must update this
1829 * value to the number of bytes NOT processed;
1830 * @param con_cls pointer to location where we store the `struct Request`
1831 * @return #MHD_YES if the connection was handled successfully,
1832 * #MHD_NO if the socket must be closed due to a serious
1833 * error while handling the request
1836 create_response (void *cls,
1837 struct MHD_Connection *con,
1841 const char *upload_data,
1842 size_t *upload_data_size,
1845 struct Socks5Request *s5r = *con_cls;
1847 char ipstring[INET6_ADDRSTRLEN];
1848 char ipaddr[INET6_ADDRSTRLEN + 2];
1849 const struct sockaddr *sa;
1850 const struct sockaddr_in *s4;
1851 const struct sockaddr_in6 *s6;
1861 /* Fresh connection. */
1862 if (SOCKS5_SOCKET_WITH_MHD == s5r->state)
1864 /* first time here, initialize curl handle */
1867 sa = (const struct sockaddr *) &s5r->destination_address;
1868 switch (sa->sa_family)
1871 s4 = (const struct sockaddr_in *) &s5r->destination_address;
1872 if (NULL == inet_ntop (AF_INET,
1880 GNUNET_snprintf (ipaddr,
1884 port = ntohs (s4->sin_port);
1887 s6 = (const struct sockaddr_in6 *) &s5r->destination_address;
1888 if (NULL == inet_ntop (AF_INET6,
1896 GNUNET_snprintf (ipaddr,
1900 port = ntohs (s6->sin6_port);
1911 if (NULL == s5r->curl)
1912 s5r->curl = curl_easy_init ();
1913 if (NULL == s5r->curl)
1914 return MHD_queue_response (con,
1915 MHD_HTTP_INTERNAL_SERVER_ERROR,
1916 curl_failure_response);
1917 s5r->url = curl_easy_escape (s5r->curl, s5r->url, strlen (s5r->url));
1918 curl_easy_setopt (s5r->curl,
1919 CURLOPT_HEADERFUNCTION,
1921 curl_easy_setopt (s5r->curl,
1924 curl_easy_setopt (s5r->curl,
1925 CURLOPT_FOLLOWLOCATION,
1928 curl_easy_setopt (s5r->curl,
1931 curl_easy_setopt (s5r->curl,
1932 CURLOPT_CONNECTTIMEOUT,
1934 curl_easy_setopt (s5r->curl,
1937 curl_easy_setopt (s5r->curl,
1940 curl_easy_setopt (s5r->curl,
1941 CURLOPT_HTTP_CONTENT_DECODING,
1943 curl_easy_setopt (s5r->curl,
1946 curl_easy_setopt (s5r->curl,
1949 curl_easy_setopt (s5r->curl,
1953 * Pre-populate cache to resolve Hostname.
1954 * This is necessary as the DNS name in the CURLOPT_URL is used
1955 * for SNI http://de.wikipedia.org/wiki/Server_Name_Indication
1957 if (NULL != s5r->leho)
1961 GNUNET_asprintf (&curl_hosts,
1966 s5r->hosts = curl_slist_append (NULL,
1968 curl_easy_setopt (s5r->curl,
1971 GNUNET_free (curl_hosts);
1975 GNUNET_asprintf (&curlurl,
1976 (GNUNET_YES != s5r->is_tls) //(HTTPS_PORT != s5r->port)
1978 : "https://%s:%d%s",
1987 GNUNET_asprintf (&curlurl,
1988 (GNUNET_YES != s5r->is_tls) //(HTTPS_PORT != s5r->port)
1990 : "https://%s:%d%s",
1995 curl_easy_setopt (s5r->curl,
1998 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1999 "Launching %s CURL interaction, fetching `%s'\n",
2000 (s5r->is_gns) ? "GNS" : "DNS",
2002 GNUNET_free (curlurl);
2003 if (0 == strcasecmp (meth,
2004 MHD_HTTP_METHOD_PUT))
2006 s5r->state = SOCKS5_SOCKET_UPLOAD_STARTED;
2007 curl_easy_setopt (s5r->curl,
2010 curl_easy_setopt (s5r->curl,
2011 CURLOPT_WRITEFUNCTION,
2013 curl_easy_setopt (s5r->curl,
2016 GNUNET_assert (CURLE_OK ==
2017 curl_easy_setopt (s5r->curl,
2018 CURLOPT_READFUNCTION,
2020 curl_easy_setopt (s5r->curl,
2025 long upload_size = 0;
2027 us = MHD_lookup_connection_value (con,
2029 MHD_HTTP_HEADER_CONTENT_LENGTH);
2030 if ( (1 == sscanf (us,
2033 (upload_size >= 0) )
2035 curl_easy_setopt (s5r->curl,
2041 else if (0 == strcasecmp (meth, MHD_HTTP_METHOD_POST))
2043 s5r->state = SOCKS5_SOCKET_UPLOAD_STARTED;
2044 curl_easy_setopt (s5r->curl,
2047 curl_easy_setopt (s5r->curl,
2048 CURLOPT_WRITEFUNCTION,
2050 curl_easy_setopt (s5r->curl,
2053 curl_easy_setopt (s5r->curl,
2054 CURLOPT_READFUNCTION,
2056 curl_easy_setopt (s5r->curl,
2064 us = MHD_lookup_connection_value (con,
2066 MHD_HTTP_HEADER_CONTENT_LENGTH);
2067 if ( (NULL != us) &&
2071 (upload_size >= 0) )
2073 curl_easy_setopt (s5r->curl,
2077 curl_easy_setopt (s5r->curl,
2083 else if (0 == strcasecmp (meth,
2084 MHD_HTTP_METHOD_HEAD))
2086 s5r->state = SOCKS5_SOCKET_DOWNLOAD_STARTED;
2087 curl_easy_setopt (s5r->curl,
2091 else if (0 == strcasecmp (meth,
2092 MHD_HTTP_METHOD_OPTIONS))
2094 s5r->state = SOCKS5_SOCKET_DOWNLOAD_STARTED;
2095 curl_easy_setopt (s5r->curl,
2096 CURLOPT_CUSTOMREQUEST,
2098 curl_easy_setopt (s5r->curl,
2099 CURLOPT_WRITEFUNCTION,
2101 curl_easy_setopt (s5r->curl,
2106 else if (0 == strcasecmp (meth,
2107 MHD_HTTP_METHOD_GET))
2109 s5r->state = SOCKS5_SOCKET_DOWNLOAD_STARTED;
2110 curl_easy_setopt (s5r->curl,
2113 curl_easy_setopt (s5r->curl,
2114 CURLOPT_WRITEFUNCTION,
2116 curl_easy_setopt (s5r->curl,
2120 else if (0 == strcasecmp (meth,
2121 MHD_HTTP_METHOD_DELETE))
2123 s5r->state = SOCKS5_SOCKET_DOWNLOAD_STARTED;
2124 curl_easy_setopt (s5r->curl,
2125 CURLOPT_CUSTOMREQUEST,
2127 curl_easy_setopt (s5r->curl,
2128 CURLOPT_WRITEFUNCTION,
2130 curl_easy_setopt (s5r->curl,
2136 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
2137 _("Unsupported HTTP method `%s'\n"),
2139 curl_easy_cleanup (s5r->curl);
2144 if (0 == strcasecmp (ver, MHD_HTTP_VERSION_1_0))
2146 curl_easy_setopt (s5r->curl,
2147 CURLOPT_HTTP_VERSION,
2148 CURL_HTTP_VERSION_1_0);
2150 else if (0 == strcasecmp (ver, MHD_HTTP_VERSION_1_1))
2152 curl_easy_setopt (s5r->curl,
2153 CURLOPT_HTTP_VERSION,
2154 CURL_HTTP_VERSION_1_1);
2158 curl_easy_setopt (s5r->curl,
2159 CURLOPT_HTTP_VERSION,
2160 CURL_HTTP_VERSION_NONE);
2163 if (GNUNET_YES == s5r->is_tls) //(HTTPS_PORT == s5r->port)
2165 curl_easy_setopt (s5r->curl,
2168 if (0 < s5r->num_danes)
2169 curl_easy_setopt (s5r->curl,
2170 CURLOPT_SSL_VERIFYPEER,
2173 curl_easy_setopt (s5r->curl,
2174 CURLOPT_SSL_VERIFYPEER,
2176 /* Disable cURL checking the hostname, as we will check ourselves
2177 as only we have the domain name or the LEHO or the DANE record */
2178 curl_easy_setopt (s5r->curl,
2179 CURLOPT_SSL_VERIFYHOST,
2184 curl_easy_setopt (s5r->curl,
2190 curl_multi_add_handle (curl_multi,
2194 curl_easy_cleanup (s5r->curl);
2198 MHD_get_connection_values (con,
2200 (MHD_KeyValueIterator) &con_val_iter,
2202 curl_easy_setopt (s5r->curl,
2205 curl_download_prepare ();
2209 /* continuing to process request */
2210 if (0 != *upload_data_size)
2212 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2213 "Processing %u bytes UPLOAD\n",
2214 (unsigned int) *upload_data_size);
2216 /* FIXME: This must be set or a header with Transfer-Encoding: chunked. Else
2217 * upload callback is not called!
2219 curl_easy_setopt (s5r->curl,
2220 CURLOPT_POSTFIELDSIZE,
2223 left = GNUNET_MIN (*upload_data_size,
2224 sizeof (s5r->io_buf) - s5r->io_len);
2225 GNUNET_memcpy (&s5r->io_buf[s5r->io_len],
2228 s5r->io_len += left;
2229 *upload_data_size -= left;
2230 GNUNET_assert (NULL != s5r->curl);
2231 if (GNUNET_YES == s5r->curl_paused)
2233 s5r->curl_paused = GNUNET_NO;
2234 curl_easy_pause (s5r->curl,
2239 if (SOCKS5_SOCKET_UPLOAD_STARTED == s5r->state)
2241 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2242 "Finished processing UPLOAD\n");
2243 s5r->state = SOCKS5_SOCKET_UPLOAD_DONE;
2245 if (NULL == s5r->response)
2247 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2248 "Waiting for HTTP response for %s%s...\n",
2251 MHD_suspend_connection (con);
2252 s5r->suspended = GNUNET_YES;
2255 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2256 "Queueing response for %s%s with MHD\n",
2259 run_mhd_now (s5r->hd);
2260 return MHD_queue_response (con,
2266 /* ******************** MHD HTTP setup and event loop ******************** */
2270 * Function called when MHD decides that we are done with a request.
2273 * @param connection connection handle
2274 * @param con_cls value as set by the last call to
2275 * the MHD_AccessHandlerCallback, should be our `struct Socks5Request *`
2276 * @param toe reason for request termination (ignored)
2279 mhd_completed_cb (void *cls,
2280 struct MHD_Connection *connection,
2282 enum MHD_RequestTerminationCode toe)
2284 struct Socks5Request *s5r = *con_cls;
2288 if (MHD_REQUEST_TERMINATED_COMPLETED_OK != toe)
2289 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
2290 "MHD encountered error handling request: %d\n",
2292 if (NULL != s5r->curl)
2294 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2295 "Removing cURL handle (MHD interaction complete)\n");
2296 curl_multi_remove_handle (curl_multi,
2298 curl_slist_free_all (s5r->headers);
2299 s5r->headers = NULL;
2300 curl_easy_reset (s5r->curl);
2304 curl_download_prepare ();
2306 if ( (NULL != s5r->response) &&
2307 (curl_failure_response != s5r->response) )
2308 MHD_destroy_response (s5r->response);
2309 for (struct HttpResponseHeader *header = s5r->header_head;
2311 header = s5r->header_head)
2313 GNUNET_CONTAINER_DLL_remove (s5r->header_head,
2316 GNUNET_free (header->type);
2317 GNUNET_free (header->value);
2318 GNUNET_free (header);
2320 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2321 "Finished request for %s\n",
2323 GNUNET_free (s5r->url);
2324 curl_free (s5r->curl_url);
2325 s5r->state = SOCKS5_SOCKET_WITH_MHD;
2327 s5r->curl_url = NULL;
2328 s5r->response = NULL;
2334 * Function called when MHD connection is opened or closed.
2337 * @param connection connection handle
2338 * @param con_cls value as set by the last call to
2339 * the MHD_AccessHandlerCallback, should be our `struct Socks5Request *`
2340 * @param toe connection notification type
2343 mhd_connection_cb (void *cls,
2344 struct MHD_Connection *connection,
2346 enum MHD_ConnectionNotificationCode cnc)
2348 struct Socks5Request *s5r;
2349 const union MHD_ConnectionInfo *ci;
2354 case MHD_CONNECTION_NOTIFY_STARTED:
2355 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Connection started...\n");
2356 ci = MHD_get_connection_info (connection,
2357 MHD_CONNECTION_INFO_CONNECTION_FD);
2363 sock = ci->connect_fd;
2364 for (s5r = s5r_head; NULL != s5r; s5r = s5r->next)
2366 if (GNUNET_NETWORK_get_fd (s5r->sock) == sock)
2368 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2369 "Context set...\n");
2370 s5r->ssl_checked = GNUNET_NO;
2376 case MHD_CONNECTION_NOTIFY_CLOSED:
2377 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2378 "Connection closed... cleaning up\n");
2382 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2383 "Connection stale!\n");
2387 curl_download_prepare ();
2396 * Function called when MHD first processes an incoming connection.
2397 * Gives us the respective URI information.
2399 * We use this to associate the `struct MHD_Connection` with our
2400 * internal `struct Socks5Request` data structure (by checking
2401 * for matching sockets).
2403 * @param cls the HTTP server handle (a `struct MhdHttpList`)
2404 * @param url the URL that is being requested
2405 * @param connection MHD connection object for the request
2406 * @return the `struct Socks5Request` that this @a connection is for
2409 mhd_log_callback (void *cls,
2411 struct MHD_Connection *connection)
2413 struct Socks5Request *s5r;
2414 const union MHD_ConnectionInfo *ci;
2416 ci = MHD_get_connection_info (connection,
2417 MHD_CONNECTION_INFO_SOCKET_CONTEXT);
2418 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Processing %s\n", url);
2424 s5r = ci->socket_context;
2425 if (NULL != s5r->url)
2430 s5r->url = GNUNET_strdup (url);
2431 if (NULL != s5r->timeout_task)
2433 GNUNET_SCHEDULER_cancel (s5r->timeout_task);
2434 s5r->timeout_task = NULL;
2436 GNUNET_assert (s5r->state == SOCKS5_SOCKET_WITH_MHD);
2442 * Kill the given MHD daemon.
2444 * @param hd daemon to stop
2447 kill_httpd (struct MhdHttpList *hd)
2449 GNUNET_CONTAINER_DLL_remove (mhd_httpd_head,
2452 GNUNET_free_non_null (hd->domain);
2453 MHD_stop_daemon (hd->daemon);
2454 if (NULL != hd->httpd_task)
2456 GNUNET_SCHEDULER_cancel (hd->httpd_task);
2457 hd->httpd_task = NULL;
2459 GNUNET_free_non_null (hd->proxy_cert);
2467 * Task run whenever HTTP server is idle for too long. Kill it.
2469 * @param cls the `struct MhdHttpList *`
2472 kill_httpd_task (void *cls)
2474 struct MhdHttpList *hd = cls;
2476 hd->httpd_task = NULL;
2482 * Task run whenever HTTP server operations are pending.
2484 * @param cls the `struct MhdHttpList *` of the daemon that is being run
2487 do_httpd (void *cls);
2491 * Schedule MHD. This function should be called initially when an
2492 * MHD is first getting its client socket, and will then automatically
2493 * always be called later whenever there is work to be done.
2495 * @param hd the daemon to schedule
2498 schedule_httpd (struct MhdHttpList *hd)
2503 struct GNUNET_NETWORK_FDSet *wrs;
2504 struct GNUNET_NETWORK_FDSet *wws;
2507 MHD_UNSIGNED_LONG_LONG timeout;
2508 struct GNUNET_TIME_Relative tv;
2515 MHD_get_fdset (hd->daemon,
2524 haveto = MHD_get_timeout (hd->daemon,
2526 if (MHD_YES == haveto)
2527 tv.rel_value_us = (uint64_t) timeout * 1000LL;
2529 tv = GNUNET_TIME_UNIT_FOREVER_REL;
2532 wrs = GNUNET_NETWORK_fdset_create ();
2533 wws = GNUNET_NETWORK_fdset_create ();
2534 GNUNET_NETWORK_fdset_copy_native (wrs, &rs, max + 1);
2535 GNUNET_NETWORK_fdset_copy_native (wws, &ws, max + 1);
2542 if (NULL != hd->httpd_task)
2544 GNUNET_SCHEDULER_cancel (hd->httpd_task);
2545 hd->httpd_task = NULL;
2547 if ( (MHD_YES != haveto) &&
2551 /* daemon is idle, kill after timeout */
2552 hd->httpd_task = GNUNET_SCHEDULER_add_delayed (MHD_CACHE_TIMEOUT,
2559 GNUNET_SCHEDULER_add_select (GNUNET_SCHEDULER_PRIORITY_DEFAULT,
2564 GNUNET_NETWORK_fdset_destroy (wrs);
2566 GNUNET_NETWORK_fdset_destroy (wws);
2571 * Task run whenever HTTP server operations are pending.
2573 * @param cls the `struct MhdHttpList` of the daemon that is being run
2576 do_httpd (void *cls)
2578 struct MhdHttpList *hd = cls;
2580 hd->httpd_task = NULL;
2581 MHD_run (hd->daemon);
2582 schedule_httpd (hd);
2587 * Run MHD now, we have extra data ready for the callback.
2589 * @param hd the daemon to run now.
2592 run_mhd_now (struct MhdHttpList *hd)
2594 if (NULL != hd->httpd_task)
2595 GNUNET_SCHEDULER_cancel (hd->httpd_task);
2596 hd->httpd_task = GNUNET_SCHEDULER_add_now (&do_httpd,
2602 * Read file in filename
2604 * @param filename file to read
2605 * @param size pointer where filesize is stored
2606 * @return NULL on error
2609 load_file (const char* filename,
2616 GNUNET_DISK_file_size (filename,
2621 if (fsize > MAX_PEM_SIZE)
2623 *size = (unsigned int) fsize;
2624 buffer = GNUNET_malloc (*size);
2626 GNUNET_DISK_fn_read (filename,
2630 GNUNET_free (buffer);
2638 * Load PEM key from file
2640 * @param key where to store the data
2641 * @param keyfile path to the PEM file
2642 * @return #GNUNET_OK on success
2645 load_key_from_file (gnutls_x509_privkey_t key,
2646 const char* keyfile)
2648 gnutls_datum_t key_data;
2651 key_data.data = load_file (keyfile,
2653 if (NULL == key_data.data)
2654 return GNUNET_SYSERR;
2655 ret = gnutls_x509_privkey_import (key, &key_data,
2656 GNUTLS_X509_FMT_PEM);
2657 if (GNUTLS_E_SUCCESS != ret)
2659 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2660 _("Unable to import private key from file `%s'\n"),
2663 GNUNET_free_non_null (key_data.data);
2664 return (GNUTLS_E_SUCCESS != ret) ? GNUNET_SYSERR : GNUNET_OK;
2669 * Load cert from file
2671 * @param crt struct to store data in
2672 * @param certfile path to pem file
2673 * @return #GNUNET_OK on success
2676 load_cert_from_file (gnutls_x509_crt_t crt,
2677 const char* certfile)
2679 gnutls_datum_t cert_data;
2682 cert_data.data = load_file (certfile,
2684 if (NULL == cert_data.data)
2685 return GNUNET_SYSERR;
2686 ret = gnutls_x509_crt_import (crt,
2688 GNUTLS_X509_FMT_PEM);
2689 if (GNUTLS_E_SUCCESS != ret)
2691 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2692 _("Unable to import certificate from `%s'\n"),
2695 GNUNET_free_non_null (cert_data.data);
2696 return (GNUTLS_E_SUCCESS != ret) ? GNUNET_SYSERR : GNUNET_OK;
2701 * Generate new certificate for specific name
2703 * @param name the subject name to generate a cert for
2704 * @return a struct holding the PEM data, NULL on error
2706 static struct ProxyGNSCertificate *
2707 generate_gns_certificate (const char *name)
2709 unsigned int serial;
2710 size_t key_buf_size;
2711 size_t cert_buf_size;
2712 gnutls_x509_crt_t request;
2715 struct ProxyGNSCertificate *pgc;
2717 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2718 "Generating x.509 certificate for `%s'\n",
2720 GNUNET_break (GNUTLS_E_SUCCESS == gnutls_x509_crt_init (&request));
2721 GNUNET_break (GNUTLS_E_SUCCESS == gnutls_x509_crt_set_key (request, proxy_ca.key));
2722 pgc = GNUNET_new (struct ProxyGNSCertificate);
2723 gnutls_x509_crt_set_dn_by_oid (request,
2724 GNUTLS_OID_X520_COUNTRY_NAME,
2728 gnutls_x509_crt_set_dn_by_oid (request,
2729 GNUTLS_OID_X520_ORGANIZATION_NAME,
2732 strlen ("GNU Name System"));
2733 gnutls_x509_crt_set_dn_by_oid (request,
2734 GNUTLS_OID_X520_COMMON_NAME,
2738 gnutls_x509_crt_set_subject_alternative_name (request,
2741 GNUNET_break (GNUTLS_E_SUCCESS ==
2742 gnutls_x509_crt_set_version (request,
2744 gnutls_rnd (GNUTLS_RND_NONCE,
2747 gnutls_x509_crt_set_serial (request,
2750 etime = time (NULL);
2751 tm_data = localtime (&etime);
2753 etime = mktime(tm_data);
2754 gnutls_x509_crt_set_activation_time (request,
2757 etime = mktime (tm_data);
2758 gnutls_x509_crt_set_expiration_time (request,
2760 gnutls_x509_crt_sign2 (request,
2765 key_buf_size = sizeof (pgc->key);
2766 cert_buf_size = sizeof (pgc->cert);
2767 gnutls_x509_crt_export (request,
2768 GNUTLS_X509_FMT_PEM,
2771 gnutls_x509_privkey_export (proxy_ca.key,
2772 GNUTLS_X509_FMT_PEM,
2775 gnutls_x509_crt_deinit (request);
2781 * Function called by MHD with errors, suppresses them all.
2783 * @param cls closure
2784 * @param fm format string (`printf()`-style)
2785 * @param ap arguments to @a fm
2788 mhd_error_log_callback (void *cls,
2797 * Lookup (or create) an TLS MHD instance for a particular domain.
2799 * @param domain the domain the TLS daemon has to serve
2800 * @return NULL on error
2802 static struct MhdHttpList *
2803 lookup_ssl_httpd (const char* domain)
2805 struct MhdHttpList *hd;
2806 struct ProxyGNSCertificate *pgc;
2813 for (hd = mhd_httpd_head; NULL != hd; hd = hd->next)
2814 if ( (NULL != hd->domain) &&
2815 (0 == strcmp (hd->domain, domain)) )
2817 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2818 "Starting fresh MHD HTTPS instance for domain `%s'\n",
2820 pgc = generate_gns_certificate (domain);
2821 hd = GNUNET_new (struct MhdHttpList);
2822 hd->is_ssl = GNUNET_YES;
2823 hd->domain = GNUNET_strdup (domain);
2824 hd->proxy_cert = pgc;
2825 hd->daemon = MHD_start_daemon (MHD_USE_DEBUG | MHD_USE_SSL | MHD_USE_NO_LISTEN_SOCKET | MHD_ALLOW_SUSPEND_RESUME,
2828 &create_response, hd,
2829 MHD_OPTION_CONNECTION_TIMEOUT, (unsigned int) 16,
2830 MHD_OPTION_NOTIFY_COMPLETED, &mhd_completed_cb, NULL,
2831 MHD_OPTION_NOTIFY_CONNECTION, &mhd_connection_cb, NULL,
2832 MHD_OPTION_URI_LOG_CALLBACK, &mhd_log_callback, NULL,
2833 MHD_OPTION_EXTERNAL_LOGGER, &mhd_error_log_callback, NULL,
2834 MHD_OPTION_HTTPS_MEM_KEY, pgc->key,
2835 MHD_OPTION_HTTPS_MEM_CERT, pgc->cert,
2837 if (NULL == hd->daemon)
2843 GNUNET_CONTAINER_DLL_insert (mhd_httpd_head,
2851 * Task run when a Socks5Request somehow fails to be associated with
2852 * an MHD connection (i.e. because the client never speaks HTTP after
2853 * the SOCKS5 handshake). Clean up.
2855 * @param cls the `struct Socks5Request *`
2858 timeout_s5r_handshake (void *cls)
2860 struct Socks5Request *s5r = cls;
2862 s5r->timeout_task = NULL;
2868 * We're done with the Socks5 protocol, now we need to pass the
2869 * connection data through to the final destination, either
2870 * direct (if the protocol might not be HTTP), or via MHD
2871 * (if the port looks like it should be HTTP).
2873 * @param s5r socks request that has reached the final stage
2876 setup_data_transfer (struct Socks5Request *s5r)
2878 struct MhdHttpList *hd;
2880 const struct sockaddr *addr;
2884 if (GNUNET_YES == s5r->is_tls)
2886 GNUNET_asprintf (&domain,
2889 hd = lookup_ssl_httpd (domain);
2892 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2893 _("Failed to start HTTPS server for `%s'\n"),
2896 GNUNET_free (domain);
2901 GNUNET_assert (NULL != httpd);
2904 fd = GNUNET_NETWORK_get_fd (s5r->sock);
2905 addr = GNUNET_NETWORK_get_addr (s5r->sock);
2906 len = GNUNET_NETWORK_get_addrlen (s5r->sock);
2907 s5r->state = SOCKS5_SOCKET_WITH_MHD;
2909 MHD_add_connection (hd->daemon,
2914 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
2915 _("Failed to pass client to MHD\n"));
2917 GNUNET_free_non_null (domain);
2921 schedule_httpd (hd);
2922 s5r->timeout_task = GNUNET_SCHEDULER_add_delayed (HTTP_HANDSHAKE_TIMEOUT,
2923 &timeout_s5r_handshake,
2925 GNUNET_free_non_null (domain);
2929 /* ********************* SOCKS handling ************************* */
2933 * Write data from buffer to socks5 client, then continue with state machine.
2935 * @param cls the closure with the `struct Socks5Request`
2938 do_write (void *cls)
2940 struct Socks5Request *s5r = cls;
2944 len = GNUNET_NETWORK_socket_send (s5r->sock,
2949 /* write error: connection closed, shutdown, etc.; just clean up */
2950 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2957 s5r->wbuf_len - len);
2958 s5r->wbuf_len -= len;
2959 if (s5r->wbuf_len > 0)
2961 /* not done writing */
2963 GNUNET_SCHEDULER_add_write_net (GNUNET_TIME_UNIT_FOREVER_REL,
2969 /* we're done writing, continue with state machine! */
2976 case SOCKS5_REQUEST:
2977 GNUNET_assert (NULL != s5r->rtask);
2979 case SOCKS5_DATA_TRANSFER:
2980 setup_data_transfer (s5r);
2982 case SOCKS5_WRITE_THEN_CLEANUP:
2993 * Return a server response message indicating a failure to the client.
2995 * @param s5r request to return failure code for
2996 * @param sc status code to return
2999 signal_socks_failure (struct Socks5Request *s5r,
3000 enum Socks5StatusCode sc)
3002 struct Socks5ServerResponseMessage *s_resp;
3004 s_resp = (struct Socks5ServerResponseMessage *) &s5r->wbuf[s5r->wbuf_len];
3005 memset (s_resp, 0, sizeof (struct Socks5ServerResponseMessage));
3006 s_resp->version = SOCKS_VERSION_5;
3008 s5r->state = SOCKS5_WRITE_THEN_CLEANUP;
3009 if (NULL != s5r->wtask)
3011 GNUNET_SCHEDULER_add_write_net (GNUNET_TIME_UNIT_FOREVER_REL,
3018 * Return a server response message indicating success.
3020 * @param s5r request to return success status message for
3023 signal_socks_success (struct Socks5Request *s5r)
3025 struct Socks5ServerResponseMessage *s_resp;
3027 s_resp = (struct Socks5ServerResponseMessage *) &s5r->wbuf[s5r->wbuf_len];
3028 s_resp->version = SOCKS_VERSION_5;
3029 s_resp->reply = SOCKS5_STATUS_REQUEST_GRANTED;
3030 s_resp->reserved = 0;
3031 s_resp->addr_type = SOCKS5_AT_IPV4;
3032 /* zero out IPv4 address and port */
3035 sizeof (struct in_addr) + sizeof (uint16_t));
3036 s5r->wbuf_len += sizeof (struct Socks5ServerResponseMessage) +
3037 sizeof (struct in_addr) + sizeof (uint16_t);
3038 if (NULL == s5r->wtask)
3040 GNUNET_SCHEDULER_add_write_net (GNUNET_TIME_UNIT_FOREVER_REL,
3047 * Process GNS results for target domain.
3049 * @param cls the `struct Socks5Request *`
3050 * @param tld #GNUNET_YES if this was a GNS TLD.
3051 * @param rd_count number of records returned
3052 * @param rd record data
3055 handle_gns_result (void *cls,
3058 const struct GNUNET_GNSRECORD_Data *rd)
3060 struct Socks5Request *s5r = cls;
3061 const struct GNUNET_GNSRECORD_Data *r;
3064 s5r->gns_lookup = NULL;
3067 for (uint32_t i=0;i<rd_count;i++)
3070 switch (r->record_type)
3072 case GNUNET_DNSPARSER_TYPE_A:
3074 struct sockaddr_in *in;
3076 if (sizeof (struct in_addr) != r->data_size)
3078 GNUNET_break_op (0);
3081 if (GNUNET_YES == got_ip)
3084 GNUNET_NETWORK_test_pf (PF_INET))
3086 got_ip = GNUNET_YES;
3087 in = (struct sockaddr_in *) &s5r->destination_address;
3088 in->sin_family = AF_INET;
3089 GNUNET_memcpy (&in->sin_addr,
3092 in->sin_port = htons (s5r->port);
3093 #if HAVE_SOCKADDR_IN_SIN_LEN
3094 in->sin_len = sizeof (*in);
3098 case GNUNET_DNSPARSER_TYPE_AAAA:
3100 struct sockaddr_in6 *in;
3102 if (sizeof (struct in6_addr) != r->data_size)
3104 GNUNET_break_op (0);
3107 if (GNUNET_YES == got_ip)
3109 if (GNUNET_YES == disable_v6)
3112 GNUNET_NETWORK_test_pf (PF_INET6))
3114 /* FIXME: allow user to disable IPv6 per configuration option... */
3115 got_ip = GNUNET_YES;
3116 in = (struct sockaddr_in6 *) &s5r->destination_address;
3117 in->sin6_family = AF_INET6;
3118 GNUNET_memcpy (&in->sin6_addr,
3121 in->sin6_port = htons (s5r->port);
3122 #if HAVE_SOCKADDR_IN_SIN_LEN
3123 in->sin6_len = sizeof (*in);
3127 case GNUNET_GNSRECORD_TYPE_VPN:
3128 GNUNET_break (0); /* should have been translated within GNS */
3130 case GNUNET_GNSRECORD_TYPE_LEHO:
3131 GNUNET_free_non_null (s5r->leho);
3132 s5r->leho = GNUNET_strndup (r->data,
3135 case GNUNET_GNSRECORD_TYPE_BOX:
3137 const struct GNUNET_GNSRECORD_BoxRecord *box;
3139 if (r->data_size < sizeof (struct GNUNET_GNSRECORD_BoxRecord))
3141 GNUNET_break_op (0);
3145 if ( (ntohl (box->record_type) != GNUNET_DNSPARSER_TYPE_TLSA) ||
3146 (ntohs (box->protocol) != IPPROTO_TCP) ||
3147 (ntohs (box->service) != s5r->port) )
3148 break; /* BOX record does not apply */
3149 if (s5r->num_danes >= MAX_DANES)
3151 GNUNET_break (0); /* MAX_DANES too small */
3154 s5r->is_tls = GNUNET_YES; /* This should be TLS */
3155 s5r->dane_data_len[s5r->num_danes]
3156 = r->data_size - sizeof (struct GNUNET_GNSRECORD_BoxRecord);
3157 s5r->dane_data[s5r->num_danes]
3158 = GNUNET_memdup (&box[1],
3159 s5r->dane_data_len[s5r->num_danes]);
3168 if ( (GNUNET_YES != got_ip) &&
3169 (GNUNET_YES == tld) )
3171 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
3172 "Name resolution failed to yield useful IP address.\n");
3173 signal_socks_failure (s5r,
3174 SOCKS5_STATUS_GENERAL_FAILURE);
3177 s5r->state = SOCKS5_DATA_TRANSFER;
3178 signal_socks_success (s5r);
3183 * Remove the first @a len bytes from the beginning of the read buffer.
3185 * @param s5r the handle clear the read buffer for
3186 * @param len number of bytes in read buffer to advance
3189 clear_from_s5r_rbuf (struct Socks5Request *s5r,
3192 GNUNET_assert (len <= s5r->rbuf_len);
3195 s5r->rbuf_len - len);
3196 s5r->rbuf_len -= len;
3201 * Read data from incoming Socks5 connection
3203 * @param cls the closure with the `struct Socks5Request`
3206 do_s5r_read (void *cls)
3208 struct Socks5Request *s5r = cls;
3209 const struct Socks5ClientHelloMessage *c_hello;
3210 struct Socks5ServerHelloMessage *s_hello;
3211 const struct Socks5ClientRequestMessage *c_req;
3214 const struct GNUNET_SCHEDULER_TaskContext *tc;
3217 tc = GNUNET_SCHEDULER_get_task_context ();
3218 if ( (NULL != tc->read_ready) &&
3219 (GNUNET_NETWORK_fdset_isset (tc->read_ready,
3222 rlen = GNUNET_NETWORK_socket_recv (s5r->sock,
3223 &s5r->rbuf[s5r->rbuf_len],
3224 sizeof (s5r->rbuf) - s5r->rbuf_len);
3227 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
3228 "socks5 client disconnected.\n");
3232 s5r->rbuf_len += rlen;
3234 s5r->rtask = GNUNET_SCHEDULER_add_read_net (GNUNET_TIME_UNIT_FOREVER_REL,
3237 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
3238 "Processing %zu bytes of socks data in state %d\n",
3244 c_hello = (const struct Socks5ClientHelloMessage*) &s5r->rbuf;
3245 if ( (s5r->rbuf_len < sizeof (struct Socks5ClientHelloMessage)) ||
3246 (s5r->rbuf_len < sizeof (struct Socks5ClientHelloMessage) + c_hello->num_auth_methods) )
3247 return; /* need more data */
3248 if (SOCKS_VERSION_5 != c_hello->version)
3250 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
3251 _("Unsupported socks version %d\n"),
3252 (int) c_hello->version);
3256 clear_from_s5r_rbuf (s5r,
3257 sizeof (struct Socks5ClientHelloMessage) + c_hello->num_auth_methods);
3258 GNUNET_assert (0 == s5r->wbuf_len);
3259 s_hello = (struct Socks5ServerHelloMessage *) &s5r->wbuf;
3260 s5r->wbuf_len = sizeof (struct Socks5ServerHelloMessage);
3261 s_hello->version = SOCKS_VERSION_5;
3262 s_hello->auth_method = SOCKS_AUTH_NONE;
3263 GNUNET_assert (NULL == s5r->wtask);
3264 s5r->wtask = GNUNET_SCHEDULER_add_write_net (GNUNET_TIME_UNIT_FOREVER_REL,
3267 s5r->state = SOCKS5_REQUEST;
3269 case SOCKS5_REQUEST:
3270 c_req = (const struct Socks5ClientRequestMessage *) &s5r->rbuf;
3271 if (s5r->rbuf_len < sizeof (struct Socks5ClientRequestMessage))
3273 switch (c_req->command)
3275 case SOCKS5_CMD_TCP_STREAM:
3279 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
3280 _("Unsupported socks command %d\n"),
3281 (int) c_req->command);
3282 signal_socks_failure (s5r,
3283 SOCKS5_STATUS_COMMAND_NOT_SUPPORTED);
3286 switch (c_req->addr_type)
3288 case SOCKS5_AT_IPV4:
3290 const struct in_addr *v4 = (const struct in_addr *) &c_req[1];
3291 const uint16_t *port = (const uint16_t *) &v4[1];
3292 struct sockaddr_in *in;
3294 s5r->port = ntohs (*port);
3295 alen = sizeof (struct in_addr);
3296 if (s5r->rbuf_len < sizeof (struct Socks5ClientRequestMessage) +
3297 alen + sizeof (uint16_t))
3298 return; /* need more data */
3299 in = (struct sockaddr_in *) &s5r->destination_address;
3300 in->sin_family = AF_INET;
3302 in->sin_port = *port;
3303 #if HAVE_SOCKADDR_IN_SIN_LEN
3304 in->sin_len = sizeof (*in);
3306 s5r->state = SOCKS5_DATA_TRANSFER;
3309 case SOCKS5_AT_IPV6:
3311 const struct in6_addr *v6 = (const struct in6_addr *) &c_req[1];
3312 const uint16_t *port = (const uint16_t *) &v6[1];
3313 struct sockaddr_in6 *in;
3315 s5r->port = ntohs (*port);
3316 alen = sizeof (struct in6_addr);
3317 if (s5r->rbuf_len < sizeof (struct Socks5ClientRequestMessage) +
3318 alen + sizeof (uint16_t))
3319 return; /* need more data */
3320 in = (struct sockaddr_in6 *) &s5r->destination_address;
3321 in->sin6_family = AF_INET6;
3322 in->sin6_addr = *v6;
3323 in->sin6_port = *port;
3324 #if HAVE_SOCKADDR_IN_SIN_LEN
3325 in->sin6_len = sizeof (*in);
3327 s5r->state = SOCKS5_DATA_TRANSFER;
3330 case SOCKS5_AT_DOMAINNAME:
3332 const uint8_t *dom_len;
3333 const char *dom_name;
3334 const uint16_t *port;
3336 dom_len = (const uint8_t *) &c_req[1];
3337 alen = *dom_len + 1;
3338 if (s5r->rbuf_len < sizeof (struct Socks5ClientRequestMessage) +
3339 alen + sizeof (uint16_t))
3340 return; /* need more data */
3341 dom_name = (const char *) &dom_len[1];
3342 port = (const uint16_t*) &dom_name[*dom_len];
3343 s5r->domain = GNUNET_strndup (dom_name,
3345 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
3346 "Requested connection is to %s:%d\n",
3347 //(HTTPS_PORT == s5r->port) ? "s" : "",
3350 s5r->state = SOCKS5_RESOLVING;
3351 s5r->port = ntohs (*port);
3352 s5r->is_tls = (HTTPS_PORT == s5r->port) ? GNUNET_YES : GNUNET_NO;
3353 s5r->gns_lookup = GNUNET_GNS_lookup_with_tld (gns_handle,
3355 GNUNET_DNSPARSER_TYPE_A,
3356 GNUNET_NO /* only cached */,
3362 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
3363 _("Unsupported socks address type %d\n"),
3364 (int) c_req->addr_type);
3365 signal_socks_failure (s5r,
3366 SOCKS5_STATUS_ADDRESS_TYPE_NOT_SUPPORTED);
3369 clear_from_s5r_rbuf (s5r,
3370 sizeof (struct Socks5ClientRequestMessage) +
3371 alen + sizeof (uint16_t));
3372 if (0 != s5r->rbuf_len)
3374 /* read more bytes than healthy, why did the client send more!? */
3375 GNUNET_break_op (0);
3376 signal_socks_failure (s5r,
3377 SOCKS5_STATUS_GENERAL_FAILURE);
3380 if (SOCKS5_DATA_TRANSFER == s5r->state)
3382 /* if we are not waiting for GNS resolution, signal success */
3383 signal_socks_success (s5r);
3385 /* We are done reading right now */
3386 GNUNET_SCHEDULER_cancel (s5r->rtask);
3389 case SOCKS5_RESOLVING:
3392 case SOCKS5_DATA_TRANSFER:
3403 * Accept new incoming connections
3405 * @param cls the closure with the lsock4 or lsock6
3406 * @param tc the scheduler context
3409 do_accept (void *cls)
3411 struct GNUNET_NETWORK_Handle *lsock = cls;
3412 struct GNUNET_NETWORK_Handle *s;
3413 struct Socks5Request *s5r;
3415 GNUNET_assert (NULL != lsock);
3416 if (lsock == lsock4)
3417 ltask4 = GNUNET_SCHEDULER_add_read_net (GNUNET_TIME_UNIT_FOREVER_REL,
3421 else if (lsock == lsock6)
3422 ltask6 = GNUNET_SCHEDULER_add_read_net (GNUNET_TIME_UNIT_FOREVER_REL,
3428 s = GNUNET_NETWORK_socket_accept (lsock,
3433 GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR,
3437 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
3438 "Got an inbound connection, waiting for data\n");
3439 s5r = GNUNET_new (struct Socks5Request);
3440 GNUNET_CONTAINER_DLL_insert (s5r_head,
3444 s5r->state = SOCKS5_INIT;
3445 s5r->rtask = GNUNET_SCHEDULER_add_read_net (GNUNET_TIME_UNIT_FOREVER_REL,
3452 /* ******************* General / main code ********************* */
3456 * Task run on shutdown
3458 * @param cls closure
3461 do_shutdown (void *cls)
3463 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
3464 "Shutting down...\n");
3465 /* MHD requires resuming before destroying the daemons */
3466 for (struct Socks5Request *s5r = s5r_head;
3472 s5r->suspended = GNUNET_NO;
3473 MHD_resume_connection (s5r->con);
3476 while (NULL != mhd_httpd_head)
3477 kill_httpd (mhd_httpd_head);
3478 while (NULL != s5r_head)
3479 cleanup_s5r (s5r_head);
3482 GNUNET_NETWORK_socket_close (lsock4);
3487 GNUNET_NETWORK_socket_close (lsock6);
3490 if (NULL != curl_multi)
3492 curl_multi_cleanup (curl_multi);
3495 if (NULL != gns_handle)
3497 GNUNET_GNS_disconnect (gns_handle);
3500 if (NULL != curl_download_task)
3502 GNUNET_SCHEDULER_cancel (curl_download_task);
3503 curl_download_task = NULL;
3507 GNUNET_SCHEDULER_cancel (ltask4);
3512 GNUNET_SCHEDULER_cancel (ltask6);
3515 gnutls_x509_crt_deinit (proxy_ca.cert);
3516 gnutls_x509_privkey_deinit (proxy_ca.key);
3517 gnutls_global_deinit ();
3522 * Create an IPv4 listen socket bound to our port.
3524 * @return NULL on error
3526 static struct GNUNET_NETWORK_Handle *
3529 struct GNUNET_NETWORK_Handle *ls;
3530 struct sockaddr_in sa4;
3533 memset (&sa4, 0, sizeof (sa4));
3534 sa4.sin_family = AF_INET;
3535 sa4.sin_port = htons (port);
3536 sa4.sin_addr.s_addr = address;
3537 #if HAVE_SOCKADDR_IN_SIN_LEN
3538 sa4.sin_len = sizeof (sa4);
3540 ls = GNUNET_NETWORK_socket_create (AF_INET,
3546 GNUNET_NETWORK_socket_bind (ls,
3547 (const struct sockaddr *) &sa4,
3551 GNUNET_NETWORK_socket_close (ls);
3560 * Create an IPv6 listen socket bound to our port.
3562 * @return NULL on error
3564 static struct GNUNET_NETWORK_Handle *
3567 struct GNUNET_NETWORK_Handle *ls;
3568 struct sockaddr_in6 sa6;
3571 memset (&sa6, 0, sizeof (sa6));
3572 sa6.sin6_family = AF_INET6;
3573 sa6.sin6_port = htons (port);
3574 sa6.sin6_addr = address6;
3575 #if HAVE_SOCKADDR_IN_SIN_LEN
3576 sa6.sin6_len = sizeof (sa6);
3578 ls = GNUNET_NETWORK_socket_create (AF_INET6,
3584 GNUNET_NETWORK_socket_bind (ls,
3585 (const struct sockaddr *) &sa6,
3589 GNUNET_NETWORK_socket_close (ls);
3598 * Main function that will be run
3600 * @param cls closure
3601 * @param args remaining command-line arguments
3602 * @param cfgfile name of the configuration file used (for saving, can be NULL!)
3603 * @param c configuration
3608 const char *cfgfile,
3609 const struct GNUNET_CONFIGURATION_Handle *c)
3611 char* cafile_cfg = NULL;
3614 struct MhdHttpList *hd;
3618 /* Get address to bind to */
3619 if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_string (cfg, "gns-proxy",
3623 //No address specified
3624 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
3625 "Don't know what to bind to...\n");
3626 GNUNET_free (addr_str);
3627 GNUNET_SCHEDULER_shutdown ();
3630 if (1 != inet_pton (AF_INET, addr_str, &address))
3632 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
3633 "Unable to parse address %s\n",
3635 GNUNET_free (addr_str);
3636 GNUNET_SCHEDULER_shutdown ();
3639 GNUNET_free (addr_str);
3640 /* Get address to bind to */
3641 if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_string (cfg, "gns-proxy",
3645 //No address specified
3646 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
3647 "Don't know what to bind6 to...\n");
3648 GNUNET_free (addr_str);
3649 GNUNET_SCHEDULER_shutdown ();
3652 if (1 != inet_pton (AF_INET6, addr_str, &address6))
3654 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
3655 "Unable to parse IPv6 address %s\n",
3657 GNUNET_free (addr_str);
3658 GNUNET_SCHEDULER_shutdown ();
3661 GNUNET_free (addr_str);
3663 if (NULL == (curl_multi = curl_multi_init ()))
3665 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
3666 "Failed to create cURL multi handle!\n");
3669 cafile = cafile_opt;
3673 GNUNET_CONFIGURATION_get_value_filename (cfg,
3678 GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
3683 cafile = cafile_cfg;
3685 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
3686 "Using `%s' as CA\n",
3689 gnutls_global_init ();
3690 gnutls_x509_crt_init (&proxy_ca.cert);
3691 gnutls_x509_privkey_init (&proxy_ca.key);
3694 load_cert_from_file (proxy_ca.cert,
3697 load_key_from_file (proxy_ca.key,
3700 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
3701 _("Failed to load X.509 key and certificate from `%s'\n"),
3703 gnutls_x509_crt_deinit (proxy_ca.cert);
3704 gnutls_x509_privkey_deinit (proxy_ca.key);
3705 gnutls_global_deinit ();
3706 GNUNET_free_non_null (cafile_cfg);
3709 GNUNET_free_non_null (cafile_cfg);
3710 if (NULL == (gns_handle = GNUNET_GNS_connect (cfg)))
3712 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
3713 "Unable to connect to GNS!\n");
3714 gnutls_x509_crt_deinit (proxy_ca.cert);
3715 gnutls_x509_privkey_deinit (proxy_ca.key);
3716 gnutls_global_deinit ();
3719 GNUNET_SCHEDULER_add_shutdown (&do_shutdown,
3722 /* Open listen socket for socks proxy */
3723 lsock6 = bind_v6 ();
3726 GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR,
3732 GNUNET_NETWORK_socket_listen (lsock6,
3735 GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR,
3737 GNUNET_NETWORK_socket_close (lsock6);
3742 ltask6 = GNUNET_SCHEDULER_add_read_net (GNUNET_TIME_UNIT_FOREVER_REL,
3748 lsock4 = bind_v4 ();
3751 GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR,
3757 GNUNET_NETWORK_socket_listen (lsock4,
3760 GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR,
3762 GNUNET_NETWORK_socket_close (lsock4);
3767 ltask4 = GNUNET_SCHEDULER_add_read_net (GNUNET_TIME_UNIT_FOREVER_REL,
3773 if ( (NULL == lsock4) &&
3776 GNUNET_SCHEDULER_shutdown ();
3779 if (0 != curl_global_init (CURL_GLOBAL_WIN32))
3781 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
3782 "cURL global init failed!\n");
3783 GNUNET_SCHEDULER_shutdown ();
3786 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
3787 "Proxy listens on port %u\n",
3788 (unsigned int) port);
3790 /* start MHD daemon for HTTP */
3791 hd = GNUNET_new (struct MhdHttpList);
3792 hd->daemon = MHD_start_daemon (MHD_USE_DEBUG | MHD_USE_NO_LISTEN_SOCKET | MHD_ALLOW_SUSPEND_RESUME,
3795 &create_response, hd,
3796 MHD_OPTION_CONNECTION_TIMEOUT, (unsigned int) 16,
3797 MHD_OPTION_NOTIFY_COMPLETED, &mhd_completed_cb, NULL,
3798 MHD_OPTION_NOTIFY_CONNECTION, &mhd_connection_cb, NULL,
3799 MHD_OPTION_URI_LOG_CALLBACK, &mhd_log_callback, NULL,
3801 if (NULL == hd->daemon)
3804 GNUNET_SCHEDULER_shutdown ();
3808 GNUNET_CONTAINER_DLL_insert (mhd_httpd_head,
3815 * The main function for gnunet-gns-proxy.
3817 * @param argc number of arguments from the command line
3818 * @param argv command line arguments
3819 * @return 0 ok, 1 on error
3825 struct GNUNET_GETOPT_CommandLineOption options[] = {
3826 GNUNET_GETOPT_option_uint16 ('p',
3829 gettext_noop ("listen on specified port (default: 7777)"),
3831 GNUNET_GETOPT_option_string ('a',
3834 gettext_noop ("pem file to use as CA"),
3836 GNUNET_GETOPT_option_flag ('6',
3838 gettext_noop ("disable use of IPv6"),
3841 GNUNET_GETOPT_OPTION_END
3843 static const char* page =
3844 "<html><head><title>gnunet-gns-proxy</title>"
3845 "</head><body>cURL fail</body></html>";
3849 GNUNET_STRINGS_get_utf8_args (argc, argv,
3852 GNUNET_log_setup ("gnunet-gns-proxy",
3855 curl_failure_response
3856 = MHD_create_response_from_buffer (strlen (page),
3858 MHD_RESPMEM_PERSISTENT);
3862 GNUNET_PROGRAM_run (argc, argv,
3864 _("GNUnet GNS proxy"),
3866 &run, NULL)) ? 0 : 1;
3867 MHD_destroy_response (curl_failure_response);
3868 GNUNET_free_non_null ((char *) argv);
3872 /* end of gnunet-gns-proxy.c */