2 This file is part of GNUnet.
3 (C) 2012-2013 Christian Grothoff (and other contributing authors)
5 GNUnet is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published
7 by the Free Software Foundation; either version 3, or (at your
8 option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with GNUnet; see the file COPYING. If not, write to the
17 Free Software Foundation, Inc., 59 Temple Place - Suite 330,
18 Boston, MA 02111-1307, USA.
21 * @author Martin Schanzenbach
22 * @author Christian Grothoff
23 * @file src/gns/gnunet-gns-proxy.c
24 * @brief HTTP(S) proxy that rewrites URIs and fakes certificats to make GNS work
25 * with legacy browsers
28 * - double-check queueing logic
29 * - actually check SSL certificates (#3038)
32 #include <microhttpd.h>
33 #include <curl/curl.h>
34 #include <gnutls/gnutls.h>
35 #include <gnutls/x509.h>
36 #include <gnutls/abstract.h>
37 #include <gnutls/crypto.h>
39 #include <gnutls/dane.h>
42 #include "gnunet_util_lib.h"
43 #include "gnunet_gns_service.h"
44 #include "gnunet_identity_service.h"
49 * Default Socks5 listen port.
51 #define GNUNET_GNS_PROXY_PORT 7777
54 * Maximum supported length for a URI.
55 * Should die. @deprecated
57 #define MAX_HTTP_URI_LENGTH 2048
60 * Size of the buffer for the data upload / download. Must be
61 * enough for curl, thus CURL_MAX_WRITE_SIZE is needed here (16k).
63 #define IO_BUFFERSIZE CURL_MAX_WRITE_SIZE
66 * Size of the read/write buffers for Socks. Uses
67 * 256 bytes for the hostname (at most), plus a few
68 * bytes overhead for the messages.
70 #define SOCKS_BUFFERSIZE (256 + 32)
73 * Port for plaintext HTTP.
80 #define HTTPS_PORT 443
83 * Largest allowed size for a PEM certificate.
85 #define MAX_PEM_SIZE (10 * 1024)
88 * After how long do we clean up unused MHD SSL/TLS instances?
90 #define MHD_CACHE_TIMEOUT GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 5)
93 * After how long do we clean up Socks5 handles that failed to show any activity
94 * with their respective MHD instance?
96 #define HTTP_HANDSHAKE_TIMEOUT GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 15)
102 * @param level log level
103 * @param fun name of curl_easy-function that gave the error
104 * @param rc return code from curl
106 #define LOG_CURL_EASY(level,fun,rc) GNUNET_log(level, _("%s failed at %s:%d: `%s'\n"), fun, __FILE__, __LINE__, curl_easy_strerror (rc))
109 /* *************** Socks protocol definitions (move to TUN?) ****************** */
112 * Which SOCKS version do we speak?
114 #define SOCKS_VERSION_5 0x05
117 * Flag to set for 'no authentication'.
119 #define SOCKS_AUTH_NONE 0
123 * Commands in Socks5.
128 * Establish TCP/IP stream.
130 SOCKS5_CMD_TCP_STREAM = 1,
133 * Establish TCP port binding.
135 SOCKS5_CMD_TCP_PORT = 2,
138 * Establish UDP port binding.
140 SOCKS5_CMD_UDP_PORT = 3
145 * Address types in Socks5.
147 enum Socks5AddressType
157 SOCKS5_AT_DOMAINNAME = 3,
168 * Status codes in Socks5 response.
170 enum Socks5StatusCode
172 SOCKS5_STATUS_REQUEST_GRANTED = 0,
173 SOCKS5_STATUS_GENERAL_FAILURE = 1,
174 SOCKS5_STATUS_CONNECTION_NOT_ALLOWED_BY_RULE = 2,
175 SOCKS5_STATUS_NETWORK_UNREACHABLE = 3,
176 SOCKS5_STATUS_HOST_UNREACHABLE = 4,
177 SOCKS5_STATUS_CONNECTION_REFUSED_BY_HOST = 5,
178 SOCKS5_STATUS_TTL_EXPIRED = 6,
179 SOCKS5_STATUS_COMMAND_NOT_SUPPORTED = 7,
180 SOCKS5_STATUS_ADDRESS_TYPE_NOT_SUPPORTED = 8
185 * Client hello in Socks5 protocol.
187 struct Socks5ClientHelloMessage
190 * Should be #SOCKS_VERSION_5.
195 * How many authentication methods does the client support.
197 uint8_t num_auth_methods;
199 /* followed by supported authentication methods, 1 byte per method */
205 * Server hello in Socks5 protocol.
207 struct Socks5ServerHelloMessage
210 * Should be #SOCKS_VERSION_5.
215 * Chosen authentication method, for us always #SOCKS_AUTH_NONE,
216 * which skips the authentication step.
223 * Client socks request in Socks5 protocol.
225 struct Socks5ClientRequestMessage
228 * Should be #SOCKS_VERSION_5.
233 * Command code, we only uspport #SOCKS5_CMD_TCP_STREAM.
238 * Reserved, always zero.
243 * Address type, an `enum Socks5AddressType`.
248 * Followed by either an ip4/ipv6 address or a domain name with a
249 * length field (uint8_t) in front (depending on @e addr_type).
250 * followed by port number in network byte order (uint16_t).
256 * Server response to client requests in Socks5 protocol.
258 struct Socks5ServerResponseMessage
261 * Should be #SOCKS_VERSION_5.
266 * Status code, an `enum Socks5StatusCode`
276 * Address type, an `enum Socks5AddressType`.
281 * Followed by either an ip4/ipv6 address or a domain name with a
282 * length field (uint8_t) in front (depending on @e addr_type).
283 * followed by port number in network byte order (uint16_t).
290 /* *********************** Datastructures for HTTP handling ****************** */
293 * A structure for CA cert/key
300 gnutls_x509_crt_t cert;
305 gnutls_x509_privkey_t key;
310 * Structure for GNS certificates
312 struct ProxyGNSCertificate
315 * The certificate as PEM
317 char cert[MAX_PEM_SIZE];
320 * The private key as PEM
322 char key[MAX_PEM_SIZE];
328 * A structure for all running Httpds
335 struct MhdHttpList *prev;
340 struct MhdHttpList *next;
343 * the domain name to server (only important for SSL)
350 struct MHD_Daemon *daemon;
353 * Optional proxy certificate used
355 struct ProxyGNSCertificate *proxy_cert;
360 GNUNET_SCHEDULER_TaskIdentifier httpd_task;
363 * is this an ssl daemon?
370 /* ***************** Datastructures for Socks handling **************** */
379 * We're waiting to get the client hello.
384 * We're waiting to get the initial request.
389 * We are currently resolving the destination.
394 * We're in transfer mode.
396 SOCKS5_DATA_TRANSFER,
399 * Finish writing the write buffer, then clean up.
401 SOCKS5_WRITE_THEN_CLEANUP,
404 * Socket has been passed to MHD, do not close it anymore.
406 SOCKS5_SOCKET_WITH_MHD,
409 * We've finished receiving upload data from MHD.
411 SOCKS5_SOCKET_UPLOAD_STARTED,
414 * We've finished receiving upload data from MHD.
416 SOCKS5_SOCKET_UPLOAD_DONE,
419 * We've finished uploading data via CURL and can now download.
421 SOCKS5_SOCKET_DOWNLOAD_STARTED,
424 * We've finished receiving download data from cURL.
426 SOCKS5_SOCKET_DOWNLOAD_DONE
432 * A structure for socks requests
440 struct Socks5Request *next;
445 struct Socks5Request *prev;
450 struct GNUNET_NETWORK_Handle *sock;
453 * Handle to GNS lookup, during #SOCKS5_RESOLVING phase.
455 struct GNUNET_GNS_LookupRequest *gns_lookup;
458 * Client socket read task
460 GNUNET_SCHEDULER_TaskIdentifier rtask;
463 * Client socket write task
465 GNUNET_SCHEDULER_TaskIdentifier wtask;
470 GNUNET_SCHEDULER_TaskIdentifier timeout_task;
475 char rbuf[SOCKS_BUFFERSIZE];
480 char wbuf[SOCKS_BUFFERSIZE];
483 * Buffer we use for moving data between MHD and curl (in both directions).
485 char io_buf[IO_BUFFERSIZE];
488 * MHD HTTP instance handling this request, NULL for none.
490 struct MhdHttpList *hd;
493 * MHD response object for this request.
495 struct MHD_Response *response;
498 * the domain name to server (only important for SSL)
503 * DNS Legacy Host Name as given by GNS, NULL if not given.
508 * Payload of the (last) DANE record encountered.
523 * HTTP request headers for the curl request.
525 struct curl_slist *headers;
528 * HTTP response code to give to MHD for the response.
530 unsigned int response_code;
533 * Number of bytes in @e dane_data.
535 size_t dane_data_len;
538 * Number of bytes already in read buffer
543 * Number of bytes already in write buffer
548 * Number of bytes already in the IO buffer.
553 * Once known, what's the target address for the connection?
555 struct sockaddr_storage destination_address;
560 enum SocksPhase state;
563 * Desired destination port.
571 /* *********************** Globals **************************** */
575 * The port the proxy is running on (default 7777)
577 static unsigned long port = GNUNET_GNS_PROXY_PORT;
580 * The CA file (pem) to use for the proxy CA
582 static char *cafile_opt;
585 * The listen socket of the proxy for IPv4
587 static struct GNUNET_NETWORK_Handle *lsock4;
590 * The listen socket of the proxy for IPv6
592 static struct GNUNET_NETWORK_Handle *lsock6;
595 * The listen task ID for IPv4
597 static GNUNET_SCHEDULER_TaskIdentifier ltask4;
600 * The listen task ID for IPv6
602 static GNUNET_SCHEDULER_TaskIdentifier ltask6;
605 * The cURL download task (curl multi API).
607 static GNUNET_SCHEDULER_TaskIdentifier curl_download_task;
610 * The cURL multi handle
612 static CURLM *curl_multi;
615 * Handle to the GNS service
617 static struct GNUNET_GNS_Handle *gns_handle;
620 * DLL for http/https daemons
622 static struct MhdHttpList *mhd_httpd_head;
625 * DLL for http/https daemons
627 static struct MhdHttpList *mhd_httpd_tail;
630 * Daemon for HTTP (we have one per SSL certificate, and then one for
631 * all HTTP connections; this is the one for HTTP, not HTTPS).
633 static struct MhdHttpList *httpd;
636 * DLL of active socks requests.
638 static struct Socks5Request *s5r_head;
641 * DLL of active socks requests.
643 static struct Socks5Request *s5r_tail;
646 * The users local GNS master zone
648 static struct GNUNET_CRYPTO_EcdsaPublicKey local_gns_zone;
651 * The users local shorten zone
653 static struct GNUNET_CRYPTO_EcdsaPrivateKey local_shorten_zone;
656 * Is shortening enabled?
658 static int do_shorten;
661 * The CA for SSL certificate generation
663 static struct ProxyCA proxy_ca;
666 * Response we return on cURL failures.
668 static struct MHD_Response *curl_failure_response;
671 * Connection to identity service.
673 static struct GNUNET_IDENTITY_Handle *identity;
676 * Request for our ego.
678 static struct GNUNET_IDENTITY_Operation *id_op;
683 static const struct GNUNET_CONFIGURATION_Handle *cfg;
686 /* ************************* Global helpers ********************* */
690 * Run MHD now, we have extra data ready for the callback.
692 * @param hd the daemon to run now.
695 run_mhd_now (struct MhdHttpList *hd);
699 * Clean up s5r handles.
701 * @param s5r the handle to destroy
704 cleanup_s5r (struct Socks5Request *s5r)
706 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
707 "Cleaning up socks request\n");
708 if (NULL != s5r->curl)
710 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
711 "Cleaning up cURL handle\n");
712 curl_multi_remove_handle (curl_multi, s5r->curl);
713 curl_easy_cleanup (s5r->curl);
716 curl_slist_free_all (s5r->headers);
717 if ( (NULL != s5r->response) &&
718 (curl_failure_response != s5r->response) )
719 MHD_destroy_response (s5r->response);
720 if (GNUNET_SCHEDULER_NO_TASK != s5r->rtask)
721 GNUNET_SCHEDULER_cancel (s5r->rtask);
722 if (GNUNET_SCHEDULER_NO_TASK != s5r->timeout_task)
723 GNUNET_SCHEDULER_cancel (s5r->timeout_task);
724 if (GNUNET_SCHEDULER_NO_TASK != s5r->wtask)
725 GNUNET_SCHEDULER_cancel (s5r->wtask);
726 if (NULL != s5r->gns_lookup)
727 GNUNET_GNS_lookup_cancel (s5r->gns_lookup);
728 if (NULL != s5r->sock)
730 if (SOCKS5_SOCKET_WITH_MHD <= s5r->state)
731 GNUNET_NETWORK_socket_free_memory_only_ (s5r->sock);
733 GNUNET_NETWORK_socket_close (s5r->sock);
735 GNUNET_CONTAINER_DLL_remove (s5r_head,
738 GNUNET_free_non_null (s5r->domain);
739 GNUNET_free_non_null (s5r->leho);
740 GNUNET_free_non_null (s5r->url);
741 GNUNET_free_non_null (s5r->dane_data);
746 /* ************************* HTTP handling with cURL *********************** */
750 * Callback for MHD response generation. This function is called from
751 * MHD whenever MHD expects to get data back. Copies data from the
752 * io_buf, if available.
754 * @param cls closure with our `struct Socks5Request`
755 * @param pos in buffer
756 * @param buf where to copy data
757 * @param max available space in @a buf
758 * @return number of bytes written to @a buf
761 mhd_content_cb (void *cls,
766 struct Socks5Request *s5r = cls;
767 size_t bytes_to_copy;
769 if ( (SOCKS5_SOCKET_UPLOAD_STARTED == s5r->state) ||
770 (SOCKS5_SOCKET_UPLOAD_DONE == s5r->state) )
772 /* we're still not done with the upload, do not yet
773 start the download, the IO buffer is still full
775 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
776 "Pausing MHD download, not yet ready for download\n");
777 return 0; /* not yet ready for data download */
779 bytes_to_copy = GNUNET_MIN (max,
781 if ( (0 == bytes_to_copy) &&
782 (SOCKS5_SOCKET_DOWNLOAD_DONE != s5r->state) )
784 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
785 "Pausing MHD download, no data available\n");
786 return 0; /* more data later */
788 if ( (0 == bytes_to_copy) &&
789 (SOCKS5_SOCKET_DOWNLOAD_DONE == s5r->state) )
791 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
792 "Completed MHD download\n");
793 return MHD_CONTENT_READER_END_OF_STREAM;
795 memcpy (buf, s5r->io_buf, bytes_to_copy);
796 memmove (s5r->io_buf,
797 &s5r->io_buf[bytes_to_copy],
798 s5r->io_len - bytes_to_copy);
799 s5r->io_len -= bytes_to_copy;
800 if (NULL != s5r->curl)
801 curl_easy_pause (s5r->curl, CURLPAUSE_CONT);
802 return bytes_to_copy;
807 * Check that the website has presented us with a valid SSL certificate.
808 * The certificate must either match the domain name or the LEHO name
809 * (or, if available, the TLSA record).
811 * @param s5r request to check for.
812 * @return #GNUNET_OK if the certificate is valid
815 check_ssl_certificate (struct Socks5Request *s5r)
817 struct curl_tlsinfo tlsinfo;
818 unsigned int cert_list_size;
819 const gnutls_datum_t *chainp;
821 struct curl_tlsinfo *tlsinfo;
822 struct curl_slist *to_slist;
824 char certdn[GNUNET_DNSPARSER_MAX_NAME_LENGTH + 3];
826 gnutls_x509_crt_t x509_cert;
830 memset (&tlsinfo, 0, sizeof (tlsinfo));
831 gptr.tlsinfo = &tlsinfo;
833 curl_easy_getinfo (s5r->curl,
834 CURLINFO_TLS_SESSION,
836 return GNUNET_SYSERR;
837 if (CURLSSLBACKEND_GNUTLS != tlsinfo.ssl_backend)
839 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
840 _("Unsupported CURL SSL backend %d\n"),
841 tlsinfo.ssl_backend);
842 return GNUNET_SYSERR;
844 chainp = gnutls_certificate_get_peers (tlsinfo.internals, &cert_list_size);
845 if ( (! chainp) || (0 == cert_list_size) )
846 return GNUNET_SYSERR;
848 size = sizeof (certdn);
849 /* initialize an X.509 certificate structure. */
850 gnutls_x509_crt_init (&x509_cert);
851 gnutls_x509_crt_import (x509_cert,
853 GNUTLS_X509_FMT_DER);
855 if (0 != (rc = gnutls_x509_crt_get_dn_by_oid (x509_cert,
856 GNUTLS_OID_X520_COMMON_NAME,
857 0, /* the first and only one */
858 0 /* no DER encoding */,
862 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
863 _("Failed to fetch CN from cert: %s\n"),
864 gnutls_strerror(rc));
865 gnutls_x509_crt_deinit (x509_cert);
866 return GNUNET_SYSERR;
868 /* check for TLSA/DANE records */
870 if (NULL != s5r->dane_data)
872 char *dd[] = { s5r->dane_data, NULL };
873 int dlen[] = { s5r->dane_data_len, 0};
874 dane_state_t dane_state;
875 dane_query_t dane_query;
878 /* FIXME: add flags to gnutls to NOT read UNBOUND_ROOT_KEY_FILE here! */
879 if (0 != (rc = dane_state_init (&dane_state,
880 DANE_F_IGNORE_LOCAL_RESOLVER)))
882 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
883 _("Failed to initialize DANE: %s\n"),
885 gnutls_x509_crt_deinit (x509_cert);
886 return GNUNET_SYSERR;
888 if (0 != (rc = dane_raw_tlsa (dane_state,
895 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
896 _("Failed to parse DANE record: %s\n"),
898 dane_state_deinit (dane_state);
899 gnutls_x509_crt_deinit (x509_cert);
900 return GNUNET_SYSERR;
902 if (0 != (rc = dane_verify_crt_raw (dane_state,
905 gnutls_certificate_type_get (tlsinfo.internals),
910 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
911 _("Failed to verify TLS connection using DANE: %s\n"),
913 dane_query_deinit (dane_query);
914 dane_state_deinit (dane_state);
915 gnutls_x509_crt_deinit (x509_cert);
916 return GNUNET_SYSERR;
920 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
921 _("Failed DANE verification failed with GnuTLS verify status code: %u\n"),
923 dane_query_deinit (dane_query);
924 dane_state_deinit (dane_state);
925 gnutls_x509_crt_deinit (x509_cert);
926 return GNUNET_SYSERR;
928 dane_query_deinit (dane_query);
929 dane_state_deinit (dane_state);
935 /* try LEHO or ordinary domain name X509 verification */
937 if (NULL != s5r->leho)
941 if (0 == (rc = gnutls_x509_crt_check_hostname (x509_cert,
944 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
945 _("SSL certificate subject name (%s) does not match `%s'\n"),
948 gnutls_x509_crt_deinit (x509_cert);
949 return GNUNET_SYSERR;
954 /* we did not even have the domain name!? */
956 return GNUNET_SYSERR;
959 gnutls_x509_crt_deinit (x509_cert);
964 for(i=0;i<cert_list_size;i++)
966 gnutls_x509_crt_t cert;
969 if (GNUTLS_E_SUCCESS == gnutls_x509_crt_init (&cert))
971 if (GNUTLS_E_SUCCESS ==
972 gnutls_x509_crt_import (cert, &chainp[i],
973 GNUTLS_X509_FMT_DER))
975 if (GNUTLS_E_SUCCESS ==
976 gnutls_x509_crt_print (cert,
977 GNUTLS_CRT_PRINT_FULL,
980 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
981 "Certificate #%d: %.*s", i, dn.size, dn.data);
982 gnutls_free (dn.data);
985 gnutls_x509_crt_deinit (cert);
995 * We're getting an HTTP response header from cURL. Convert it to the
996 * MHD response headers. Mostly copies the headers, but makes special
997 * adjustments to "Set-Cookie" and "Location" headers as those may need
998 * to be changed from the LEHO to the domain the browser expects.
1000 * @param buffer curl buffer with a single line of header data; not 0-terminated!
1001 * @param size curl blocksize
1002 * @param nmemb curl blocknumber
1003 * @param cls our `struct Socks5Request *`
1004 * @return size of processed bytes
1007 curl_check_hdr (void *buffer, size_t size, size_t nmemb, void *cls)
1009 struct Socks5Request *s5r = cls;
1010 size_t bytes = size * nmemb;
1012 const char *hdr_type;
1013 const char *cookie_domain;
1016 char *new_cookie_hdr;
1019 size_t delta_cdomain;
1023 if (NULL == s5r->response)
1025 /* first, check SSL certificate */
1026 if ( (HTTPS_PORT == s5r->port) &&
1027 (GNUNET_OK != check_ssl_certificate (s5r)) )
1030 GNUNET_break (CURLE_OK ==
1031 curl_easy_getinfo (s5r->curl,
1032 CURLINFO_RESPONSE_CODE,
1034 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1035 "Creating MHD response with code %d\n",
1037 s5r->response_code = resp_code;
1038 s5r->response = MHD_create_response_from_callback (MHD_SIZE_UNKNOWN,
1043 if (NULL != s5r->leho)
1047 GNUNET_asprintf (&cors_hdr,
1048 (HTTPS_PORT == s5r->port)
1053 GNUNET_break (MHD_YES ==
1054 MHD_add_response_header (s5r->response,
1055 MHD_HTTP_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN,
1057 GNUNET_free (cors_hdr);
1059 /* force connection to be closed after each request, as we
1060 do not support HTTP pipelining */
1061 GNUNET_break (MHD_YES ==
1062 MHD_add_response_header (s5r->response,
1063 MHD_HTTP_HEADER_CONNECTION,
1067 ndup = GNUNET_strndup (buffer, bytes);
1068 hdr_type = strtok (ndup, ":");
1069 if (NULL == hdr_type)
1074 hdr_val = strtok (NULL, "");
1075 if (NULL == hdr_val)
1080 if (' ' == *hdr_val)
1083 /* custom logic for certain header types */
1084 new_cookie_hdr = NULL;
1085 if ( (NULL != s5r->leho) &&
1086 (0 == strcasecmp (hdr_type,
1087 MHD_HTTP_HEADER_SET_COOKIE)) )
1090 new_cookie_hdr = GNUNET_malloc (strlen (hdr_val) +
1091 strlen (s5r->domain) + 1);
1093 domain_matched = GNUNET_NO; /* make sure we match domain at most once */
1094 for (tok = strtok (hdr_val, ";"); NULL != tok; tok = strtok (NULL, ";"))
1096 if ( (0 == strncasecmp (tok, " domain", strlen (" domain"))) &&
1097 (GNUNET_NO == domain_matched) )
1099 domain_matched = GNUNET_YES;
1100 cookie_domain = tok + strlen (" domain") + 1;
1101 if (strlen (cookie_domain) < strlen (s5r->leho))
1103 delta_cdomain = strlen (s5r->leho) - strlen (cookie_domain);
1104 if (0 == strcasecmp (cookie_domain, s5r->leho + delta_cdomain))
1106 offset += sprintf (new_cookie_hdr + offset,
1112 else if (0 == strcmp (cookie_domain, s5r->leho))
1114 offset += sprintf (new_cookie_hdr + offset,
1119 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1120 _("Cookie domain `%s' supplied by server is invalid\n"),
1123 memcpy (new_cookie_hdr + offset, tok, strlen (tok));
1124 offset += strlen (tok);
1125 new_cookie_hdr[offset++] = ';';
1127 hdr_val = new_cookie_hdr;
1130 new_location = NULL;
1131 if (0 == strcasecmp (MHD_HTTP_HEADER_LOCATION, hdr_type))
1135 GNUNET_asprintf (&leho_host,
1136 (HTTPS_PORT != s5r->port)
1140 if (0 == strncmp (leho_host,
1142 strlen (leho_host)))
1144 GNUNET_asprintf (&new_location,
1146 (HTTPS_PORT != s5r->port)
1150 hdr_val + strlen (leho_host));
1151 hdr_val = new_location;
1153 GNUNET_free (leho_host);
1155 /* MHD does not allow certain characters in values, remove those */
1156 if (NULL != (tok = strchr (hdr_val, '\n')))
1158 if (NULL != (tok = strchr (hdr_val, '\r')))
1160 if (NULL != (tok = strchr (hdr_val, '\t')))
1162 if (0 != strlen (hdr_val))
1164 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1165 "Adding header %s: %s to MHD response\n",
1168 GNUNET_break (MHD_YES ==
1169 MHD_add_response_header (s5r->response,
1174 GNUNET_free_non_null (new_cookie_hdr);
1175 GNUNET_free_non_null (new_location);
1181 * Handle response payload data from cURL. Copies it into our `io_buf` to make
1182 * it available to MHD.
1184 * @param ptr pointer to the data
1185 * @param size number of blocks of data
1186 * @param nmemb blocksize
1187 * @param ctx our `struct Socks5Request *`
1188 * @return number of bytes handled
1191 curl_download_cb (void *ptr, size_t size, size_t nmemb, void* ctx)
1193 struct Socks5Request *s5r = ctx;
1194 size_t total = size * nmemb;
1196 if ( (SOCKS5_SOCKET_UPLOAD_STARTED == s5r->state) ||
1197 (SOCKS5_SOCKET_UPLOAD_DONE == s5r->state) )
1199 /* we're still not done with the upload, do not yet
1200 start the download, the IO buffer is still full
1201 with upload data. */
1202 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1203 "Pausing CURL download, waiting for UPLOAD to finish\n");
1204 return CURL_WRITEFUNC_PAUSE; /* not yet ready for data download */
1206 if (sizeof (s5r->io_buf) - s5r->io_len < total)
1208 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1209 "Pausing CURL download, not enough space\n");
1210 return CURL_WRITEFUNC_PAUSE; /* not enough space */
1212 memcpy (&s5r->io_buf[s5r->io_len],
1215 s5r->io_len += total;
1216 if (s5r->io_len == total)
1217 run_mhd_now (s5r->hd);
1223 * cURL callback for uploaded (PUT/POST) data. Copies it into our `io_buf`
1224 * to make it available to MHD.
1226 * @param buf where to write the data
1227 * @param size number of bytes per member
1228 * @param nmemb number of members available in @a buf
1229 * @param cls our `struct Socks5Request` that generated the data
1230 * @return number of bytes copied to @a buf
1233 curl_upload_cb (void *buf, size_t size, size_t nmemb, void *cls)
1235 struct Socks5Request *s5r = cls;
1236 size_t len = size * nmemb;
1239 if ( (0 == s5r->io_len) &&
1240 (SOCKS5_SOCKET_UPLOAD_DONE != s5r->state) )
1242 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1243 "Pausing CURL UPLOAD, need more data\n");
1244 return CURL_READFUNC_PAUSE;
1246 if ( (0 == s5r->io_len) &&
1247 (SOCKS5_SOCKET_UPLOAD_DONE == s5r->state) )
1249 s5r->state = SOCKS5_SOCKET_DOWNLOAD_STARTED;
1250 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1251 "Completed CURL UPLOAD\n");
1252 return 0; /* upload finished, can now download */
1254 if ( (SOCKS5_SOCKET_UPLOAD_STARTED != s5r->state) ||
1255 (SOCKS5_SOCKET_UPLOAD_DONE != s5r->state) )
1258 return CURL_READFUNC_ABORT;
1260 to_copy = GNUNET_MIN (s5r->io_len,
1262 memcpy (buf, s5r->io_buf, to_copy);
1263 memmove (s5r->io_buf,
1264 &s5r->io_buf[to_copy],
1265 s5r->io_len - to_copy);
1266 s5r->io_len -= to_copy;
1267 if (s5r->io_len + to_copy == sizeof (s5r->io_buf))
1268 run_mhd_now (s5r->hd); /* got more space for upload now */
1273 /* ************************** main loop of cURL interaction ****************** */
1277 * Task that is run when we are ready to receive more data
1280 * @param cls closure
1281 * @param tc task context
1284 curl_task_download (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc);
1288 * Ask cURL for the select() sets and schedule cURL operations.
1291 curl_download_prepare ()
1298 struct GNUNET_NETWORK_FDSet *grs;
1299 struct GNUNET_NETWORK_FDSet *gws;
1301 struct GNUNET_TIME_Relative rtime;
1303 if (GNUNET_SCHEDULER_NO_TASK != curl_download_task)
1305 GNUNET_SCHEDULER_cancel (curl_download_task);
1306 curl_download_task = GNUNET_SCHEDULER_NO_TASK;
1312 if (CURLM_OK != (mret = curl_multi_fdset (curl_multi, &rs, &ws, &es, &max)))
1314 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1315 "%s failed at %s:%d: `%s'\n",
1316 "curl_multi_fdset", __FILE__, __LINE__,
1317 curl_multi_strerror (mret));
1321 GNUNET_break (CURLM_OK == curl_multi_timeout (curl_multi, &to));
1323 rtime = GNUNET_TIME_UNIT_FOREVER_REL;
1325 rtime = GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MILLISECONDS, to);
1328 grs = GNUNET_NETWORK_fdset_create ();
1329 gws = GNUNET_NETWORK_fdset_create ();
1330 GNUNET_NETWORK_fdset_copy_native (grs, &rs, max + 1);
1331 GNUNET_NETWORK_fdset_copy_native (gws, &ws, max + 1);
1332 curl_download_task = GNUNET_SCHEDULER_add_select (GNUNET_SCHEDULER_PRIORITY_DEFAULT,
1335 &curl_task_download, curl_multi);
1336 GNUNET_NETWORK_fdset_destroy (gws);
1337 GNUNET_NETWORK_fdset_destroy (grs);
1341 curl_download_task = GNUNET_SCHEDULER_add_delayed (rtime,
1342 &curl_task_download,
1349 * Task that is run when we are ready to receive more data from curl.
1351 * @param cls closure, NULL
1352 * @param tc task context
1355 curl_task_download (void *cls,
1356 const struct GNUNET_SCHEDULER_TaskContext *tc)
1360 struct CURLMsg *msg;
1362 struct Socks5Request *s5r;
1364 curl_download_task = GNUNET_SCHEDULER_NO_TASK;
1368 mret = curl_multi_perform (curl_multi, &running);
1369 while (NULL != (msg = curl_multi_info_read (curl_multi, &msgnum)))
1371 GNUNET_break (CURLE_OK ==
1372 curl_easy_getinfo (msg->easy_handle,
1383 /* documentation says this is not used */
1387 switch (msg->data.result)
1390 case CURLE_GOT_NOTHING:
1391 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1392 "CURL download completed.\n");
1393 s5r->state = SOCKS5_SOCKET_DOWNLOAD_DONE;
1394 run_mhd_now (s5r->hd);
1397 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1398 "Download curl failed: %s\n",
1399 curl_easy_strerror (msg->data.result));
1400 /* FIXME: indicate error somehow? close MHD connection badly as well? */
1401 s5r->state = SOCKS5_SOCKET_DOWNLOAD_DONE;
1402 run_mhd_now (s5r->hd);
1405 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1406 "Cleaning up cURL handle\n");
1407 curl_multi_remove_handle (curl_multi, s5r->curl);
1408 curl_easy_cleanup (s5r->curl);
1410 if (NULL == s5r->response)
1411 s5r->response = curl_failure_response;
1414 /* documentation says this is not used */
1418 /* unexpected status code */
1423 } while (mret == CURLM_CALL_MULTI_PERFORM);
1424 if (CURLM_OK != mret)
1425 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1426 "%s failed at %s:%d: `%s'\n",
1427 "curl_multi_perform", __FILE__, __LINE__,
1428 curl_multi_strerror (mret));
1431 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1432 "Suspending cURL multi loop, no more events pending\n");
1433 return; /* nothing more in progress */
1435 curl_download_prepare ();
1439 /* ********************************* MHD response generation ******************* */
1443 * Read HTTP request header field from the request. Copies the fields
1444 * over to the 'headers' that will be given to curl. However, 'Host'
1445 * is substituted with the LEHO if present. We also change the
1446 * 'Connection' header value to "close" as the proxy does not support
1449 * @param cls our `struct Socks5Request`
1450 * @param kind value kind
1451 * @param key field key
1452 * @param value field value
1453 * @return MHD_YES to continue to iterate
1456 con_val_iter (void *cls,
1457 enum MHD_ValueKind kind,
1461 struct Socks5Request *s5r = cls;
1464 if ( (0 == strcasecmp (MHD_HTTP_HEADER_HOST, key)) &&
1465 (NULL != s5r->leho) )
1467 if (0 == strcasecmp (MHD_HTTP_HEADER_CONNECTION, key))
1469 GNUNET_asprintf (&hdr,
1473 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1474 "Adding HEADER `%s' to HTTP request\n",
1476 s5r->headers = curl_slist_append (s5r->headers,
1484 * Main MHD callback for handling requests.
1487 * @param con MHD connection handle
1488 * @param url the url in the request
1489 * @param meth the HTTP method used ("GET", "PUT", etc.)
1490 * @param ver the HTTP version string (i.e. "HTTP/1.1")
1491 * @param upload_data the data being uploaded (excluding HEADERS,
1492 * for a POST that fits into memory and that is encoded
1493 * with a supported encoding, the POST data will NOT be
1494 * given in upload_data and is instead available as
1495 * part of MHD_get_connection_values; very large POST
1496 * data *will* be made available incrementally in
1498 * @param upload_data_size set initially to the size of the
1499 * @a upload_data provided; the method must update this
1500 * value to the number of bytes NOT processed;
1501 * @param con_cls pointer to location where we store the 'struct Request'
1502 * @return MHD_YES if the connection was handled successfully,
1503 * MHD_NO if the socket must be closed due to a serious
1504 * error while handling the request
1507 create_response (void *cls,
1508 struct MHD_Connection *con,
1512 const char *upload_data,
1513 size_t *upload_data_size,
1516 /* struct MhdHttpList* hd = cls; */
1517 struct Socks5Request *s5r = *con_cls;
1519 char ipstring[INET6_ADDRSTRLEN];
1520 char ipaddr[INET6_ADDRSTRLEN + 2];
1521 const struct sockaddr *sa;
1522 const struct sockaddr_in *s4;
1523 const struct sockaddr_in6 *s6;
1532 if ( (NULL == s5r->curl) &&
1533 (SOCKS5_SOCKET_WITH_MHD == s5r->state) )
1535 /* first time here, initialize curl handle */
1536 sa = (const struct sockaddr *) &s5r->destination_address;
1537 switch (sa->sa_family)
1540 s4 = (const struct sockaddr_in *) &s5r->destination_address;
1541 if (NULL == inet_ntop (AF_INET,
1549 GNUNET_snprintf (ipaddr,
1553 port = ntohs (s4->sin_port);
1556 s6 = (const struct sockaddr_in6 *) &s5r->destination_address;
1557 if (NULL == inet_ntop (AF_INET6,
1565 GNUNET_snprintf (ipaddr,
1569 port = ntohs (s6->sin6_port);
1575 s5r->curl = curl_easy_init ();
1576 if (NULL == s5r->curl)
1577 return MHD_queue_response (con,
1578 MHD_HTTP_INTERNAL_SERVER_ERROR,
1579 curl_failure_response);
1580 curl_easy_setopt (s5r->curl, CURLOPT_HEADERFUNCTION, &curl_check_hdr);
1581 curl_easy_setopt (s5r->curl, CURLOPT_HEADERDATA, s5r);
1582 curl_easy_setopt (s5r->curl, CURLOPT_FOLLOWLOCATION, 0);
1583 curl_easy_setopt (s5r->curl, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4);
1584 curl_easy_setopt (s5r->curl, CURLOPT_CONNECTTIMEOUT, 600L);
1585 curl_easy_setopt (s5r->curl, CURLOPT_TIMEOUT, 600L);
1586 curl_easy_setopt (s5r->curl, CURLOPT_NOSIGNAL, 1L);
1587 curl_easy_setopt (s5r->curl, CURLOPT_HTTP_CONTENT_DECODING, 0);
1588 curl_easy_setopt (s5r->curl, CURLOPT_HTTP_TRANSFER_DECODING, 0);
1589 curl_easy_setopt (s5r->curl, CURLOPT_NOSIGNAL, 1L);
1590 curl_easy_setopt (s5r->curl, CURLOPT_PRIVATE, s5r);
1591 curl_easy_setopt (s5r->curl, CURLOPT_VERBOSE, 0);
1592 GNUNET_asprintf (&curlurl,
1593 (HTTPS_PORT != s5r->port)
1595 : "https://%s:%d%s",
1599 curl_easy_setopt (s5r->curl,
1602 GNUNET_free (curlurl);
1604 if (0 == strcasecmp (meth, MHD_HTTP_METHOD_PUT))
1606 s5r->state = SOCKS5_SOCKET_UPLOAD_STARTED;
1607 curl_easy_setopt (s5r->curl, CURLOPT_UPLOAD, 1);
1608 curl_easy_setopt (s5r->curl, CURLOPT_WRITEFUNCTION, &curl_download_cb);
1609 curl_easy_setopt (s5r->curl, CURLOPT_WRITEDATA, s5r);
1610 curl_easy_setopt (s5r->curl, CURLOPT_READFUNCTION, &curl_upload_cb);
1611 curl_easy_setopt (s5r->curl, CURLOPT_READDATA, s5r);
1613 else if (0 == strcasecmp (meth, MHD_HTTP_METHOD_POST))
1615 s5r->state = SOCKS5_SOCKET_UPLOAD_STARTED;
1616 curl_easy_setopt (s5r->curl, CURLOPT_POST, 1);
1617 curl_easy_setopt (s5r->curl, CURLOPT_WRITEFUNCTION, &curl_download_cb);
1618 curl_easy_setopt (s5r->curl, CURLOPT_WRITEDATA, s5r);
1619 curl_easy_setopt (s5r->curl, CURLOPT_READFUNCTION, &curl_upload_cb);
1620 curl_easy_setopt (s5r->curl, CURLOPT_READDATA, s5r);
1622 else if (0 == strcasecmp (meth, MHD_HTTP_METHOD_HEAD))
1624 s5r->state = SOCKS5_SOCKET_DOWNLOAD_STARTED;
1625 curl_easy_setopt (s5r->curl, CURLOPT_NOBODY, 1);
1627 else if (0 == strcasecmp (meth, MHD_HTTP_METHOD_GET))
1629 s5r->state = SOCKS5_SOCKET_DOWNLOAD_STARTED;
1630 curl_easy_setopt (s5r->curl, CURLOPT_HTTPGET, 1);
1631 curl_easy_setopt (s5r->curl, CURLOPT_WRITEFUNCTION, &curl_download_cb);
1632 curl_easy_setopt (s5r->curl, CURLOPT_WRITEDATA, s5r);
1636 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1637 _("Unsupported HTTP method `%s'\n"),
1639 curl_easy_cleanup (s5r->curl);
1644 if (0 == strcasecmp (ver, MHD_HTTP_VERSION_1_0))
1646 curl_easy_setopt (s5r->curl, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0);
1648 else if (0 == strcasecmp (ver, MHD_HTTP_VERSION_1_1))
1650 curl_easy_setopt (s5r->curl, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
1654 curl_easy_setopt (s5r->curl, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_NONE);
1657 if (HTTPS_PORT == s5r->port)
1659 curl_easy_setopt (s5r->curl, CURLOPT_USE_SSL, CURLUSESSL_ALL);
1660 curl_easy_setopt (s5r->curl, CURLOPT_SSL_VERIFYPEER, 1L);
1661 /* Disable cURL checking the hostname, as we will check ourselves
1662 as only we have the domain name or the LEHO or the DANE record */
1663 curl_easy_setopt (s5r->curl, CURLOPT_SSL_VERIFYHOST, 0L);
1667 curl_easy_setopt (s5r->curl, CURLOPT_USE_SSL, CURLUSESSL_NONE);
1670 if (CURLM_OK != curl_multi_add_handle (curl_multi, s5r->curl))
1673 curl_easy_cleanup (s5r->curl);
1677 MHD_get_connection_values (con,
1679 &con_val_iter, s5r);
1680 curl_easy_setopt (s5r->curl, CURLOPT_HTTPHEADER, s5r->headers);
1681 curl_download_prepare ();
1685 /* continuing to process request */
1686 if (0 != *upload_data_size)
1688 left = GNUNET_MIN (*upload_data_size,
1689 sizeof (s5r->io_buf) - s5r->io_len);
1690 memcpy (&s5r->io_buf[s5r->io_len],
1693 s5r->io_len += left;
1694 *upload_data_size -= left;
1695 GNUNET_assert (NULL != s5r->curl);
1696 curl_easy_pause (s5r->curl, CURLPAUSE_CONT);
1697 curl_download_prepare ();
1700 if (SOCKS5_SOCKET_UPLOAD_STARTED == s5r->state)
1702 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1703 "Finished processing UPLOAD\n");
1704 s5r->state = SOCKS5_SOCKET_UPLOAD_DONE;
1706 if (NULL == s5r->response)
1707 return MHD_YES; /* too early to queue response, did not yet get headers from cURL */
1708 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1709 "Queueing response with MHD\n");
1710 return MHD_queue_response (con,
1716 /* ******************** MHD HTTP setup and event loop ******************** */
1720 * Function called when MHD decides that we are done with a connection.
1723 * @param connection connection handle
1724 * @param con_cls value as set by the last call to
1725 * the MHD_AccessHandlerCallback, should be our `struct Socks5Request`
1726 * @param toe reason for request termination (ignored)
1729 mhd_completed_cb (void *cls,
1730 struct MHD_Connection *connection,
1732 enum MHD_RequestTerminationCode toe)
1734 struct Socks5Request *s5r = *con_cls;
1738 if (MHD_REQUEST_TERMINATED_COMPLETED_OK != toe)
1739 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
1740 "MHD encountered error handling request: %d\n",
1748 * Function called when MHD first processes an incoming connection.
1749 * Gives us the respective URI information.
1751 * We use this to associate the `struct MHD_Connection` with our
1752 * internal `struct Socks5Request` data structure (by checking
1753 * for matching sockets).
1755 * @param cls the HTTP server handle (a `struct MhdHttpList`)
1756 * @param url the URL that is being requested
1757 * @param connection MHD connection object for the request
1758 * @return the `struct Socks5Request` that this @a connection is for
1761 mhd_log_callback (void *cls,
1763 struct MHD_Connection *connection)
1765 struct Socks5Request *s5r;
1766 const union MHD_ConnectionInfo *ci;
1769 ci = MHD_get_connection_info (connection,
1770 MHD_CONNECTION_INFO_CONNECTION_FD);
1776 sock = ci->connect_fd;
1777 for (s5r = s5r_head; NULL != s5r; s5r = s5r->next)
1779 if (GNUNET_NETWORK_get_fd (s5r->sock) == sock)
1781 if (NULL != s5r->url)
1786 s5r->url = GNUNET_strdup (url);
1787 GNUNET_SCHEDULER_cancel (s5r->timeout_task);
1788 s5r->timeout_task = GNUNET_SCHEDULER_NO_TASK;
1797 * Kill the given MHD daemon.
1799 * @param hd daemon to stop
1802 kill_httpd (struct MhdHttpList *hd)
1804 GNUNET_CONTAINER_DLL_remove (mhd_httpd_head,
1807 GNUNET_free_non_null (hd->domain);
1808 MHD_stop_daemon (hd->daemon);
1809 if (GNUNET_SCHEDULER_NO_TASK != hd->httpd_task)
1811 GNUNET_SCHEDULER_cancel (hd->httpd_task);
1812 hd->httpd_task = GNUNET_SCHEDULER_NO_TASK;
1814 GNUNET_free_non_null (hd->proxy_cert);
1822 * Task run whenever HTTP server is idle for too long. Kill it.
1824 * @param cls the `struct MhdHttpList *`
1825 * @param tc sched context
1828 kill_httpd_task (void *cls,
1829 const struct GNUNET_SCHEDULER_TaskContext *tc)
1831 struct MhdHttpList *hd = cls;
1833 hd->httpd_task = GNUNET_SCHEDULER_NO_TASK;
1839 * Task run whenever HTTP server operations are pending.
1841 * @param cls the `struct MhdHttpList *` of the daemon that is being run
1842 * @param tc sched context
1845 do_httpd (void *cls,
1846 const struct GNUNET_SCHEDULER_TaskContext *tc);
1850 * Schedule MHD. This function should be called initially when an
1851 * MHD is first getting its client socket, and will then automatically
1852 * always be called later whenever there is work to be done.
1854 * @param hd the daemon to schedule
1857 schedule_httpd (struct MhdHttpList *hd)
1862 struct GNUNET_NETWORK_FDSet *wrs;
1863 struct GNUNET_NETWORK_FDSet *wws;
1866 MHD_UNSIGNED_LONG_LONG timeout;
1867 struct GNUNET_TIME_Relative tv;
1873 if (MHD_YES != MHD_get_fdset (hd->daemon, &rs, &ws, &es, &max))
1878 haveto = MHD_get_timeout (hd->daemon, &timeout);
1879 if (MHD_YES == haveto)
1880 tv.rel_value_us = (uint64_t) timeout * 1000LL;
1882 tv = GNUNET_TIME_UNIT_FOREVER_REL;
1885 wrs = GNUNET_NETWORK_fdset_create ();
1886 wws = GNUNET_NETWORK_fdset_create ();
1887 GNUNET_NETWORK_fdset_copy_native (wrs, &rs, max + 1);
1888 GNUNET_NETWORK_fdset_copy_native (wws, &ws, max + 1);
1895 if (GNUNET_SCHEDULER_NO_TASK != hd->httpd_task)
1896 GNUNET_SCHEDULER_cancel (hd->httpd_task);
1897 if ( (MHD_YES != haveto) &&
1901 /* daemon is idle, kill after timeout */
1902 hd->httpd_task = GNUNET_SCHEDULER_add_delayed (MHD_CACHE_TIMEOUT,
1909 GNUNET_SCHEDULER_add_select (GNUNET_SCHEDULER_PRIORITY_DEFAULT,
1914 GNUNET_NETWORK_fdset_destroy (wrs);
1916 GNUNET_NETWORK_fdset_destroy (wws);
1921 * Task run whenever HTTP server operations are pending.
1923 * @param cls the `struct MhdHttpList` of the daemon that is being run
1924 * @param tc scheduler context
1927 do_httpd (void *cls,
1928 const struct GNUNET_SCHEDULER_TaskContext *tc)
1930 struct MhdHttpList *hd = cls;
1932 hd->httpd_task = GNUNET_SCHEDULER_NO_TASK;
1933 MHD_run (hd->daemon);
1934 schedule_httpd (hd);
1939 * Run MHD now, we have extra data ready for the callback.
1941 * @param hd the daemon to run now.
1944 run_mhd_now (struct MhdHttpList *hd)
1946 if (GNUNET_SCHEDULER_NO_TASK !=
1948 GNUNET_SCHEDULER_cancel (hd->httpd_task);
1949 hd->httpd_task = GNUNET_SCHEDULER_add_now (&do_httpd,
1955 * Read file in filename
1957 * @param filename file to read
1958 * @param size pointer where filesize is stored
1959 * @return NULL on error
1962 load_file (const char* filename,
1969 GNUNET_DISK_file_size (filename, &fsize,
1970 GNUNET_YES, GNUNET_YES))
1972 if (fsize > MAX_PEM_SIZE)
1974 *size = (unsigned int) fsize;
1975 buffer = GNUNET_malloc (*size);
1976 if (fsize != GNUNET_DISK_fn_read (filename, buffer, (size_t) fsize))
1978 GNUNET_free (buffer);
1986 * Load PEM key from file
1988 * @param key where to store the data
1989 * @param keyfile path to the PEM file
1990 * @return #GNUNET_OK on success
1993 load_key_from_file (gnutls_x509_privkey_t key,
1994 const char* keyfile)
1996 gnutls_datum_t key_data;
1999 key_data.data = load_file (keyfile, &key_data.size);
2000 if (NULL == key_data.data)
2001 return GNUNET_SYSERR;
2002 ret = gnutls_x509_privkey_import (key, &key_data,
2003 GNUTLS_X509_FMT_PEM);
2004 if (GNUTLS_E_SUCCESS != ret)
2006 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2007 _("Unable to import private key from file `%s'\n"),
2010 GNUNET_free_non_null (key_data.data);
2011 return (GNUTLS_E_SUCCESS != ret) ? GNUNET_SYSERR : GNUNET_OK;
2016 * Load cert from file
2018 * @param crt struct to store data in
2019 * @param certfile path to pem file
2020 * @return #GNUNET_OK on success
2023 load_cert_from_file (gnutls_x509_crt_t crt,
2024 const char* certfile)
2026 gnutls_datum_t cert_data;
2029 cert_data.data = load_file (certfile, &cert_data.size);
2030 if (NULL == cert_data.data)
2031 return GNUNET_SYSERR;
2032 ret = gnutls_x509_crt_import (crt, &cert_data,
2033 GNUTLS_X509_FMT_PEM);
2034 if (GNUTLS_E_SUCCESS != ret)
2036 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2037 _("Unable to import certificate %s\n"), certfile);
2039 GNUNET_free_non_null (cert_data.data);
2040 return (GNUTLS_E_SUCCESS != ret) ? GNUNET_SYSERR : GNUNET_OK;
2045 * Generate new certificate for specific name
2047 * @param name the subject name to generate a cert for
2048 * @return a struct holding the PEM data, NULL on error
2050 static struct ProxyGNSCertificate *
2051 generate_gns_certificate (const char *name)
2053 unsigned int serial;
2054 size_t key_buf_size;
2055 size_t cert_buf_size;
2056 gnutls_x509_crt_t request;
2059 struct ProxyGNSCertificate *pgc;
2061 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2062 "Generating TLS/SSL certificate for `%s'\n",
2064 GNUNET_break (GNUTLS_E_SUCCESS == gnutls_x509_crt_init (&request));
2065 GNUNET_break (GNUTLS_E_SUCCESS == gnutls_x509_crt_set_key (request, proxy_ca.key));
2066 pgc = GNUNET_new (struct ProxyGNSCertificate);
2067 gnutls_x509_crt_set_dn_by_oid (request, GNUTLS_OID_X520_COUNTRY_NAME,
2069 gnutls_x509_crt_set_dn_by_oid (request, GNUTLS_OID_X520_ORGANIZATION_NAME,
2070 0, "GNU Name System", 4);
2071 gnutls_x509_crt_set_dn_by_oid (request, GNUTLS_OID_X520_COMMON_NAME,
2072 0, name, strlen (name));
2073 GNUNET_break (GNUTLS_E_SUCCESS == gnutls_x509_crt_set_version (request, 3));
2074 gnutls_rnd (GNUTLS_RND_NONCE, &serial, sizeof (serial));
2075 gnutls_x509_crt_set_serial (request,
2078 etime = time (NULL);
2079 tm_data = localtime (&etime);
2080 gnutls_x509_crt_set_activation_time (request,
2083 etime = mktime (tm_data);
2084 gnutls_x509_crt_set_expiration_time (request,
2086 gnutls_x509_crt_sign (request,
2089 key_buf_size = sizeof (pgc->key);
2090 cert_buf_size = sizeof (pgc->cert);
2091 gnutls_x509_crt_export (request, GNUTLS_X509_FMT_PEM,
2092 pgc->cert, &cert_buf_size);
2093 gnutls_x509_privkey_export (proxy_ca.key, GNUTLS_X509_FMT_PEM,
2094 pgc->key, &key_buf_size);
2095 gnutls_x509_crt_deinit (request);
2101 * Function called by MHD with errors, suppresses them all.
2103 * @param cls closure
2104 * @param fm format string (`printf()`-style)
2105 * @param ap arguments to @a fm
2108 mhd_error_log_callback (void *cls,
2117 * Lookup (or create) an SSL MHD instance for a particular domain.
2119 * @param domain the domain the SSL daemon has to serve
2120 * @return NULL on errro
2122 static struct MhdHttpList *
2123 lookup_ssl_httpd (const char* domain)
2125 struct MhdHttpList *hd;
2126 struct ProxyGNSCertificate *pgc;
2128 for (hd = mhd_httpd_head; NULL != hd; hd = hd->next)
2129 if ( (NULL != hd->domain) &&
2130 (0 == strcmp (hd->domain, domain)) )
2132 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2133 "Starting fresh MHD HTTPS instance for domain `%s'\n",
2135 pgc = generate_gns_certificate (domain);
2136 hd = GNUNET_new (struct MhdHttpList);
2137 hd->is_ssl = GNUNET_YES;
2138 hd->domain = GNUNET_strdup (domain);
2139 hd->proxy_cert = pgc;
2140 hd->daemon = MHD_start_daemon (MHD_USE_DEBUG | MHD_USE_SSL | MHD_USE_NO_LISTEN_SOCKET,
2143 &create_response, hd,
2144 MHD_OPTION_CONNECTION_TIMEOUT, (unsigned int) 16,
2145 MHD_OPTION_NOTIFY_COMPLETED, &mhd_completed_cb, NULL,
2146 MHD_OPTION_URI_LOG_CALLBACK, &mhd_log_callback, NULL,
2147 MHD_OPTION_EXTERNAL_LOGGER, &mhd_error_log_callback, NULL,
2148 MHD_OPTION_HTTPS_MEM_KEY, pgc->key,
2149 MHD_OPTION_HTTPS_MEM_CERT, pgc->cert,
2151 if (NULL == hd->daemon)
2157 GNUNET_CONTAINER_DLL_insert (mhd_httpd_head,
2165 * Task run when a Socks5Request somehow fails to be associated with
2166 * an MHD connection (i.e. because the client never speaks HTTP after
2167 * the SOCKS5 handshake). Clean up.
2169 * @param cls the `struct Socks5Request *`
2170 * @param tc sched context
2173 timeout_s5r_handshake (void *cls,
2174 const struct GNUNET_SCHEDULER_TaskContext *tc)
2176 struct Socks5Request *s5r = cls;
2178 s5r->timeout_task = GNUNET_SCHEDULER_NO_TASK;
2184 * We're done with the Socks5 protocol, now we need to pass the
2185 * connection data through to the final destination, either
2186 * direct (if the protocol might not be HTTP), or via MHD
2187 * (if the port looks like it should be HTTP).
2189 * @param s5r socks request that has reached the final stage
2192 setup_data_transfer (struct Socks5Request *s5r)
2194 struct MhdHttpList *hd;
2196 const struct sockaddr *addr;
2202 hd = lookup_ssl_httpd (s5r->domain);
2205 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2206 _("Failed to start HTTPS server for `%s'\n"),
2214 GNUNET_assert (NULL != httpd);
2218 fd = GNUNET_NETWORK_get_fd (s5r->sock);
2219 addr = GNUNET_NETWORK_get_addr (s5r->sock);
2220 len = GNUNET_NETWORK_get_addrlen (s5r->sock);
2221 s5r->state = SOCKS5_SOCKET_WITH_MHD;
2222 if (MHD_YES != MHD_add_connection (hd->daemon, fd, addr, len))
2224 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
2225 _("Failed to pass client to MHD\n"));
2230 schedule_httpd (hd);
2231 s5r->timeout_task = GNUNET_SCHEDULER_add_delayed (HTTP_HANDSHAKE_TIMEOUT,
2232 &timeout_s5r_handshake,
2237 /* ********************* SOCKS handling ************************* */
2241 * Write data from buffer to socks5 client, then continue with state machine.
2243 * @param cls the closure with the `struct Socks5Request`
2244 * @param tc scheduler context
2247 do_write (void *cls,
2248 const struct GNUNET_SCHEDULER_TaskContext *tc)
2250 struct Socks5Request *s5r = cls;
2253 s5r->wtask = GNUNET_SCHEDULER_NO_TASK;
2254 len = GNUNET_NETWORK_socket_send (s5r->sock,
2259 /* write error: connection closed, shutdown, etc.; just clean up */
2265 s5r->wbuf_len - len);
2266 s5r->wbuf_len -= len;
2267 if (s5r->wbuf_len > 0)
2269 /* not done writing */
2271 GNUNET_SCHEDULER_add_write_net (GNUNET_TIME_UNIT_FOREVER_REL,
2277 /* we're done writing, continue with state machine! */
2284 case SOCKS5_REQUEST:
2285 GNUNET_assert (GNUNET_SCHEDULER_NO_TASK != s5r->rtask);
2287 case SOCKS5_DATA_TRANSFER:
2288 setup_data_transfer (s5r);
2290 case SOCKS5_WRITE_THEN_CLEANUP:
2301 * Return a server response message indicating a failure to the client.
2303 * @param s5r request to return failure code for
2304 * @param sc status code to return
2307 signal_socks_failure (struct Socks5Request *s5r,
2308 enum Socks5StatusCode sc)
2310 struct Socks5ServerResponseMessage *s_resp;
2312 s_resp = (struct Socks5ServerResponseMessage *) &s5r->wbuf[s5r->wbuf_len];
2313 memset (s_resp, 0, sizeof (struct Socks5ServerResponseMessage));
2314 s_resp->version = SOCKS_VERSION_5;
2316 s5r->state = SOCKS5_WRITE_THEN_CLEANUP;
2317 if (GNUNET_SCHEDULER_NO_TASK != s5r->wtask)
2319 GNUNET_SCHEDULER_add_write_net (GNUNET_TIME_UNIT_FOREVER_REL,
2326 * Return a server response message indicating success.
2328 * @param s5r request to return success status message for
2331 signal_socks_success (struct Socks5Request *s5r)
2333 struct Socks5ServerResponseMessage *s_resp;
2335 s_resp = (struct Socks5ServerResponseMessage *) &s5r->wbuf[s5r->wbuf_len];
2336 s_resp->version = SOCKS_VERSION_5;
2337 s_resp->reply = SOCKS5_STATUS_REQUEST_GRANTED;
2338 s_resp->reserved = 0;
2339 s_resp->addr_type = SOCKS5_AT_IPV4;
2340 /* zero out IPv4 address and port */
2343 sizeof (struct in_addr) + sizeof (uint16_t));
2344 s5r->wbuf_len += sizeof (struct Socks5ServerResponseMessage) +
2345 sizeof (struct in_addr) + sizeof (uint16_t);
2346 if (GNUNET_SCHEDULER_NO_TASK == s5r->wtask)
2348 GNUNET_SCHEDULER_add_write_net (GNUNET_TIME_UNIT_FOREVER_REL,
2355 * Process GNS results for target domain.
2357 * @param cls the `struct Socks5Request`
2358 * @param rd_count number of records returned
2359 * @param rd record data
2362 handle_gns_result (void *cls,
2364 const struct GNUNET_GNSRECORD_Data *rd)
2366 struct Socks5Request *s5r = cls;
2368 const struct GNUNET_GNSRECORD_Data *r;
2371 s5r->gns_lookup = NULL;
2373 for (i=0;i<rd_count;i++)
2376 switch (r->record_type)
2378 case GNUNET_DNSPARSER_TYPE_A:
2380 struct sockaddr_in *in;
2382 if (sizeof (struct in_addr) != r->data_size)
2384 GNUNET_break_op (0);
2387 if (GNUNET_YES == got_ip)
2390 GNUNET_NETWORK_test_pf (PF_INET))
2392 got_ip = GNUNET_YES;
2393 in = (struct sockaddr_in *) &s5r->destination_address;
2394 in->sin_family = AF_INET;
2395 memcpy (&in->sin_addr,
2398 in->sin_port = htons (s5r->port);
2399 #if HAVE_SOCKADDR_IN_SIN_LEN
2400 in->sin_len = sizeof (*in);
2404 case GNUNET_DNSPARSER_TYPE_AAAA:
2406 struct sockaddr_in6 *in;
2408 if (sizeof (struct in6_addr) != r->data_size)
2410 GNUNET_break_op (0);
2413 if (GNUNET_YES == got_ip)
2416 GNUNET_NETWORK_test_pf (PF_INET))
2418 /* FIXME: allow user to disable IPv6 per configuration option... */
2419 got_ip = GNUNET_YES;
2420 in = (struct sockaddr_in6 *) &s5r->destination_address;
2421 in->sin6_family = AF_INET6;
2422 memcpy (&in->sin6_addr,
2425 in->sin6_port = htons (s5r->port);
2426 #if HAVE_SOCKADDR_IN_SIN_LEN
2427 in->sin6_len = sizeof (*in);
2431 case GNUNET_GNSRECORD_TYPE_VPN:
2432 GNUNET_break (0); /* should have been translated within GNS */
2434 case GNUNET_GNSRECORD_TYPE_LEHO:
2435 GNUNET_free_non_null (s5r->leho);
2436 s5r->leho = GNUNET_strndup (r->data,
2439 case GNUNET_DNSPARSER_TYPE_TLSA:
2440 GNUNET_free_non_null (s5r->dane_data);
2441 s5r->dane_data_len = r->data_size;
2442 s5r->dane_data = GNUNET_malloc (r->data_size);
2443 memcpy (s5r->dane_data,
2452 if (GNUNET_YES != got_ip)
2454 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2455 "Name resolution failed to yield useful IP address.\n");
2456 signal_socks_failure (s5r,
2457 SOCKS5_STATUS_GENERAL_FAILURE);
2460 s5r->state = SOCKS5_DATA_TRANSFER;
2461 signal_socks_success (s5r);
2466 * Remove the first @a len bytes from the beginning of the read buffer.
2468 * @param s5r the handle clear the read buffer for
2469 * @param len number of bytes in read buffer to advance
2472 clear_from_s5r_rbuf (struct Socks5Request *s5r,
2475 GNUNET_assert (len <= s5r->rbuf_len);
2478 s5r->rbuf_len - len);
2479 s5r->rbuf_len -= len;
2484 * Read data from incoming Socks5 connection
2486 * @param cls the closure with the `struct Socks5Request`
2487 * @param tc the scheduler context
2490 do_s5r_read (void *cls,
2491 const struct GNUNET_SCHEDULER_TaskContext *tc)
2493 struct Socks5Request *s5r = cls;
2494 const struct Socks5ClientHelloMessage *c_hello;
2495 struct Socks5ServerHelloMessage *s_hello;
2496 const struct Socks5ClientRequestMessage *c_req;
2500 s5r->rtask = GNUNET_SCHEDULER_NO_TASK;
2501 if ( (NULL != tc->read_ready) &&
2502 (GNUNET_NETWORK_fdset_isset (tc->read_ready, s5r->sock)) )
2504 rlen = GNUNET_NETWORK_socket_recv (s5r->sock,
2505 &s5r->rbuf[s5r->rbuf_len],
2506 sizeof (s5r->rbuf) - s5r->rbuf_len);
2509 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2510 "socks5 client disconnected.\n");
2514 s5r->rbuf_len += rlen;
2516 s5r->rtask = GNUNET_SCHEDULER_add_read_net (GNUNET_TIME_UNIT_FOREVER_REL,
2519 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2520 "Processing %u bytes of socks data in state %d\n",
2526 c_hello = (const struct Socks5ClientHelloMessage*) &s5r->rbuf;
2527 if ( (s5r->rbuf_len < sizeof (struct Socks5ClientHelloMessage)) ||
2528 (s5r->rbuf_len < sizeof (struct Socks5ClientHelloMessage) + c_hello->num_auth_methods) )
2529 return; /* need more data */
2530 if (SOCKS_VERSION_5 != c_hello->version)
2532 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2533 _("Unsupported socks version %d\n"),
2534 (int) c_hello->version);
2538 clear_from_s5r_rbuf (s5r,
2539 sizeof (struct Socks5ClientHelloMessage) + c_hello->num_auth_methods);
2540 GNUNET_assert (0 == s5r->wbuf_len);
2541 s_hello = (struct Socks5ServerHelloMessage *) &s5r->wbuf;
2542 s5r->wbuf_len = sizeof (struct Socks5ServerHelloMessage);
2543 s_hello->version = SOCKS_VERSION_5;
2544 s_hello->auth_method = SOCKS_AUTH_NONE;
2545 GNUNET_assert (GNUNET_SCHEDULER_NO_TASK == s5r->wtask);
2546 s5r->wtask = GNUNET_SCHEDULER_add_write_net (GNUNET_TIME_UNIT_FOREVER_REL,
2549 s5r->state = SOCKS5_REQUEST;
2551 case SOCKS5_REQUEST:
2552 c_req = (const struct Socks5ClientRequestMessage *) &s5r->rbuf;
2553 if (s5r->rbuf_len < sizeof (struct Socks5ClientRequestMessage))
2555 switch (c_req->command)
2557 case SOCKS5_CMD_TCP_STREAM:
2561 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2562 _("Unsupported socks command %d\n"),
2563 (int) c_req->command);
2564 signal_socks_failure (s5r,
2565 SOCKS5_STATUS_COMMAND_NOT_SUPPORTED);
2568 switch (c_req->addr_type)
2570 case SOCKS5_AT_IPV4:
2572 const struct in_addr *v4 = (const struct in_addr *) &c_req[1];
2573 const uint16_t *port = (const uint16_t *) &v4[1];
2574 struct sockaddr_in *in;
2576 s5r->port = ntohs (*port);
2577 alen = sizeof (struct in_addr);
2578 if (s5r->rbuf_len < sizeof (struct Socks5ClientRequestMessage) +
2579 alen + sizeof (uint16_t))
2580 return; /* need more data */
2581 in = (struct sockaddr_in *) &s5r->destination_address;
2582 in->sin_family = AF_INET;
2584 in->sin_port = *port;
2585 #if HAVE_SOCKADDR_IN_SIN_LEN
2586 in->sin_len = sizeof (*in);
2588 s5r->state = SOCKS5_DATA_TRANSFER;
2591 case SOCKS5_AT_IPV6:
2593 const struct in6_addr *v6 = (const struct in6_addr *) &c_req[1];
2594 const uint16_t *port = (const uint16_t *) &v6[1];
2595 struct sockaddr_in6 *in;
2597 s5r->port = ntohs (*port);
2598 alen = sizeof (struct in6_addr);
2599 if (s5r->rbuf_len < sizeof (struct Socks5ClientRequestMessage) +
2600 alen + sizeof (uint16_t))
2601 return; /* need more data */
2602 in = (struct sockaddr_in6 *) &s5r->destination_address;
2603 in->sin6_family = AF_INET6;
2604 in->sin6_addr = *v6;
2605 in->sin6_port = *port;
2606 #if HAVE_SOCKADDR_IN_SIN_LEN
2607 in->sin6_len = sizeof (*in);
2609 s5r->state = SOCKS5_DATA_TRANSFER;
2612 case SOCKS5_AT_DOMAINNAME:
2614 const uint8_t *dom_len;
2615 const char *dom_name;
2616 const uint16_t *port;
2618 dom_len = (const uint8_t *) &c_req[1];
2619 alen = *dom_len + 1;
2620 if (s5r->rbuf_len < sizeof (struct Socks5ClientRequestMessage) +
2621 alen + sizeof (uint16_t))
2622 return; /* need more data */
2623 dom_name = (const char *) &dom_len[1];
2624 port = (const uint16_t*) &dom_name[*dom_len];
2625 s5r->domain = GNUNET_strndup (dom_name, *dom_len);
2626 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2627 "Requested connection is to %s:%d\n",
2630 s5r->state = SOCKS5_RESOLVING;
2631 s5r->port = ntohs (*port);
2632 s5r->gns_lookup = GNUNET_GNS_lookup (gns_handle,
2635 GNUNET_DNSPARSER_TYPE_A,
2636 GNUNET_NO /* only cached */,
2637 (GNUNET_YES == do_shorten) ? &local_shorten_zone : NULL,
2643 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2644 _("Unsupported socks address type %d\n"),
2645 (int) c_req->addr_type);
2646 signal_socks_failure (s5r,
2647 SOCKS5_STATUS_ADDRESS_TYPE_NOT_SUPPORTED);
2650 clear_from_s5r_rbuf (s5r,
2651 sizeof (struct Socks5ClientRequestMessage) +
2652 alen + sizeof (uint16_t));
2653 if (0 != s5r->rbuf_len)
2655 /* read more bytes than healthy, why did the client send more!? */
2656 GNUNET_break_op (0);
2657 signal_socks_failure (s5r,
2658 SOCKS5_STATUS_GENERAL_FAILURE);
2661 if (SOCKS5_DATA_TRANSFER == s5r->state)
2663 /* if we are not waiting for GNS resolution, signal success */
2664 signal_socks_success (s5r);
2666 /* We are done reading right now */
2667 GNUNET_SCHEDULER_cancel (s5r->rtask);
2668 s5r->rtask = GNUNET_SCHEDULER_NO_TASK;
2670 case SOCKS5_RESOLVING:
2673 case SOCKS5_DATA_TRANSFER:
2684 * Accept new incoming connections
2686 * @param cls the closure with the lsock4 or lsock6
2687 * @param tc the scheduler context
2690 do_accept (void *cls,
2691 const struct GNUNET_SCHEDULER_TaskContext *tc)
2693 struct GNUNET_NETWORK_Handle *lsock = cls;
2694 struct GNUNET_NETWORK_Handle *s;
2695 struct Socks5Request *s5r;
2697 if (lsock == lsock4)
2698 ltask4 = GNUNET_SCHEDULER_NO_TASK;
2700 ltask6 = GNUNET_SCHEDULER_NO_TASK;
2701 if (0 != (tc->reason & GNUNET_SCHEDULER_REASON_SHUTDOWN))
2703 if (lsock == lsock4)
2704 ltask4 = GNUNET_SCHEDULER_add_read_net (GNUNET_TIME_UNIT_FOREVER_REL,
2708 ltask6 = GNUNET_SCHEDULER_add_read_net (GNUNET_TIME_UNIT_FOREVER_REL,
2711 s = GNUNET_NETWORK_socket_accept (lsock, NULL, NULL);
2714 GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR, "accept");
2717 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2718 "Got an inbound connection, waiting for data\n");
2719 s5r = GNUNET_new (struct Socks5Request);
2720 GNUNET_CONTAINER_DLL_insert (s5r_head,
2724 s5r->state = SOCKS5_INIT;
2725 s5r->rtask = GNUNET_SCHEDULER_add_read_net (GNUNET_TIME_UNIT_FOREVER_REL,
2731 /* ******************* General / main code ********************* */
2735 * Task run on shutdown
2737 * @param cls closure
2738 * @param tc task context
2741 do_shutdown (void *cls,
2742 const struct GNUNET_SCHEDULER_TaskContext *tc)
2744 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
2745 "Shutting down...\n");
2746 while (NULL != mhd_httpd_head)
2747 kill_httpd (mhd_httpd_head);
2748 while (NULL != s5r_head)
2749 cleanup_s5r (s5r_head);
2752 GNUNET_NETWORK_socket_close (lsock4);
2757 GNUNET_NETWORK_socket_close (lsock6);
2762 GNUNET_IDENTITY_cancel (id_op);
2765 if (NULL != identity)
2767 GNUNET_IDENTITY_disconnect (identity);
2770 if (NULL != curl_multi)
2772 curl_multi_cleanup (curl_multi);
2775 if (NULL != gns_handle)
2777 GNUNET_GNS_disconnect (gns_handle);
2780 if (GNUNET_SCHEDULER_NO_TASK != curl_download_task)
2782 GNUNET_SCHEDULER_cancel (curl_download_task);
2783 curl_download_task = GNUNET_SCHEDULER_NO_TASK;
2785 if (GNUNET_SCHEDULER_NO_TASK != ltask4)
2787 GNUNET_SCHEDULER_cancel (ltask4);
2788 ltask4 = GNUNET_SCHEDULER_NO_TASK;
2790 if (GNUNET_SCHEDULER_NO_TASK != ltask6)
2792 GNUNET_SCHEDULER_cancel (ltask6);
2793 ltask6 = GNUNET_SCHEDULER_NO_TASK;
2795 gnutls_x509_crt_deinit (proxy_ca.cert);
2796 gnutls_x509_privkey_deinit (proxy_ca.key);
2797 gnutls_global_deinit ();
2802 * Create an IPv4 listen socket bound to our port.
2804 * @return NULL on error
2806 static struct GNUNET_NETWORK_Handle *
2809 struct GNUNET_NETWORK_Handle *ls;
2810 struct sockaddr_in sa4;
2813 memset (&sa4, 0, sizeof (sa4));
2814 sa4.sin_family = AF_INET;
2815 sa4.sin_port = htons (port);
2816 #if HAVE_SOCKADDR_IN_SIN_LEN
2817 sa4.sin_len = sizeof (sa4);
2819 ls = GNUNET_NETWORK_socket_create (AF_INET,
2825 GNUNET_NETWORK_socket_bind (ls, (const struct sockaddr *) &sa4,
2829 GNUNET_NETWORK_socket_close (ls);
2838 * Create an IPv6 listen socket bound to our port.
2840 * @return NULL on error
2842 static struct GNUNET_NETWORK_Handle *
2845 struct GNUNET_NETWORK_Handle *ls;
2846 struct sockaddr_in6 sa6;
2849 memset (&sa6, 0, sizeof (sa6));
2850 sa6.sin6_family = AF_INET6;
2851 sa6.sin6_port = htons (port);
2852 #if HAVE_SOCKADDR_IN_SIN_LEN
2853 sa6.sin6_len = sizeof (sa6);
2855 ls = GNUNET_NETWORK_socket_create (AF_INET6,
2861 GNUNET_NETWORK_socket_bind (ls, (const struct sockaddr *) &sa6,
2865 GNUNET_NETWORK_socket_close (ls);
2874 * Continue initialization after we have our zone information.
2879 struct MhdHttpList *hd;
2881 /* Open listen socket for socks proxy */
2882 lsock6 = bind_v6 ();
2884 GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR, "bind");
2887 if (GNUNET_OK != GNUNET_NETWORK_socket_listen (lsock6, 5))
2889 GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR, "listen");
2890 GNUNET_NETWORK_socket_close (lsock6);
2895 ltask6 = GNUNET_SCHEDULER_add_read_net (GNUNET_TIME_UNIT_FOREVER_REL,
2896 lsock6, &do_accept, lsock6);
2899 lsock4 = bind_v4 ();
2901 GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR, "bind");
2904 if (GNUNET_OK != GNUNET_NETWORK_socket_listen (lsock4, 5))
2906 GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR, "listen");
2907 GNUNET_NETWORK_socket_close (lsock4);
2912 ltask4 = GNUNET_SCHEDULER_add_read_net (GNUNET_TIME_UNIT_FOREVER_REL,
2913 lsock4, &do_accept, lsock4);
2916 if ( (NULL == lsock4) &&
2919 GNUNET_SCHEDULER_shutdown ();
2922 if (0 != curl_global_init (CURL_GLOBAL_WIN32))
2924 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2925 "cURL global init failed!\n");
2926 GNUNET_SCHEDULER_shutdown ();
2929 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2930 "Proxy listens on port %u\n",
2933 /* start MHD daemon for HTTP */
2934 hd = GNUNET_new (struct MhdHttpList);
2935 hd->daemon = MHD_start_daemon (MHD_USE_DEBUG | MHD_USE_NO_LISTEN_SOCKET,
2938 &create_response, hd,
2939 MHD_OPTION_CONNECTION_TIMEOUT, (unsigned int) 16,
2940 MHD_OPTION_NOTIFY_COMPLETED, &mhd_completed_cb, NULL,
2941 MHD_OPTION_URI_LOG_CALLBACK, &mhd_log_callback, NULL,
2943 if (NULL == hd->daemon)
2946 GNUNET_SCHEDULER_shutdown ();
2950 GNUNET_CONTAINER_DLL_insert (mhd_httpd_head, mhd_httpd_tail, hd);
2955 * Method called to inform about the egos of the shorten zone of this peer.
2957 * When used with #GNUNET_IDENTITY_create or #GNUNET_IDENTITY_get,
2958 * this function is only called ONCE, and 'NULL' being passed in
2959 * @a ego does indicate an error (i.e. name is taken or no default
2960 * value is known). If @a ego is non-NULL and if '*ctx'
2961 * is set in those callbacks, the value WILL be passed to a subsequent
2962 * call to the identity callback of #GNUNET_IDENTITY_connect (if
2963 * that one was not NULL).
2965 * @param cls closure, NULL
2966 * @param ego ego handle
2967 * @param ctx context for application to store data for this ego
2968 * (during the lifetime of this process, initially NULL)
2969 * @param name name assigned by the user for this ego,
2970 * NULL if the user just deleted the ego and it
2971 * must thus no longer be used
2974 identity_shorten_cb (void *cls,
2975 struct GNUNET_IDENTITY_Ego *ego,
2982 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
2983 _("No ego configured for `shorten-zone`\n"));
2987 local_shorten_zone = *GNUNET_IDENTITY_ego_get_private_key (ego);
2988 do_shorten = GNUNET_YES;
2995 * Method called to inform about the egos of the master zone of this peer.
2997 * When used with #GNUNET_IDENTITY_create or #GNUNET_IDENTITY_get,
2998 * this function is only called ONCE, and 'NULL' being passed in
2999 * @a ego does indicate an error (i.e. name is taken or no default
3000 * value is known). If @a ego is non-NULL and if '*ctx'
3001 * is set in those callbacks, the value WILL be passed to a subsequent
3002 * call to the identity callback of #GNUNET_IDENTITY_connect (if
3003 * that one was not NULL).
3005 * @param cls closure, NULL
3006 * @param ego ego handle
3007 * @param ctx context for application to store data for this ego
3008 * (during the lifetime of this process, initially NULL)
3009 * @param name name assigned by the user for this ego,
3010 * NULL if the user just deleted the ego and it
3011 * must thus no longer be used
3014 identity_master_cb (void *cls,
3015 struct GNUNET_IDENTITY_Ego *ego,
3022 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
3023 _("No ego configured for `%s`\n"),
3025 GNUNET_SCHEDULER_shutdown ();
3028 GNUNET_IDENTITY_ego_get_public_key (ego,
3030 id_op = GNUNET_IDENTITY_get (identity,
3032 &identity_shorten_cb,
3038 * Main function that will be run
3040 * @param cls closure
3041 * @param args remaining command-line arguments
3042 * @param cfgfile name of the configuration file used (for saving, can be NULL!)
3043 * @param c configuration
3046 run (void *cls, char *const *args, const char *cfgfile,
3047 const struct GNUNET_CONFIGURATION_Handle *c)
3049 char* cafile_cfg = NULL;
3054 if (NULL == (curl_multi = curl_multi_init ()))
3056 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
3057 "Failed to create cURL multi handle!\n");
3060 cafile = cafile_opt;
3063 if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_filename (cfg, "gns-proxy",
3067 GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
3072 cafile = cafile_cfg;
3074 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
3075 "Using %s as CA\n", cafile);
3077 gnutls_global_init ();
3078 gnutls_x509_crt_init (&proxy_ca.cert);
3079 gnutls_x509_privkey_init (&proxy_ca.key);
3081 if ( (GNUNET_OK != load_cert_from_file (proxy_ca.cert, cafile)) ||
3082 (GNUNET_OK != load_key_from_file (proxy_ca.key, cafile)) )
3084 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
3085 _("Failed to load SSL/TLS key and certificate from `%s'\n"),
3087 gnutls_x509_crt_deinit (proxy_ca.cert);
3088 gnutls_x509_privkey_deinit (proxy_ca.key);
3089 gnutls_global_deinit ();
3090 GNUNET_free_non_null (cafile_cfg);
3093 GNUNET_free_non_null (cafile_cfg);
3094 if (NULL == (gns_handle = GNUNET_GNS_connect (cfg)))
3096 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
3097 "Unable to connect to GNS!\n");
3098 gnutls_x509_crt_deinit (proxy_ca.cert);
3099 gnutls_x509_privkey_deinit (proxy_ca.key);
3100 gnutls_global_deinit ();
3103 identity = GNUNET_IDENTITY_connect (cfg,
3105 id_op = GNUNET_IDENTITY_get (identity,
3107 &identity_master_cb,
3109 GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_UNIT_FOREVER_REL,
3110 &do_shutdown, NULL);
3115 * The main function for gnunet-gns-proxy.
3117 * @param argc number of arguments from the command line
3118 * @param argv command line arguments
3119 * @return 0 ok, 1 on error
3122 main (int argc, char *const *argv)
3124 static const struct GNUNET_GETOPT_CommandLineOption options[] = {
3126 gettext_noop ("listen on specified port (default: 7777)"), 1,
3127 &GNUNET_GETOPT_set_ulong, &port},
3128 {'a', "authority", NULL,
3129 gettext_noop ("pem file to use as CA"), 1,
3130 &GNUNET_GETOPT_set_string, &cafile_opt},
3131 GNUNET_GETOPT_OPTION_END
3133 static const char* page =
3134 "<html><head><title>gnunet-gns-proxy</title>"
3135 "</head><body>cURL fail</body></html>";
3138 if (GNUNET_OK != GNUNET_STRINGS_get_utf8_args (argc, argv, &argc, &argv))
3140 GNUNET_log_setup ("gnunet-gns-proxy", "WARNING", NULL);
3141 curl_failure_response = MHD_create_response_from_buffer (strlen (page),
3143 MHD_RESPMEM_PERSISTENT);
3147 GNUNET_PROGRAM_run (argc, argv, "gnunet-gns-proxy",
3148 _("GNUnet GNS proxy"),
3150 &run, NULL)) ? 0 : 1;
3151 MHD_destroy_response (curl_failure_response);
3152 GNUNET_free_non_null ((char *) argv);
3153 GNUNET_CRYPTO_ecdsa_key_clear (&local_shorten_zone);
3157 /* end of gnunet-gns-proxy.c */