GNUnet  0.19.5
gnunet-gns-proxy.c
Go to the documentation of this file.
1 /*
2  This file is part of GNUnet.
3  Copyright (C) 2012-2018 GNUnet e.V.
4 
5  GNUnet is free software: you can redistribute it and/or modify it
6  under the terms of the GNU Affero General Public License as published
7  by the Free Software Foundation, either version 3 of the License,
8  or (at your option) any later version.
9 
10  GNUnet is distributed in the hope that it will be useful, but
11  WITHOUT ANY WARRANTY; without even the implied warranty of
12  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13  Affero General Public License for more details.
14 
15  You should have received a copy of the GNU Affero General Public License
16  along with this program. If not, see <http://www.gnu.org/licenses/>.
17 
18  SPDX-License-Identifier: AGPL3.0-or-later
19  */
30 #include "platform.h"
31 #include <microhttpd.h>
32 /* Just included for the right curl.h */
33 #include "gnunet_curl_lib.h"
34 #include <gnutls/gnutls.h>
35 #include <gnutls/x509.h>
36 #include <gnutls/abstract.h>
37 #include <gnutls/crypto.h>
38 #if HAVE_GNUTLS_DANE
39 #include <gnutls/dane.h>
40 #endif
41 #include <regex.h>
42 #include "gnunet_util_lib.h"
43 #include "gnunet_gns_service.h"
45 #include "gns.h"
46 #include "gnunet_mhd_compat.h"
47 
51 #define GNUNET_GNS_PROXY_PORT 7777
52 
57 #define MAX_HTTP_URI_LENGTH 2048
58 
63 #define MAX_DANES 32
64 
69 #define IO_BUFFERSIZE CURL_MAX_WRITE_SIZE
70 
76 #define SOCKS_BUFFERSIZE (256 + 32)
77 
81 #define HTTP_PORT 80
82 
86 #define HTTPS_PORT 443
87 
91 #define MAX_PEM_SIZE (10 * 1024)
92 
96 #define MHD_CACHE_TIMEOUT GNUNET_TIME_relative_multiply ( \
97  GNUNET_TIME_UNIT_MINUTES, 5)
98 
103 #define HTTP_HANDSHAKE_TIMEOUT GNUNET_TIME_relative_multiply ( \
104  GNUNET_TIME_UNIT_SECONDS, 15)
105 
106 
114 #define LOG_CURL_EASY(level, fun, rc) \
115  GNUNET_log (level, \
116  _ ("%s failed at %s:%d: `%s'\n"), \
117  fun, \
118  __FILE__, \
119  __LINE__, \
120  curl_easy_strerror (rc))
121 
122 
123 /* *************** Socks protocol definitions (move to TUN?) ****************** */
124 
128 #define SOCKS_VERSION_5 0x05
129 
133 #define SOCKS_AUTH_NONE 0
134 
135 
140 {
145 
150 
155 };
156 
157 
162 {
167 
172 
176  SOCKS5_AT_IPV6 = 4
177 };
178 
179 
184 {
194 };
195 
196 
201 {
205  uint8_t version;
206 
211 
212  /* followed by supported authentication methods, 1 byte per method */
213 };
214 
215 
220 {
224  uint8_t version;
225 
230  uint8_t auth_method;
231 };
232 
233 
238 {
242  uint8_t version;
243 
247  uint8_t command;
248 
252  uint8_t resvd;
253 
257  uint8_t addr_type;
258 
259  /*
260  * Followed by either an ip4/ipv6 address or a domain name with a
261  * length field (uint8_t) in front (depending on @e addr_type).
262  * followed by port number in network byte order (uint16_t).
263  */
264 };
265 
266 
271 {
275  uint8_t version;
276 
280  uint8_t reply;
281 
285  uint8_t reserved;
286 
290  uint8_t addr_type;
291 
292  /*
293  * Followed by either an ip4/ipv6 address or a domain name with a
294  * length field (uint8_t) in front (depending on @e addr_type).
295  * followed by port number in network byte order (uint16_t).
296  */
297 };
298 
299 
300 /* *********************** Datastructures for HTTP handling ****************** */
301 
305 struct ProxyCA
306 {
310  gnutls_x509_crt_t cert;
311 
315  gnutls_x509_privkey_t key;
316 };
317 
318 
323 {
328 
333 };
334 
335 
340 {
344  struct MhdHttpList *prev;
345 
349  struct MhdHttpList *next;
350 
354  char *domain;
355 
359  struct MHD_Daemon *daemon;
360 
365 
370 
374  int is_ssl;
375 };
376 
377 
378 /* ***************** Datastructures for Socks handling **************** */
379 
380 
385 {
390 
395 
400 
405 
410 
415 
420 
425 
430 
435 };
436 
437 
442 {
447 
452 
456  char *type;
457 
461  char *value;
462 };
463 
468 {
473 
478 
483 
488 
493 
498 
503 
508 
513 
518 
522  struct MhdHttpList *hd;
523 
527  struct MHD_Connection *con;
528 
532  struct MHD_Response *response;
533 
537  char *domain;
538 
542  char *leho;
543 
547  char *dane_data[MAX_DANES + 1];
548 
552  char *url;
553 
557  CURL *curl;
558 
562  struct curl_slist *headers;
563 
567  struct curl_slist *hosts;
568 
572  unsigned int response_code;
573 
578 
583  unsigned int num_danes;
584 
588  size_t rbuf_len;
589 
593  size_t wbuf_len;
594 
598  size_t io_len;
599 
603  struct sockaddr_storage destination_address;
604 
608  enum SocksPhase state;
609 
613  uint16_t port;
614 
619 
624 
629 
633  int is_gns;
634 
638  int is_tls;
639 
644 
649 };
650 
651 
652 /* *********************** Globals **************************** */
653 
657 static in_addr_t address;
658 
662 static struct in6_addr address6;
663 
667 static uint16_t port = GNUNET_GNS_PROXY_PORT;
668 
672 static char *cafile_opt;
673 
678 
683 
688 
693 
698 
702 static CURLM *curl_multi;
703 
708 
712 static int disable_v6;
713 
718 
723 
728 static struct MhdHttpList *httpd;
729 
733 static struct Socks5Request *s5r_head;
734 
738 static struct Socks5Request *s5r_tail;
739 
743 static struct ProxyCA proxy_ca;
744 
748 static struct MHD_Response *curl_failure_response;
749 
753 static const struct GNUNET_CONFIGURATION_Handle *cfg;
754 
755 
756 /* ************************* Global helpers ********************* */
757 
758 
764 static void
765 run_mhd_now (struct MhdHttpList *hd);
766 
767 
773 static void
775 {
777  "Cleaning up socks request\n");
778  if (NULL != s5r->curl)
779  {
781  "Cleaning up cURL handle\n");
782  curl_multi_remove_handle (curl_multi,
783  s5r->curl);
784  curl_easy_cleanup (s5r->curl);
785  s5r->curl = NULL;
786  }
787  if (s5r->suspended)
788  {
789  s5r->suspended = GNUNET_NO;
790  MHD_resume_connection (s5r->con);
791  }
792  curl_slist_free_all (s5r->headers);
793  if (NULL != s5r->hosts)
794  {
795  curl_slist_free_all (s5r->hosts);
796  }
797  if ((NULL != s5r->response) &&
799  {
800  MHD_destroy_response (s5r->response);
801  s5r->response = NULL;
802  }
803  if (NULL != s5r->rtask)
804  {
806  s5r->rtask = NULL;
807  }
808  if (NULL != s5r->timeout_task)
809  {
811  s5r->timeout_task = NULL;
812  }
813  if (NULL != s5r->wtask)
814  {
816  s5r->wtask = NULL;
817  }
818  if (NULL != s5r->gns_lookup)
819  {
821  s5r->gns_lookup = NULL;
822  }
823  if (NULL != s5r->sock)
824  {
825  if (SOCKS5_SOCKET_WITH_MHD <= s5r->state)
827  else
829  s5r->sock = NULL;
830  }
832  s5r_tail,
833  s5r);
834  GNUNET_free (s5r->domain);
835  GNUNET_free (s5r->leho);
836  GNUNET_free (s5r->url);
837  for (unsigned int i = 0; i < s5r->num_danes; i++)
838  GNUNET_free (s5r->dane_data[i]);
839  GNUNET_free (s5r);
840 }
841 
842 
843 /* ************************* HTTP handling with cURL *********************** */
844 
845 static void
847 
848 
860 static ssize_t
861 mhd_content_cb (void *cls,
862  uint64_t pos,
863  char*buf,
864  size_t max)
865 {
866  struct Socks5Request *s5r = cls;
867  size_t bytes_to_copy;
868 
869  if ((SOCKS5_SOCKET_UPLOAD_STARTED == s5r->state) ||
871  {
872  /* we're still not done with the upload, do not yet
873  start the download, the IO buffer is still full
874  with upload data. */
876  "Pausing MHD download %s%s, not yet ready for download\n",
877  s5r->domain,
878  s5r->url);
879  return 0; /* not yet ready for data download */
880  }
881  bytes_to_copy = GNUNET_MIN (max,
882  s5r->io_len);
883  if ((0 == bytes_to_copy) &&
885  {
887  "Pausing MHD download %s%s, no data available\n",
888  s5r->domain,
889  s5r->url);
890  if (NULL != s5r->curl)
891  {
893  "Continuing CURL interaction for %s%s\n",
894  s5r->domain,
895  s5r->url);
896  if (GNUNET_YES == s5r->curl_paused)
897  {
898  s5r->curl_paused = GNUNET_NO;
899  curl_easy_pause (s5r->curl,
900  CURLPAUSE_CONT);
901  }
903  }
904  if (GNUNET_NO == s5r->suspended)
905  {
906  MHD_suspend_connection (s5r->con);
907  s5r->suspended = GNUNET_YES;
908  }
909  return 0; /* more data later */
910  }
911  if ((0 == bytes_to_copy) &&
913  {
915  "Completed MHD download %s%s\n",
916  s5r->domain,
917  s5r->url);
918  return MHD_CONTENT_READER_END_OF_STREAM;
919  }
921  "Writing %llu/%llu bytes to %s%s\n",
922  (unsigned long long) bytes_to_copy,
923  (unsigned long long) s5r->io_len,
924  s5r->domain,
925  s5r->url);
927  s5r->io_buf,
928  bytes_to_copy);
929  memmove (s5r->io_buf,
930  &s5r->io_buf[bytes_to_copy],
931  s5r->io_len - bytes_to_copy);
932  s5r->io_len -= bytes_to_copy;
933  if ((NULL != s5r->curl) &&
934  (GNUNET_YES == s5r->curl_paused))
935  {
937  "Continuing CURL interaction for %s%s\n",
938  s5r->domain,
939  s5r->url);
940  s5r->curl_paused = GNUNET_NO;
941  curl_easy_pause (s5r->curl,
942  CURLPAUSE_CONT);
943  }
944  return bytes_to_copy;
945 }
946 
947 
956 static int
958 {
959  unsigned int cert_list_size;
960  const gnutls_datum_t *chainp;
961  const struct curl_tlssessioninfo *tlsinfo;
962  char certdn[GNUNET_DNSPARSER_MAX_NAME_LENGTH + 3];
963  size_t size;
964  gnutls_x509_crt_t x509_cert;
965  int rc;
966  const char *name;
967 
968  s5r->ssl_checked = GNUNET_YES;
970  "Checking X.509 certificate\n");
971  if (CURLE_OK !=
972  curl_easy_getinfo (s5r->curl,
973  CURLINFO_TLS_SSL_PTR,
974  &tlsinfo))
975  return GNUNET_SYSERR;
976  if (CURLSSLBACKEND_GNUTLS != tlsinfo->backend)
977  {
979  _ ("Unsupported CURL TLS backend %d\n"),
980  tlsinfo->backend);
981  return GNUNET_SYSERR;
982  }
983  chainp = gnutls_certificate_get_peers (tlsinfo->internals,
984  &cert_list_size);
985  if ((! chainp) ||
986  (0 == cert_list_size))
987  return GNUNET_SYSERR;
988 
989  size = sizeof(certdn);
990  /* initialize an X.509 certificate structure. */
991  gnutls_x509_crt_init (&x509_cert);
992  gnutls_x509_crt_import (x509_cert,
993  chainp,
994  GNUTLS_X509_FMT_DER);
995 
996  if (0 != (rc = gnutls_x509_crt_get_dn_by_oid (x509_cert,
997  GNUTLS_OID_X520_COMMON_NAME,
998  0, /* the first and only one */
999  0 /* no DER encoding */,
1000  certdn,
1001  &size)))
1002  {
1004  _ ("Failed to fetch CN from cert: %s\n"),
1005  gnutls_strerror (rc));
1006  gnutls_x509_crt_deinit (x509_cert);
1007  return GNUNET_SYSERR;
1008  }
1009  /* check for TLSA/DANE records */
1010 #if HAVE_GNUTLS_DANE
1011  if (0 != s5r->num_danes)
1012  {
1013  dane_state_t dane_state;
1014  dane_query_t dane_query;
1015  unsigned int verify;
1016 
1017  /* FIXME: add flags to gnutls to NOT read UNBOUND_ROOT_KEY_FILE here! */
1018  if (0 != (rc = dane_state_init (&dane_state,
1019 #ifdef DANE_F_IGNORE_DNSSEC
1020  DANE_F_IGNORE_DNSSEC |
1021 #endif
1022  DANE_F_IGNORE_LOCAL_RESOLVER)))
1023  {
1025  _ ("Failed to initialize DANE: %s\n"),
1026  dane_strerror (rc));
1027  gnutls_x509_crt_deinit (x509_cert);
1028  return GNUNET_SYSERR;
1029  }
1030  s5r->dane_data[s5r->num_danes] = NULL;
1031  s5r->dane_data_len[s5r->num_danes] = 0;
1032  if (0 != (rc = dane_raw_tlsa (dane_state,
1033  &dane_query,
1034  s5r->dane_data,
1035  s5r->dane_data_len,
1036  GNUNET_YES,
1037  GNUNET_NO)))
1038  {
1040  _ ("Failed to parse DANE record: %s\n"),
1041  dane_strerror (rc));
1042  dane_state_deinit (dane_state);
1043  gnutls_x509_crt_deinit (x509_cert);
1044  return GNUNET_SYSERR;
1045  }
1046  if (0 != (rc = dane_verify_crt_raw (dane_state,
1047  chainp,
1048  cert_list_size,
1049  gnutls_certificate_type_get (
1050  tlsinfo->internals),
1051  dane_query,
1052  0, 0,
1053  &verify)))
1054  {
1056  _ ("Failed to verify TLS connection using DANE: %s\n"),
1057  dane_strerror (rc));
1058  dane_query_deinit (dane_query);
1059  dane_state_deinit (dane_state);
1060  gnutls_x509_crt_deinit (x509_cert);
1061  return GNUNET_SYSERR;
1062  }
1063  if (0 != verify)
1064  {
1066  _ (
1067  "Failed DANE verification failed with GnuTLS verify status code: %u\n"),
1068  verify);
1069  dane_query_deinit (dane_query);
1070  dane_state_deinit (dane_state);
1071  gnutls_x509_crt_deinit (x509_cert);
1072  return GNUNET_SYSERR;
1073  }
1074  dane_query_deinit (dane_query);
1075  dane_state_deinit (dane_state);
1076  /* success! */
1077  }
1078  else
1079 #endif
1080  {
1081  /* try LEHO or ordinary domain name X509 verification */
1082  name = s5r->domain;
1083  if (NULL != s5r->leho)
1084  name = s5r->leho;
1085  if (NULL != name)
1086  {
1087  if (0 == (rc = gnutls_x509_crt_check_hostname (x509_cert,
1088  name)))
1089  {
1091  _ (
1092  "TLS certificate subject name (%s) does not match `%s': %d\n"),
1093  certdn,
1094  name,
1095  rc);
1096  gnutls_x509_crt_deinit (x509_cert);
1097  return GNUNET_SYSERR;
1098  }
1099  }
1100  else
1101  {
1102  /* we did not even have the domain name!? */
1103  GNUNET_break (0);
1104  return GNUNET_SYSERR;
1105  }
1106  }
1107  gnutls_x509_crt_deinit (x509_cert);
1108  return GNUNET_OK;
1109 }
1110 
1111 
1124 static size_t
1125 curl_check_hdr (void *buffer,
1126  size_t size,
1127  size_t nmemb,
1128  void *cls)
1129 {
1130  struct Socks5Request *s5r = cls;
1131  struct HttpResponseHeader *header;
1132  size_t bytes = size * nmemb;
1133  char *ndup;
1134  const char *hdr_type;
1135  const char *cookie_domain;
1136  char *hdr_val;
1137  char *new_cookie_hdr;
1138  char *new_location;
1139  size_t offset;
1140  size_t delta_cdomain;
1141  int domain_matched;
1142  char *tok;
1143 
1145  "Receiving HTTP response header from CURL\n");
1146  /* first, check TLS certificate */
1147  if ((GNUNET_YES != s5r->ssl_checked) &&
1148  (GNUNET_YES == s5r->is_tls))
1149  // (HTTPS_PORT == s5r->port))
1150  {
1151  if (GNUNET_OK != check_ssl_certificate (s5r))
1152  return 0;
1153  }
1154  ndup = GNUNET_strndup (buffer,
1155  bytes);
1156  hdr_type = strtok (ndup,
1157  ":");
1158  if (NULL == hdr_type)
1159  {
1160  GNUNET_free (ndup);
1161  return bytes;
1162  }
1163  hdr_val = strtok (NULL,
1164  "");
1165  if (NULL == hdr_val)
1166  {
1167  GNUNET_free (ndup);
1168  return bytes;
1169  }
1170  if (' ' == *hdr_val)
1171  hdr_val++;
1172 
1173  /* custom logic for certain header types */
1174  new_cookie_hdr = NULL;
1175  if ((NULL != s5r->leho) &&
1176  (0 == strcasecmp (hdr_type,
1177  MHD_HTTP_HEADER_SET_COOKIE)))
1178 
1179  {
1180  new_cookie_hdr = GNUNET_malloc (strlen (hdr_val)
1181  + strlen (s5r->domain) + 1);
1182  offset = 0;
1183  domain_matched = GNUNET_NO; /* make sure we match domain at most once */
1184  for (tok = strtok (hdr_val, ";"); NULL != tok; tok = strtok (NULL, ";"))
1185  {
1186  if ((0 == strncasecmp (tok,
1187  " domain",
1188  strlen (" domain"))) &&
1189  (GNUNET_NO == domain_matched))
1190  {
1191  domain_matched = GNUNET_YES;
1192  cookie_domain = tok + strlen (" domain") + 1;
1193  if (strlen (cookie_domain) < strlen (s5r->leho))
1194  {
1195  delta_cdomain = strlen (s5r->leho) - strlen (cookie_domain);
1196  if (0 == strcasecmp (cookie_domain,
1197  s5r->leho + delta_cdomain))
1198  {
1199  offset += sprintf (new_cookie_hdr + offset,
1200  " domain=%s;",
1201  s5r->domain);
1202  continue;
1203  }
1204  }
1205  else if (0 == strcmp (cookie_domain,
1206  s5r->leho))
1207  {
1208  offset += sprintf (new_cookie_hdr + offset,
1209  " domain=%s;",
1210  s5r->domain);
1211  continue;
1212  }
1213  else if (('.' == cookie_domain[0]) &&
1214  (0 == strcmp (&cookie_domain[1],
1215  s5r->leho)))
1216  {
1217  offset += sprintf (new_cookie_hdr + offset,
1218  " domain=.%s;",
1219  s5r->domain);
1220  continue;
1221  }
1223  _ ("Cookie domain `%s' supplied by server is invalid\n"),
1224  tok);
1225  }
1226  GNUNET_memcpy (new_cookie_hdr + offset,
1227  tok,
1228  strlen (tok));
1229  offset += strlen (tok);
1230  new_cookie_hdr[offset++] = ';';
1231  }
1232  hdr_val = new_cookie_hdr;
1233  hdr_val[offset] = '\0';
1234  }
1235 
1236  new_location = NULL;
1237  if (0 == strcasecmp (MHD_HTTP_HEADER_TRANSFER_ENCODING,
1238  hdr_type))
1239  {
1240  /* Ignore transfer encoding, set automatically by MHD if required */
1241  goto cleanup;
1242  }
1243  if ((0 == strcasecmp (MHD_HTTP_HEADER_LOCATION,
1244  hdr_type)))
1245  {
1246  char *leho_host;
1247 
1248  GNUNET_asprintf (&leho_host,
1249  (GNUNET_YES != s5r->is_tls) // (HTTPS_PORT != s5r->port)
1250  ? "http://%s"
1251  : "https://%s",
1252  s5r->leho);
1253  if (0 == strncmp (leho_host,
1254  hdr_val,
1255  strlen (leho_host)))
1256  {
1257  GNUNET_asprintf (&new_location,
1258  "%s%s%s",
1259  (GNUNET_YES != s5r->is_tls) // (HTTPS_PORT != s5r->port)
1260  ? "http://"
1261  : "https://",
1262  s5r->domain,
1263  hdr_val + strlen (leho_host));
1264  hdr_val = new_location;
1265  }
1266  GNUNET_free (leho_host);
1267  }
1268  else if (0 == strcasecmp (MHD_HTTP_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN,
1269  hdr_type))
1270  {
1271  char *leho_host;
1272 
1273  GNUNET_asprintf (&leho_host,
1274  (GNUNET_YES != s5r->is_tls) // (HTTPS_PORT != s5r->port)
1275  ? "http://%s"
1276  : "https://%s",
1277  s5r->leho);
1278  if (0 == strncmp (leho_host,
1279  hdr_val,
1280  strlen (leho_host)))
1281  {
1282  GNUNET_asprintf (&new_location,
1283  "%s%s",
1284  (GNUNET_YES != s5r->is_tls) // (HTTPS_PORT != s5r->port)
1285  ? "http://"
1286  : "https://",
1287  s5r->domain);
1288  hdr_val = new_location;
1289  }
1290  GNUNET_free (leho_host);
1291  }
1292 
1293  /* MHD does not allow certain characters in values, remove those */
1294  if (NULL != (tok = strchr (hdr_val, '\n')))
1295  *tok = '\0';
1296  if (NULL != (tok = strchr (hdr_val, '\r')))
1297  *tok = '\0';
1298  if (NULL != (tok = strchr (hdr_val, '\t')))
1299  *tok = '\0';
1300  if (0 != strlen (hdr_val)) /* Rely in MHD to set those */
1301  {
1303  "Adding header %s: %s to MHD response\n",
1304  hdr_type,
1305  hdr_val);
1306  header = GNUNET_new (struct HttpResponseHeader);
1307  header->type = GNUNET_strdup (hdr_type);
1308  header->value = GNUNET_strdup (hdr_val);
1310  s5r->header_tail,
1311  header);
1312  }
1313  cleanup:
1314  GNUNET_free (ndup);
1315  GNUNET_free (new_cookie_hdr);
1316  GNUNET_free (new_location);
1317  return bytes;
1318 }
1319 
1320 
1329 static int
1331 {
1332  long resp_code;
1333  double content_length;
1334 
1335  if (NULL != s5r->response)
1336  {
1338  "Response already set!\n");
1339  return GNUNET_SYSERR;
1340  }
1341 
1342  GNUNET_break (CURLE_OK ==
1343  curl_easy_getinfo (s5r->curl,
1344  CURLINFO_RESPONSE_CODE,
1345  &resp_code));
1346  GNUNET_break (CURLE_OK ==
1347  curl_easy_getinfo (s5r->curl,
1348  CURLINFO_CONTENT_LENGTH_DOWNLOAD,
1349  &content_length));
1351  "Creating MHD response with code %d and size %d for %s%s\n",
1352  (int) resp_code,
1353  (int) content_length,
1354  s5r->domain,
1355  s5r->url);
1356  s5r->response_code = resp_code;
1357  s5r->response = MHD_create_response_from_callback ((-1 == content_length)
1358  ? MHD_SIZE_UNKNOWN
1359  : content_length,
1360  IO_BUFFERSIZE,
1361  &mhd_content_cb,
1362  s5r,
1363  NULL);
1364  for (struct HttpResponseHeader *header = s5r->header_head;
1365  NULL != header;
1366  header = header->next)
1367  {
1368  if (0 == strcasecmp (header->type,
1369  MHD_HTTP_HEADER_CONTENT_LENGTH))
1370  continue; /* MHD won't let us mess with those, for good reason */
1371  if ((0 == strcasecmp (header->type,
1372  MHD_HTTP_HEADER_TRANSFER_ENCODING)) &&
1373  ((0 == strcasecmp (header->value,
1374  "identity")) ||
1375  (0 == strcasecmp (header->value,
1376  "chunked"))))
1377  continue; /* MHD won't let us mess with those, for good reason */
1378  if (MHD_YES !=
1379  MHD_add_response_header (s5r->response,
1380  header->type,
1381  header->value))
1382  {
1383  GNUNET_break (0);
1385  "Failed to add header `%s:%s'\n",
1386  header->type,
1387  header->value);
1388  }
1389  }
1390  /* force connection to be closed after each request, as we
1391  do not support HTTP pipelining (yet, FIXME!) */
1392  /*GNUNET_break (MHD_YES ==
1393  MHD_add_response_header (s5r->response,
1394  MHD_HTTP_HEADER_CONNECTION,
1395  "close"));*/
1396  MHD_resume_connection (s5r->con);
1397  s5r->suspended = GNUNET_NO;
1398  return GNUNET_OK;
1399 }
1400 
1401 
1412 static size_t
1413 curl_download_cb (void *ptr,
1414  size_t size,
1415  size_t nmemb,
1416  void*ctx)
1417 {
1418  struct Socks5Request *s5r = ctx;
1419  size_t total = size * nmemb;
1420 
1422  "Receiving %ux%u bytes for `%s%s' from cURL to download\n",
1423  (unsigned int) size,
1424  (unsigned int) nmemb,
1425  s5r->domain,
1426  s5r->url);
1427  if (NULL == s5r->response)
1430  if ((SOCKS5_SOCKET_UPLOAD_DONE == s5r->state) &&
1431  (0 == s5r->io_len))
1432  {
1434  "Previous upload finished... starting DOWNLOAD.\n");
1436  }
1437  if ((SOCKS5_SOCKET_UPLOAD_STARTED == s5r->state) ||
1438  (SOCKS5_SOCKET_UPLOAD_DONE == s5r->state))
1439  {
1440  /* we're still not done with the upload, do not yet
1441  start the download, the IO buffer is still full
1442  with upload data. */
1444  "Pausing CURL download `%s%s', waiting for UPLOAD to finish\n",
1445  s5r->domain,
1446  s5r->url);
1447  s5r->curl_paused = GNUNET_YES;
1448  return CURL_WRITEFUNC_PAUSE; /* not yet ready for data download */
1449  }
1450  if (sizeof(s5r->io_buf) - s5r->io_len < total)
1451  {
1453  "Pausing CURL `%s%s' download, not enough space %llu %llu %llu\n",
1454  s5r->domain,
1455  s5r->url,
1456  (unsigned long long) sizeof(s5r->io_buf),
1457  (unsigned long long) s5r->io_len,
1458  (unsigned long long) total);
1459  s5r->curl_paused = GNUNET_YES;
1460  return CURL_WRITEFUNC_PAUSE; /* not enough space */
1461  }
1462  GNUNET_memcpy (&s5r->io_buf[s5r->io_len],
1463  ptr,
1464  total);
1465  s5r->io_len += total;
1466  if (GNUNET_YES == s5r->suspended)
1467  {
1468  MHD_resume_connection (s5r->con);
1469  s5r->suspended = GNUNET_NO;
1470  }
1472  "Received %llu bytes of payload via cURL from %s\n",
1473  (unsigned long long) total,
1474  s5r->domain);
1475  if (s5r->io_len == total)
1476  run_mhd_now (s5r->hd);
1477  return total;
1478 }
1479 
1480 
1491 static size_t
1493  size_t size,
1494  size_t nmemb,
1495  void *cls)
1496 {
1497  struct Socks5Request *s5r = cls;
1498  size_t len = size * nmemb;
1499  size_t to_copy;
1500 
1502  "Receiving %ux%u bytes for `%s%s' from cURL to upload\n",
1503  (unsigned int) size,
1504  (unsigned int) nmemb,
1505  s5r->domain,
1506  s5r->url);
1507 
1508  if ((0 == s5r->io_len) &&
1509  (SOCKS5_SOCKET_UPLOAD_DONE != s5r->state))
1510  {
1512  "Pausing CURL UPLOAD %s%s, need more data\n",
1513  s5r->domain,
1514  s5r->url);
1515  return CURL_READFUNC_PAUSE;
1516  }
1517  if ((0 == s5r->io_len) &&
1518  (SOCKS5_SOCKET_UPLOAD_DONE == s5r->state))
1519  {
1521  if (GNUNET_YES == s5r->curl_paused)
1522  {
1523  s5r->curl_paused = GNUNET_NO;
1524  curl_easy_pause (s5r->curl,
1525  CURLPAUSE_CONT);
1526  }
1528  "Completed CURL UPLOAD %s%s\n",
1529  s5r->domain,
1530  s5r->url);
1531  return 0; /* upload finished, can now download */
1532  }
1533  if ((SOCKS5_SOCKET_UPLOAD_STARTED != s5r->state) &&
1534  (SOCKS5_SOCKET_UPLOAD_DONE != s5r->state))
1535  {
1536  GNUNET_break (0);
1537  return CURL_READFUNC_ABORT;
1538  }
1539  to_copy = GNUNET_MIN (s5r->io_len,
1540  len);
1541  GNUNET_memcpy (buf,
1542  s5r->io_buf,
1543  to_copy);
1544  memmove (s5r->io_buf,
1545  &s5r->io_buf[to_copy],
1546  s5r->io_len - to_copy);
1547  s5r->io_len -= to_copy;
1548  if (s5r->io_len + to_copy == sizeof(s5r->io_buf))
1549  run_mhd_now (s5r->hd); /* got more space for upload now */
1550  return to_copy;
1551 }
1552 
1553 
1554 /* ************************** main loop of cURL interaction ****************** */
1555 
1556 
1563 static void
1564 curl_task_download (void *cls);
1565 
1566 
1570 static void
1572 {
1573  CURLMcode mret;
1574  fd_set rs;
1575  fd_set ws;
1576  fd_set es;
1577  int max;
1578  struct GNUNET_NETWORK_FDSet *grs;
1579  struct GNUNET_NETWORK_FDSet *gws;
1580  long to;
1581  struct GNUNET_TIME_Relative rtime;
1582 
1584  "Scheduling CURL interaction\n");
1585  if (NULL != curl_download_task)
1586  {
1588  curl_download_task = NULL;
1589  }
1590  max = -1;
1591  FD_ZERO (&rs);
1592  FD_ZERO (&ws);
1593  FD_ZERO (&es);
1594  if (CURLM_OK != (mret = curl_multi_fdset (curl_multi,
1595  &rs,
1596  &ws,
1597  &es,
1598  &max)))
1599  {
1601  "%s failed at %s:%d: `%s'\n",
1602  "curl_multi_fdset", __FILE__, __LINE__,
1603  curl_multi_strerror (mret));
1604  return;
1605  }
1606  to = -1;
1607  GNUNET_break (CURLM_OK ==
1608  curl_multi_timeout (curl_multi,
1609  &to));
1610  if (-1 == to)
1612  else
1614  to);
1615  if (-1 != max)
1616  {
1617  grs = GNUNET_NETWORK_fdset_create ();
1618  gws = GNUNET_NETWORK_fdset_create ();
1620  &rs,
1621  max + 1);
1623  &ws,
1624  max + 1);
1627  rtime,
1628  grs,
1629  gws,
1631  curl_multi);
1634  }
1635  else
1636  {
1639  curl_multi);
1640  }
1641 }
1642 
1643 
1649 static void
1651 {
1652  int running;
1653  int msgnum;
1654  struct CURLMsg *msg;
1655  CURLMcode mret;
1656  struct Socks5Request *s5r;
1657 
1658  curl_download_task = NULL;
1660  "Running CURL interaction\n");
1661  do
1662  {
1663  running = 0;
1664  mret = curl_multi_perform (curl_multi,
1665  &running);
1667  "Checking CURL multi status: %d\n",
1668  mret);
1669  while (NULL != (msg = curl_multi_info_read (curl_multi,
1670  &msgnum)))
1671  {
1672  GNUNET_break (CURLE_OK ==
1673  curl_easy_getinfo (msg->easy_handle,
1674  CURLINFO_PRIVATE,
1675  (char **) &s5r));
1676  if (NULL == s5r)
1677  {
1678  GNUNET_break (0);
1679  continue;
1680  }
1681  switch (msg->msg)
1682  {
1683  case CURLMSG_NONE:
1684  /* documentation says this is not used */
1685  GNUNET_break (0);
1686  break;
1687 
1688  case CURLMSG_DONE:
1689  switch (msg->data.result)
1690  {
1691  case CURLE_OK:
1692  case CURLE_GOT_NOTHING:
1694  "CURL download %s%s completed.\n",
1695  s5r->domain,
1696  s5r->url);
1697  if (NULL == s5r->response)
1698  {
1701  }
1702  s5r->state = SOCKS5_SOCKET_DOWNLOAD_DONE;
1703  if (GNUNET_YES == s5r->suspended)
1704  {
1705  MHD_resume_connection (s5r->con);
1706  s5r->suspended = GNUNET_NO;
1707  }
1708  run_mhd_now (s5r->hd);
1709  break;
1710 
1711  default:
1713  "Download curl %s%s failed: %s\n",
1714  s5r->domain,
1715  s5r->url,
1716  curl_easy_strerror (msg->data.result));
1717  /* FIXME: indicate error somehow? close MHD connection badly as well? */
1718  s5r->state = SOCKS5_SOCKET_DOWNLOAD_DONE;
1719  if (GNUNET_YES == s5r->suspended)
1720  {
1721  MHD_resume_connection (s5r->con);
1722  s5r->suspended = GNUNET_NO;
1723  }
1724  run_mhd_now (s5r->hd);
1725  break;
1726  }
1727  if (NULL == s5r->response)
1728  s5r->response = curl_failure_response;
1729  break;
1730 
1731  case CURLMSG_LAST:
1732  /* documentation says this is not used */
1733  GNUNET_break (0);
1734  break;
1735 
1736  default:
1737  /* unexpected status code */
1738  GNUNET_break (0);
1739  break;
1740  }
1741  }
1742  ;
1743  }
1744  while (mret == CURLM_CALL_MULTI_PERFORM);
1745  if (CURLM_OK != mret)
1747  "%s failed at %s:%d: `%s'\n",
1748  "curl_multi_perform", __FILE__, __LINE__,
1749  curl_multi_strerror (mret));
1750  if (0 == running)
1751  {
1753  "Suspending cURL multi loop, no more events pending\n");
1754  if (NULL != curl_download_task)
1755  {
1757  curl_download_task = NULL;
1758  }
1759  return; /* nothing more in progress */
1760  }
1762 }
1763 
1764 
1765 /* ********************************* MHD response generation ******************* */
1766 
1767 
1781 static int
1782 con_val_iter (void *cls,
1783  enum MHD_ValueKind kind,
1784  const char *key,
1785  const char *value)
1786 {
1787  struct Socks5Request *s5r = cls;
1788  char *hdr;
1789 
1790  if ((0 == strcasecmp (MHD_HTTP_HEADER_HOST,
1791  key)) &&
1792  (NULL != s5r->leho))
1793  value = s5r->leho;
1794  GNUNET_asprintf (&hdr,
1795  "%s: %s",
1796  key,
1797  value);
1799  "Adding HEADER `%s' to HTTP request\n",
1800  hdr);
1801  s5r->headers = curl_slist_append (s5r->headers,
1802  hdr);
1803  GNUNET_free (hdr);
1804  return MHD_YES;
1805 }
1806 
1807 
1831 static MHD_RESULT
1832 create_response (void *cls,
1833  struct MHD_Connection *con,
1834  const char *url,
1835  const char *meth,
1836  const char *ver,
1837  const char *upload_data,
1838  size_t *upload_data_size,
1839  void **con_cls)
1840 {
1841  struct Socks5Request *s5r = *con_cls;
1842  char *curlurl;
1843  char ipstring[INET6_ADDRSTRLEN];
1844  char ipaddr[INET6_ADDRSTRLEN + 2];
1845  char *curl_hosts;
1846  const struct sockaddr *sa;
1847  const struct sockaddr_in *s4;
1848  const struct sockaddr_in6 *s6;
1849  uint16_t port;
1850  size_t left;
1851 
1852  if (NULL == s5r)
1853  {
1854  GNUNET_break (0);
1855  return MHD_NO;
1856  }
1857  s5r->con = con;
1858  /* Fresh connection. */
1859  if (SOCKS5_SOCKET_WITH_MHD == s5r->state)
1860  {
1861  /* first time here, initialize curl handle */
1862  if (s5r->is_gns)
1863  {
1864  sa = (const struct sockaddr *) &s5r->destination_address;
1865  switch (sa->sa_family)
1866  {
1867  case AF_INET:
1868  s4 = (const struct sockaddr_in *) &s5r->destination_address;
1869  if (NULL == inet_ntop (AF_INET,
1870  &s4->sin_addr,
1871  ipstring,
1872  sizeof(ipstring)))
1873  {
1874  GNUNET_break (0);
1875  return MHD_NO;
1876  }
1877  GNUNET_snprintf (ipaddr,
1878  sizeof(ipaddr),
1879  "%s",
1880  ipstring);
1881  port = ntohs (s4->sin_port);
1882  break;
1883 
1884  case AF_INET6:
1885  s6 = (const struct sockaddr_in6 *) &s5r->destination_address;
1886  if (NULL == inet_ntop (AF_INET6,
1887  &s6->sin6_addr,
1888  ipstring,
1889  sizeof(ipstring)))
1890  {
1891  GNUNET_break (0);
1892  return MHD_NO;
1893  }
1894  GNUNET_snprintf (ipaddr,
1895  sizeof(ipaddr),
1896  "%s",
1897  ipstring);
1898  port = ntohs (s6->sin6_port);
1899  break;
1900 
1901  default:
1902  GNUNET_break (0);
1903  return MHD_NO;
1904  }
1905  GNUNET_asprintf (&curl_hosts,
1906  "%s:%d:%s",
1907  s5r->leho,
1908  port,
1909  ipaddr);
1910  s5r->hosts = curl_slist_append (NULL,
1911  curl_hosts);
1912  GNUNET_free (curl_hosts);
1913  }
1914  else
1915  {
1916  port = s5r->port;
1917  }
1918  if (NULL == s5r->curl)
1919  s5r->curl = curl_easy_init ();
1920  if (NULL == s5r->curl)
1921  return MHD_queue_response (con,
1924  curl_easy_setopt (s5r->curl,
1925  CURLOPT_HEADERFUNCTION,
1926  &curl_check_hdr);
1927  curl_easy_setopt (s5r->curl,
1928  CURLOPT_HEADERDATA,
1929  s5r);
1930  curl_easy_setopt (s5r->curl,
1931  CURLOPT_FOLLOWLOCATION,
1932  0);
1933  if (s5r->is_gns)
1934  curl_easy_setopt (s5r->curl,
1935  CURLOPT_IPRESOLVE,
1936  CURL_IPRESOLVE_V4);
1937  curl_easy_setopt (s5r->curl,
1938  CURLOPT_CONNECTTIMEOUT,
1939  600L);
1940  curl_easy_setopt (s5r->curl,
1941  CURLOPT_TIMEOUT,
1942  600L);
1943  curl_easy_setopt (s5r->curl,
1944  CURLOPT_NOSIGNAL,
1945  1L);
1946  curl_easy_setopt (s5r->curl,
1947  CURLOPT_HTTP_CONTENT_DECODING,
1948  0);
1949  curl_easy_setopt (s5r->curl,
1950  CURLOPT_NOSIGNAL,
1951  1L);
1952  curl_easy_setopt (s5r->curl,
1953  CURLOPT_PRIVATE,
1954  s5r);
1955  curl_easy_setopt (s5r->curl,
1956  CURLOPT_VERBOSE,
1957  0L);
1963  if ((NULL != s5r->leho) &&
1964  (NULL != s5r->hosts))
1965  {
1966  curl_easy_setopt (s5r->curl,
1967  CURLOPT_RESOLVE,
1968  s5r->hosts);
1969  }
1970  if (s5r->is_gns)
1971  {
1972  GNUNET_asprintf (&curlurl,
1973  (GNUNET_YES != s5r->is_tls) // (HTTPS_PORT != s5r->port)
1974  ? "http://%s:%d%s"
1975  : "https://%s:%d%s",
1976  (NULL != s5r->leho)
1977  ? s5r->leho
1978  : ipaddr,
1979  port,
1980  s5r->url);
1981  }
1982  else
1983  {
1984  GNUNET_asprintf (&curlurl,
1985  (GNUNET_YES != s5r->is_tls) // (HTTPS_PORT != s5r->port)
1986  ? "http://%s:%d%s"
1987  : "https://%s:%d%s",
1988  s5r->domain,
1989  port,
1990  s5r->url);
1991  }
1992  curl_easy_setopt (s5r->curl,
1993  CURLOPT_URL,
1994  curlurl);
1996  "Launching %s CURL interaction, fetching `%s'\n",
1997  (s5r->is_gns) ? "GNS" : "DNS",
1998  curlurl);
1999  GNUNET_free (curlurl);
2000  if (0 == strcasecmp (meth,
2001  MHD_HTTP_METHOD_PUT))
2002  {
2004  curl_easy_setopt (s5r->curl,
2005  CURLOPT_UPLOAD,
2006  1L);
2007  curl_easy_setopt (s5r->curl,
2008  CURLOPT_WRITEFUNCTION,
2009  &curl_download_cb);
2010  curl_easy_setopt (s5r->curl,
2011  CURLOPT_WRITEDATA,
2012  s5r);
2013  GNUNET_assert (CURLE_OK ==
2014  curl_easy_setopt (s5r->curl,
2015  CURLOPT_READFUNCTION,
2016  &curl_upload_cb));
2017  curl_easy_setopt (s5r->curl,
2018  CURLOPT_READDATA,
2019  s5r);
2020  {
2021  const char *us;
2022  long upload_size = 0;
2023 
2024  us = MHD_lookup_connection_value (con,
2025  MHD_HEADER_KIND,
2026  MHD_HTTP_HEADER_CONTENT_LENGTH);
2027  if ((1 == sscanf (us,
2028  "%ld",
2029  &upload_size)) &&
2030  (upload_size >= 0))
2031  {
2032  curl_easy_setopt (s5r->curl,
2033  CURLOPT_INFILESIZE,
2034  upload_size);
2035  }
2036  }
2037  }
2038  else if (0 == strcasecmp (meth, MHD_HTTP_METHOD_POST))
2039  {
2041  curl_easy_setopt (s5r->curl,
2042  CURLOPT_POST,
2043  1L);
2044  curl_easy_setopt (s5r->curl,
2045  CURLOPT_WRITEFUNCTION,
2046  &curl_download_cb);
2047  curl_easy_setopt (s5r->curl,
2048  CURLOPT_WRITEDATA,
2049  s5r);
2050  curl_easy_setopt (s5r->curl,
2051  CURLOPT_READFUNCTION,
2052  &curl_upload_cb);
2053  curl_easy_setopt (s5r->curl,
2054  CURLOPT_READDATA,
2055  s5r);
2056  {
2057  const char *us;
2058  long upload_size;
2059 
2060  upload_size = 0;
2061  us = MHD_lookup_connection_value (con,
2062  MHD_HEADER_KIND,
2063  MHD_HTTP_HEADER_CONTENT_LENGTH);
2064  if ((NULL != us) &&
2065  (1 == sscanf (us,
2066  "%ld",
2067  &upload_size)) &&
2068  (upload_size >= 0))
2069  {
2070  curl_easy_setopt (s5r->curl,
2071  CURLOPT_INFILESIZE,
2072  upload_size);
2073  }
2074  else
2075  {
2076  curl_easy_setopt (s5r->curl,
2077  CURLOPT_INFILESIZE,
2078  upload_size);
2079  }
2080  }
2081  }
2082  else if (0 == strcasecmp (meth,
2083  MHD_HTTP_METHOD_HEAD))
2084  {
2086  curl_easy_setopt (s5r->curl,
2087  CURLOPT_NOBODY,
2088  1L);
2089  }
2090  else if (0 == strcasecmp (meth,
2091  MHD_HTTP_METHOD_OPTIONS))
2092  {
2094  curl_easy_setopt (s5r->curl,
2095  CURLOPT_CUSTOMREQUEST,
2096  "OPTIONS");
2097  curl_easy_setopt (s5r->curl,
2098  CURLOPT_WRITEFUNCTION,
2099  &curl_download_cb);
2100  curl_easy_setopt (s5r->curl,
2101  CURLOPT_WRITEDATA,
2102  s5r);
2103  }
2104  else if (0 == strcasecmp (meth,
2105  MHD_HTTP_METHOD_GET))
2106  {
2108  curl_easy_setopt (s5r->curl,
2109  CURLOPT_HTTPGET,
2110  1L);
2111  curl_easy_setopt (s5r->curl,
2112  CURLOPT_WRITEFUNCTION,
2113  &curl_download_cb);
2114  curl_easy_setopt (s5r->curl,
2115  CURLOPT_WRITEDATA,
2116  s5r);
2117  }
2118  else if (0 == strcasecmp (meth,
2119  MHD_HTTP_METHOD_DELETE))
2120  {
2122  curl_easy_setopt (s5r->curl,
2123  CURLOPT_CUSTOMREQUEST,
2124  "DELETE");
2125  curl_easy_setopt (s5r->curl,
2126  CURLOPT_WRITEFUNCTION,
2127  &curl_download_cb);
2128  curl_easy_setopt (s5r->curl,
2129  CURLOPT_WRITEDATA,
2130  s5r);
2131  }
2132  else
2133  {
2135  _ ("Unsupported HTTP method `%s'\n"),
2136  meth);
2137  curl_easy_cleanup (s5r->curl);
2138  s5r->curl = NULL;
2139  return MHD_NO;
2140  }
2141 
2142  if (0 == strcasecmp (ver, MHD_HTTP_VERSION_1_0))
2143  {
2144  curl_easy_setopt (s5r->curl,
2145  CURLOPT_HTTP_VERSION,
2146  CURL_HTTP_VERSION_1_0);
2147  }
2148  else if (0 == strcasecmp (ver, MHD_HTTP_VERSION_1_1))
2149  {
2150  curl_easy_setopt (s5r->curl,
2151  CURLOPT_HTTP_VERSION,
2152  CURL_HTTP_VERSION_1_1);
2153  }
2154  else
2155  {
2156  curl_easy_setopt (s5r->curl,
2157  CURLOPT_HTTP_VERSION,
2158  CURL_HTTP_VERSION_NONE);
2159  }
2160 
2161  if (GNUNET_YES == s5r->is_tls) // (HTTPS_PORT == s5r->port)
2162  {
2163  curl_easy_setopt (s5r->curl,
2164  CURLOPT_USE_SSL,
2165  CURLUSESSL_ALL);
2166  if (0 < s5r->num_danes)
2167  curl_easy_setopt (s5r->curl,
2168  CURLOPT_SSL_VERIFYPEER,
2169  0L);
2170  else
2171  curl_easy_setopt (s5r->curl,
2172  CURLOPT_SSL_VERIFYPEER,
2173  1L);
2174  /* Disable cURL checking the hostname, as we will check ourselves
2175  as only we have the domain name or the LEHO or the DANE record */
2176  curl_easy_setopt (s5r->curl,
2177  CURLOPT_SSL_VERIFYHOST,
2178  0L);
2179  }
2180  else
2181  {
2182  curl_easy_setopt (s5r->curl,
2183  CURLOPT_USE_SSL,
2184  CURLUSESSL_NONE);
2185  }
2186 
2187  if (CURLM_OK !=
2188  curl_multi_add_handle (curl_multi,
2189  s5r->curl))
2190  {
2191  GNUNET_break (0);
2192  curl_easy_cleanup (s5r->curl);
2193  s5r->curl = NULL;
2194  return MHD_NO;
2195  }
2196  MHD_get_connection_values (con,
2197  MHD_HEADER_KIND,
2198  (MHD_KeyValueIterator) & con_val_iter,
2199  s5r);
2200  curl_easy_setopt (s5r->curl,
2201  CURLOPT_HTTPHEADER,
2202  s5r->headers);
2204  return MHD_YES;
2205  }
2206 
2207  /* continuing to process request */
2208  if (0 != *upload_data_size)
2209  {
2211  "Processing %u bytes UPLOAD\n",
2212  (unsigned int) *upload_data_size);
2213 
2214  /* FIXME: This must be set or a header with Transfer-Encoding: chunked. Else
2215  * upload callback is not called!
2216  */
2217  curl_easy_setopt (s5r->curl,
2218  CURLOPT_POSTFIELDSIZE,
2219  *upload_data_size);
2220 
2221  left = GNUNET_MIN (*upload_data_size,
2222  sizeof(s5r->io_buf) - s5r->io_len);
2223  GNUNET_memcpy (&s5r->io_buf[s5r->io_len],
2224  upload_data,
2225  left);
2226  s5r->io_len += left;
2227  *upload_data_size -= left;
2228  GNUNET_assert (NULL != s5r->curl);
2229  if (GNUNET_YES == s5r->curl_paused)
2230  {
2231  s5r->curl_paused = GNUNET_NO;
2232  curl_easy_pause (s5r->curl,
2233  CURLPAUSE_CONT);
2234  }
2235  return MHD_YES;
2236  }
2237  if (SOCKS5_SOCKET_UPLOAD_STARTED == s5r->state)
2238  {
2240  "Finished processing UPLOAD\n");
2242  }
2243  if (NULL == s5r->response)
2244  {
2246  "Waiting for HTTP response for %s%s...\n",
2247  s5r->domain,
2248  s5r->url);
2249  MHD_suspend_connection (con);
2250  s5r->suspended = GNUNET_YES;
2251  return MHD_YES;
2252  }
2254  "Queueing response for %s%s with MHD\n",
2255  s5r->domain,
2256  s5r->url);
2257  run_mhd_now (s5r->hd);
2258  return MHD_queue_response (con,
2259  s5r->response_code,
2260  s5r->response);
2261 }
2262 
2263 
2264 /* ******************** MHD HTTP setup and event loop ******************** */
2265 
2266 
2276 static void
2277 mhd_completed_cb (void *cls,
2278  struct MHD_Connection *connection,
2279  void **con_cls,
2280  enum MHD_RequestTerminationCode toe)
2281 {
2282  struct Socks5Request *s5r = *con_cls;
2283 
2284  if (NULL == s5r)
2285  return;
2286  if (MHD_REQUEST_TERMINATED_COMPLETED_OK != toe)
2288  "MHD encountered error handling request: %d\n",
2289  toe);
2290  if (NULL != s5r->curl)
2291  {
2293  "Removing cURL handle (MHD interaction complete)\n");
2294  curl_multi_remove_handle (curl_multi,
2295  s5r->curl);
2296  curl_slist_free_all (s5r->headers);
2297  s5r->headers = NULL;
2298  curl_easy_reset (s5r->curl);
2299  s5r->rbuf_len = 0;
2300  s5r->wbuf_len = 0;
2301  s5r->io_len = 0;
2303  }
2304  if ((NULL != s5r->response) &&
2305  (curl_failure_response != s5r->response))
2306  MHD_destroy_response (s5r->response);
2307  for (struct HttpResponseHeader *header = s5r->header_head;
2308  NULL != header;
2309  header = s5r->header_head)
2310  {
2312  s5r->header_tail,
2313  header);
2314  GNUNET_free (header->type);
2315  GNUNET_free (header->value);
2316  GNUNET_free (header);
2317  }
2319  "Finished request for %s\n",
2320  s5r->url);
2321  GNUNET_free (s5r->url);
2323  s5r->url = NULL;
2324  s5r->response = NULL;
2325  *con_cls = NULL;
2326 }
2327 
2328 
2338 static void
2340  struct MHD_Connection *connection,
2341  void **con_cls,
2342  enum MHD_ConnectionNotificationCode cnc)
2343 {
2344  struct Socks5Request *s5r;
2345  const union MHD_ConnectionInfo *ci;
2346  int sock;
2347 
2348  switch (cnc)
2349  {
2350  case MHD_CONNECTION_NOTIFY_STARTED:
2351  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Connection started...\n");
2352  ci = MHD_get_connection_info (connection,
2353  MHD_CONNECTION_INFO_CONNECTION_FD);
2354  if (NULL == ci)
2355  {
2356  GNUNET_break (0);
2357  return;
2358  }
2359  sock = ci->connect_fd;
2360  for (s5r = s5r_head; NULL != s5r; s5r = s5r->next)
2361  {
2362  if (GNUNET_NETWORK_get_fd (s5r->sock) == sock)
2363  {
2365  "Context set...\n");
2366  s5r->ssl_checked = GNUNET_NO;
2367  *con_cls = s5r;
2368  break;
2369  }
2370  }
2371  break;
2372 
2373  case MHD_CONNECTION_NOTIFY_CLOSED:
2375  "Connection closed... cleaning up\n");
2376  s5r = *con_cls;
2377  if (NULL == s5r)
2378  {
2380  "Connection stale!\n");
2381  return;
2382  }
2383  cleanup_s5r (s5r);
2385  *con_cls = NULL;
2386  break;
2387 
2388  default:
2389  GNUNET_break (0);
2390  }
2391 }
2392 
2393 
2407 static void *
2408 mhd_log_callback (void *cls,
2409  const char *url,
2410  struct MHD_Connection *connection)
2411 {
2412  struct Socks5Request *s5r;
2413  const union MHD_ConnectionInfo *ci;
2414 
2415  ci = MHD_get_connection_info (connection,
2416  MHD_CONNECTION_INFO_SOCKET_CONTEXT);
2417  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Processing %s\n", url);
2418  if (NULL == ci)
2419  {
2420  GNUNET_break (0);
2421  return NULL;
2422  }
2423  s5r = ci->socket_context;
2424  if (NULL != s5r->url)
2425  {
2426  GNUNET_break (0);
2427  return NULL;
2428  }
2429  s5r->url = GNUNET_strdup (url);
2430  if (NULL != s5r->timeout_task)
2431  {
2433  s5r->timeout_task = NULL;
2434  }
2436  return s5r;
2437 }
2438 
2439 
2445 static void
2447 {
2450  hd);
2451  GNUNET_free (hd->domain);
2452  MHD_stop_daemon (hd->daemon);
2453  if (NULL != hd->httpd_task)
2454  {
2456  hd->httpd_task = NULL;
2457  }
2458  GNUNET_free (hd->proxy_cert);
2459  if (hd == httpd)
2460  httpd = NULL;
2461  GNUNET_free (hd);
2462 }
2463 
2464 
2470 static void
2471 kill_httpd_task (void *cls)
2472 {
2473  struct MhdHttpList *hd = cls;
2474 
2475  hd->httpd_task = NULL;
2476  kill_httpd (hd);
2477 }
2478 
2479 
2485 static void
2486 do_httpd (void *cls);
2487 
2488 
2496 static void
2498 {
2499  fd_set rs;
2500  fd_set ws;
2501  fd_set es;
2502  struct GNUNET_NETWORK_FDSet *wrs;
2503  struct GNUNET_NETWORK_FDSet *wws;
2504  int max;
2505  int haveto;
2506  MHD_UNSIGNED_LONG_LONG timeout;
2507  struct GNUNET_TIME_Relative tv;
2508 
2509  FD_ZERO (&rs);
2510  FD_ZERO (&ws);
2511  FD_ZERO (&es);
2512  max = -1;
2513  if (MHD_YES !=
2514  MHD_get_fdset (hd->daemon,
2515  &rs,
2516  &ws,
2517  &es,
2518  &max))
2519  {
2520  kill_httpd (hd);
2521  return;
2522  }
2523  haveto = MHD_get_timeout (hd->daemon,
2524  &timeout);
2525  if (MHD_YES == haveto)
2526  tv.rel_value_us = (uint64_t) timeout * 1000LL;
2527  else
2529  if (-1 != max)
2530  {
2531  wrs = GNUNET_NETWORK_fdset_create ();
2532  wws = GNUNET_NETWORK_fdset_create ();
2533  GNUNET_NETWORK_fdset_copy_native (wrs, &rs, max + 1);
2534  GNUNET_NETWORK_fdset_copy_native (wws, &ws, max + 1);
2535  }
2536  else
2537  {
2538  wrs = NULL;
2539  wws = NULL;
2540  }
2541  if (NULL != hd->httpd_task)
2542  {
2544  hd->httpd_task = NULL;
2545  }
2546  if ((MHD_YES != haveto) &&
2547  (-1 == max) &&
2548  (hd != httpd))
2549  {
2550  /* daemon is idle, kill after timeout */
2552  &kill_httpd_task,
2553  hd);
2554  }
2555  else
2556  {
2557  hd->httpd_task =
2559  tv, wrs, wws,
2560  &do_httpd, hd);
2561  }
2562  if (NULL != wrs)
2564  if (NULL != wws)
2566 }
2567 
2568 
2569 static void
2570 do_httpd (void *cls)
2571 {
2572  struct MhdHttpList *hd = cls;
2573 
2574  hd->httpd_task = NULL;
2575  MHD_run (hd->daemon);
2576  schedule_httpd (hd);
2577 }
2578 
2579 
2585 static void
2587 {
2588  if (NULL != hd->httpd_task)
2591  hd);
2592 }
2593 
2594 
2602 static void*
2603 load_file (const char*filename,
2604  unsigned int*size)
2605 {
2606  void *buffer;
2607  uint64_t fsize;
2608 
2609  if (GNUNET_OK !=
2611  &fsize,
2612  GNUNET_YES,
2613  GNUNET_YES))
2614  return NULL;
2615  if (fsize > MAX_PEM_SIZE)
2616  return NULL;
2617  *size = (unsigned int) fsize;
2618  buffer = GNUNET_malloc (*size);
2619  if (fsize !=
2621  buffer,
2622  (size_t) fsize))
2623  {
2624  GNUNET_free (buffer);
2625  return NULL;
2626  }
2627  return buffer;
2628 }
2629 
2630 
2638 static int
2639 load_key_from_file (gnutls_x509_privkey_t key,
2640  const char*keyfile)
2641 {
2642  gnutls_datum_t key_data;
2643  int ret;
2644 
2645  key_data.data = load_file (keyfile,
2646  &key_data.size);
2647  if (NULL == key_data.data)
2648  return GNUNET_SYSERR;
2649  ret = gnutls_x509_privkey_import (key, &key_data,
2650  GNUTLS_X509_FMT_PEM);
2651  if (GNUTLS_E_SUCCESS != ret)
2652  {
2654  _ ("Unable to import private key from file `%s'\n"),
2655  keyfile);
2656  }
2657  GNUNET_free (key_data.data);
2658  return (GNUTLS_E_SUCCESS != ret) ? GNUNET_SYSERR : GNUNET_OK;
2659 }
2660 
2661 
2669 static int
2670 load_cert_from_file (gnutls_x509_crt_t crt,
2671  const char*certfile)
2672 {
2673  gnutls_datum_t cert_data;
2674  int ret;
2675 
2676  cert_data.data = load_file (certfile,
2677  &cert_data.size);
2678  if (NULL == cert_data.data)
2679  return GNUNET_SYSERR;
2680  ret = gnutls_x509_crt_import (crt,
2681  &cert_data,
2682  GNUTLS_X509_FMT_PEM);
2683  if (GNUTLS_E_SUCCESS != ret)
2684  {
2686  _ ("Unable to import certificate from `%s'\n"),
2687  certfile);
2688  }
2689  GNUNET_free (cert_data.data);
2690  return (GNUTLS_E_SUCCESS != ret) ? GNUNET_SYSERR : GNUNET_OK;
2691 }
2692 
2693 
2700 static struct ProxyGNSCertificate *
2702 {
2703  unsigned int serial;
2704  size_t key_buf_size;
2705  size_t cert_buf_size;
2706  gnutls_x509_crt_t request;
2707  time_t etime;
2708  struct tm *tm_data;
2709  struct ProxyGNSCertificate *pgc;
2710 
2712  "Generating x.509 certificate for `%s'\n",
2713  name);
2714  GNUNET_break (GNUTLS_E_SUCCESS == gnutls_x509_crt_init (&request));
2715  GNUNET_break (GNUTLS_E_SUCCESS == gnutls_x509_crt_set_key (request,
2716  proxy_ca.key));
2717  pgc = GNUNET_new (struct ProxyGNSCertificate);
2718  gnutls_x509_crt_set_dn_by_oid (request,
2719  GNUTLS_OID_X520_COUNTRY_NAME,
2720  0,
2721  "ZZ",
2722  strlen ("ZZ"));
2723  gnutls_x509_crt_set_dn_by_oid (request,
2724  GNUTLS_OID_X520_ORGANIZATION_NAME,
2725  0,
2726  "GNU Name System",
2727  strlen ("GNU Name System"));
2728  gnutls_x509_crt_set_dn_by_oid (request,
2729  GNUTLS_OID_X520_COMMON_NAME,
2730  0,
2731  name,
2732  strlen (name));
2733  gnutls_x509_crt_set_subject_alternative_name (request,
2734  GNUTLS_SAN_DNSNAME,
2735  name);
2736  GNUNET_break (GNUTLS_E_SUCCESS ==
2737  gnutls_x509_crt_set_version (request,
2738  3));
2739  gnutls_rnd (GNUTLS_RND_NONCE,
2740  &serial,
2741  sizeof(serial));
2742  gnutls_x509_crt_set_serial (request,
2743  &serial,
2744  sizeof(serial));
2745  etime = time (NULL);
2746  tm_data = localtime (&etime);
2747  tm_data->tm_hour--;
2748  etime = mktime (tm_data);
2749  gnutls_x509_crt_set_activation_time (request,
2750  etime);
2751  tm_data->tm_year++;
2752  etime = mktime (tm_data);
2753  gnutls_x509_crt_set_expiration_time (request,
2754  etime);
2755  gnutls_x509_crt_sign2 (request,
2756  proxy_ca.cert,
2757  proxy_ca.key,
2758  GNUTLS_DIG_SHA512,
2759  0);
2760  key_buf_size = sizeof(pgc->key);
2761  cert_buf_size = sizeof(pgc->cert);
2762  gnutls_x509_crt_export (request,
2763  GNUTLS_X509_FMT_PEM,
2764  pgc->cert,
2765  &cert_buf_size);
2766  gnutls_x509_privkey_export (proxy_ca.key,
2767  GNUTLS_X509_FMT_PEM,
2768  pgc->key,
2769  &key_buf_size);
2770  gnutls_x509_crt_deinit (request);
2771  return pgc;
2772 }
2773 
2774 
2782 static void
2784  const char *fm,
2785  va_list ap)
2786 {
2787  /* do nothing */
2788 }
2789 
2790 
2797 static struct MhdHttpList *
2799 {
2800  struct MhdHttpList *hd;
2801  struct ProxyGNSCertificate *pgc;
2802 
2803  if (NULL == domain)
2804  {
2805  GNUNET_break (0);
2806  return NULL;
2807  }
2808  for (hd = mhd_httpd_head; NULL != hd; hd = hd->next)
2809  if ((NULL != hd->domain) &&
2810  (0 == strcmp (hd->domain, domain)))
2811  return hd;
2813  "Starting fresh MHD HTTPS instance for domain `%s'\n",
2814  domain);
2815  pgc = generate_gns_certificate (domain);
2816  hd = GNUNET_new (struct MhdHttpList);
2817  hd->is_ssl = GNUNET_YES;
2818  hd->domain = GNUNET_strdup (domain);
2819  hd->proxy_cert = pgc;
2820  hd->daemon = MHD_start_daemon (MHD_USE_DEBUG | MHD_USE_SSL
2821  | MHD_USE_NO_LISTEN_SOCKET
2822  | MHD_ALLOW_SUSPEND_RESUME,
2823  0,
2824  NULL, NULL,
2825  &create_response, hd,
2826  MHD_OPTION_CONNECTION_TIMEOUT, (unsigned
2827  int) 16,
2828  MHD_OPTION_NOTIFY_COMPLETED, &mhd_completed_cb,
2829  NULL,
2830  MHD_OPTION_NOTIFY_CONNECTION,
2831  &mhd_connection_cb, NULL,
2832  MHD_OPTION_URI_LOG_CALLBACK, &mhd_log_callback,
2833  NULL,
2834  MHD_OPTION_EXTERNAL_LOGGER,
2835  &mhd_error_log_callback, NULL,
2836  MHD_OPTION_HTTPS_MEM_KEY, pgc->key,
2837  MHD_OPTION_HTTPS_MEM_CERT, pgc->cert,
2838  MHD_OPTION_END);
2839  if (NULL == hd->daemon)
2840  {
2841  GNUNET_free (pgc);
2842  GNUNET_free (hd);
2843  return NULL;
2844  }
2847  hd);
2848  return hd;
2849 }
2850 
2851 
2859 static void
2861 {
2862  struct Socks5Request *s5r = cls;
2863 
2864  s5r->timeout_task = NULL;
2865  cleanup_s5r (s5r);
2866 }
2867 
2868 
2877 static void
2879 {
2880  struct MhdHttpList *hd;
2881  int fd;
2882  const struct sockaddr *addr;
2883  socklen_t len;
2884  char *domain;
2885 
2886  if (GNUNET_YES == s5r->is_tls)
2887  {
2888  GNUNET_asprintf (&domain,
2889  "%s",
2890  s5r->domain);
2891  hd = lookup_ssl_httpd (domain);
2892  if (NULL == hd)
2893  {
2895  _ ("Failed to start HTTPS server for `%s'\n"),
2896  s5r->domain);
2897  cleanup_s5r (s5r);
2898  GNUNET_free (domain);
2899  return;
2900  }
2901  }
2902  else
2903  {
2904  domain = NULL;
2905  GNUNET_assert (NULL != httpd);
2906  hd = httpd;
2907  }
2908  fd = GNUNET_NETWORK_get_fd (s5r->sock);
2909  addr = GNUNET_NETWORK_get_addr (s5r->sock);
2912  if (MHD_YES !=
2913  MHD_add_connection (hd->daemon,
2914  fd,
2915  addr,
2916  len))
2917  {
2919  _ ("Failed to pass client to MHD\n"));
2920  cleanup_s5r (s5r);
2921  GNUNET_free (domain);
2922  return;
2923  }
2924  s5r->hd = hd;
2925  schedule_httpd (hd);
2928  s5r);
2929  GNUNET_free (domain);
2930 }
2931 
2932 
2933 /* ********************* SOCKS handling ************************* */
2934 
2935 
2941 static void
2942 do_write (void *cls)
2943 {
2944  struct Socks5Request *s5r = cls;
2945  ssize_t len;
2946 
2947  s5r->wtask = NULL;
2949  s5r->wbuf,
2950  s5r->wbuf_len);
2951  if (len <= 0)
2952  {
2953  /* write error: connection closed, shutdown, etc.; just clean up */
2955  "Write Error\n");
2956  cleanup_s5r (s5r);
2957  return;
2958  }
2959  memmove (s5r->wbuf,
2960  &s5r->wbuf[len],
2961  s5r->wbuf_len - len);
2962  s5r->wbuf_len -= len;
2963  if (s5r->wbuf_len > 0)
2964  {
2965  /* not done writing */
2966  s5r->wtask =
2968  s5r->sock,
2969  &do_write, s5r);
2970  return;
2971  }
2972 
2973  /* we're done writing, continue with state machine! */
2974 
2975  switch (s5r->state)
2976  {
2977  case SOCKS5_INIT:
2978  GNUNET_assert (0);
2979  break;
2980 
2981  case SOCKS5_REQUEST:
2982  GNUNET_assert (NULL != s5r->rtask);
2983  break;
2984 
2985  case SOCKS5_DATA_TRANSFER:
2986  setup_data_transfer (s5r);
2987  return;
2988 
2990  cleanup_s5r (s5r);
2991  return;
2992 
2993  default:
2994  GNUNET_break (0);
2995  break;
2996  }
2997 }
2998 
2999 
3006 static void
3008  enum Socks5StatusCode sc)
3009 {
3010  struct Socks5ServerResponseMessage *s_resp;
3011 
3012  GNUNET_break (0 == s5r->wbuf_len); /* Should happen first in any transmission, right? */
3014  sizeof(struct Socks5ServerResponseMessage));
3015  s_resp = (struct Socks5ServerResponseMessage *) &s5r->wbuf[s5r->wbuf_len];
3016  memset (s_resp, 0, sizeof(struct Socks5ServerResponseMessage));
3017  s_resp->version = SOCKS_VERSION_5;
3018  s_resp->reply = sc;
3020  if (NULL != s5r->wtask)
3021  s5r->wtask =
3023  s5r->sock,
3024  &do_write, s5r);
3025 }
3026 
3027 
3033 static void
3035 {
3036  struct Socks5ServerResponseMessage *s_resp;
3037 
3038  s_resp = (struct Socks5ServerResponseMessage *) &s5r->wbuf[s5r->wbuf_len];
3039  s_resp->version = SOCKS_VERSION_5;
3041  s_resp->reserved = 0;
3042  s_resp->addr_type = SOCKS5_AT_IPV4;
3043  /* zero out IPv4 address and port */
3044  memset (&s_resp[1],
3045  0,
3046  sizeof(struct in_addr) + sizeof(uint16_t));
3047  s5r->wbuf_len += sizeof(struct Socks5ServerResponseMessage)
3048  + sizeof(struct in_addr) + sizeof(uint16_t);
3049  if (NULL == s5r->wtask)
3050  s5r->wtask =
3052  s5r->sock,
3053  &do_write, s5r);
3054 }
3055 
3056 
3065 static void
3067  int tld,
3068  uint32_t rd_count,
3069  const struct GNUNET_GNSRECORD_Data *rd)
3070 {
3071  struct Socks5Request *s5r = cls;
3072  const struct GNUNET_GNSRECORD_Data *r;
3073  int got_ip;
3074 
3075  s5r->gns_lookup = NULL;
3076  s5r->is_gns = tld;
3077  got_ip = GNUNET_NO;
3078  for (uint32_t i = 0; i < rd_count; i++)
3079  {
3080  r = &rd[i];
3081  switch (r->record_type)
3082  {
3084  {
3085  struct sockaddr_in *in;
3086 
3087  if (sizeof(struct in_addr) != r->data_size)
3088  {
3089  GNUNET_break_op (0);
3090  break;
3091  }
3092  if (GNUNET_YES == got_ip)
3093  break;
3094  if (GNUNET_OK !=
3095  GNUNET_NETWORK_test_pf (PF_INET))
3096  break;
3097  got_ip = GNUNET_YES;
3098  in = (struct sockaddr_in *) &s5r->destination_address;
3099  in->sin_family = AF_INET;
3100  GNUNET_memcpy (&in->sin_addr,
3101  r->data,
3102  r->data_size);
3103  in->sin_port = htons (s5r->port);
3104 #if HAVE_SOCKADDR_IN_SIN_LEN
3105  in->sin_len = sizeof(*in);
3106 #endif
3107  }
3108  break;
3109 
3111  {
3112  struct sockaddr_in6 *in;
3113 
3114  if (sizeof(struct in6_addr) != r->data_size)
3115  {
3116  GNUNET_break_op (0);
3117  break;
3118  }
3119  if (GNUNET_YES == got_ip)
3120  break;
3121  if (GNUNET_YES == disable_v6)
3122  break;
3123  if (GNUNET_OK !=
3124  GNUNET_NETWORK_test_pf (PF_INET6))
3125  break;
3126  /* FIXME: allow user to disable IPv6 per configuration option... */
3127  got_ip = GNUNET_YES;
3128  in = (struct sockaddr_in6 *) &s5r->destination_address;
3129  in->sin6_family = AF_INET6;
3130  GNUNET_memcpy (&in->sin6_addr,
3131  r->data,
3132  r->data_size);
3133  in->sin6_port = htons (s5r->port);
3134 #if HAVE_SOCKADDR_IN_SIN_LEN
3135  in->sin6_len = sizeof(*in);
3136 #endif
3137  }
3138  break;
3139 
3141  GNUNET_break (0); /* should have been translated within GNS */
3142  break;
3143 
3145  GNUNET_free (s5r->leho);
3146  s5r->leho = GNUNET_strndup (r->data,
3147  r->data_size);
3148  break;
3149 
3151  {
3152  const struct GNUNET_GNSRECORD_BoxRecord *box;
3153 
3154  if (r->data_size < sizeof(struct GNUNET_GNSRECORD_BoxRecord))
3155  {
3156  GNUNET_break_op (0);
3157  break;
3158  }
3159  box = r->data;
3160  if ((ntohl (box->record_type) != GNUNET_DNSPARSER_TYPE_TLSA) ||
3161  (ntohs (box->protocol) != IPPROTO_TCP) ||
3162  (ntohs (box->service) != s5r->port))
3163  break; /* BOX record does not apply */
3164  if (s5r->num_danes >= MAX_DANES)
3165  {
3166  GNUNET_break (0); /* MAX_DANES too small */
3167  break;
3168  }
3169  s5r->is_tls = GNUNET_YES; /* This should be TLS */
3170  s5r->dane_data_len[s5r->num_danes]
3171  = r->data_size - sizeof(struct GNUNET_GNSRECORD_BoxRecord);
3172  s5r->dane_data[s5r->num_danes]
3173  = GNUNET_memdup (&box[1],
3174  s5r->dane_data_len[s5r->num_danes]);
3175  s5r->num_danes++;
3176  break;
3177  }
3178 
3179  default:
3180  /* don't care */
3181  break;
3182  }
3183  }
3184  if ((GNUNET_YES != got_ip) &&
3185  (GNUNET_YES == tld))
3186  {
3188  "Name resolution failed to yield useful IP address.\n");
3189  signal_socks_failure (s5r,
3191  return;
3192  }
3193  s5r->state = SOCKS5_DATA_TRANSFER;
3194  signal_socks_success (s5r);
3195 }
3196 
3197 
3204 static void
3206  size_t len)
3207 {
3208  GNUNET_assert (len <= s5r->rbuf_len);
3209  memmove (s5r->rbuf,
3210  &s5r->rbuf[len],
3211  s5r->rbuf_len - len);
3212  s5r->rbuf_len -= len;
3213 }
3214 
3215 
3221 static void
3222 do_s5r_read (void *cls)
3223 {
3224  struct Socks5Request *s5r = cls;
3225  const struct Socks5ClientHelloMessage *c_hello;
3226  struct Socks5ServerHelloMessage *s_hello;
3227  const struct Socks5ClientRequestMessage *c_req;
3228  ssize_t rlen;
3229  size_t alen;
3230  const struct GNUNET_SCHEDULER_TaskContext *tc;
3231 
3232  s5r->rtask = NULL;
3234  if ((NULL != tc->read_ready) &&
3236  s5r->sock)))
3237  {
3238  rlen = GNUNET_NETWORK_socket_recv (s5r->sock,
3239  &s5r->rbuf[s5r->rbuf_len],
3240  sizeof(s5r->rbuf) - s5r->rbuf_len);
3241  if (rlen <= 0)
3242  {
3244  "socks5 client disconnected.\n");
3245  cleanup_s5r (s5r);
3246  return;
3247  }
3248  s5r->rbuf_len += rlen;
3249  }
3251  s5r->sock,
3252  &do_s5r_read, s5r);
3254  "Processing %zu bytes of socks data in state %d\n",
3255  s5r->rbuf_len,
3256  s5r->state);
3257  switch (s5r->state)
3258  {
3259  case SOCKS5_INIT:
3260  c_hello = (const struct Socks5ClientHelloMessage*) &s5r->rbuf;
3261  if ((s5r->rbuf_len < sizeof(struct Socks5ClientHelloMessage)) ||
3262  (s5r->rbuf_len < sizeof(struct Socks5ClientHelloMessage)
3263  + c_hello->num_auth_methods))
3264  return; /* need more data */
3265  if (SOCKS_VERSION_5 != c_hello->version)
3266  {
3268  _ ("Unsupported socks version %d\n"),
3269  (int) c_hello->version);
3270  cleanup_s5r (s5r);
3271  return;
3272  }
3273  clear_from_s5r_rbuf (s5r,
3274  sizeof(struct Socks5ClientHelloMessage)
3275  + c_hello->num_auth_methods);
3276  GNUNET_assert (0 == s5r->wbuf_len);
3277  s_hello = (struct Socks5ServerHelloMessage *) &s5r->wbuf;
3278  s5r->wbuf_len = sizeof(struct Socks5ServerHelloMessage);
3279  s_hello->version = SOCKS_VERSION_5;
3280  s_hello->auth_method = SOCKS_AUTH_NONE;
3281  GNUNET_assert (NULL == s5r->wtask);
3283  s5r->sock,
3284  &do_write, s5r);
3285  s5r->state = SOCKS5_REQUEST;
3286  return;
3287 
3288  case SOCKS5_REQUEST:
3289  c_req = (const struct Socks5ClientRequestMessage *) &s5r->rbuf;
3290  if (s5r->rbuf_len < sizeof(struct Socks5ClientRequestMessage))
3291  return;
3292  switch (c_req->command)
3293  {
3294  case SOCKS5_CMD_TCP_STREAM:
3295  /* handled below */
3296  break;
3297 
3298  default:
3300  _ ("Unsupported socks command %d\n"),
3301  (int) c_req->command);
3302  signal_socks_failure (s5r,
3304  return;
3305  }
3306  switch (c_req->addr_type)
3307  {
3308  case SOCKS5_AT_IPV4:
3309  {
3310  const struct in_addr *v4 = (const struct in_addr *) &c_req[1];
3311  const uint16_t *port = (const uint16_t *) &v4[1];
3312  struct sockaddr_in *in;
3313 
3314  s5r->port = ntohs (*port);
3315  alen = sizeof(struct in_addr);
3316  if (s5r->rbuf_len < sizeof(struct Socks5ClientRequestMessage)
3317  + alen + sizeof(uint16_t))
3318  return; /* need more data */
3319  in = (struct sockaddr_in *) &s5r->destination_address;
3320  in->sin_family = AF_INET;
3321  in->sin_addr = *v4;
3322  in->sin_port = *port;
3323 #if HAVE_SOCKADDR_IN_SIN_LEN
3324  in->sin_len = sizeof(*in);
3325 #endif
3326  s5r->state = SOCKS5_DATA_TRANSFER;
3327  }
3328  break;
3329 
3330  case SOCKS5_AT_IPV6:
3331  {
3332  const struct in6_addr *v6 = (const struct in6_addr *) &c_req[1];
3333  const uint16_t *port = (const uint16_t *) &v6[1];
3334  struct sockaddr_in6 *in;
3335 
3336  s5r->port = ntohs (*port);
3337  alen = sizeof(struct in6_addr);
3338  if (s5r->rbuf_len < sizeof(struct Socks5ClientRequestMessage)
3339  + alen + sizeof(uint16_t))
3340  return; /* need more data */
3341  in = (struct sockaddr_in6 *) &s5r->destination_address;
3342  in->sin6_family = AF_INET6;
3343  in->sin6_addr = *v6;
3344  in->sin6_port = *port;
3345 #if HAVE_SOCKADDR_IN_SIN_LEN
3346  in->sin6_len = sizeof(*in);
3347 #endif
3348  s5r->state = SOCKS5_DATA_TRANSFER;
3349  }
3350  break;
3351 
3352  case SOCKS5_AT_DOMAINNAME:
3353  {
3354  const uint8_t *dom_len;
3355  const char *dom_name;
3356  const uint16_t *port;
3357 
3358  dom_len = (const uint8_t *) &c_req[1];
3359  alen = *dom_len + 1;
3360  if (s5r->rbuf_len < sizeof(struct Socks5ClientRequestMessage)
3361  + alen + sizeof(uint16_t))
3362  return; /* need more data */
3363  dom_name = (const char *) &dom_len[1];
3364  port = (const uint16_t *) &dom_name[*dom_len];
3365  s5r->domain = GNUNET_strndup (dom_name,
3366  *dom_len);
3368  "Requested connection is to %s:%d\n",
3369  // (HTTPS_PORT == s5r->port) ? "s" : "",
3370  s5r->domain,
3371  ntohs (*port));
3372  s5r->state = SOCKS5_RESOLVING;
3373  s5r->port = ntohs (*port);
3374  s5r->is_tls = (HTTPS_PORT == s5r->port) ? GNUNET_YES : GNUNET_NO;
3376  s5r->domain,
3378  GNUNET_GNS_LO_LOCAL_MASTER /* only cached */,
3380  s5r);
3381  break;
3382  }
3383 
3384  default:
3386  _ ("Unsupported socks address type %d\n"),
3387  (int) c_req->addr_type);
3388  signal_socks_failure (s5r,
3390  return;
3391  }
3392  clear_from_s5r_rbuf (s5r,
3393  sizeof(struct Socks5ClientRequestMessage)
3394  + alen + sizeof(uint16_t));
3395  if (0 != s5r->rbuf_len)
3396  {
3397  /* read more bytes than healthy, why did the client send more!? */
3398  GNUNET_break_op (0);
3399  signal_socks_failure (s5r,
3401  return;
3402  }
3403  if (SOCKS5_DATA_TRANSFER == s5r->state)
3404  {
3405  /* if we are not waiting for GNS resolution, signal success */
3406  signal_socks_success (s5r);
3407  }
3408  /* We are done reading right now */
3410  s5r->rtask = NULL;
3411  return;
3412 
3413  case SOCKS5_RESOLVING:
3414  GNUNET_assert (0);
3415  return;
3416 
3417  case SOCKS5_DATA_TRANSFER:
3418  GNUNET_assert (0);
3419  return;
3420 
3421  default:
3422  GNUNET_assert (0);
3423  return;
3424  }
3425 }
3426 
3427 
3433 static void
3434 do_accept (void *cls)
3435 {
3436  struct GNUNET_NETWORK_Handle *lsock = cls;
3437  struct GNUNET_NETWORK_Handle *s;
3438  struct Socks5Request *s5r;
3439 
3440  GNUNET_assert (NULL != lsock);
3441  if (lsock == lsock4)
3443  lsock,
3444  &do_accept,
3445  lsock);
3446  else if (lsock == lsock6)
3448  lsock,
3449  &do_accept,
3450  lsock);
3451  else
3452  GNUNET_assert (0);
3453  s = GNUNET_NETWORK_socket_accept (lsock,
3454  NULL,
3455  NULL);
3456  if (NULL == s)
3457  {
3459  "accept");
3460  return;
3461  }
3463  "Got an inbound connection, waiting for data\n");
3464  s5r = GNUNET_new (struct Socks5Request);
3466  s5r_tail,
3467  s5r);
3468  s5r->sock = s;
3469  s5r->state = SOCKS5_INIT;
3471  s5r->sock,
3472  &do_s5r_read,
3473  s5r);
3474 }
3475 
3476 
3477 /* ******************* General / main code ********************* */
3478 
3479 
3485 static void
3486 do_shutdown (void *cls)
3487 {
3489  "Shutting down...\n");
3490  /* MHD requires resuming before destroying the daemons */
3491  for (struct Socks5Request *s5r = s5r_head;
3492  NULL != s5r;
3493  s5r = s5r->next)
3494  {
3495  if (s5r->suspended)
3496  {
3497  s5r->suspended = GNUNET_NO;
3498  MHD_resume_connection (s5r->con);
3499  }
3500  }
3501  while (NULL != mhd_httpd_head)
3503  while (NULL != s5r_head)
3505  if (NULL != lsock4)
3506  {
3508  lsock4 = NULL;
3509  }
3510  if (NULL != lsock6)
3511  {
3513  lsock6 = NULL;
3514  }
3515  if (NULL != curl_multi)
3516  {
3517  curl_multi_cleanup (curl_multi);
3518  curl_multi = NULL;
3519  }
3520  if (NULL != gns_handle)
3521  {
3523  gns_handle = NULL;
3524  }
3525  if (NULL != curl_download_task)
3526  {
3528  curl_download_task = NULL;
3529  }
3530  if (NULL != ltask4)
3531  {
3533  ltask4 = NULL;
3534  }
3535  if (NULL != ltask6)
3536  {
3538  ltask6 = NULL;
3539  }
3540  gnutls_x509_crt_deinit (proxy_ca.cert);
3541  gnutls_x509_privkey_deinit (proxy_ca.key);
3542  gnutls_global_deinit ();
3543 }
3544 
3545 
3551 static struct GNUNET_NETWORK_Handle *
3553 {
3554  struct GNUNET_NETWORK_Handle *ls;
3555  struct sockaddr_in sa4;
3556  int eno;
3557 
3558  memset (&sa4, 0, sizeof(sa4));
3559  sa4.sin_family = AF_INET;
3560  sa4.sin_port = htons (port);
3561  sa4.sin_addr.s_addr = address;
3562 #if HAVE_SOCKADDR_IN_SIN_LEN
3563  sa4.sin_len = sizeof(sa4);
3564 #endif
3565  ls = GNUNET_NETWORK_socket_create (AF_INET,
3566  SOCK_STREAM,
3567  0);
3568  if (NULL == ls)
3569  return NULL;
3570  if (GNUNET_OK !=
3572  (const struct sockaddr *) &sa4,
3573  sizeof(sa4)))
3574  {
3575  eno = errno;
3577  errno = eno;
3578  return NULL;
3579  }
3580  return ls;
3581 }
3582 
3583 
3589 static struct GNUNET_NETWORK_Handle *
3591 {
3592  struct GNUNET_NETWORK_Handle *ls;
3593  struct sockaddr_in6 sa6;
3594  int eno;
3595 
3596  memset (&sa6, 0, sizeof(sa6));
3597  sa6.sin6_family = AF_INET6;
3598  sa6.sin6_port = htons (port);
3599  sa6.sin6_addr = address6;
3600 #if HAVE_SOCKADDR_IN_SIN_LEN
3601  sa6.sin6_len = sizeof(sa6);
3602 #endif
3603  ls = GNUNET_NETWORK_socket_create (AF_INET6,
3604  SOCK_STREAM,
3605  0);
3606  if (NULL == ls)
3607  return NULL;
3608  if (GNUNET_OK !=
3610  (const struct sockaddr *) &sa6,
3611  sizeof(sa6)))
3612  {
3613  eno = errno;
3615  errno = eno;
3616  return NULL;
3617  }
3618  return ls;
3619 }
3620 
3621 
3630 static void
3631 run (void *cls,
3632  char *const *args,
3633  const char *cfgfile,
3634  const struct GNUNET_CONFIGURATION_Handle *c)
3635 {
3636  char*cafile_cfg = NULL;
3637  char*cafile;
3638  char*addr_str;
3639  struct MhdHttpList *hd;
3640 
3641  cfg = c;
3642 
3643  /* Get address to bind to */
3645  "BIND_TO",
3646  &addr_str))
3647  {
3648  // No address specified
3650  "Don't know what to bind to...\n");
3651  GNUNET_free (addr_str);
3653  return;
3654  }
3655  if (1 != inet_pton (AF_INET, addr_str, &address))
3656  {
3658  "Unable to parse address %s\n",
3659  addr_str);
3660  GNUNET_free (addr_str);
3662  return;
3663  }
3664  GNUNET_free (addr_str);
3665  /* Get address to bind to */
3667  "BIND_TO6",
3668  &addr_str))
3669  {
3670  // No address specified
3672  "Don't know what to bind6 to...\n");
3673  GNUNET_free (addr_str);
3675  return;
3676  }
3677  if (1 != inet_pton (AF_INET6, addr_str, &address6))
3678  {
3680  "Unable to parse IPv6 address %s\n",
3681  addr_str);
3682  GNUNET_free (addr_str);
3684  return;
3685  }
3686  GNUNET_free (addr_str);
3687 
3688  if (NULL == (curl_multi = curl_multi_init ()))
3689  {
3691  "Failed to create cURL multi handle!\n");
3692  return;
3693  }
3694  cafile = cafile_opt;
3695  if (NULL == cafile)
3696  {
3697  if (GNUNET_OK !=
3699  "gns-proxy",
3700  "PROXY_CACERT",
3701  &cafile_cfg))
3702  {
3704  "gns-proxy",
3705  "PROXY_CACERT");
3706  return;
3707  }
3708  cafile = cafile_cfg;
3709  }
3711  "Using `%s' as CA\n",
3712  cafile);
3713 
3714  gnutls_global_init ();
3715  gnutls_x509_crt_init (&proxy_ca.cert);
3716  gnutls_x509_privkey_init (&proxy_ca.key);
3717 
3718  if ((GNUNET_OK !=
3720  cafile)) ||
3721  (GNUNET_OK !=
3723  cafile)))
3724  {
3726  _ ("Failed to load X.509 key and certificate from `%s'\n"),
3727  cafile);
3728  gnutls_x509_crt_deinit (proxy_ca.cert);
3729  gnutls_x509_privkey_deinit (proxy_ca.key);
3730  gnutls_global_deinit ();
3731  GNUNET_free (cafile_cfg);
3732  return;
3733  }
3734  GNUNET_free (cafile_cfg);
3735  if (NULL == (gns_handle = GNUNET_GNS_connect (cfg)))
3736  {
3738  "Unable to connect to GNS!\n");
3739  gnutls_x509_crt_deinit (proxy_ca.cert);
3740  gnutls_x509_privkey_deinit (proxy_ca.key);
3741  gnutls_global_deinit ();
3742  return;
3743  }
3745  NULL);
3746 
3747  /* Open listen socket for socks proxy */
3748  lsock6 = bind_v6 ();
3749  if (NULL == lsock6)
3750  {
3752  "bind");
3753  }
3754  else
3755  {
3756  if (GNUNET_OK !=
3758  5))
3759  {
3761  "listen");
3763  lsock6 = NULL;
3764  }
3765  else
3766  {
3768  lsock6,
3769  &do_accept,
3770  lsock6);
3771  }
3772  }
3773  lsock4 = bind_v4 ();
3774  if (NULL == lsock4)
3775  {
3777  "bind");
3778  }
3779  else
3780  {
3781  if (GNUNET_OK !=
3783  5))
3784  {
3786  "listen");
3788  lsock4 = NULL;
3789  }
3790  else
3791  {
3793  lsock4,
3794  &do_accept,
3795  lsock4);
3796  }
3797  }
3798  if ((NULL == lsock4) &&
3799  (NULL == lsock6))
3800  {
3802  return;
3803  }
3804  if (CURLSSLSET_OK != curl_global_sslset (CURLSSLBACKEND_GNUTLS,
3805  NULL,
3806  NULL))
3807  {
3809  "cURL does not support the GnuTLS backend\n");
3810 
3811  }
3812  if (0 != curl_global_init (CURL_GLOBAL_WIN32))
3813  {
3815  "cURL global init failed!\n");
3817  return;
3818  }
3820  "Proxy listens on port %u\n",
3821  (unsigned int) port);
3822 
3823  /* start MHD daemon for HTTP */
3824  hd = GNUNET_new (struct MhdHttpList);
3825  hd->daemon = MHD_start_daemon (MHD_USE_DEBUG | MHD_USE_NO_LISTEN_SOCKET
3826  | MHD_ALLOW_SUSPEND_RESUME,
3827  0,
3828  NULL, NULL,
3829  &create_response, hd,
3830  MHD_OPTION_CONNECTION_TIMEOUT, (unsigned
3831  int) 16,
3832  MHD_OPTION_NOTIFY_COMPLETED, &mhd_completed_cb,
3833  NULL,
3834  MHD_OPTION_NOTIFY_CONNECTION,
3835  &mhd_connection_cb, NULL,
3836  MHD_OPTION_URI_LOG_CALLBACK, &mhd_log_callback,
3837  NULL,
3838  MHD_OPTION_END);
3839  if (NULL == hd->daemon)
3840  {
3841  GNUNET_free (hd);
3843  return;
3844  }
3845  httpd = hd;
3848  hd);
3849 }
3850 
3851 
3859 int
3860 main (int argc,
3861  char *const *argv)
3862 {
3865  "port",
3866  NULL,
3867  gettext_noop (
3868  "listen on specified port (default: 7777)"),
3869  &port),
3871  "authority",
3872  NULL,
3873  gettext_noop ("pem file to use as CA"),
3874  &cafile_opt),
3876  "disable-ivp6",
3877  gettext_noop ("disable use of IPv6"),
3878  &disable_v6),
3879 
3881  };
3882  static const char*page =
3883  "<html><head><title>gnunet-gns-proxy</title>"
3884  "</head><body>cURL fail</body></html>";
3885  int ret;
3886 
3887  if (GNUNET_OK !=
3888  GNUNET_STRINGS_get_utf8_args (argc, argv,
3889  &argc, &argv))
3890  return 2;
3891  GNUNET_log_setup ("gnunet-gns-proxy",
3892  "WARNING",
3893  NULL);
3895  = MHD_create_response_from_buffer (strlen (page),
3896  (void *) page,
3897  MHD_RESPMEM_PERSISTENT);
3898 
3899  ret =
3900  (GNUNET_OK ==
3901  GNUNET_PROGRAM_run (argc, argv,
3902  "gnunet-gns-proxy",
3903  _ ("GNUnet GNS proxy"),
3904  options,
3905  &run, NULL)) ? 0 : 1;
3906  MHD_destroy_response (curl_failure_response);
3907  GNUNET_free_nz ((char *) argv);
3908  return ret;
3909 }
3910 
3911 
3912 /* end of gnunet-gns-proxy.c */
struct GNUNET_GETOPT_CommandLineOption GNUNET_GETOPT_OPTION_END
Definition: 002.c:13
struct GNUNET_GETOPT_CommandLineOption options[]
Definition: 002.c:5
struct GNUNET_MessageHeader * msg
Definition: 005.c:2
#define GNUNET_GNSRECORD_TYPE_BOX
Boxed records (see TLSA/SRV handling in GNS)
#define GNUNET_GNSRECORD_TYPE_VPN
VPN resolution.
#define GNUNET_GNSRECORD_TYPE_LEHO
legacy hostnames
#define gettext_noop(String)
Definition: gettext.h:70
IPC messages between GNS API and GNS service.
static int ret
Return value of the commandline.
Definition: gnunet-abd.c:81
static int verify
Verify mode.
Definition: gnunet-abd.c:127
static struct GNUNET_TIME_Relative timeout
Desired timeout for the lookup (default is no timeout).
Definition: gnunet-abd.c:61
static uint64_t etime
Expiration string converted to numeric value.
Definition: gnunet-abd.c:201
static void cleanup(void *cls)
Function scheduled as very last function, cleans up after us.
struct GNUNET_HashCode key
The key used in the DHT.
static char * filename
static struct MhdHttpList * mhd_httpd_tail
DLL for http/https daemons.
static void do_s5r_read(void *cls)
Read data from incoming Socks5 connection.
static struct ProxyCA proxy_ca
The CA for X.509 certificate generation.
static void * mhd_log_callback(void *cls, const char *url, struct MHD_Connection *connection)
Function called when MHD first processes an incoming connection.
static struct Socks5Request * s5r_tail
DLL of active socks requests.
static int create_mhd_response_from_s5r(struct Socks5Request *s5r)
Create an MHD response object in s5r matching the information we got from curl.
static size_t curl_download_cb(void *ptr, size_t size, size_t nmemb, void *ctx)
Handle response payload data from cURL.
static struct GNUNET_GNS_Handle * gns_handle
Handle to the GNS service.
static struct GNUNET_NETWORK_Handle * bind_v6()
Create an IPv6 listen socket bound to our port.
static void signal_socks_success(struct Socks5Request *s5r)
Return a server response message indicating success.
#define SOCKS_AUTH_NONE
Flag to set for 'no authentication'.
#define GNUNET_GNS_PROXY_PORT
Default Socks5 listen port.
static CURLM * curl_multi
The cURL multi handle.
Socks5Commands
Commands in Socks5.
@ SOCKS5_CMD_UDP_PORT
Establish UDP port binding.
@ SOCKS5_CMD_TCP_STREAM
Establish TCP/IP stream.
@ SOCKS5_CMD_TCP_PORT
Establish TCP port binding.
#define MAX_PEM_SIZE
Largest allowed size for a PEM certificate.
static int disable_v6
Disable IPv6.
static char * cafile_opt
The CA file (pem) to use for the proxy CA.
static struct GNUNET_NETWORK_Handle * lsock6
The listen socket of the proxy for IPv6.
static const struct GNUNET_CONFIGURATION_Handle * cfg
Our configuration.
SocksPhase
The socks phases.
@ SOCKS5_SOCKET_UPLOAD_STARTED
We've started receiving upload data from MHD.
@ SOCKS5_SOCKET_WITH_MHD
Socket has been passed to MHD, do not close it anymore.
@ SOCKS5_SOCKET_DOWNLOAD_STARTED
We've finished uploading data via CURL and can now download.
@ SOCKS5_RESOLVING
We are currently resolving the destination.
@ SOCKS5_INIT
We're waiting to get the client hello.
@ SOCKS5_SOCKET_DOWNLOAD_DONE
We've finished receiving download data from cURL.
@ SOCKS5_WRITE_THEN_CLEANUP
Finish writing the write buffer, then clean up.
@ SOCKS5_DATA_TRANSFER
We're in transfer mode.
@ SOCKS5_REQUEST
We're waiting to get the initial request.
@ SOCKS5_SOCKET_UPLOAD_DONE
We've finished receiving upload data from MHD.
#define SOCKS_VERSION_5
Which SOCKS version do we speak?
static MHD_RESULT create_response(void *cls, struct MHD_Connection *con, const char *url, const char *meth, const char *ver, const char *upload_data, size_t *upload_data_size, void **con_cls)
Main MHD callback for handling requests.
static size_t curl_check_hdr(void *buffer, size_t size, size_t nmemb, void *cls)
We're getting an HTTP response header from cURL.
static struct GNUNET_NETWORK_Handle * lsock4
The listen socket of the proxy for IPv4.
static void clear_from_s5r_rbuf(struct Socks5Request *s5r, size_t len)
Remove the first len bytes from the beginning of the read buffer.
static struct in6_addr address6
The IPv6 address to bind to.
static int load_key_from_file(gnutls_x509_privkey_t key, const char *keyfile)
Load PEM key from file.
#define HTTPS_PORT
Port for HTTPS.
static void do_shutdown(void *cls)
Task run on shutdown.
static void mhd_error_log_callback(void *cls, const char *fm, va_list ap)
Function called by MHD with errors, suppresses them all.
static int con_val_iter(void *cls, enum MHD_ValueKind kind, const char *key, const char *value)
Read HTTP request header field from the request.
static void mhd_completed_cb(void *cls, struct MHD_Connection *connection, void **con_cls, enum MHD_RequestTerminationCode toe)
Function called when MHD decides that we are done with a request.
#define SOCKS_BUFFERSIZE
Size of the read/write buffers for Socks.
static void run(void *cls, char *const *args, const char *cfgfile, const struct GNUNET_CONFIGURATION_Handle *c)
Main function that will be run.
static uint16_t port
The port the proxy is running on (default 7777)
static void do_httpd(void *cls)
Task run whenever HTTP server operations are pending.
static void * load_file(const char *filename, unsigned int *size)
Read file in filename.
static void curl_download_prepare()
Ask cURL for the select() sets and schedule cURL operations.
static struct MhdHttpList * httpd
Daemon for HTTP (we have one per X.509 certificate, and then one for all HTTP connections; this is th...
Socks5AddressType
Address types in Socks5.
@ SOCKS5_AT_DOMAINNAME
IPv4 address.
@ SOCKS5_AT_IPV4
IPv4 address.
@ SOCKS5_AT_IPV6
IPv6 address.
static ssize_t mhd_content_cb(void *cls, uint64_t pos, char *buf, size_t max)
Callback for MHD response generation.
static struct ProxyGNSCertificate * generate_gns_certificate(const char *name)
Generate new certificate for specific name.
#define MAX_DANES
Maximum number of DANE records we support per domain name (and port and protocol).
static void kill_httpd_task(void *cls)
Task run whenever HTTP server is idle for too long.
static struct MhdHttpList * mhd_httpd_head
DLL for http/https daemons.
Socks5StatusCode
Status codes in Socks5 response.
@ SOCKS5_STATUS_CONNECTION_NOT_ALLOWED_BY_RULE
@ SOCKS5_STATUS_CONNECTION_REFUSED_BY_HOST
@ SOCKS5_STATUS_ADDRESS_TYPE_NOT_SUPPORTED
@ SOCKS5_STATUS_HOST_UNREACHABLE
@ SOCKS5_STATUS_TTL_EXPIRED
@ SOCKS5_STATUS_GENERAL_FAILURE
@ SOCKS5_STATUS_COMMAND_NOT_SUPPORTED
@ SOCKS5_STATUS_REQUEST_GRANTED
@ SOCKS5_STATUS_NETWORK_UNREACHABLE
static void curl_task_download(void *cls)
Task that is run when we are ready to receive more data from curl.
static struct GNUNET_SCHEDULER_Task * curl_download_task
The cURL download task (curl multi API).
static size_t curl_upload_cb(void *buf, size_t size, size_t nmemb, void *cls)
cURL callback for uploaded (PUT/POST) data.
static struct MhdHttpList * lookup_ssl_httpd(const char *domain)
Lookup (or create) an TLS MHD instance for a particular domain.
static void do_accept(void *cls)
Accept new incoming connections.
static void kill_httpd(struct MhdHttpList *hd)
Kill the given MHD daemon.
static int load_cert_from_file(gnutls_x509_crt_t crt, const char *certfile)
Load cert from file.
static void do_write(void *cls)
Write data from buffer to socks5 client, then continue with state machine.
static void handle_gns_result(void *cls, int tld, uint32_t rd_count, const struct GNUNET_GNSRECORD_Data *rd)
Process GNS results for target domain.
static struct Socks5Request * s5r_head
DLL of active socks requests.
static int check_ssl_certificate(struct Socks5Request *s5r)
Check that the website has presented us with a valid X.509 certificate.
#define MHD_CACHE_TIMEOUT
After how long do we clean up unused MHD TLS instances?
int main(int argc, char *const *argv)
The main function for gnunet-gns-proxy.
static void run_mhd_now(struct MhdHttpList *hd)
Run MHD now, we have extra data ready for the callback.
#define HTTP_HANDSHAKE_TIMEOUT
After how long do we clean up Socks5 handles that failed to show any activity with their respective M...
static void cleanup_s5r(struct Socks5Request *s5r)
Clean up s5r handles.
static in_addr_t address
The address to bind to.
static void signal_socks_failure(struct Socks5Request *s5r, enum Socks5StatusCode sc)
Return a server response message indicating a failure to the client.
static void timeout_s5r_handshake(void *cls)
Task run when a Socks5Request somehow fails to be associated with an MHD connection (e....
static void mhd_connection_cb(void *cls, struct MHD_Connection *connection, void **con_cls, enum MHD_ConnectionNotificationCode cnc)
Function called when MHD connection is opened or closed.
#define IO_BUFFERSIZE
Size of the buffer for the data upload / download.
static struct GNUNET_SCHEDULER_Task * ltask6
The listen task ID for IPv6.
static struct GNUNET_SCHEDULER_Task * ltask4
The listen task ID for IPv4.
static struct MHD_Response * curl_failure_response
Response we return on cURL failures.
static void schedule_httpd(struct MhdHttpList *hd)
Schedule MHD.
static void setup_data_transfer(struct Socks5Request *s5r)
We're done with the Socks5 protocol, now we need to pass the connection data through to the final des...
static struct GNUNET_NETWORK_Handle * bind_v4()
Create an IPv4 listen socket bound to our port.
uint16_t len
length of data (which is always a uint32_t, but presumably this can be used to specify that fewer byt...
static unsigned int rd_count
Number of records for currently parsed set.
static struct GNUNET_GNSRECORD_Data rd[50]
The record data under a single label.
static char * value
Value of the record to add/remove.
static struct GNUNET_NETWORK_Handle * ls
Listen socket for STUN processing.
Definition: gnunet-nat.c:85
enum State state
current state of profiling
static struct GNUNET_FS_SearchContext * sc
Definition: gnunet-search.c:87
static char buf[2048]
static struct GNUNET_VPN_RedirectionRequest * request
Opaque redirection request handle.
Definition: gnunet-vpn.c:40
static struct GNUNET_DNSSTUB_Context * ctx
Context for DNS resolution.
library to make it easy to download JSON replies over HTTP
API to the GNS service.
Identity service; implements identity management for GNUnet.
#define MHD_RESULT
enum GNUNET_GenericReturnValue GNUNET_CONFIGURATION_get_value_filename(const struct GNUNET_CONFIGURATION_Handle *cfg, const char *section, const char *option, char **value)
Get a configuration value that should be the name of a file or directory.
enum GNUNET_GenericReturnValue GNUNET_CONFIGURATION_get_value_string(const struct GNUNET_CONFIGURATION_Handle *cfg, const char *section, const char *option, char **value)
Get a configuration value that should be a string.
enum GNUNET_GenericReturnValue GNUNET_DISK_file_size(const char *filename, uint64_t *size, int include_symbolic_links, int single_file_mode)
Get the size of the file (or directory) of the given file (in bytes).
Definition: disk.c:221
ssize_t GNUNET_DISK_fn_read(const char *fn, void *result, size_t len)
Read the contents of a binary file into a buffer.
Definition: disk.c:664
#define GNUNET_CONTAINER_DLL_remove(head, tail, element)
Remove an element from a DLL.
#define GNUNET_CONTAINER_DLL_insert(head, tail, element)
Insert an element at the head of a DLL.
#define GNUNET_DNSPARSER_TYPE_TLSA
#define GNUNET_DNSPARSER_TYPE_A
#define GNUNET_DNSPARSER_TYPE_AAAA
#define GNUNET_DNSPARSER_MAX_NAME_LENGTH
Maximum length of a name in DNS.
struct GNUNET_GETOPT_CommandLineOption GNUNET_GETOPT_option_flag(char shortName, const char *name, const char *description, int *val)
Allow user to specify a flag (which internally means setting an integer to 1/GNUNET_YES/GNUNET_OK.
struct GNUNET_GETOPT_CommandLineOption GNUNET_GETOPT_option_string(char shortName, const char *name, const char *argumentHelp, const char *description, char **str)
Allow user to specify a string.
struct GNUNET_GETOPT_CommandLineOption GNUNET_GETOPT_option_uint16(char shortName, const char *name, const char *argumentHelp, const char *description, uint16_t *val)
Allow user to specify an uint16_t.
void GNUNET_GNS_disconnect(struct GNUNET_GNS_Handle *handle)
Shutdown connection with the GNS service.
Definition: gns_api.c:290
void * GNUNET_GNS_lookup_with_tld_cancel(struct GNUNET_GNS_LookupWithTldRequest *ltr)
Cancel pending lookup request.
Definition: gns_tld_api.c:332
struct GNUNET_GNS_LookupWithTldRequest * GNUNET_GNS_lookup_with_tld(struct GNUNET_GNS_Handle *handle, const char *name, uint32_t type, enum GNUNET_GNS_LocalOptions options, GNUNET_GNS_LookupResultProcessor2 proc, void *proc_cls)
Perform an asynchronous lookup operation on the GNS, determining the zone using the TLD of the given ...
Definition: gns_tld_api.c:241
struct GNUNET_GNS_Handle * GNUNET_GNS_connect(const struct GNUNET_CONFIGURATION_Handle *cfg)
Initialize the connection with the GNS service.
Definition: gns_api.c:268
@ GNUNET_GNS_LO_LOCAL_MASTER
For the rightmost label, only look in the cache (it is our local namestore), for the others,...
#define GNUNET_log(kind,...)
#define GNUNET_memcpy(dst, src, n)
Call memcpy() but check for n being 0 first.
#define GNUNET_MIN(a, b)
@ GNUNET_SCHEDULER_PRIORITY_DEFAULT
Run with the default priority (normal P2P operations).
@ GNUNET_OK
@ GNUNET_YES
@ GNUNET_NO
@ GNUNET_SYSERR
#define GNUNET_break_op(cond)
Use this for assertion violations caused by other peers (i.e.
int GNUNET_log_setup(const char *comp, const char *loglevel, const char *logfile)
Setup logging.
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur.
void GNUNET_log_config_missing(enum GNUNET_ErrorType kind, const char *section, const char *option)
Log error message about missing configuration option.
#define GNUNET_log_strerror(level, cmd)
Log an error message at log-level 'level' that indicates a failure of the command 'cmd' with the mess...
@ GNUNET_ERROR_TYPE_WARNING
@ GNUNET_ERROR_TYPE_ERROR
@ GNUNET_ERROR_TYPE_DEBUG
@ GNUNET_ERROR_TYPE_INFO
int int GNUNET_asprintf(char **buf, const char *format,...) __attribute__((format(printf
Like asprintf, just portable.
#define GNUNET_strdup(a)
Wrapper around GNUNET_xstrdup_.
#define GNUNET_strndup(a, length)
Wrapper around GNUNET_xstrndup_.
int GNUNET_snprintf(char *buf, size_t size, const char *format,...) __attribute__((format(printf
Like snprintf, just aborts if the buffer is of insufficient size.
#define GNUNET_new(type)
Allocate a struct or union of the given type.
#define GNUNET_malloc(size)
Wrapper around malloc.
#define GNUNET_free(ptr)
Wrapper around free.
#define GNUNET_free_nz(ptr)
Wrapper around free.
#define GNUNET_memdup(buf, size)
Allocate and initialize a block of memory.
struct sockaddr * GNUNET_NETWORK_get_addr(const struct GNUNET_NETWORK_Handle *desc)
Return the sockaddr for this network handle.
Definition: network.c:1013
struct GNUNET_NETWORK_FDSet * GNUNET_NETWORK_fdset_create(void)
Creates an fd set.
Definition: network.c:1170
enum GNUNET_GenericReturnValue GNUNET_NETWORK_socket_close(struct GNUNET_NETWORK_Handle *desc)
Close a socket.
Definition: network.c:508
void GNUNET_NETWORK_fdset_destroy(struct GNUNET_NETWORK_FDSet *fds)
Releases the associated memory of an fd set.
Definition: network.c:1186
socklen_t GNUNET_NETWORK_get_addrlen(const struct GNUNET_NETWORK_Handle *desc)
Return sockaddr length for this network handle.
Definition: network.c:1026
int GNUNET_NETWORK_get_fd(const struct GNUNET_NETWORK_Handle *desc)
Return file descriptor for this network handle.
Definition: network.c:1000
void GNUNET_NETWORK_fdset_copy_native(struct GNUNET_NETWORK_FDSet *to, const fd_set *from, int nfds)
Copy a native fd set into the GNUnet representation.
Definition: network.c:1040
ssize_t GNUNET_NETWORK_socket_recv(const struct GNUNET_NETWORK_Handle *desc, void *buffer, size_t length)
Read data from a connected socket (always non-blocking).
Definition: network.c:716
struct GNUNET_NETWORK_Handle * GNUNET_NETWORK_socket_accept(const struct GNUNET_NETWORK_Handle *desc, struct sockaddr *address, socklen_t *address_len)
Accept a new connection on a socket.
Definition: network.c:392
struct GNUNET_NETWORK_Handle * GNUNET_NETWORK_socket_create(int domain, int type, int protocol)
Create a new socket.
Definition: network.c:832
void GNUNET_NETWORK_socket_free_memory_only_(struct GNUNET_NETWORK_Handle *desc)
Only free memory of a socket, keep the file descriptor untouched.
Definition: network.c:565
ssize_t GNUNET_NETWORK_socket_send(const struct GNUNET_NETWORK_Handle *desc, const void *buffer, size_t length)
Send data (always non-blocking).
Definition: network.c:737
enum GNUNET_GenericReturnValue GNUNET_NETWORK_test_pf(int pf)
Test if the given protocol family is supported by this system.
Definition: network.c:79
enum GNUNET_GenericReturnValue GNUNET_NETWORK_socket_bind(struct GNUNET_NETWORK_Handle *desc, const struct sockaddr *address, socklen_t address_len)
Bind a socket to a particular address.
Definition: network.c:439
enum GNUNET_GenericReturnValue GNUNET_NETWORK_socket_listen(const struct GNUNET_NETWORK_Handle *desc, int backlog)
Listen on a socket.
Definition: network.c:651
int GNUNET_NETWORK_fdset_isset(const struct GNUNET_NETWORK_FDSet *fds, const struct GNUNET_NETWORK_Handle *desc)
Check whether a socket is part of the fd set.
Definition: network.c:949
enum GNUNET_GenericReturnValue GNUNET_PROGRAM_run(int argc, char *const *argv, const char *binaryName, const char *binaryHelp, const struct GNUNET_GETOPT_CommandLineOption *options, GNUNET_PROGRAM_Main task, void *task_cls)
Run a standard GNUnet command startup sequence (initialize loggers and configuration,...
Definition: program.c:400
void GNUNET_SCHEDULER_shutdown(void)
Request the shutdown of a scheduler.
Definition: scheduler.c:562
struct GNUNET_SCHEDULER_Task * GNUNET_SCHEDULER_add_now(GNUNET_SCHEDULER_TaskCallback task, void *task_cls)
Schedule a new task to be run as soon as possible.
Definition: scheduler.c:1299
struct GNUNET_SCHEDULER_Task * GNUNET_SCHEDULER_add_write_net(struct GNUNET_TIME_Relative delay, struct GNUNET_NETWORK_Handle *wfd, GNUNET_SCHEDULER_TaskCallback task, void *task_cls)
Schedule a new task to be run with a specified delay or when the specified file descriptor is ready f...
Definition: scheduler.c:1577
struct GNUNET_SCHEDULER_Task * GNUNET_SCHEDULER_add_select(enum GNUNET_SCHEDULER_Priority prio, struct GNUNET_TIME_Relative delay, const struct GNUNET_NETWORK_FDSet *rs, const struct GNUNET_NETWORK_FDSet *ws, GNUNET_SCHEDULER_TaskCallback task, void *task_cls)
Schedule a new task to be run with a specified delay or when any of the specified file descriptor set...
Definition: scheduler.c:1830
struct GNUNET_SCHEDULER_Task * GNUNET_SCHEDULER_add_read_net(struct GNUNET_TIME_Relative delay, struct GNUNET_NETWORK_Handle *rfd, GNUNET_SCHEDULER_TaskCallback task, void *task_cls)
Schedule a new task to be run with a specified delay or when the specified file descriptor is ready f...
Definition: scheduler.c:1506
struct GNUNET_SCHEDULER_Task * GNUNET_SCHEDULER_add_shutdown(GNUNET_SCHEDULER_TaskCallback task, void *task_cls)
Schedule a new task to be run on shutdown, that is when a CTRL-C signal is received,...
Definition: scheduler.c:1334
const struct GNUNET_SCHEDULER_TaskContext * GNUNET_SCHEDULER_get_task_context(void)
Obtain the reasoning why the current task was started.
Definition: scheduler.c:752
void * GNUNET_SCHEDULER_cancel(struct GNUNET_SCHEDULER_Task *task)
Cancel the task with the specified identifier.
Definition: scheduler.c:975
struct GNUNET_SCHEDULER_Task * GNUNET_SCHEDULER_add_delayed(struct GNUNET_TIME_Relative delay, GNUNET_SCHEDULER_TaskCallback task, void *task_cls)
Schedule a new task to be run with a specified delay.
Definition: scheduler.c:1272
enum GNUNET_GenericReturnValue GNUNET_STRINGS_get_utf8_args(int argc, char *const *argv, int *u8argc, char *const **u8argv)
Returns utf-8 encoded arguments.
Definition: strings.c:1222
#define GNUNET_TIME_UNIT_FOREVER_REL
Constant used to specify "forever".
#define GNUNET_TIME_UNIT_MILLISECONDS
One millisecond.
struct GNUNET_TIME_Relative GNUNET_TIME_relative_multiply(struct GNUNET_TIME_Relative rel, unsigned long long factor)
Multiply relative time by a given factor.
Definition: time.c:484
@ MHD_HTTP_INTERNAL_SERVER_ERROR
Internal Server Error [RFC7231, Section 6.6.1].
#define max(x, y)
static unsigned int size
Size of the "table".
Definition: peer.c:68
#define _(String)
GNU gettext support macro.
Definition: platform.h:178
const char * name
static struct GNUNET_SCHEDULER_TaskContext tc
Task context of the current task.
Definition: scheduler.c:431
Definition of a command line option.
Record type used to box up SRV and TLSA records.
uint32_t record_type
GNS record type of the boxed record.
uint16_t service
Service of the boxed record (aka port number), in NBO.
uint16_t protocol
Protocol of the boxed record (6 = TCP, 17 = UDP, etc.).
uint32_t record_type
Type of the GNS/DNS record.
const void * data
Binary value stored in the DNS record.
size_t data_size
Number of bytes in data.
Connection to the GNS service.
Definition: gns_api.h:36
Handle to a lookup request.
Definition: gns_tld_api.c:45
collection of IO descriptors
handle to a socket
Definition: network.c:53
Context information passed to each scheduler task.
const struct GNUNET_NETWORK_FDSet * read_ready
Set of file descriptors ready for reading; note that additional bits may be set that were not in the ...
Entry in list of pending tasks.
Definition: scheduler.c:136
Time for relative time used by GNUnet, in microseconds.
uint64_t rel_value_us
The actual value.
struct HttpResponseHeader * next
DLL.
char * type
Header type.
struct HttpResponseHeader * prev
DLL.
char * value
Header value.
A structure for all running Httpds.
struct MhdHttpList * prev
DLL for httpds.
struct GNUNET_SCHEDULER_Task * httpd_task
The task ID.
struct ProxyGNSCertificate * proxy_cert
Optional proxy certificate used.
char * domain
the domain name to server (only important for TLS)
struct MhdHttpList * next
DLL for httpds.
struct MHD_Daemon * daemon
The daemon handle.
int is_ssl
is this an ssl daemon?
A structure for CA cert/key.
gnutls_x509_privkey_t key
The private key.
gnutls_x509_crt_t cert
The certificate.
Structure for GNS certificates.
char cert[(10 *1024)]
The certificate as PEM.
char key[(10 *1024)]
The private key as PEM.
Client hello in Socks5 protocol.
uint8_t version
Should be SOCKS_VERSION_5.
uint8_t num_auth_methods
How many authentication methods does the client support.
Client socks request in Socks5 protocol.
uint8_t version
Should be SOCKS_VERSION_5.
uint8_t resvd
Reserved, always zero.
uint8_t command
Command code, we only uspport SOCKS5_CMD_TCP_STREAM.
uint8_t addr_type
Address type, an enum Socks5AddressType.
A structure for socks requests.
int suspended
Did we suspend MHD processing?
struct GNUNET_SCHEDULER_Task * rtask
Client socket read task.
CURL * curl
Handle to cURL.
size_t io_len
Number of bytes already in the IO buffer.
struct MHD_Response * response
MHD response object for this request.
struct Socks5Request * next
DLL.
enum SocksPhase state
The socks state.
struct HttpResponseHeader * header_head
Headers from response.
int is_tls
This is (probably) a TLS connection.
struct HttpResponseHeader * header_tail
Headers from response.
char * domain
the domain name to server (only important for TLS)
char * url
The URL to fetch.
size_t rbuf_len
Number of bytes already in read buffer.
int is_gns
Was the hostname resolved via GNS?
uint16_t port
Desired destination port.
int ssl_checked
X.509 Certificate status.
struct GNUNET_GNS_LookupWithTldRequest * gns_lookup
Handle to GNS lookup, during SOCKS5_RESOLVING phase.
int dane_data_len[32+1]
Number of bytes in dane_data.
struct GNUNET_SCHEDULER_Task * timeout_task
Timeout task.
struct MHD_Connection * con
MHD connection for this request.
char rbuf[(256+32)]
Read buffer.
char wbuf[(256+32)]
Write buffer.
unsigned int num_danes
Number of entries used in dane_data_len and dane_data.
char * leho
DNS Legacy Host Name as given by GNS, NULL if not given.
struct curl_slist * hosts
DNS->IP mappings resolved through GNS.
int curl_paused
Did we pause CURL processing?
struct sockaddr_storage destination_address
Once known, what's the target address for the connection?
struct curl_slist * headers
HTTP request headers for the curl request.
struct MhdHttpList * hd
MHD HTTP instance handling this request, NULL for none.
char * dane_data[32+1]
Payload of the DANE records encountered.
char io_buf[CURL_MAX_WRITE_SIZE]
Buffer we use for moving data between MHD and curl (in both directions).
unsigned int response_code
HTTP response code to give to MHD for the response.
struct GNUNET_SCHEDULER_Task * wtask
Client socket write task.
struct Socks5Request * prev
DLL.
size_t wbuf_len
Number of bytes already in write buffer.
struct GNUNET_NETWORK_Handle * sock
The client socket.
Server hello in Socks5 protocol.
uint8_t version
Should be SOCKS_VERSION_5.
uint8_t auth_method
Chosen authentication method, for us always SOCKS_AUTH_NONE, which skips the authentication step.
Server response to client requests in Socks5 protocol.
uint8_t reply
Status code, an enum Socks5StatusCode
uint8_t version
Should be SOCKS_VERSION_5.
uint8_t addr_type
Address type, an enum Socks5AddressType.
uint8_t reserved
Always zero.