Imported Upstream version 2.3_rc1

1 files changed, 0 insertions, 551 deletions

diff --git a/socks.c b/socks.c
deleted file mode 100644
index 8287274..0000000
--- a/socks.c
+++ /dev/null
@@ -1,551 +0,0 @@
-/*
- *  OpenVPN -- An application to securely tunnel IP networks
- *             over a single TCP/UDP port, with support for SSL/TLS-based
- *             session authentication and key exchange,
- *             packet encryption, packet authentication, and
- *             packet compression.
- *
- *  Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
- *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License version 2
- *  as published by the Free Software Foundation.
- *
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with this program (see the file COPYING included with this
- *  distribution); if not, write to the Free Software Foundation, Inc.,
- *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
- */
-
-/*
- * 2004-01-30: Added Socks5 proxy support, see RFC 1928
- *   (Christof Meerwald, http://cmeerw.org)
- *
- * 2010-10-10: Added Socks5 plain text authentication support (RFC 1929)
- *   (Pierre Bourdon <delroth@gmail.com>)
- */
-
-#include "syshead.h"
-
-#ifdef ENABLE_SOCKS
-
-#include "common.h"
-#include "misc.h"
-#include "win32.h"
-#include "socket.h"
-#include "fdmisc.h"
-#include "misc.h"
-#include "proxy.h"
-
-#include "memdbg.h"
-
-#define UP_TYPE_SOCKS		"SOCKS Proxy"
-
-void
-socks_adjust_frame_parameters (struct frame *frame, int proto)
-{
-  if (proto == PROTO_UDPv4)
-    frame_add_to_extra_link (frame, 10);
-}
-
-struct socks_proxy_info *
-socks_proxy_new (const char *server,
-		 int port,
-		 const char *authfile,
-		 bool retry,
-		 struct auto_proxy_info *auto_proxy_info)
-{
-  struct socks_proxy_info *p;
-
-  if (auto_proxy_info)
-    {
-      if (!server)
-	{
-	  if (!auto_proxy_info->socks.server)
-	    return NULL;
-
-	  server = auto_proxy_info->socks.server;
-	  port = auto_proxy_info->socks.port;
-	}
-    }
-
-  ALLOC_OBJ_CLEAR (p, struct socks_proxy_info);
-
-  ASSERT (server);
-  ASSERT (legal_ipv4_port (port));
-
-  strncpynt (p->server, server, sizeof (p->server));
-  p->port = port;
-
-  if (authfile)
-    strncpynt (p->authfile, authfile, sizeof (p->authfile));
-  else
-    p->authfile[0] = 0;
-
-  p->retry = retry;
-  p->defined = true;
-
-  return p;
-}
-
-void
-socks_proxy_close (struct socks_proxy_info *sp)
-{
-  free (sp);
-}
-
-static bool
-socks_username_password_auth (struct socks_proxy_info *p,
-                              socket_descriptor_t sd,
-                              volatile int *signal_received)
-{
-  char to_send[516];
-  char buf[2];
-  int len = 0;
-  const int timeout_sec = 5;
-  struct user_pass creds;
-  ssize_t size;
-
-  creds.defined = 0;
-  get_user_pass (&creds, p->authfile, UP_TYPE_SOCKS, GET_USER_PASS_MANAGEMENT);
-
-  if( !creds.username || (strlen(creds.username) > 255)
-      || !creds.password || (strlen(creds.password) > 255) ) {
-          msg (M_NONFATAL,
-               "SOCKS username and/or password exceeds 255 characters.  "
-               "Authentication not possible.");
-          return false;
-  }
-  openvpn_snprintf (to_send, sizeof (to_send), "\x01%c%s%c%s", (int) strlen(creds.username),
-            creds.username, (int) strlen(creds.password), creds.password);
-  size = send (sd, to_send, strlen(to_send), MSG_NOSIGNAL);
-
-  if (size != strlen (to_send))
-    {
-      msg (D_LINK_ERRORS | M_ERRNO_SOCK, "socks_username_password_auth: TCP port write failed on send()");
-      return false;
-    }
-
-  while (len < 2)
-    {
-      int status;
-      ssize_t size;
-      fd_set reads;
-      struct timeval tv;
-      char c;
-
-      FD_ZERO (&reads);
-      FD_SET (sd, &reads);
-      tv.tv_sec = timeout_sec;
-      tv.tv_usec = 0;
-
-      status = select (sd + 1, &reads, NULL, NULL, &tv);
-
-      get_signal (signal_received);
-      if (*signal_received)
-	return false;
-
-      /* timeout? */
-      if (status == 0)
-	{
-	  msg (D_LINK_ERRORS | M_ERRNO_SOCK, "socks_username_password_auth: TCP port read timeout expired");
-	  return false;
-	}
-
-      /* error */
-      if (status < 0)
-	{
-	  msg (D_LINK_ERRORS | M_ERRNO_SOCK, "socks_username_password_auth: TCP port read failed on select()");
-	  return false;
-	}
-
-      /* read single char */
-      size = recv(sd, &c, 1, MSG_NOSIGNAL);
-
-      /* error? */
-      if (size != 1)
-	{
-	  msg (D_LINK_ERRORS | M_ERRNO_SOCK, "socks_username_password_auth: TCP port read failed on recv()");
-	  return false;
-	}
-
-      /* store char in buffer */
-      buf[len++] = c;
-    }
-
-  /* VER = 5, SUCCESS = 0 --> auth success */
-  if (buf[0] != 5 && buf[1] != 0)
-  {
-    msg (D_LINK_ERRORS, "socks_username_password_auth: server refused the authentication");
-    return false;
-  }
-
-  return true;
-}
-
-static bool
-socks_handshake (struct socks_proxy_info *p,
-                 socket_descriptor_t sd,
-                 volatile int *signal_received)
-{
-  char buf[2];
-  int len = 0;
-  const int timeout_sec = 5;
-
-  /* VER = 5, NMETHODS = 2, METHODS = [0 (no auth), 2 (plain login)] */
-  const ssize_t size = send (sd, "\x05\x02\x00\x02", 4, MSG_NOSIGNAL);
-  if (size != 4)
-    {
-      msg (D_LINK_ERRORS | M_ERRNO_SOCK, "socks_handshake: TCP port write failed on send()");
-      return false;
-    }
-
-  while (len < 2)
-    {
-      int status;
-      ssize_t size;
-      fd_set reads;
-      struct timeval tv;
-      char c;
-
-      FD_ZERO (&reads);
-      FD_SET (sd, &reads);
-      tv.tv_sec = timeout_sec;
-      tv.tv_usec = 0;
-
-      status = select (sd + 1, &reads, NULL, NULL, &tv);
-
-      get_signal (signal_received);
-      if (*signal_received)
-	return false;
-
-      /* timeout? */
-      if (status == 0)
-	{
-	  msg (D_LINK_ERRORS | M_ERRNO_SOCK, "socks_handshake: TCP port read timeout expired");
-	  return false;
-	}
-
-      /* error */
-      if (status < 0)
-	{
-	  msg (D_LINK_ERRORS | M_ERRNO_SOCK, "socks_handshake: TCP port read failed on select()");
-	  return false;
-	}
-
-      /* read single char */
-      size = recv(sd, &c, 1, MSG_NOSIGNAL);
-
-      /* error? */
-      if (size != 1)
-	{
-	  msg (D_LINK_ERRORS | M_ERRNO_SOCK, "socks_handshake: TCP port read failed on recv()");
-	  return false;
-	}
-
-      /* store char in buffer */
-      buf[len++] = c;
-    }
-
-  /* VER == 5 */
-  if (buf[0] != '\x05')
-    {
-      msg (D_LINK_ERRORS, "socks_handshake: Socks proxy returned bad status");
-      return false;
-    }
-
-  /* select the appropriate authentication method */
-  switch (buf[1])
-    {
-    case 0: /* no authentication */
-      break;
-
-    case 2: /* login/password */
-      if (!p->authfile[0])
-      {
-	msg(D_LINK_ERRORS, "socks_handshake: server asked for username/login auth but we were "
-	                   "not provided any credentials");
-	return false;
-      }
-
-      if (!socks_username_password_auth(p, sd, signal_received))
-	return false;
-
-      break;
-
-    default: /* unknown auth method */
-      msg(D_LINK_ERRORS, "socks_handshake: unknown SOCKS auth method");
-      return false;
-    }
-
-  return true;
-}
-
-static bool
-recv_socks_reply (socket_descriptor_t sd,
-		  struct openvpn_sockaddr *addr,
-		  volatile int *signal_received)
-{
-  char atyp = '\0';
-  int alen = 0;
-  int len = 0;
-  char buf[22];
-  const int timeout_sec = 5;
-
-  if (addr != NULL)
-    {
-      addr->sa.sin_family = AF_INET;
-      addr->sa.sin_addr.s_addr = htonl (INADDR_ANY);
-      addr->sa.sin_port = htons (0);
-    }
-
-  while (len < 4 + alen + 2)
-    {
-      int status;
-      ssize_t size;
-      fd_set reads;
-      struct timeval tv;
-      char c;
-
-      FD_ZERO (&reads);
-      FD_SET (sd, &reads);
-      tv.tv_sec = timeout_sec;
-      tv.tv_usec = 0;
-
-      status = select (sd + 1, &reads, NULL, NULL, &tv);
-
-      get_signal (signal_received);
-      if (*signal_received)
-	return false;
-
-      /* timeout? */
-      if (status == 0)
-	{
-	  msg (D_LINK_ERRORS | M_ERRNO_SOCK, "recv_socks_reply: TCP port read timeout expired");
-	  return false;
-	}
-
-      /* error */
-      if (status < 0)
-	{
-	  msg (D_LINK_ERRORS | M_ERRNO_SOCK, "recv_socks_reply: TCP port read failed on select()");
-	  return false;
-	}
-
-      /* read single char */
-      size = recv(sd, &c, 1, MSG_NOSIGNAL);
-
-      /* error? */
-      if (size != 1)
-	{
-	  msg (D_LINK_ERRORS | M_ERRNO_SOCK, "recv_socks_reply: TCP port read failed on recv()");
-	  return false;
-	}
-
-      if (len == 3)
-	atyp = c;
-
-      if (len == 4)
-	{
-	  switch (atyp)
-	    {
-	    case '\x01':	/* IP V4 */
-	      alen = 4;
-	      break;
-
-	    case '\x03':	/* DOMAINNAME */
-	      alen = (unsigned char) c;
-	      break;
-
-	    case '\x04':	/* IP V6 */
-	      alen = 16;
-	      break;
-
-	    default:
-	      msg (D_LINK_ERRORS, "recv_socks_reply: Socks proxy returned bad address type");
-	      return false;
-	    }
-	}
-
-      /* store char in buffer */
-      if (len < (int)sizeof(buf))
-	buf[len] = c;
-      ++len;
-    }
-
-  /* VER == 5 && REP == 0 (succeeded) */
-  if (buf[0] != '\x05' || buf[1] != '\x00')
-    {
-      msg (D_LINK_ERRORS, "recv_socks_reply: Socks proxy returned bad reply");
-      return false;
-    }
-
-  /* ATYP == 1 (IP V4 address) */
-  if (atyp == '\x01' && addr != NULL)
-    {
-      memcpy (&addr->sa.sin_addr, buf + 4, sizeof (addr->sa.sin_addr));
-      memcpy (&addr->sa.sin_port, buf + 8, sizeof (addr->sa.sin_port));
-    }
-
-
-  return true;
-}
-
-void
-establish_socks_proxy_passthru (struct socks_proxy_info *p,
-			        socket_descriptor_t sd, /* already open to proxy */
-			        const char *host,       /* openvpn server remote */
-			        const int port,         /* openvpn server port */
-			        volatile int *signal_received)
-{
-  char buf[128];
-  size_t len;
-
-  if (!socks_handshake (p, sd, signal_received))
-    goto error;
-
-  /* format Socks CONNECT message */
-  buf[0] = '\x05';		/* VER = 5 */
-  buf[1] = '\x01';		/* CMD = 1 (CONNECT) */
-  buf[2] = '\x00';		/* RSV */
-  buf[3] = '\x03';		/* ATYP = 3 (DOMAINNAME) */
-
-  len = strlen(host);
-  len = (5 + len + 2 > sizeof(buf)) ? (sizeof(buf) - 5 - 2) : len;
-
-  buf[4] = (char) len;
-  memcpy(buf + 5, host, len);
-
-  buf[5 + len] = (char) (port >> 8);
-  buf[5 + len + 1] = (char) (port & 0xff);
-
-  {
-    const ssize_t size = send (sd, buf, 5 + len + 2, MSG_NOSIGNAL);
-    if ((int)size != 5 + (int)len + 2)
-      {
-	msg (D_LINK_ERRORS | M_ERRNO_SOCK, "establish_socks_proxy_passthru: TCP port write failed on send()");
-	goto error;
-      }
-  }
-
-  /* receive reply from Socks proxy and discard */
-  if (!recv_socks_reply (sd, NULL, signal_received))
-    goto error;
-
-  return;
-
- error:
-  /* on error, should we exit or restart? */
-  if (!*signal_received)
-    *signal_received = (p->retry ? SIGUSR1 : SIGTERM); /* SOFT-SIGUSR1 -- socks error */
-  return;
-}
-
-void
-establish_socks_proxy_udpassoc (struct socks_proxy_info *p,
-			        socket_descriptor_t ctrl_sd, /* already open to proxy */
-				socket_descriptor_t udp_sd,
-				struct openvpn_sockaddr *relay_addr,
-			        volatile int *signal_received)
-{
-  if (!socks_handshake (p, ctrl_sd, signal_received))
-    goto error;
-
-  {
-    /* send Socks UDP ASSOCIATE message */
-    /* VER = 5, CMD = 3 (UDP ASSOCIATE), RSV = 0, ATYP = 1 (IP V4),
-       BND.ADDR = 0, BND.PORT = 0 */
-    const ssize_t size = send (ctrl_sd,
-			       "\x05\x03\x00\x01\x00\x00\x00\x00\x00\x00",
-			       10, MSG_NOSIGNAL);
-    if (size != 10)
-      {
-	msg (D_LINK_ERRORS | M_ERRNO_SOCK, "establish_socks_proxy_passthru: TCP port write failed on send()");
-	goto error;
-      }
-  }
-
-  /* receive reply from Socks proxy */
-  CLEAR (*relay_addr);
-  if (!recv_socks_reply (ctrl_sd, relay_addr, signal_received))
-    goto error;
-
-  return;
-
- error:
-  /* on error, should we exit or restart? */
-  if (!*signal_received)
-    *signal_received = (p->retry ? SIGUSR1 : SIGTERM); /* SOFT-SIGUSR1 -- socks error */
-  return;
-}
-
-/*
- * Remove the 10 byte socks5 header from an incoming
- * UDP packet, setting *from to the source address.
- *
- * Run after UDP read.
- */
-void
-socks_process_incoming_udp (struct buffer *buf,
-			    struct link_socket_actual *from)
-{
-  int atyp;
-
-  if (BLEN (buf) < 10)
-    goto error;
-
-  buf_read_u16 (buf);
-  if (buf_read_u8 (buf) != 0)
-    goto error;
-
-  atyp = buf_read_u8 (buf);
-  if (atyp != 1)		/* ATYP == 1 (IP V4) */
-    goto error;
-
-  buf_read (buf, &from->dest.sa.sin_addr, sizeof (from->dest.sa.sin_addr));
-  buf_read (buf, &from->dest.sa.sin_port, sizeof (from->dest.sa.sin_port));
-
-  return;
-
- error:
-  buf->len = 0;
-}
-
-/*
- * Add a 10 byte socks header prior to UDP write.
- * *to is the destination address.
- *
- * Run before UDP write.
- * Returns the size of the header.
- */
-int
-socks_process_outgoing_udp (struct buffer *buf,
-			    const struct link_socket_actual *to)
-{
-  /* 
-   * Get a 10 byte subset buffer prepended to buf --
-   * we expect these bytes will be here because
-   * we allocated frame space in socks_adjust_frame_parameters.
-   */
-  struct buffer head = buf_sub (buf, 10, true);
-
-  /* crash if not enough headroom in buf */
-  ASSERT (buf_defined (&head));
-
-  buf_write_u16 (&head, 0);	/* RSV = 0 */
-  buf_write_u8 (&head, 0);	/* FRAG = 0 */
-  buf_write_u8 (&head, '\x01'); /* ATYP = 1 (IP V4) */
-  buf_write (&head, &to->dest.sa.sin_addr, sizeof (to->dest.sa.sin_addr));
-  buf_write (&head, &to->dest.sa.sin_port, sizeof (to->dest.sa.sin_port));
-
-  return 10;
-}
-
-#else
-static void dummy(void) {}
-#endif /* ENABLE_SOCKS */