trunk/Src/wptSOCKS.cpp

/* wptSOCKS.cpp - SOCKS proxy support
 *      Copyright (C) 2006 Timo Schulz
 *
 * This file is part of WinPT.
 *
 * WinPT is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License 
 * as published by the Free Software Foundation; either version 2 
 * of the License, or (at your option) any later version.
 *  
 * WinPT is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 * General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License 
 * along with WinPT; if not, write to the Free Software Foundation, 
 * Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 
 */

#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <windows.h>

#include "wptTypes.h"
#include "wptKeyserver.h"
#include "wptErrors.h"
#include "wptNLS.h"

/* Known socks errors. */
enum socks5_error_t {
    ERR_SUCCESS     = 0x00,
    ERR_GENERAL     = 0x01,
    ERR_NOTALLOWED  = 0x02,
    ERR_NETUNREACH  = 0x03,
    ERR_HOSTUNREACH = 0x04,
    ERR_CONNREFUSED = 0x05,
    ERR_INVADDR     = 0x08
};

/* Known socks address types. */
enum socks5_addr_t {
    ADDR_IPV4       = 0x01,
    ADDR_DOMAIN     = 0x03,
    ADDR_IPV6       = 0x04
};

/* Known socks authentication methods. */
enum socks5_method_t {
    METH_NOAUTH     = 0x00,
    METH_GSSAPI     = 0x01,
    METH_USERPASS   = 0x02,
    METH_ERR        = 0xFF
};


/* Return human readable SOCKS error. */
static const char*
socks_strerror (int err)
{
    switch (err) {
    case ERR_SUCCESS: _("No error"); break;
    case ERR_GENERAL: _("General SOCKS error"); break;
    case ERR_NOTALLOWED: _("Connection not allowed by ruleset"); break;
    case ERR_NETUNREACH: _("Network is unreachable"); break;
    case ERR_HOSTUNREACH: _("Host could not be resolved"); break;
    case ERR_CONNREFUSED: _("Connection refused"); break;
    case ERR_INVADDR: _("Address type is not supported"); break;
    }
    return _("Unknown SOCKS error");
}


/* Send initial method packet. */
static int
send_methods (int conn_fd)
{
    BYTE pkt[4];

    pkt[0] = 0x05;
    pkt[1] = 0x02;
    pkt[2] = METH_NOAUTH;
    pkt[3] = METH_USERPASS;
    if (send (conn_fd, (const char*)pkt, 4, 0) == SOCKET_ERROR) {
        log_debug ("send_methods failed ec=%d\n", (int)WSAGetLastError ());
        return -1;
    }
    return 0;
}


/* Parse the chosen server method. */
static int
recv_method (int conn_fd)
{
    BYTE pkt[2];

    if (recv (conn_fd, (char*)pkt, 2, 0) == SOCKET_ERROR) {
        log_debug ("recv_method failed ec=%d\n", (int)WSAGetLastError ());
        return -1;
    }
    if (pkt[0] != 0x05) {
        log_debug ("recv_method: protocol violation\n");
        return -1;
    }
    return pkt[1];
}


/*
           +----+------+----------+------+----------+
           |VER | ULEN |  UNAME   | PLEN |  PASSWD  |
           +----+------+----------+------+----------+
           | 1  |  1   | 1 to 255 |  1   | 1 to 255 |
           +----+------+----------+------+----------+
    Do user/password authentication. 
*/
static int
do_userpass_auth (int conn_fd, keyserver_proxy_t ctx, int *err)
{
    BYTE *pkt;
    DWORD pktlen;

    *err = 0;
    pktlen = 1+1+strlen (ctx->user)+1+strlen (ctx->pass);
    pkt = (BYTE*)malloc (pktlen);
    pkt[0] = 0x05;
    pkt[1] = strlen (ctx->user);
    memcpy (pkt+2, ctx->user, strlen (ctx->user));
    pkt[2+strlen (ctx->user)] = strlen (ctx->pass);
    memcpy (pkt+2+strlen (ctx->user)+1, ctx->pass, strlen (ctx->pass));
    if (send (conn_fd, (const char*)pkt, pktlen, 0) == SOCKET_ERROR) {
        log_debug ("do_userpass_auth failed ec=%d\n", (int)WSAGetLastError ());
        free (pkt);
        return -1;
    }
    /* Parse reply [VER 1|STATUS 1] */
    if (recv (conn_fd, (char*)pkt, 2, 0) == SOCKET_ERROR) {
        log_debug ("do_userpass_auth failed ec=%d\n", (int)WSAGetLastError ());
        free (pkt);
        return -1;
    }
    *err = pkt[1];
    free (pkt);
    if (*err != ERR_SUCCESS)
        return -1;
    return 0;
}


/* Do the actual authentication. */
static int
do_auth (int conn_fd, int auth_method, keyserver_proxy_t ctx, int *err)
{
    switch (auth_method) {
    case PROXY_AUTH_NONE:
        *err = 0;
        return 0;

    case PROXY_AUTH_PLAIN:      
        return do_userpass_auth (conn_fd, ctx, err);

    default:
        return -1;
    }
    return 0;
}


/*
       +----+-----+-------+------+----------+----------+
        |VER | CMD |  RSV  | ATYP | DST.ADDR | DST.PORT |
        +----+-----+-------+------+----------+----------+
        | 1  |  1  | X'00' |  1   | Variable |    2     |
        +----+-----+-------+------+----------+----------+
    Send a connection reqeust for host @host and port @port.
*/
static int
send_connect_request (int conn_fd, const char *host, WORD port)
{
    struct hostent *hp;
    DWORD addr;
    BYTE pkt[10];

    addr = inet_addr (host);
    if (addr == INADDR_NONE) {
        hp = gethostbyname (host);
        if (hp != NULL)
            memcpy ((char*)&addr, hp->h_addr_list, hp->h_length);
        else {
            log_debug ("gethostbyname() failed ec=%d\n", (int)WSAGetLastError ());
            return -1;
        }
    }
    
    pkt[0] = 0x05;
    pkt[1] = 0x01; /*CONNECT*/
    pkt[2] = 0x00;
    pkt[3] = ADDR_IPV4;
    pkt[4] = (BYTE)addr >> 24;
    pkt[5] = (BYTE)addr >> 16;
    pkt[6] = (BYTE)addr >>  8;
    pkt[7] = (BYTE)addr >>  0;
    pkt[8] = (BYTE)port >>  8;
    pkt[9] = (BYTE)port >>  0;
    if (send (conn_fd, (const char*)pkt, 9, 0) == SOCKET_ERROR) {
        log_debug ("send_connect_request failed ec=%d\n", (int)WSAGetLastError ());
        return -1;
    }

    return 0;
}


/*
        +----+-----+-------+------+----------+----------+
        |VER | REP |  RSV  | ATYP | BND.ADDR | BND.PORT |
        +----+-----+-------+------+----------+----------+
        | 1  |  1  | X'00' |  1   | Variable |    2     |
        +----+-----+-------+------+----------+----------+
    Parse the connect reply.
    Set @err with the specific error value.
*/
static int
recv_connect_reply (int conn_fd, int *err)
{
    BYTE pkt[4], addr[16], port[2];
    int ndomain;

    *err = 0;
    if (recv (conn_fd, (char*)pkt, 4, 0) == SOCKET_ERROR)
        return -1;
    if (pkt[0] != 0x05 || pkt[2] != 0x00) {
        log_debug ("recv_connect_reply: protocol violation.\n");
        return -1;
    }
    *err = pkt[1];
    if (pkt[1] != ERR_SUCCESS)
        return -1;
    switch (pkt[3]) {
    case ADDR_IPV4:
        if (recv (conn_fd, (char*)addr, 4, 0) == SOCKET_ERROR)
            return -1;
        break;

    case ADDR_DOMAIN:
        recv (conn_fd, (char*)addr, 1, 0);
        ndomain = addr[0];
        while (ndomain-- > 0)
            recv (conn_fd, (char*)addr, 1, 0);
        break;

    case ADDR_IPV6:
        if ( recv (conn_fd, (char*)addr, 16, 0) == SOCKET_ERROR)
            return -1;
        break;
    }
    if (recv (conn_fd, (char*)port, 2, 0) == SOCKET_ERROR)
        return -1;
    return 0;
}


/* Perform all needed steps to initiate a SOCKSv5 proxy connection .*/
int
socks_handshake (keyserver_proxy_t ctx, int conn_fd,
                 const char *hostname, WORD port)
{
    int method, err;

    if (send_methods (conn_fd))
        return -1;
    method = recv_method (conn_fd);
    if (method == METH_ERR) {
        msg_box (NULL, _("No acceptable methods"), _("SOCKS Proxy"), MB_ERR);
        return -1;
    }
    if (do_auth (conn_fd, method, ctx, &err)) {
        if (!err)
            msg_box (NULL, _("Authentication failed or unspported"), _("SOCKS Proxy"), MB_ERR);
        else
            msg_box (NULL, socks_strerror (err), _("SOCKS Proxy"), MB_ERR);
        return -1;
    }
    if (send_connect_request (conn_fd, hostname, port)) {
        msg_box (NULL, _("Could not send SOCKS request"), _("SOCKS Proxy"), MB_ERR);
        return -1;
    }
    if (recv_connect_reply (conn_fd, &err)) {
        if (!err)
            msg_box (NULL, _("Error while parsing SOCKS reply"), _("SOCKS Proxy"), MB_ERR);
        else
            msg_box (NULL, socks_strerror (err), _("SOCKS Proxy"), MB_ERR);
        return -1;
    }
    return 0;
}
1	twoaday	180	/* wptSOCKS.cpp - SOCKS proxy support
2			* Copyright (C) 2006 Timo Schulz
3			*
4			* This file is part of WinPT.
5			*
6			* WinPT is free software; you can redistribute it and/or
7			* modify it under the terms of the GNU General Public License
8			* as published by the Free Software Foundation; either version 2
9			* of the License, or (at your option) any later version.
10			*
11			* WinPT is distributed in the hope that it will be useful,
12			* but WITHOUT ANY WARRANTY; without even the implied warranty of
13			* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14			* General Public License for more details.
15			*
16			* You should have received a copy of the GNU General Public License
17			* along with WinPT; if not, write to the Free Software Foundation,
18			* Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19			*/
20
21			#ifdef HAVE_CONFIG_H
22			#include <config.h>
23			#endif
24			#include <windows.h>
25
26			#include "wptTypes.h"
27			#include "wptKeyserver.h"
28			#include "wptErrors.h"
29			#include "wptNLS.h"
30
31			/* Known socks errors. */
32			enum socks5_error_t {
33			ERR_SUCCESS = 0x00,
34			ERR_GENERAL = 0x01,
35			ERR_NOTALLOWED = 0x02,
36			ERR_NETUNREACH = 0x03,
37			ERR_HOSTUNREACH = 0x04,
38			ERR_CONNREFUSED = 0x05,
39			ERR_INVADDR = 0x08
40			};
41
42			/* Known socks address types. */
43			enum socks5_addr_t {
44			ADDR_IPV4 = 0x01,
45			ADDR_DOMAIN = 0x03,
46			ADDR_IPV6 = 0x04
47			};
48
49			/* Known socks authentication methods. */
50			enum socks5_method_t {
51			METH_NOAUTH = 0x00,
52			METH_GSSAPI = 0x01,
53			METH_USERPASS = 0x02,
54			METH_ERR = 0xFF
55			};
56
57
58			/* Return human readable SOCKS error. */
59			static const char*
60			socks_strerror (int err)
61			{
62			switch (err) {
63			case ERR_SUCCESS: _("No error"); break;
64			case ERR_GENERAL: _("General SOCKS error"); break;
65			case ERR_NOTALLOWED: _("Connection not allowed by ruleset"); break;
66			case ERR_NETUNREACH: _("Network is unreachable"); break;
67			case ERR_HOSTUNREACH: _("Host could not be resolved"); break;
68			case ERR_CONNREFUSED: _("Connection refused"); break;
69			case ERR_INVADDR: _("Address type is not supported"); break;
70			}
71			return _("Unknown SOCKS error");
72			}
73
74
75			/* Send initial method packet. */
76			static int
77			send_methods (int conn_fd)
78			{
79			BYTE pkt[4];
80
81			pkt[0] = 0x05;
82			pkt[1] = 0x02;
83			pkt[2] = METH_NOAUTH;
84			pkt[3] = METH_USERPASS;
85			if (send (conn_fd, (const char*)pkt, 4, 0) == SOCKET_ERROR) {
86			log_debug ("send_methods failed ec=%d\n", (int)WSAGetLastError ());
87			return -1;
88			}
89			return 0;
90			}
91
92
93			/* Parse the chosen server method. */
94			static int
95			recv_method (int conn_fd)
96			{
97			BYTE pkt[2];
98
99			if (recv (conn_fd, (char*)pkt, 2, 0) == SOCKET_ERROR) {
100			log_debug ("recv_method failed ec=%d\n", (int)WSAGetLastError ());
101			return -1;
102			}
103			if (pkt[0] != 0x05) {
104			log_debug ("recv_method: protocol violation\n");
105			return -1;
106			}
107			return pkt[1];
108			}
109
110
111			/*
112			+----+------+----------+------+----------+
113			\|VER \| ULEN \| UNAME \| PLEN \| PASSWD \|
114			+----+------+----------+------+----------+
115			\| 1 \| 1 \| 1 to 255 \| 1 \| 1 to 255 \|
116			+----+------+----------+------+----------+
117			Do user/password authentication.
118			*/
119			static int
120			do_userpass_auth (int conn_fd, keyserver_proxy_t ctx, int *err)
121			{
122			BYTE *pkt;
123			DWORD pktlen;
124
125			*err = 0;
126			pktlen = 1+1+strlen (ctx->user)+1+strlen (ctx->pass);
127			pkt = (BYTE*)malloc (pktlen);
128			pkt[0] = 0x05;
129			pkt[1] = strlen (ctx->user);
130			memcpy (pkt+2, ctx->user, strlen (ctx->user));
131			pkt[2+strlen (ctx->user)] = strlen (ctx->pass);
132			memcpy (pkt+2+strlen (ctx->user)+1, ctx->pass, strlen (ctx->pass));
133			if (send (conn_fd, (const char*)pkt, pktlen, 0) == SOCKET_ERROR) {
134			log_debug ("do_userpass_auth failed ec=%d\n", (int)WSAGetLastError ());
135			free (pkt);
136			return -1;
137			}
138			/* Parse reply [VER 1\|STATUS 1] */
139			if (recv (conn_fd, (char*)pkt, 2, 0) == SOCKET_ERROR) {
140			log_debug ("do_userpass_auth failed ec=%d\n", (int)WSAGetLastError ());
141			free (pkt);
142			return -1;
143			}
144			*err = pkt[1];
145			free (pkt);
146			if (*err != ERR_SUCCESS)
147			return -1;
148			return 0;
149			}
150
151
152			/* Do the actual authentication. */
153			static int
154			do_auth (int conn_fd, int auth_method, keyserver_proxy_t ctx, int *err)
155			{
156			switch (auth_method) {
157			case PROXY_AUTH_NONE:
158			*err = 0;
159			return 0;
160
161			case PROXY_AUTH_PLAIN:
162			return do_userpass_auth (conn_fd, ctx, err);
163
164			default:
165			return -1;
166			}
167			return 0;
168			}
169
170
171			/*
172			+----+-----+-------+------+----------+----------+
173			\|VER \| CMD \| RSV \| ATYP \| DST.ADDR \| DST.PORT \|
174			+----+-----+-------+------+----------+----------+
175			\| 1 \| 1 \| X'00' \| 1 \| Variable \| 2 \|
176			+----+-----+-------+------+----------+----------+
177			Send a connection reqeust for host @host and port @port.
178			*/
179			static int
180			send_connect_request (int conn_fd, const char *host, WORD port)
181			{
182			struct hostent *hp;
183			DWORD addr;
184			BYTE pkt[10];
185
186			addr = inet_addr (host);
187			if (addr == INADDR_NONE) {
188			hp = gethostbyname (host);
189			if (hp != NULL)
190			memcpy ((char*)&addr, hp->h_addr_list, hp->h_length);
191			else {
192			log_debug ("gethostbyname() failed ec=%d\n", (int)WSAGetLastError ());
193			return -1;
194			}
195			}
196
197			pkt[0] = 0x05;
198			pkt[1] = 0x01; /CONNECT/
199			pkt[2] = 0x00;
200			pkt[3] = ADDR_IPV4;
201			pkt[4] = (BYTE)addr >> 24;
202			pkt[5] = (BYTE)addr >> 16;
203			pkt[6] = (BYTE)addr >> 8;
204			pkt[7] = (BYTE)addr >> 0;
205			pkt[8] = (BYTE)port >> 8;
206			pkt[9] = (BYTE)port >> 0;
207			if (send (conn_fd, (const char*)pkt, 9, 0) == SOCKET_ERROR) {
208			log_debug ("send_connect_request failed ec=%d\n", (int)WSAGetLastError ());
209			return -1;
210			}
211
212			return 0;
213			}
214
215
216			/*
217			+----+-----+-------+------+----------+----------+
218			\|VER \| REP \| RSV \| ATYP \| BND.ADDR \| BND.PORT \|
219			+----+-----+-------+------+----------+----------+
220			\| 1 \| 1 \| X'00' \| 1 \| Variable \| 2 \|
221			+----+-----+-------+------+----------+----------+
222			Parse the connect reply.
223			Set @err with the specific error value.
224			*/
225			static int
226			recv_connect_reply (int conn_fd, int *err)
227			{
228			BYTE pkt[4], addr[16], port[2];
229			int ndomain;
230
231			*err = 0;
232			if (recv (conn_fd, (char*)pkt, 4, 0) == SOCKET_ERROR)
233			return -1;
234			if (pkt[0] != 0x05 \|\| pkt[2] != 0x00) {
235			log_debug ("recv_connect_reply: protocol violation.\n");
236			return -1;
237			}
238			*err = pkt[1];
239			if (pkt[1] != ERR_SUCCESS)
240			return -1;
241			switch (pkt[3]) {
242			case ADDR_IPV4:
243			if (recv (conn_fd, (char*)addr, 4, 0) == SOCKET_ERROR)
244			return -1;
245			break;
246
247			case ADDR_DOMAIN:
248			recv (conn_fd, (char*)addr, 1, 0);
249			ndomain = addr[0];
250			while (ndomain-- > 0)
251			recv (conn_fd, (char*)addr, 1, 0);
252			break;
253
254			case ADDR_IPV6:
255			if ( recv (conn_fd, (char*)addr, 16, 0) == SOCKET_ERROR)
256			return -1;
257			break;
258			}
259			if (recv (conn_fd, (char*)port, 2, 0) == SOCKET_ERROR)
260			return -1;
261			return 0;
262			}
263
264
265			/* Perform all needed steps to initiate a SOCKSv5 proxy connection .*/
266			int
267			socks_handshake (keyserver_proxy_t ctx, int conn_fd,
268			const char *hostname, WORD port)
269			{
270			int method, err;
271
272			if (send_methods (conn_fd))
273			return -1;
274			method = recv_method (conn_fd);
275			if (method == METH_ERR) {
276			msg_box (NULL, _("No acceptable methods"), _("SOCKS Proxy"), MB_ERR);
277			return -1;
278			}
279			if (do_auth (conn_fd, method, ctx, &err)) {
280			if (!err)
281			msg_box (NULL, _("Authentication failed or unspported"), _("SOCKS Proxy"), MB_ERR);
282			else
283			msg_box (NULL, socks_strerror (err), _("SOCKS Proxy"), MB_ERR);
284			return -1;
285			}
286			if (send_connect_request (conn_fd, hostname, port)) {
287			msg_box (NULL, _("Could not send SOCKS request"), _("SOCKS Proxy"), MB_ERR);
288			return -1;
289			}
290			if (recv_connect_reply (conn_fd, &err)) {
291			if (!err)
292			msg_box (NULL, _("Error while parsing SOCKS reply"), _("SOCKS Proxy"), MB_ERR);
293			else
294			msg_box (NULL, socks_strerror (err), _("SOCKS Proxy"), MB_ERR);
295			return -1;
296			}
297			return 0;
298			}