This is the start of the BETA21 branch.

It includes the --topology feature, and TAP-Win32 driver changes to allow non-admin access. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@580 e7ae566f-a301-0410-adde-c780ea21d3b5
author: james <james@e7ae566f-a301-0410-adde-c780ea21d3b5> 2005-09-26 05:28:27 +0000
committer: james <james@e7ae566f-a301-0410-adde-c780ea21d3b5> 2005-09-26 05:28:27 +0000
commit: 6fbf66fad3367b24fd6743bcd50254902fd9c8d5 (patch)
tree: 9802876e3771744eead18917bb47ff6e90ac39f5 /socks.c
download: openvpn-6fbf66fad3367b24fd6743bcd50254902fd9c8d5.tar.gz
openvpn-6fbf66fad3367b24fd6743bcd50254902fd9c8d5.tar.xz
openvpn-6fbf66fad3367b24fd6743bcd50254902fd9c8d5.zip
1 files changed, 411 insertions, 0 deletions
diff --git a/socks.c b/socks.c
new file mode 100644
index 0000000..22bdfa4
--- /dev/null
+++ b/socks.c
@@ -0,0 +1,411 @@
+/*
+ *  OpenVPN -- An application to securely tunnel IP networks
+ *             over a single TCP/UDP port, with support for SSL/TLS-based
+ *             session authentication and key exchange,
+ *             packet encryption, packet authentication, and
+ *             packet compression.
+ *
+ *  Copyright (C) 2002-2005 OpenVPN Solutions LLC <info@openvpn.net>
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License version 2
+ *  as published by the Free Software Foundation.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program (see the file COPYING included with this
+ *  distribution); if not, write to the Free Software Foundation, Inc.,
+ *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+/*
+ * 2004-01-30: Added Socks5 proxy support
+ *   (Christof Meerwald, http://cmeerw.org)
+ *
+ * see RFC 1928, only supports "no authentication"
+ */
+
+#ifdef WIN32
+#include "config-win32.h"
+#else
+#include "config.h"
+#endif
+
+#ifdef ENABLE_SOCKS
+
+#include "syshead.h"
+
+#include "common.h"
+#include "misc.h"
+#include "win32.h"
+#include "socket.h"
+#include "fdmisc.h"
+#include "proxy.h"
+
+#include "memdbg.h"
+
+
+void
+socks_adjust_frame_parameters (struct frame *frame, int proto)
+{
+  if (proto == PROTO_UDPv4)
+    frame_add_to_extra_link (frame, 10);
+}
+
+struct socks_proxy_info *
+new_socks_proxy (const char *server,
+		 int port,
+		 bool retry,
+		 struct gc_arena *gc)
+{
+  struct socks_proxy_info *p;
+  ALLOC_OBJ_CLEAR_GC (p, struct socks_proxy_info, gc);
+  ASSERT (server);
+  ASSERT (legal_ipv4_port (port));
+
+  strncpynt (p->server, server, sizeof (p->server));
+  p->port = port;
+  p->retry = retry;
+  p->defined = true;
+
+  return p;
+}
+
+static bool
+socks_handshake (socket_descriptor_t sd, volatile int *signal_received)
+{
+  char buf[2];
+  int len = 0;
+  const int timeout_sec = 5;
+
+  /* VER = 5, NMETHODS = 1, METHODS = [0] */
+  const ssize_t size = send (sd, "\x05\x01\x00", 3, MSG_NOSIGNAL);
+  if (size != 3)
+    {
+      msg (D_LINK_ERRORS | M_ERRNO_SOCK, "socks_handshake: TCP port write failed on send()");
+      return false;
+    }
+
+  while (len < 2)
+    {
+      int status;
+      ssize_t size;
+      fd_set reads;
+      struct timeval tv;
+      char c;
+
+      FD_ZERO (&reads);
+      FD_SET (sd, &reads);
+      tv.tv_sec = timeout_sec;
+      tv.tv_usec = 0;
+
+      status = select (sd + 1, &reads, NULL, NULL, &tv);
+
+      get_signal (signal_received);
+      if (*signal_received)
+	return false;
+
+      /* timeout? */
+      if (status == 0)
+	{
+	  msg (D_LINK_ERRORS | M_ERRNO_SOCK, "socks_handshake: TCP port read timeout expired");
+	  return false;
+	}
+
+      /* error */
+      if (status < 0)
+	{
+	  msg (D_LINK_ERRORS | M_ERRNO_SOCK, "socks_handshake: TCP port read failed on select()");
+	  return false;
+	}
+
+      /* read single char */
+      size = recv(sd, &c, 1, MSG_NOSIGNAL);
+
+      /* error? */
+      if (size != 1)
+	{
+	  msg (D_LINK_ERRORS | M_ERRNO_SOCK, "socks_handshake: TCP port read failed on recv()");
+	  return false;
+	}
+
+      /* store char in buffer */
+      buf[len++] = c;
+    }
+
+  /* VER == 5 && METHOD == 0 */
+  if (buf[0] != '\x05' || buf[1] != '\x00')
+    {
+      msg (D_LINK_ERRORS, "socks_handshake: Socks proxy returned bad status");
+      return false;
+    }
+
+  return true;
+}
+
+static bool
+recv_socks_reply (socket_descriptor_t sd, struct sockaddr_in *addr,
+		  volatile int *signal_received)
+{
+  char atyp = '\0';
+  int alen = 0;
+  int len = 0;
+  char buf[22];
+  const int timeout_sec = 5;
+
+  if (addr != NULL)
+    {
+      addr->sin_family = AF_INET;
+      addr->sin_addr.s_addr = htonl (INADDR_ANY);
+      addr->sin_port = htons (0);
+    }
+
+  while (len < 4 + alen + 2)
+    {
+      int status;
+      ssize_t size;
+      fd_set reads;
+      struct timeval tv;
+      char c;
+
+      FD_ZERO (&reads);
+      FD_SET (sd, &reads);
+      tv.tv_sec = timeout_sec;
+      tv.tv_usec = 0;
+
+      status = select (sd + 1, &reads, NULL, NULL, &tv);
+
+      get_signal (signal_received);
+      if (*signal_received)
+	return false;
+
+      /* timeout? */
+      if (status == 0)
+	{
+	  msg (D_LINK_ERRORS | M_ERRNO_SOCK, "recv_socks_reply: TCP port read timeout expired");
+	  return false;
+	}
+
+      /* error */
+      if (status < 0)
+	{
+	  msg (D_LINK_ERRORS | M_ERRNO_SOCK, "recv_socks_reply: TCP port read failed on select()");
+	  return false;
+	}
+
+      /* read single char */
+      size = recv(sd, &c, 1, MSG_NOSIGNAL);
+
+      /* error? */
+      if (size != 1)
+	{
+	  msg (D_LINK_ERRORS | M_ERRNO_SOCK, "recv_socks_reply: TCP port read failed on recv()");
+	  return false;
+	}
+
+      if (len == 3)
+	atyp = c;
+
+      if (len == 4)
+	{
+	  switch (atyp)
+	    {
+	    case '\x01':	/* IP V4 */
+	      alen = 4;
+	      break;
+
+	    case '\x03':	/* DOMAINNAME */
+	      alen = (unsigned char) c;
+	      break;
+
+	    case '\x04':	/* IP V6 */
+	      alen = 16;
+	      break;
+
+	    default:
+	      msg (D_LINK_ERRORS, "recv_socks_reply: Socks proxy returned bad address type");
+	      return false;
+	    }
+	}
+
+      /* store char in buffer */
+      if (len < (int)sizeof(buf))
+	buf[len] = c;
+      ++len;
+    }
+
+  /* VER == 5 && REP == 0 (succeeded) */
+  if (buf[0] != '\x05' || buf[1] != '\x00')
+    {
+      msg (D_LINK_ERRORS, "recv_socks_reply: Socks proxy returned bad reply");
+      return false;
+    }
+
+  /* ATYP == 1 (IP V4 address) */
+  if (atyp == '\x01' && addr != NULL)
+    {
+      memcpy (&addr->sin_addr, buf + 4, sizeof (addr->sin_addr));
+      memcpy (&addr->sin_port, buf + 8, sizeof (addr->sin_port));
+    }
+
+
+  return true;
+}
+
+void
+establish_socks_proxy_passthru (struct socks_proxy_info *p,
+			        socket_descriptor_t sd, /* already open to proxy */
+			        const char *host,       /* openvpn server remote */
+			        const int port,         /* openvpn server port */
+			        volatile int *signal_received)
+{
+  char buf[128];
+  size_t len;
+
+  if (!socks_handshake (sd, signal_received))
+    goto error;
+
+  /* format Socks CONNECT message */
+  buf[0] = '\x05';		/* VER = 5 */
+  buf[1] = '\x01';		/* CMD = 1 (CONNECT) */
+  buf[2] = '\x00';		/* RSV */
+  buf[3] = '\x03';		/* ATYP = 3 (DOMAINNAME) */
+
+  len = strlen(host);
+  len = (5 + len + 2 > sizeof(buf)) ? (sizeof(buf) - 5 - 2) : len;
+
+  buf[4] = (char) len;
+  memcpy(buf + 5, host, len);
+
+  buf[5 + len] = (char) (port >> 8);
+  buf[5 + len + 1] = (char) (port & 0xff);
+
+  {
+    const ssize_t size = send (sd, buf, 5 + len + 2, MSG_NOSIGNAL);
+    if ((int)size != 5 + (int)len + 2)
+      {
+	msg (D_LINK_ERRORS | M_ERRNO_SOCK, "establish_socks_proxy_passthru: TCP port write failed on send()");
+	goto error;
+      }
+  }
+
+  /* receive reply from Socks proxy and discard */
+  if (!recv_socks_reply (sd, NULL, signal_received))
+    goto error;
+
+  return;
+
+ error:
+  /* on error, should we exit or restart? */
+  if (!*signal_received)
+    *signal_received = (p->retry ? SIGUSR1 : SIGTERM); /* SOFT-SIGUSR1 -- socks error */
+  return;
+}
+
+void
+establish_socks_proxy_udpassoc (struct socks_proxy_info *p,
+			        socket_descriptor_t ctrl_sd, /* already open to proxy */
+				socket_descriptor_t udp_sd,
+				struct sockaddr_in *relay_addr,
+			        volatile int *signal_received)
+{
+  if (!socks_handshake (ctrl_sd, signal_received))
+    goto error;
+
+  {
+    /* send Socks UDP ASSOCIATE message */
+    /* VER = 5, CMD = 3 (UDP ASSOCIATE), RSV = 0, ATYP = 1 (IP V4),
+       BND.ADDR = 0, BND.PORT = 0 */
+    const ssize_t size = send (ctrl_sd,
+			       "\x05\x03\x00\x01\x00\x00\x00\x00\x00\x00",
+			       10, MSG_NOSIGNAL);
+    if (size != 10)
+      {
+	msg (D_LINK_ERRORS | M_ERRNO_SOCK, "establish_socks_proxy_passthru: TCP port write failed on send()");
+	goto error;
+      }
+  }
+
+  /* receive reply from Socks proxy */
+  CLEAR (*relay_addr);
+  if (!recv_socks_reply (ctrl_sd, relay_addr, signal_received))
+    goto error;
+
+  return;
+
+ error:
+  /* on error, should we exit or restart? */
+  if (!*signal_received)
+    *signal_received = (p->retry ? SIGUSR1 : SIGTERM); /* SOFT-SIGUSR1 -- socks error */
+  return;
+}
+
+/*
+ * Remove the 10 byte socks5 header from an incoming
+ * UDP packet, setting *from to the source address.
+ *
+ * Run after UDP read.
+ */
+void
+socks_process_incoming_udp (struct buffer *buf,
+			    struct sockaddr_in *from)
+{
+  int atyp;
+
+  if (BLEN (buf) < 10)
+    goto error;
+
+  buf_read_u16 (buf);
+  if (buf_read_u8 (buf) != 0)
+    goto error;
+
+  atyp = buf_read_u8 (buf);
+  if (atyp != 1)		/* ATYP == 1 (IP V4) */
+    goto error;
+
+  buf_read (buf, &from->sin_addr, sizeof (from->sin_addr));
+  buf_read (buf, &from->sin_port, sizeof (from->sin_port));
+
+  return;
+
+ error:
+  buf->len = 0;
+}
+
+/*
+ * Add a 10 byte socks header prior to UDP write.
+ * *to is the destination address.
+ *
+ * Run before UDP write.
+ * Returns the size of the header.
+ */
+int
+socks_process_outgoing_udp (struct buffer *buf,
+			    struct sockaddr_in *to)
+{
+  /* 
+   * Get a 10 byte subset buffer prepended to buf --
+   * we expect these bytes will be here because
+   * we allocated frame space in socks_adjust_frame_parameters.
+   */
+  struct buffer head = buf_sub (buf, 10, true);
+
+  /* crash if not enough headroom in buf */
+  ASSERT (buf_defined (&head));
+
+  buf_write_u16 (&head, 0);	/* RSV = 0 */
+  buf_write_u8 (&head, 0);	/* FRAG = 0 */
+  buf_write_u8 (&head, '\x01'); /* ATYP = 1 (IP V4) */
+  buf_write (&head, &to->sin_addr, sizeof (to->sin_addr));
+  buf_write (&head, &to->sin_port, sizeof (to->sin_port));
+
+  return 10;
+}
+
+#else
+static void dummy(void) {}
+#endif /* ENABLE_SOCKS */
author	james <james@e7ae566f-a301-0410-adde-c780ea21d3b5>	2005-09-26 05:28:27 +0000
committer	james <james@e7ae566f-a301-0410-adde-c780ea21d3b5>	2005-09-26 05:28:27 +0000
commit	6fbf66fad3367b24fd6743bcd50254902fd9c8d5 (patch)
tree	9802876e3771744eead18917bb47ff6e90ac39f5 /socks.c
download	openvpn-6fbf66fad3367b24fd6743bcd50254902fd9c8d5.tar.gz openvpn-6fbf66fad3367b24fd6743bcd50254902fd9c8d5.tar.xz openvpn-6fbf66fad3367b24fd6743bcd50254902fd9c8d5.zip