src/openvpn/socks.c

   1 /*
   2  *  OpenVPN -- An application to securely tunnel IP networks
   3  *             over a single TCP/UDP port, with support for SSL/TLS-based
   4  *             session authentication and key exchange,
   5  *             packet encryption, packet authentication, and
   6  *             packet compression.
   7  *
   8  *  Copyright (C) 2002-2005 OpenVPN Solutions LLC <info@openvpn.net>
   9  *
  10  *  This program is free software; you can redistribute it and/or modify
  11  *  it under the terms of the GNU General Public License version 2
  12  *  as published by the Free Software Foundation.
  13  *
  14  *  This program is distributed in the hope that it will be useful,
  15  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  16  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  17  *  GNU General Public License for more details.
  18  *
  19  *  You should have received a copy of the GNU General Public License
  20  *  along with this program (see the file COPYING included with this
  21  *  distribution); if not, write to the Free Software Foundation, Inc.,
  22  *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  23  */
  24
  25 /*
  26  * 2004-01-30: Added Socks5 proxy support
  27  *   (Christof Meerwald, http://cmeerw.org)
  28  *
  29  * see RFC 1928, only supports "no authentication"
  30  */
  31
  32 #ifdef WIN32
  33 #include "config-win32.h"
  34 #else
  35 #include "config.h"
  36 #endif
  37
  38 #ifdef ENABLE_SOCKS
  39
  40 #include "syshead.h"
  41
  42 #include "common.h"
  43 #include "misc.h"
  44 #include "win32.h"
  45 #include "socket.h"
  46 #include "fdmisc.h"
  47 #include "proxy.h"
  48
  49 #include "memdbg.h"
  50
  51
  52 void
  53 socks_adjust_frame_parameters (struct frame *frame, int proto)
  54 {
  55   if (proto == PROTO_UDPv4)
  56     frame_add_to_extra_link (frame, 10);
  57 }
  58
  59 struct socks_proxy_info *
  60 new_socks_proxy (const char *server,
  61                  int port,
  62                  bool retry,
  63                  struct gc_arena *gc)
  64 {
  65   struct socks_proxy_info *p;
  66   ALLOC_OBJ_CLEAR_GC (p, struct socks_proxy_info, gc);
  67   ASSERT (server);
  68   ASSERT (legal_ipv4_port (port));
  69
  70   strncpynt (p->server, server, sizeof (p->server));
  71   p->port = port;
  72   p->retry = retry;
  73   p->defined = true;
  74
  75   return p;
  76 }
  77
  78 static bool
  79 socks_handshake (socket_descriptor_t sd, volatile int *signal_received)
  80 {
  81   char buf[2];
  82   int len = 0;
  83   const int timeout_sec = 5;
  84
  85   /* VER = 5, NMETHODS = 1, METHODS = [0] */
  86   const ssize_t size = send (sd, "\x05\x01\x00", 3, MSG_NOSIGNAL);
  87   if (size != 3)
  88     {
  89       msg (D_LINK_ERRORS | M_ERRNO_SOCK, "socks_handshake: TCP port write failed on send()");
  90       return false;
  91     }
  92
  93   while (len < 2)
  94     {
  95       int status;
  96       ssize_t size;
  97       fd_set reads;
  98       struct timeval tv;
  99       char c;
 100
 101       FD_ZERO (&reads);
 102       FD_SET (sd, &reads);
 103       tv.tv_sec = timeout_sec;
 104       tv.tv_usec = 0;
 105
 106       status = select (sd + 1, &reads, NULL, NULL, &tv);
 107
 108       get_signal (signal_received);
 109       if (*signal_received)
 110         return false;
 111
 112       /* timeout? */
 113       if (status == 0)
 114         {
 115           msg (D_LINK_ERRORS | M_ERRNO_SOCK, "socks_handshake: TCP port read timeout expired");
 116           return false;
 117         }
 118
 119       /* error */
 120       if (status < 0)
 121         {
 122           msg (D_LINK_ERRORS | M_ERRNO_SOCK, "socks_handshake: TCP port read failed on select()");
 123           return false;
 124         }
 125
 126       /* read single char */
 127       size = recv(sd, &c, 1, MSG_NOSIGNAL);
 128
 129       /* error? */
 130       if (size != 1)
 131         {
 132           msg (D_LINK_ERRORS | M_ERRNO_SOCK, "socks_handshake: TCP port read failed on recv()");
 133           return false;
 134         }
 135
 136       /* store char in buffer */
 137       buf[len++] = c;
 138     }
 139
 140   /* VER == 5 && METHOD == 0 */
 141   if (buf[0] != '\x05' || buf[1] != '\x00')
 142     {
 143       msg (D_LINK_ERRORS, "socks_handshake: Socks proxy returned bad status");
 144       return false;
 145     }
 146
 147   return true;
 148 }
 149
 150 static bool
 151 recv_socks_reply (socket_descriptor_t sd, struct sockaddr_in *addr,
 152                   volatile int *signal_received)
 153 {
 154   char atyp = '\0';
 155   int alen = 0;
 156   int len = 0;
 157   char buf[22];
 158   const int timeout_sec = 5;
 159
 160   if (addr != NULL)
 161     {
 162       addr->sin_family = AF_INET;
 163       addr->sin_addr.s_addr = htonl (INADDR_ANY);
 164       addr->sin_port = htons (0);
 165     }
 166
 167   while (len < 4 + alen + 2)
 168     {
 169       int status;
 170       ssize_t size;
 171       fd_set reads;
 172       struct timeval tv;
 173       char c;
 174
 175       FD_ZERO (&reads);
 176       FD_SET (sd, &reads);
 177       tv.tv_sec = timeout_sec;
 178       tv.tv_usec = 0;
 179
 180       status = select (sd + 1, &reads, NULL, NULL, &tv);
 181
 182       get_signal (signal_received);
 183       if (*signal_received)
 184         return false;
 185
 186       /* timeout? */
 187       if (status == 0)
 188         {
 189           msg (D_LINK_ERRORS | M_ERRNO_SOCK, "recv_socks_reply: TCP port read timeout expired");
 190           return false;
 191         }
 192
 193       /* error */
 194       if (status < 0)
 195         {
 196           msg (D_LINK_ERRORS | M_ERRNO_SOCK, "recv_socks_reply: TCP port read failed on select()");
 197           return false;
 198         }
 199
 200       /* read single char */
 201       size = recv(sd, &c, 1, MSG_NOSIGNAL);
 202
 203       /* error? */
 204       if (size != 1)
 205         {
 206           msg (D_LINK_ERRORS | M_ERRNO_SOCK, "recv_socks_reply: TCP port read failed on recv()");
 207           return false;
 208         }
 209
 210       if (len == 3)
 211         atyp = c;
 212
 213       if (len == 4)
 214         {
 215           switch (atyp)
 216             {
 217             case '\x01':        /* IP V4 */
 218               alen = 4;
 219               break;
 220
 221             case '\x03':        /* DOMAINNAME */
 222               alen = (unsigned char) c;
 223               break;
 224
 225             case '\x04':        /* IP V6 */
 226               alen = 16;
 227               break;
 228
 229             default:
 230               msg (D_LINK_ERRORS, "recv_socks_reply: Socks proxy returned bad address type");
 231               return false;
 232             }
 233         }
 234
 235       /* store char in buffer */
 236       if (len < (int)sizeof(buf))
 237         buf[len] = c;
 238       ++len;
 239     }
 240
 241   /* VER == 5 && REP == 0 (succeeded) */
 242   if (buf[0] != '\x05' || buf[1] != '\x00')
 243     {
 244       msg (D_LINK_ERRORS, "recv_socks_reply: Socks proxy returned bad reply");
 245       return false;
 246     }
 247
 248   /* ATYP == 1 (IP V4 address) */
 249   if (atyp == '\x01' && addr != NULL)
 250     {
 251       memcpy (&addr->sin_addr, buf + 4, sizeof (addr->sin_addr));
 252       memcpy (&addr->sin_port, buf + 8, sizeof (addr->sin_port));
 253     }
 254
 255
 256   return true;
 257 }
 258
 259 void
 260 establish_socks_proxy_passthru (struct socks_proxy_info *p,
 261                                 socket_descriptor_t sd, /* already open to proxy */
 262                                 const char *host,       /* openvpn server remote */
 263                                 const int port,         /* openvpn server port */
 264                                 volatile int *signal_received)
 265 {
 266   char buf[128];
 267   size_t len;
 268
 269   if (!socks_handshake (sd, signal_received))
 270     goto error;
 271
 272   /* format Socks CONNECT message */
 273   buf[0] = '\x05';              /* VER = 5 */
 274   buf[1] = '\x01';              /* CMD = 1 (CONNECT) */
 275   buf[2] = '\x00';              /* RSV */
 276   buf[3] = '\x03';              /* ATYP = 3 (DOMAINNAME) */
 277
 278   len = strlen(host);
 279   len = (5 + len + 2 > sizeof(buf)) ? (sizeof(buf) - 5 - 2) : len;
 280
 281   buf[4] = (char) len;
 282   memcpy(buf + 5, host, len);
 283
 284   buf[5 + len] = (char) (port >> 8);
 285   buf[5 + len + 1] = (char) (port & 0xff);
 286
 287   {
 288     const ssize_t size = send (sd, buf, 5 + len + 2, MSG_NOSIGNAL);
 289     if ((int)size != 5 + (int)len + 2)
 290       {
 291         msg (D_LINK_ERRORS | M_ERRNO_SOCK, "establish_socks_proxy_passthru: TCP port write failed on send()");
 292         goto error;
 293       }
 294   }
 295
 296   /* receive reply from Socks proxy and discard */
 297   if (!recv_socks_reply (sd, NULL, signal_received))
 298     goto error;
 299
 300   return;
 301
 302  error:
 303   /* on error, should we exit or restart? */
 304   if (!*signal_received)
 305     *signal_received = (p->retry ? SIGUSR1 : SIGTERM); /* SOFT-SIGUSR1 -- socks error */
 306   return;
 307 }
 308
 309 void
 310 establish_socks_proxy_udpassoc (struct socks_proxy_info *p,
 311                                 socket_descriptor_t ctrl_sd, /* already open to proxy */
 312                                 socket_descriptor_t udp_sd,
 313                                 struct sockaddr_in *relay_addr,
 314                                 volatile int *signal_received)
 315 {
 316   if (!socks_handshake (ctrl_sd, signal_received))
 317     goto error;
 318
 319   {
 320     /* send Socks UDP ASSOCIATE message */
 321     /* VER = 5, CMD = 3 (UDP ASSOCIATE), RSV = 0, ATYP = 1 (IP V4),
 322        BND.ADDR = 0, BND.PORT = 0 */
 323     const ssize_t size = send (ctrl_sd,
 324                                "\x05\x03\x00\x01\x00\x00\x00\x00\x00\x00",
 325                                10, MSG_NOSIGNAL);
 326     if (size != 10)
 327       {
 328         msg (D_LINK_ERRORS | M_ERRNO_SOCK, "establish_socks_proxy_passthru: TCP port write failed on send()");
 329         goto error;
 330       }
 331   }
 332
 333   /* receive reply from Socks proxy */
 334   CLEAR (*relay_addr);
 335   if (!recv_socks_reply (ctrl_sd, relay_addr, signal_received))
 336     goto error;
 337
 338   return;
 339
 340  error:
 341   /* on error, should we exit or restart? */
 342   if (!*signal_received)
 343     *signal_received = (p->retry ? SIGUSR1 : SIGTERM); /* SOFT-SIGUSR1 -- socks error */
 344   return;
 345 }
 346
 347 /*
 348  * Remove the 10 byte socks5 header from an incoming
 349  * UDP packet, setting *from to the source address.
 350  *
 351  * Run after UDP read.
 352  */
 353 void
 354 socks_process_incoming_udp (struct buffer *buf,
 355                             struct sockaddr_in *from)
 356 {
 357   int atyp;
 358
 359   if (BLEN (buf) < 10)
 360     goto error;
 361
 362   buf_read_u16 (buf);
 363   if (buf_read_u8 (buf) != 0)
 364     goto error;
 365
 366   atyp = buf_read_u8 (buf);
 367   if (atyp != 1)                /* ATYP == 1 (IP V4) */
 368     goto error;
 369
 370   buf_read (buf, &from->sin_addr, sizeof (from->sin_addr));
 371   buf_read (buf, &from->sin_port, sizeof (from->sin_port));
 372
 373   return;
 374
 375  error:
 376   buf->len = 0;
 377 }
 378
 379 /*
 380  * Add a 10 byte socks header prior to UDP write.
 381  * *to is the destination address.
 382  *
 383  * Run before UDP write.
 384  * Returns the size of the header.
 385  */
 386 int
 387 socks_process_outgoing_udp (struct buffer *buf,
 388                             struct sockaddr_in *to)
 389 {
 390   /*
 391    * Get a 10 byte subset buffer prepended to buf --
 392    * we expect these bytes will be here because
 393    * we allocated frame space in socks_adjust_frame_parameters.
 394    */
 395   struct buffer head = buf_sub (buf, 10, true);
 396
 397   /* crash if not enough headroom in buf */
 398   ASSERT (buf_defined (&head));
 399
 400   buf_write_u16 (&head, 0);     /* RSV = 0 */
 401   buf_write_u8 (&head, 0);      /* FRAG = 0 */
 402   buf_write_u8 (&head, '\x01'); /* ATYP = 1 (IP V4) */
 403   buf_write (&head, &to->sin_addr, sizeof (to->sin_addr));
 404   buf_write (&head, &to->sin_port, sizeof (to->sin_port));
 405
 406   return 10;
 407 }
 408
 409 #else
 410 static void dummy(void) {}
 411 #endif /* ENABLE_SOCKS */