END_TEST
START_TEST (netaddr_set_port_test) {
pr_netaddr_t *addr;
unsigned int port;
int res;
res = pr_netaddr_set_port(NULL, 0);
fail_unless(res == -1, "Failed to handle null addr");
fail_unless(errno == EINVAL, "Failed to set errno to EINVAL");
addr = pr_netaddr_get_addr(p, "127.0.0.1", NULL);
fail_unless(addr != NULL, "Failed to get addr for '127.0.0.1': %s",
strerror(errno));
addr->na_family = -1;
res = pr_netaddr_set_port(addr, 1);
fail_unless(res == -1, "Failed to handle bad family");
fail_unless(errno == EPERM, "Failed to set errno to EPERM");
addr->na_family = AF_INET;
res = pr_netaddr_set_port(addr, 1);
fail_unless(res == 0, "Failed to set port: %s", strerror(errno));
port = pr_netaddr_get_port(addr);
fail_unless(port == 1, "Expected port %u, got %u", 1, port);
}
int pr_namebind_close(const char *name, const pr_netaddr_t *addr) {
pr_namebind_t *namebind = NULL;
unsigned int port;
if (name == NULL||
addr == NULL) {
errno = EINVAL;
return -1;
}
port = ntohs(pr_netaddr_get_port(addr));
namebind = pr_namebind_find(name, addr, port, FALSE);
if (namebind == NULL) {
errno = ENOENT;
return -1;
}
namebind->nb_isactive = FALSE;
return 0;
}
int proxy_conn_connect_timeout_cb(CALLBACK_FRAME) {
struct proxy_session *proxy_sess;
pr_netaddr_t *server_addr;
proxy_sess = pr_table_get(session.notes, "mod_proxy.proxy-session", NULL);
server_addr = pr_table_get(session.notes, "mod_proxy.proxy-connect-address",
NULL);
(void) pr_log_writefile(proxy_logfd, MOD_PROXY_VERSION,
"timed out connecting to %s:%d after %d %s",
pr_netaddr_get_ipstr(server_addr), ntohs(pr_netaddr_get_port(server_addr)),
proxy_sess->connect_timeout,
proxy_sess->connect_timeout != 1 ? "seconds" : "second");
pr_event_generate("mod_proxy.timeout-connect", NULL);
pr_log_pri(PR_LOG_NOTICE, "%s", "Connect timed out, disconnected");
pr_session_disconnect(&proxy_module, PR_SESS_DISCONNECT_TIMEOUT,
"ProxyTimeoutConnect");
/* Do not restart the timer (should never be reached). */
return 0;
}
END_TEST
START_TEST (parse_addr_test) {
const pr_netaddr_t *res;
const char *msg, *expected, *ip_str;
res = proxy_ftp_msg_parse_addr(NULL, NULL, 0);
fail_unless(res == NULL, "Failed to handle null pool");
fail_unless(errno == EINVAL, "Expected EINVAL (%d), got '%s' (%d)", EINVAL,
strerror(errno), errno);
res = proxy_ftp_msg_parse_addr(p, NULL, 0);
fail_unless(res == NULL, "Failed to handle null msg");
fail_unless(errno == EINVAL, "Expected EINVAL (%d), got '%s' (%d)", EINVAL,
strerror(errno), errno);
msg = "foo";
res = proxy_ftp_msg_parse_addr(p, msg, 0);
fail_unless(res == NULL, "Failed to handle invalid format");
fail_unless(errno == EPERM, "Expected EPERM (%d), got '%s' (%d)", EPERM,
strerror(errno), errno);
msg = "(a,b,c,d,e,f)";
res = proxy_ftp_msg_parse_addr(p, msg, 0);
fail_unless(res == NULL, "Failed to handle invalid format");
fail_unless(errno == EPERM, "Expected EPERM (%d), got '%s' (%d)", EPERM,
strerror(errno), errno);
msg = "(1000,2000,3000,4000,5000,6000)";
res = proxy_ftp_msg_parse_addr(p, msg, 0);
fail_unless(res == NULL, "Failed to handle invalid format");
fail_unless(errno == EINVAL, "Expected EINVAL (%d), got '%s' (%d)", EINVAL,
strerror(errno), errno);
msg = "(1,2,3,4,5000,6000)";
res = proxy_ftp_msg_parse_addr(p, msg, 0);
fail_unless(res == NULL, "Failed to handle invalid format");
fail_unless(errno == EINVAL, "Expected EINVAL (%d), got '%s' (%d)", EINVAL,
strerror(errno), errno);
msg = "(0,0,0,0,1,2)";
res = proxy_ftp_msg_parse_addr(p, msg, 0);
fail_unless(res == NULL, "Failed to handle invalid format");
fail_unless(errno == EINVAL, "Expected EINVAL (%d), got '%s' (%d)", EINVAL,
strerror(errno), errno);
msg = "(1,2,3,4,0,0)";
res = proxy_ftp_msg_parse_addr(p, msg, 0);
fail_unless(res == NULL, "Failed to handle invalid format");
fail_unless(errno == EINVAL, "Expected EINVAL (%d), got '%s' (%d)", EINVAL,
strerror(errno), errno);
msg = "(127,0,0,1,8,73)";
res = proxy_ftp_msg_parse_addr(p, msg, 0);
fail_unless(res != NULL, "Failed to parse message '%s': %s", msg,
strerror(errno));
ip_str = pr_netaddr_get_ipstr(res);
expected = "127.0.0.1";
fail_unless(strcmp(ip_str, expected) == 0, "Expected '%s', got '%s'",
expected, ip_str);
fail_unless(ntohs(pr_netaddr_get_port(res)) == 2121,
"Expected 2121, got %u", ntohs(pr_netaddr_get_port(res)));
#ifdef PR_USE_IPV6
msg = "(127,0,0,1,8,73)";
res = proxy_ftp_msg_parse_addr(p, msg, AF_INET);
fail_unless(res != NULL, "Failed to parse message '%s': %s", msg,
strerror(errno));
ip_str = pr_netaddr_get_ipstr(res);
expected = "127.0.0.1";
fail_unless(strcmp(ip_str, expected) == 0, "Expected '%s', got '%s'",
expected, ip_str);
msg = "(127,0,0,1,8,73)";
res = proxy_ftp_msg_parse_addr(p, msg, AF_INET6);
fail_unless(res != NULL, "Failed to parse message '%s': %s", msg,
strerror(errno));
ip_str = pr_netaddr_get_ipstr(res);
expected = "::ffff:127.0.0.1";
fail_unless(strcmp(ip_str, expected) == 0, "Expected '%s', got '%s'",
expected, ip_str);
pr_netaddr_disable_ipv6();
res = proxy_ftp_msg_parse_addr(p, msg, AF_INET6);
fail_unless(res != NULL, "Failed to parse message '%s': %s", msg,
strerror(errno));
ip_str = pr_netaddr_get_ipstr(res);
expected = "127.0.0.1";
fail_unless(strcmp(ip_str, expected) == 0, "Expected '%s', got '%s'",
expected, ip_str);
pr_netaddr_enable_ipv6();
#endif /* PR_USE_IPV6 */
}
static int trace_write(const char *channel, int level, const char *msg,
int discard) {
char buf[PR_TUNABLE_BUFFER_SIZE];
size_t buflen, len;
struct tm *tm;
int use_conn_ips = FALSE;
if (trace_logfd < 0)
return 0;
memset(buf, '\0', sizeof(buf));
if (!(trace_opts & PR_TRACE_OPT_USE_TIMESTAMP_MILLIS)) {
time_t now;
now = time(NULL);
tm = pr_localtime(NULL, &now);
len = strftime(buf, sizeof(buf)-1, "%Y-%m-%d %H:%M:%S", tm);
buflen = len;
} else {
struct timeval now;
unsigned long millis;
gettimeofday(&now, NULL);
tm = pr_localtime(NULL, (const time_t *) &(now.tv_sec));
len = strftime(buf, sizeof(buf)-1, "%Y-%m-%d %H:%M:%S", tm);
buflen = len;
/* Convert microsecs to millisecs. */
millis = now.tv_usec / 1000;
len = snprintf(buf + buflen, sizeof(buf) - buflen, ",%03lu", millis);
buflen += len;
}
if ((trace_opts & PR_TRACE_OPT_LOG_CONN_IPS) &&
session.c != NULL) {
/* We can only support the "+ConnIPs" TraceOption if there actually
* is a client connected in this process. We might be the daemon
* process, in which there is no client.
*/
use_conn_ips = TRUE;
}
if (use_conn_ips == FALSE) {
len = snprintf(buf + buflen, sizeof(buf) - buflen, " [%u] <%s:%d>: %s",
(unsigned int) (session.pid ? session.pid : getpid()), channel, level,
msg);
buflen += len;
} else {
const char *client_ip, *server_ip;
int server_port;
client_ip = pr_netaddr_get_ipstr(session.c->remote_addr);
server_ip = pr_netaddr_get_ipstr(session.c->local_addr);
server_port = pr_netaddr_get_port(session.c->local_addr);
len = snprintf(buf + buflen, sizeof(buf) - buflen,
" [%u] (client %s, server %s:%d) <%s:%d>: %s",
(unsigned int) (session.pid ? session.pid : getpid()),
client_ip != NULL ? client_ip : "none",
server_ip != NULL ? server_ip : "none", server_port, channel, level, msg);
buflen += len;
}
buf[sizeof(buf)-1] = '\0';
if (buflen < (sizeof(buf) - 1)) {
buf[buflen] = '\n';
buflen++;
} else {
buf[sizeof(buf)-2] = '\n';
}
pr_log_event_generate(PR_LOG_TYPE_TRACELOG, trace_logfd, level, buf, buflen);
if (discard) {
/* This log message would not have been written to disk, so just discard
* it. The discard value is TRUE when there's a log listener for
* TraceLog logging events, and the Trace log level configuration would
* otherwise have filtered out this log message.
*/
return 0;
}
return write(trace_logfd, buf, buflen);
}
int main(int argc, char *argv[]) {
pool *p;
const char *remote_name;
pr_netaddr_t *remote_addr;
conn_t *client_conn, *ctrl_conn, *data_conn;
unsigned int connect_timeout, remote_port;
struct proxy_ftp_client *ftp;
int res, timerno;
char buf[1024];
/* Seed the random number generator. */
/* XXX Use random(3) in the future? */
srand((unsigned int) (time(NULL) * getpid()));
init_pools();
init_privs();
init_log();
init_regexp();
init_inet();
init_netio();
init_netaddr();
init_fs();
init_class();
init_config();
init_stash();
pr_log_setdebuglevel(10);
log_stderr(TRUE);
pr_trace_use_stderr(TRUE);
pr_trace_set_levels("DEFAULT", 1, 20);
p = make_sub_pool(permanent_pool);
pr_pool_tag(p, "FTP Client Pool");
remote_name = "ftp.proftpd.org";
remote_addr = pr_netaddr_get_addr(p, remote_name, NULL);
if (remote_addr == NULL) {
fprintf(stderr, "Failed to get addr for '%s': %s\n", remote_name,
strerror(errno));
destroy_pool(p);
return 1;
}
fprintf(stdout, "Resolved name '%s' to IP address '%s'\n", remote_name,
pr_netaddr_get_ipstr(remote_addr));
remote_port = 21;
connect_timeout = 5;
ftp = proxy_ftp_connect(p, remote_addr, remote_port, connect_timeout, NULL);
if (ftp == NULL) {
fprintf(stderr, "Error connecting to FTP server: %s\n", strerror(errno));
destroy_pool(p);
return 1;
}
fprintf(stdout, "Successfully connected to %s:%d from %s:%d\n", remote_name,
remote_port, pr_netaddr_get_ipstr(client_conn->local_addr),
ntohs(pr_netaddr_get_port(client_conn->local_addr)));
res = proxy_ftp_disconnect(ftp);
if (res < 0) {
fprintf(stderr, "Error disconnecting from FTP server: %s\n",
strerror(errno));
destroy_pool(p);
return 1;
}
ctrl_conn = pr_inet_openrw(p, client_conn, NULL, PR_NETIO_STRM_OTHR,
-1, -1, -1, FALSE);
if (ctrl_conn == NULL) {
fprintf(stderr, "Error opening control connection: %s\n", strerror(errno));
pr_inet_close(p, client_conn);
destroy_pool(p);
return 1;
}
fprintf(stdout, "Reading response from %s:%d\n", remote_name, remote_port);
/* Read the response */
memset(buf, '\0', sizeof(buf));
/* XXX We need to write our own version of netio_telnet_gets(), with
* the buffering to handle reassembly of a full FTP response out of
* multiple TCP packets. Not sure why the existing netio_telnet_gets()
* is not sufficient. But we don't need the handling of Telnet codes
* in our reading. But DO generate the 'core.ctrl-read' event, so that
* any event listeners get a chance to process the data we've received.
* (Or maybe use 'mod_proxy.server-read', and differentiate between
* client and server reads/writes?)
*/
if (pr_netio_read(ctrl_conn->instrm, buf, sizeof(buf)-1, 5) < 0) {
fprintf(stderr, "Error reading response from server: %s\n",
strerror(errno));
} else {
fprintf(stdout, "Response: \"%s\"\n", buf);
}
/* Disconnect */
res = pr_netio_printf(ctrl_conn->outstrm, "%s\r\n", C_QUIT);
if (res < 0) {
fprintf(stderr, "Error writing command to server: %s", strerror(errno));
}
pr_inet_close(p, ctrl_conn);
pr_inet_close(p, client_conn);
destroy_pool(p);
return 0;
}
int pr_netaddr_ncmp(const pr_netaddr_t *na1, const pr_netaddr_t *na2,
unsigned int bitlen) {
pool *tmp_pool = NULL;
pr_netaddr_t *a, *b;
unsigned int nbytes, nbits;
const unsigned char *in1, *in2;
if (na1 && !na2)
return 1;
if (!na1 && na2)
return -1;
if (!na1 && !na2)
return 0;
if (pr_netaddr_get_family(na1) != pr_netaddr_get_family(na2)) {
/* Cannot compare addresses from different families, unless one
* of the netaddrs has an AF_INET family, and the other has an
* AF_INET6 family AND is an IPv4-mapped IPv6 address.
*/
if (pr_netaddr_is_v4mappedv6(na1) != TRUE &&
pr_netaddr_is_v4mappedv6(na2) != TRUE) {
errno = EINVAL;
return -1;
}
if (pr_netaddr_is_v4mappedv6(na1) == TRUE) {
tmp_pool = make_sub_pool(permanent_pool);
/* This case means that na1 is an IPv4-mapped IPv6 address, and
* na2 is an IPv4 address.
*/
a = pr_netaddr_alloc(tmp_pool);
pr_netaddr_set_family(a, AF_INET);
pr_netaddr_set_port(a, pr_netaddr_get_port(na1));
memcpy(&a->na_addr.v4.sin_addr, get_v4inaddr(na1),
sizeof(struct in_addr));
b = (pr_netaddr_t *) na2;
pr_trace_msg(trace_channel, 6, "comparing IPv4 address '%s' against "
"IPv4-mapped IPv6 address '%s'", pr_netaddr_get_ipstr(b),
pr_netaddr_get_ipstr(a));
} else if (pr_netaddr_is_v4mappedv6(na2) == TRUE) {
tmp_pool = make_sub_pool(permanent_pool);
/* This case means that na is an IPv4 address, and na2 is an
* IPv4-mapped IPv6 address.
*/
a = (pr_netaddr_t *) na1;
b = pr_netaddr_alloc(tmp_pool);
pr_netaddr_set_family(b, AF_INET);
pr_netaddr_set_port(b, pr_netaddr_get_port(na2));
memcpy(&b->na_addr.v4.sin_addr, get_v4inaddr(na2),
sizeof(struct in_addr));
pr_trace_msg(trace_channel, 6, "comparing IPv4 address '%s' against "
"IPv4-mapped IPv6 address '%s'", pr_netaddr_get_ipstr(a),
pr_netaddr_get_ipstr(b));
} else {
a = (pr_netaddr_t *) na1;
b = (pr_netaddr_t *) na2;
}
} else {
a = (pr_netaddr_t *) na1;
b = (pr_netaddr_t *) na2;
}
switch (pr_netaddr_get_family(a)) {
case AF_INET: {
/* Make sure that the given number of bits is not more than supported
* for IPv4 addresses (32).
*/
if (bitlen > 32) {
errno = EINVAL;
return -1;
}
break;
}
#ifdef PR_USE_IPV6
case AF_INET6: {
if (use_ipv6) {
/* Make sure that the given number of bits is not more than supported
* for IPv6 addresses (128).
*/
if (bitlen > 128) {
errno = EINVAL;
return -1;
}
break;
}
}
#endif /* PR_USE_IPV6 */
default:
errno = EPERM;
return -1;
}
/* Retrieve pointers to the contained in_addrs. */
in1 = (const unsigned char *) pr_netaddr_get_inaddr(a);
in2 = (const unsigned char *) pr_netaddr_get_inaddr(b);
/* Determine the number of bytes, and leftover bits, in the given
* bit length.
*/
nbytes = bitlen / 8;
nbits = bitlen % 8;
/* Compare bytes, using memcmp(3), first. */
if (nbytes > 0) {
int res = memcmp(in1, in2, nbytes);
/* No need to continue comparing the addresses if they differ already. */
if (res != 0) {
if (tmp_pool)
destroy_pool(tmp_pool);
return res;
}
}
/* Next, compare the remaining bits in the addresses. */
if (nbits > 0) {
unsigned char mask;
/* Get the bytes in the addresses that have not yet been compared. */
unsigned char in1byte = in1[nbytes];
unsigned char in2byte = in2[nbytes];
/* Build up a mask covering the bits left to be checked. */
mask = (0xff << (8 - nbits)) & 0xff;
if ((in1byte & mask) > (in2byte & mask)) {
if (tmp_pool)
destroy_pool(tmp_pool);
return 1;
}
if ((in1byte & mask) < (in2byte & mask)) {
if (tmp_pool)
destroy_pool(tmp_pool);
return -1;
}
}
if (tmp_pool)
destroy_pool(tmp_pool);
/* If we've made it this far, the addresses match, for the given bit
* length.
*/
return 0;
}
int pr_netaddr_cmp(const pr_netaddr_t *na1, const pr_netaddr_t *na2) {
pool *tmp_pool = NULL;
pr_netaddr_t *a, *b;
int res;
if (na1 && !na2)
return 1;
if (!na1 && na2)
return -1;
if (!na1 && !na2)
return 0;
if (pr_netaddr_get_family(na1) != pr_netaddr_get_family(na2)) {
/* Cannot compare addresses from different families, unless one
* of the netaddrs has an AF_INET family, and the other has an
* AF_INET6 family AND is an IPv4-mapped IPv6 address.
*/
if (pr_netaddr_is_v4mappedv6(na1) != TRUE &&
pr_netaddr_is_v4mappedv6(na2) != TRUE) {
errno = EINVAL;
return -1;
}
if (pr_netaddr_is_v4mappedv6(na1) == TRUE) {
tmp_pool = make_sub_pool(permanent_pool);
/* This case means that na1 is an IPv4-mapped IPv6 address, and
* na2 is an IPv4 address.
*/
a = pr_netaddr_alloc(tmp_pool);
pr_netaddr_set_family(a, AF_INET);
pr_netaddr_set_port(a, pr_netaddr_get_port(na1));
memcpy(&a->na_addr.v4.sin_addr, get_v4inaddr(na1),
sizeof(struct in_addr));
b = (pr_netaddr_t *) na2;
pr_trace_msg(trace_channel, 6, "comparing IPv4 address '%s' against "
"IPv4-mapped IPv6 address '%s'", pr_netaddr_get_ipstr(b),
pr_netaddr_get_ipstr(a));
} else if (pr_netaddr_is_v4mappedv6(na2) == TRUE) {
tmp_pool = make_sub_pool(permanent_pool);
/* This case means that na is an IPv4 address, and na2 is an
* IPv4-mapped IPv6 address.
*/
a = (pr_netaddr_t *) na1;
b = pr_netaddr_alloc(tmp_pool);
pr_netaddr_set_family(b, AF_INET);
pr_netaddr_set_port(b, pr_netaddr_get_port(na2));
memcpy(&b->na_addr.v4.sin_addr, get_v4inaddr(na2),
sizeof(struct in_addr));
pr_trace_msg(trace_channel, 6, "comparing IPv4 address '%s' against "
"IPv4-mapped IPv6 address '%s'", pr_netaddr_get_ipstr(a),
pr_netaddr_get_ipstr(b));
} else {
a = (pr_netaddr_t *) na1;
b = (pr_netaddr_t *) na2;
}
} else {
a = (pr_netaddr_t *) na1;
b = (pr_netaddr_t *) na2;
}
switch (pr_netaddr_get_family(a)) {
case AF_INET:
res = memcmp(&a->na_addr.v4.sin_addr, &b->na_addr.v4.sin_addr,
sizeof(struct in_addr));
if (tmp_pool)
destroy_pool(tmp_pool);
return res;
#ifdef PR_USE_IPV6
case AF_INET6:
if (use_ipv6) {
res = memcmp(&a->na_addr.v6.sin6_addr, &b->na_addr.v6.sin6_addr,
sizeof(struct in6_addr));
if (tmp_pool)
destroy_pool(tmp_pool);
return res;
}
#endif /* PR_USE_IPV6 */
}
if (tmp_pool)
destroy_pool(tmp_pool);
errno = EPERM;
return -1;
}
int pr_namebind_create(server_rec *server, const char *name,
const pr_netaddr_t *addr, unsigned int server_port) {
pr_ipbind_t *ipbind = NULL;
pr_namebind_t *namebind = NULL, **namebinds = NULL;
unsigned int port;
if (server == NULL ||
name == NULL) {
errno = EINVAL;
return -1;
}
/* First, find the ipbind to hold this namebind. */
port = ntohs(pr_netaddr_get_port(addr));
if (port == 0) {
port = server_port;
}
ipbind = pr_ipbind_find(addr, port, FALSE);
pr_trace_msg(trace_channel, 19,
"found ipbind %p for namebind (name '%s', addr %s, port %u)", ipbind, name,
pr_netaddr_get_ipstr(addr), port);
if (ipbind == NULL) {
pr_netaddr_t wildcard_addr;
int addr_family;
/* If not found, look for the wildcard address. */
addr_family = pr_netaddr_get_family(addr);
pr_netaddr_clear(&wildcard_addr);
pr_netaddr_set_family(&wildcard_addr, addr_family);
pr_netaddr_set_sockaddr_any(&wildcard_addr);
ipbind = pr_ipbind_find(&wildcard_addr, port, FALSE);
#ifdef PR_USE_IPV6
if (ipbind == FALSE &&
addr_family == AF_INET6 &&
pr_netaddr_use_ipv6()) {
/* No IPv6 wildcard address found; try the IPv4 wildcard address. */
pr_netaddr_clear(&wildcard_addr);
pr_netaddr_set_family(&wildcard_addr, AF_INET);
pr_netaddr_set_sockaddr_any(&wildcard_addr);
ipbind = pr_ipbind_find(&wildcard_addr, port, FALSE);
}
#endif /* PR_USE_IPV6 */
pr_trace_msg(trace_channel, 19,
"found wildcard ipbind %p for namebind (name '%s', addr %s, port %u)",
ipbind, name, pr_netaddr_get_ipstr(addr), port);
}
if (ipbind == NULL) {
errno = ENOENT;
return -1;
}
/* Make sure we can add this namebind. */
if (!ipbind->ib_namebinds) {
ipbind->ib_namebinds = make_array(binding_pool, 0, sizeof(pr_namebind_t *));
} else {
register unsigned int i = 0;
namebinds = (pr_namebind_t **) ipbind->ib_namebinds->elts;
/* See if there is already a namebind for the given name. */
for (i = 0; i < ipbind->ib_namebinds->nelts; i++) {
namebind = namebinds[i];
if (namebind != NULL &&
namebind->nb_name != NULL) {
/* DNS names are case-insensitive, hence the case-insensitive check
* here.
*
* XXX Ideally, we should check whether any existing namebinds which
* are globs will match the newly added namebind as well.
*/
if (strcasecmp(namebind->nb_name, name) == 0) {
errno = EEXIST;
return -1;
}
}
}
}
namebind = (pr_namebind_t *) pcalloc(server->pool, sizeof(pr_namebind_t));
namebind->nb_name = name;
namebind->nb_server = server;
namebind->nb_isactive = FALSE;
if (pr_str_is_fnmatch(name) == TRUE) {
namebind->nb_iswildcard = TRUE;
}
pr_trace_msg(trace_channel, 8,
"created named binding '%s' for %s#%u, server %p", name,
pr_netaddr_get_ipstr(server->addr), server->ServerPort, server->ServerName);
/* The given server should already have the following populated:
*
* server->ServerName
* server->ServerAddress
* server->ServerFQDN
*/
/* These TCP socket tweaks will not apply to the control connection (it will
* already have been established by the time this named vhost is used),
* but WILL apply to any data connections established to this named vhost.
*/
#if 0
namebind->nb_server->tcp_mss_len = (server->tcp_mss_len ?
server->tcp_mss_len : main_server->tcp_mss_len);
namebind->nb_server->tcp_rcvbuf_len = (server->tcp_rcvbuf_len ?
server->tcp_rcvbuf_len : main_server->tcp_rcvbuf_len);
namebind->nb_server->tcp_rcvbuf_override = (server->tcp_rcvbuf_override ?
TRUE : main_server->tcp_rcvbuf_override);
namebind->nb_server->tcp_sndbuf_len = (server->tcp_sndbuf_len ?
server->tcp_sndbuf_len : main_server->tcp_sndbuf_len);
namebind->nb_server->tcp_sndbuf_override = (server->tcp_sndbuf_override ?
TRUE : main_server->tcp_sndbuf_override);
/* XXX Shouldn't need these; the ipbind container handles all of the
* connection (listener, port, addr) stuff.
*/
namebind->nb_server->addr = (server->addr ? server->addr :
main_server->addr);
namebind->nb_server->ServerPort = (server->ServerPort ? server->ServerPort :
main_server->ServerPort);
namebind->nb_listener = (server->listen ? server->listen :
main_server->listen);
#endif
*((pr_namebind_t **) push_array(ipbind->ib_namebinds)) = namebind;
return 0;
}
const pr_netaddr_t *proxy_ftp_xfer_prepare_passive(int policy_id, cmd_rec *cmd,
const char *error_code, struct proxy_session *proxy_sess, int flags) {
int res, xerrno = 0;
cmd_rec *pasv_cmd;
const pr_netaddr_t *remote_addr = NULL;
pr_response_t *resp;
unsigned int resp_nlines = 0;
unsigned short remote_port;
char *passive_cmd, *passive_respcode = NULL;
if (cmd == NULL ||
error_code == NULL ||
proxy_sess == NULL ||
proxy_sess->backend_ctrl_conn == NULL) {
errno = EINVAL;
return NULL;
}
/* Whether we send a PASV (and expect 227) or an EPSV (and expect 229)
* need to depend on the policy_id.
*/
switch (policy_id) {
case PR_CMD_PASV_ID:
passive_cmd = C_PASV;
break;
case PR_CMD_EPSV_ID:
/* If the remote host does not mention EPSV in its features, fall back
* to using PASV.
*/
passive_cmd = C_EPSV;
if (pr_table_get(proxy_sess->backend_features, C_EPSV, NULL) == NULL) {
pr_trace_msg(trace_channel, 19,
"EPSV not supported by backend server (via FEAT), using PASV");
if (proxy_sess->dataxfer_policy == PR_CMD_EPSV_ID) {
proxy_sess->dataxfer_policy = PR_CMD_PASV_ID;
}
passive_cmd = C_PASV;
policy_id = PR_CMD_PASV_ID;
}
break;
default:
/* In this case, the cmd we were given is the one we should send to
* the backend server -- but only if it is either EPSV or PASV.
*/
if (pr_cmd_cmp(cmd, PR_CMD_EPSV_ID) != 0 &&
pr_cmd_cmp(cmd, PR_CMD_PASV_ID) != 0) {
pr_trace_msg(trace_channel, 9,
"illegal FTP passive transfer command '%s'", (char *) cmd->argv[0]);
errno = EINVAL;
return NULL;
}
passive_cmd = cmd->argv[0];
if (pr_cmd_cmp(cmd, PR_CMD_EPSV_ID) == 0) {
/* If the remote host does not mention EPSV in its features, fall back
* to using PASV.
*/
if (pr_table_get(proxy_sess->backend_features, C_EPSV, NULL) == NULL) {
pr_trace_msg(trace_channel, 19,
"EPSV not supported by backend server (via FEAT), using PASV");
if (proxy_sess->dataxfer_policy == PR_CMD_EPSV_ID) {
proxy_sess->dataxfer_policy = PR_CMD_PASV_ID;
}
passive_cmd = C_PASV;
policy_id = PR_CMD_PASV_ID;
}
}
break;
}
pasv_cmd = pr_cmd_alloc(cmd->tmp_pool, 1, passive_cmd);
switch (pr_cmd_get_id(pasv_cmd->argv[0])) {
case PR_CMD_PASV_ID:
passive_respcode = R_227;
break;
case PR_CMD_EPSV_ID:
passive_respcode = R_229;
break;
}
res = proxy_ftp_ctrl_send_cmd(cmd->tmp_pool, proxy_sess->backend_ctrl_conn,
pasv_cmd);
if (res < 0) {
xerrno = errno;
(void) pr_log_writefile(proxy_logfd, MOD_PROXY_VERSION,
"error sending %s to backend: %s", (char *) pasv_cmd->argv[0],
strerror(xerrno));
pr_response_add_err(error_code, "%s: %s", (char *) cmd->argv[0],
strerror(xerrno));
pr_response_flush(&resp_err_list);
errno = xerrno;
return NULL;
}
resp = proxy_ftp_ctrl_recv_resp(cmd->tmp_pool, proxy_sess->backend_ctrl_conn,
&resp_nlines, flags);
if (resp == NULL) {
xerrno = errno;
(void) pr_log_writefile(proxy_logfd, MOD_PROXY_VERSION,
"error receiving %s response from backend: %s",
(char *) pasv_cmd->argv[0], strerror(xerrno));
pr_response_add_err(error_code, "%s: %s", (char *) cmd->argv[0],
strerror(xerrno));
pr_response_flush(&resp_err_list);
errno = xerrno;
return NULL;
}
/* We specifically expect a 227 or 229 response code here; anything else is
* an error. Right?
*/
if (strncmp(resp->num, passive_respcode, 4) != 0) {
(void) pr_log_writefile(proxy_logfd, MOD_PROXY_VERSION,
"received response code %s, but expected %s for %s command", resp->num,
passive_respcode, (char *) pasv_cmd->argv[0]);
if (policy_id == PR_CMD_EPSV_ID) {
/* If using EPSV failed, try again using PASV, and switch the
* DataTransferPolicy (if EPSV) to be PASV, for future attempts.
*/
if (proxy_sess->dataxfer_policy == PR_CMD_EPSV_ID) {
pr_trace_msg(trace_channel, 15,
"falling back from EPSV to PASV DataTransferPolicy");
proxy_sess->dataxfer_policy = PR_CMD_PASV_ID;
}
return proxy_ftp_xfer_prepare_passive(PR_CMD_PASV_ID, cmd,
error_code, proxy_sess, flags);
}
res = proxy_ftp_ctrl_send_resp(cmd->tmp_pool,
proxy_sess->frontend_ctrl_conn, resp, resp_nlines);
errno = EPERM;
return NULL;
}
switch (pr_cmd_get_id(pasv_cmd->argv[0])) {
case PR_CMD_PASV_ID:
remote_addr = proxy_ftp_msg_parse_addr(cmd->tmp_pool, resp->msg,
pr_netaddr_get_family(session.c->local_addr));
break;
case PR_CMD_EPSV_ID:
remote_addr = proxy_ftp_msg_parse_ext_addr(cmd->tmp_pool, resp->msg,
session.c->remote_addr, PR_CMD_EPSV_ID, NULL);
break;
}
if (remote_addr == NULL) {
xerrno = errno;
pr_trace_msg(trace_channel, 2, "error parsing %s response '%s': %s",
(char *) pasv_cmd->argv[0], resp->msg, strerror(xerrno));
xerrno = EPERM;
pr_response_add_err(error_code, "%s: %s", (char *) cmd->argv[0],
strerror(xerrno));
pr_response_flush(&resp_err_list);
errno = xerrno;
return NULL;
}
remote_port = ntohs(pr_netaddr_get_port(remote_addr));
/* Make sure that the given address matches the address to which we
* originally connected.
*/
if (pr_netaddr_cmp(remote_addr,
proxy_sess->backend_ctrl_conn->remote_addr) != 0) {
(void) pr_log_writefile(proxy_logfd, MOD_PROXY_VERSION,
"Refused %s address %s (address mismatch with %s)",
(char *) pasv_cmd->argv[0], pr_netaddr_get_ipstr(remote_addr),
pr_netaddr_get_ipstr(proxy_sess->backend_ctrl_conn->remote_addr));
xerrno = EPERM;
pr_response_add_err(error_code, "%s: %s", (char *) cmd->argv[0],
strerror(xerrno));
pr_response_flush(&resp_err_list);
errno = xerrno;
return NULL;
}
if (remote_port < 1024) {
(void) pr_log_writefile(proxy_logfd, MOD_PROXY_VERSION,
"Refused %s port %hu (below 1024)",
(char *) pasv_cmd->argv[0], remote_port);
xerrno = EPERM;
pr_response_add_err(error_code, "%s: %s", (char *) cmd->argv[0],
strerror(xerrno));
pr_response_flush(&resp_err_list);
errno = xerrno;
return NULL;
}
return remote_addr;
}
static int forward_handle_user_passthru(cmd_rec *cmd,
struct proxy_session *proxy_sess, int *successful, int flags) {
int res, xerrno;
char *user = NULL;
cmd_rec *user_cmd = NULL;
pr_response_t *resp = NULL;
unsigned int resp_nlines = 0;
if (flags & PROXY_FORWARD_USER_PASSTHRU_FL_PARSE_DSTADDR) {
struct proxy_conn *pconn = NULL;
pr_netaddr_t *remote_addr = NULL;
array_header *other_addrs = NULL;
res = forward_cmd_parse_dst(cmd->tmp_pool, cmd->arg, &user, &pconn);
if (res < 0) {
errno = EINVAL;
return -1;
}
remote_addr = proxy_conn_get_addr(pconn, &other_addrs);
/* Ensure that the requested remote address is NOT (blatantly) ourselves,
* i.e. the proxy itself. This prevents easy-to-detect proxy loops.
*/
if (pr_netaddr_cmp(remote_addr, session.c->local_addr) == 0 &&
pr_netaddr_get_port(remote_addr) == pr_netaddr_get_port(session.c->local_addr)) {
(void) pr_log_writefile(proxy_logfd, MOD_PROXY_VERSION,
"requested destination %s#%u is local address %s#%u, rejecting",
pr_netaddr_get_ipstr(remote_addr),
ntohs(pr_netaddr_get_port(remote_addr)),
pr_netaddr_get_ipstr(session.c->local_addr),
ntohs(pr_netaddr_get_port(session.c->local_addr)));
pr_response_send(R_530, _("Unable to connect to %s: %s"),
proxy_conn_get_hostport(pconn), strerror(EPERM));
return 1;
}
proxy_sess->dst_addr = remote_addr;
proxy_sess->other_addrs = other_addrs;
proxy_sess->dst_pconn = pconn;
/* Change the command so that it no longer includes the proxy info. */
user_cmd = pr_cmd_alloc(cmd->pool, 2, C_USER, user);
user_cmd->arg = user;
} else {
user_cmd = cmd;
}
if (flags & PROXY_FORWARD_USER_PASSTHRU_FL_CONNECT_DSTADDR) {
pr_response_t *banner = NULL;
unsigned int banner_nlines = 0;
res = forward_connect(proxy_pool, proxy_sess, &banner, &banner_nlines);
if (res < 0) {
xerrno = errno;
*successful = FALSE;
/* Send a failed USER response to our waiting frontend client, but do
* not necessarily close the frontend connection.
*/
resp = pcalloc(cmd->tmp_pool, sizeof(pr_response_t));
resp->num = R_530;
if (banner != NULL) {
resp->msg = banner->msg;
resp_nlines = banner_nlines;
} else {
resp->msg = pstrcat(cmd->tmp_pool, "Unable to connect to ",
proxy_conn_get_hostport(proxy_sess->dst_pconn), ": ",
strerror(xerrno), NULL);
resp_nlines = 1;
}
res = proxy_ftp_ctrl_send_resp(cmd->tmp_pool,
proxy_sess->frontend_ctrl_conn, resp, resp_nlines);
if (res < 0) {
xerrno = errno;
pr_response_block(TRUE);
errno = xerrno;
return -1;
}
return 1;
}
}
res = proxy_ftp_ctrl_send_cmd(cmd->tmp_pool, proxy_sess->backend_ctrl_conn,
user_cmd);
if (res < 0) {
xerrno = errno;
(void) pr_log_writefile(proxy_logfd, MOD_PROXY_VERSION,
"error sending %s to backend: %s", (char *) user_cmd->argv[0],
strerror(xerrno));
errno = xerrno;
return -1;
}
resp = proxy_ftp_ctrl_recv_resp(cmd->tmp_pool, proxy_sess->backend_ctrl_conn,
&resp_nlines);
if (resp == NULL) {
xerrno = errno;
(void) pr_log_writefile(proxy_logfd, MOD_PROXY_VERSION,
"error receiving %s response from backend: %s", (char *) cmd->argv[0],
strerror(xerrno));
errno = xerrno;
return -1;
}
if (resp->num[0] == '2' ||
resp->num[0] == '3') {
*successful = TRUE;
if (strcmp(resp->num, R_232) == 0) {
proxy_sess_state |= PROXY_SESS_STATE_BACKEND_AUTHENTICATED;
pr_timer_remove(PR_TIMER_LOGIN, ANY_MODULE);
}
}
/* XXX TODO: Concatenate the banner from the connect with the USER response
* message here, and send the entire kit to the frontend client, e.g.:
*
* Name (gatekeeper:you): [email protected]
* 331-(----GATEWAY CONNECTED TO ftp.uu.net----)
* 331-(220 ftp.uu.net FTP server (SunOS 4.1) ready.
* 331 Guest login ok, send ident as password.
* Password: ######
* 230 Guest login ok, access restrictions apply.
* ftp> dir
*/
res = proxy_ftp_ctrl_send_resp(cmd->tmp_pool, proxy_sess->frontend_ctrl_conn,
resp, resp_nlines);
if (res < 0) {
xerrno = errno;
pr_response_block(TRUE);
errno = xerrno;
return -1;
}
return 1;
}
static int forward_connect(pool *p, struct proxy_session *proxy_sess,
pr_response_t **resp, unsigned int *resp_nlines) {
conn_t *server_conn = NULL;
int banner_ok = TRUE, use_tls, xerrno = 0;
pr_netaddr_t *dst_addr;
array_header *other_addrs = NULL;
dst_addr = proxy_sess->dst_addr;
other_addrs = proxy_sess->other_addrs;
server_conn = proxy_conn_get_server_conn(p, proxy_sess, dst_addr);
if (server_conn == NULL) {
xerrno = errno;
if (other_addrs != NULL) {
register unsigned int i;
/* Try the other IP addresses for the requested name (if any) as well. */
for (i = 0; i < other_addrs->nelts; i++) {
dst_addr = ((pr_netaddr_t **) other_addrs->elts)[i];
pr_trace_msg(trace_channel, 8,
"attempting to connect to other address #%u (%s) for requested "
"URI '%.100s'", i+1, pr_netaddr_get_ipstr(dst_addr),
proxy_conn_get_uri(proxy_sess->dst_pconn));
server_conn = proxy_conn_get_server_conn(p, proxy_sess, dst_addr);
if (server_conn != NULL) {
proxy_sess->dst_addr = dst_addr;
break;
}
}
}
if (server_conn == NULL) {
xerrno = errno;
/* EINVALs lead to strange-looking error responses; change them to
* EPERM.
*/
if (xerrno == EINVAL) {
xerrno = EPERM;
}
}
errno = xerrno;
return -1;
}
/* XXX Support/send a CLNT command of our own? Configurable via e.g.
* "UserAgent" string?
*/
proxy_sess->frontend_ctrl_conn = session.c;
proxy_sess->backend_ctrl_conn = server_conn;
/* Read the response from the backend server. */
*resp = proxy_ftp_ctrl_recv_resp(p, proxy_sess->backend_ctrl_conn,
resp_nlines);
if (*resp == NULL) {
xerrno = errno;
pr_log_writefile(proxy_logfd, MOD_PROXY_VERSION,
"unable to read banner from server %s:%u: %s",
pr_netaddr_get_ipstr(proxy_sess->backend_ctrl_conn->remote_addr),
ntohs(pr_netaddr_get_port(proxy_sess->backend_ctrl_conn->remote_addr)),
strerror(xerrno));
errno = EPERM;
return -1;
}
if ((*resp)->num[0] != '2') {
banner_ok = FALSE;
}
(void) pr_log_writefile(proxy_logfd, MOD_PROXY_VERSION,
"received banner from backend %s:%u%s: %s %s",
pr_netaddr_get_ipstr(proxy_sess->backend_ctrl_conn->remote_addr),
ntohs(pr_netaddr_get_port(proxy_sess->backend_ctrl_conn->remote_addr)),
banner_ok ? "" : ", DISCONNECTING", (*resp)->num, (*resp)->msg);
if (banner_ok == FALSE) {
pr_inet_close(p, proxy_sess->backend_ctrl_conn);
proxy_sess->backend_ctrl_conn = NULL;
errno = EPERM;
return -1;
}
/* Get the features supported by the backend server */
if (proxy_ftp_sess_get_feat(p, proxy_sess) < 0) {
if (errno != EPERM) {
(void) pr_log_writefile(proxy_logfd, MOD_PROXY_VERSION,
"unable to determine features of backend server: %s", strerror(errno));
}
}
use_tls = proxy_tls_use_tls();
if (use_tls != PROXY_TLS_ENGINE_OFF) {
if (proxy_ftp_sess_send_auth_tls(p, proxy_sess) < 0) {
xerrno = errno;
(void) pr_log_writefile(proxy_logfd, MOD_PROXY_VERSION,
"error enabling TLS on control connection to backend server: %s",
strerror(xerrno));
pr_inet_close(p, proxy_sess->backend_ctrl_conn);
proxy_sess->backend_ctrl_conn = NULL;
*resp = NULL;
errno = xerrno;
return -1;
}
}
if (proxy_netio_postopen(server_conn->instrm) < 0) {
xerrno = errno;
(void) pr_log_writefile(proxy_logfd, MOD_PROXY_VERSION,
"postopen error for backend control connection input stream: %s",
strerror(xerrno));
proxy_inet_close(session.pool, server_conn);
proxy_sess->backend_ctrl_conn = NULL;
*resp = NULL;
errno = xerrno;
return -1;
}
if (proxy_netio_postopen(server_conn->outstrm) < 0) {
xerrno = errno;
(void) pr_log_writefile(proxy_logfd, MOD_PROXY_VERSION,
"postopen error for backend control connection output stream: %s",
strerror(xerrno));
proxy_inet_close(session.pool, server_conn);
proxy_sess->backend_ctrl_conn = NULL;
*resp = NULL;
errno = xerrno;
return -1;
}
if (use_tls != PROXY_TLS_ENGINE_OFF) {
if (proxy_sess_state & PROXY_SESS_STATE_BACKEND_HAS_CTRL_TLS) {
/* NOTE: should this be a fatal error? */
(void) proxy_ftp_sess_send_pbsz_prot(p, proxy_sess);
}
}
(void) proxy_ftp_sess_send_host(p, proxy_sess);
proxy_sess_state |= PROXY_SESS_STATE_CONNECTED;
return 0;
}
conn_t *proxy_conn_get_server_conn(pool *p, struct proxy_session *proxy_sess,
pr_netaddr_t *remote_addr) {
pr_netaddr_t *bind_addr = NULL, *local_addr = NULL;
const char *remote_ipstr = NULL;
unsigned int remote_port;
conn_t *server_conn, *ctrl_conn;
int res;
if (proxy_sess->connect_timeout > 0) {
const char *notes_key = "mod_proxy.proxy-connect-address";
proxy_sess->connect_timerno = pr_timer_add(proxy_sess->connect_timeout,
-1, &proxy_module, proxy_conn_connect_timeout_cb, "ProxyTimeoutConnect");
(void) pr_table_remove(session.notes, notes_key, NULL);
if (pr_table_add(session.notes, notes_key, remote_addr,
sizeof(pr_netaddr_t)) < 0) {
(void) pr_log_writefile(proxy_logfd, MOD_PROXY_VERSION,
"error stashing proxy connect address note: %s", strerror(errno));
}
}
remote_ipstr = pr_netaddr_get_ipstr(remote_addr);
remote_port = ntohs(pr_netaddr_get_port(remote_addr));
/* Check the family of the retrieved address vs what we'll be using
* to connect. If there's a mismatch, we need to get an addr with the
* matching family.
*/
if (pr_netaddr_get_family(session.c->local_addr) == pr_netaddr_get_family(remote_addr)) {
local_addr = session.c->local_addr;
} else {
/* In this scenario, the proxy has an IPv6 socket, but the remote/backend
* server has an IPv4 (or IPv4-mapped IPv6) address. OR it's the proxy
* which has an IPv4 socket, and the remote/backend server has an IPv6
* address.
*/
if (pr_netaddr_get_family(session.c->local_addr) == AF_INET) {
char *ip_str;
/* Convert the local address from an IPv4 to an IPv6 addr. */
ip_str = pcalloc(p, INET6_ADDRSTRLEN + 1);
snprintf(ip_str, INET6_ADDRSTRLEN, "::ffff:%s",
pr_netaddr_get_ipstr(session.c->local_addr));
local_addr = pr_netaddr_get_addr(p, ip_str, NULL);
} else {
local_addr = pr_netaddr_v6tov4(p, session.c->local_addr);
if (local_addr == NULL) {
pr_trace_msg(trace_channel, 4,
"error converting IPv6 local address %s to IPv4 address: %s",
pr_netaddr_get_ipstr(session.c->local_addr), strerror(errno));
}
}
if (local_addr == NULL) {
local_addr = session.c->local_addr;
}
}
bind_addr = proxy_sess->src_addr;
if (bind_addr == NULL) {
bind_addr = local_addr;
}
/* Note: IF mod_proxy is running on localhost, and the connection to be
* made is to a public IP address, then this connect(2) attempt would most
* likely fail with ENETUNREACH, since localhost is a loopback network,
* and of course not reachable from a public IP. Thus we check for this
* edge case (which happens often for development).
*/
if (pr_netaddr_is_loopback(bind_addr) == TRUE) {
const char *local_name;
pr_netaddr_t *local_addr;
local_name = pr_netaddr_get_localaddr_str(p);
local_addr = pr_netaddr_get_addr(p, local_name, NULL);
if (local_addr != NULL) {
pr_trace_msg(trace_channel, 14,
"%s is a loopback address, and unable to reach %s; using %s instead",
pr_netaddr_get_ipstr(bind_addr), remote_ipstr,
pr_netaddr_get_ipstr(local_addr));
bind_addr = local_addr;
}
}
server_conn = pr_inet_create_conn(p, -1, bind_addr, INPORT_ANY, FALSE);
if (server_conn == NULL) {
int xerrno = errno;
(void) pr_log_writefile(proxy_logfd, MOD_PROXY_VERSION,
"error creating connection to %s: %s", pr_netaddr_get_ipstr(bind_addr),
strerror(xerrno));
pr_timer_remove(proxy_sess->connect_timerno, &proxy_module);
errno = xerrno;
return NULL;
}
pr_trace_msg(trace_channel, 11, "connecting to backend address %s#%u from %s",
remote_ipstr, remote_port, pr_netaddr_get_ipstr(bind_addr));
res = pr_inet_connect_nowait(p, server_conn, remote_addr,
ntohs(pr_netaddr_get_port(remote_addr)));
if (res < 0) {
int xerrno = errno;
(void) pr_log_writefile(proxy_logfd, MOD_PROXY_VERSION,
"error starting connect to %s#%u: %s", remote_ipstr, remote_port,
strerror(xerrno));
pr_timer_remove(proxy_sess->connect_timerno, &proxy_module);
errno = xerrno;
return NULL;
}
if (res == 0) {
pr_netio_stream_t *nstrm;
int nstrm_mode = PR_NETIO_IO_RD;
if (proxy_opts & PROXY_OPT_USE_PROXY_PROTOCOL) {
/* Rather than waiting for the stream to be readable (because the
* other end sent us something), wait for the stream to be writable
* so that we can send something to the other end).
*/
nstrm_mode = PR_NETIO_IO_WR;
}
/* Not yet connected. */
nstrm = proxy_netio_open(p, PR_NETIO_STRM_OTHR, server_conn->listen_fd,
nstrm_mode);
if (nstrm == NULL) {
int xerrno = errno;
(void) pr_log_writefile(proxy_logfd, MOD_PROXY_VERSION,
"error opening stream to %s#%u: %s", remote_ipstr, remote_port,
strerror(xerrno));
pr_timer_remove(proxy_sess->connect_timerno, &proxy_module);
pr_inet_close(p, server_conn);
errno = xerrno;
return NULL;
}
proxy_netio_set_poll_interval(nstrm, 1);
switch (proxy_netio_poll(nstrm)) {
case 1: {
/* Aborted, timed out. Note that we shouldn't reach here. */
pr_timer_remove(proxy_sess->connect_timerno, &proxy_module);
proxy_netio_close(nstrm);
pr_inet_close(p, server_conn);
errno = ETIMEDOUT;
return NULL;
}
case -1: {
/* Error */
int xerrno = errno;
(void) pr_log_writefile(proxy_logfd, MOD_PROXY_VERSION,
"error connecting to %s#%u: %s", remote_ipstr, remote_port,
strerror(xerrno));
pr_timer_remove(proxy_sess->connect_timerno, &proxy_module);
proxy_netio_close(nstrm);
pr_inet_close(p, server_conn);
errno = xerrno;
return NULL;
}
default: {
/* Connected */
server_conn->mode = CM_OPEN;
pr_timer_remove(proxy_sess->connect_timerno, &proxy_module);
pr_table_remove(session.notes, "mod_proxy.proxy-connect-addr", NULL);
res = pr_inet_get_conn_info(server_conn, server_conn->listen_fd);
if (res < 0) {
int xerrno = errno;
(void) pr_log_writefile(proxy_logfd, MOD_PROXY_VERSION,
"error obtaining local socket info on fd %d: %s",
server_conn->listen_fd, strerror(xerrno));
proxy_netio_close(nstrm);
pr_inet_close(p, server_conn);
errno = xerrno;
return NULL;
}
break;
}
}
}
pr_trace_msg(trace_channel, 5,
"successfully connected to %s#%u from %s#%d", remote_ipstr, remote_port,
pr_netaddr_get_ipstr(server_conn->local_addr),
ntohs(pr_netaddr_get_port(server_conn->local_addr)));
ctrl_conn = proxy_inet_openrw(p, server_conn, NULL, PR_NETIO_STRM_CTRL, -1,
-1, -1, FALSE);
if (ctrl_conn == NULL) {
int xerrno = errno;
(void) pr_log_writefile(proxy_logfd, MOD_PROXY_VERSION,
"unable to open control connection to %s#%u: %s", remote_ipstr,
remote_port, strerror(xerrno));
pr_inet_close(p, server_conn);
errno = xerrno;
return NULL;
}
return ctrl_conn;
}
