static void httpr_client_read_content(struct bufferevent *buffev, redsocks_client *client)
{
httpr_client *httpr = (void*)(client + 1);
static int post_buffer_len = 64 * 1024;
char *post_buffer = calloc(post_buffer_len, 1);
if (!post_buffer) {
redsocks_log_error(client, LOG_ERR, "run out of memory");
redsocks_drop_client(client);
return;
}
int error;
while (true) {
error = evbuffer_remove(buffev->input, post_buffer, post_buffer_len);
if (error < 0) {
free(post_buffer);
redsocks_log_error(client, LOG_ERR, "evbuffer_remove");
redsocks_drop_client(client);
return;
}
if (error == 0)
break;
httpr_buffer_append(&httpr->client_buffer, post_buffer, error);
if (client->relay && client->state >= httpr_request_sent) {
if (bufferevent_write(client->relay, post_buffer, error) != 0) {
free(post_buffer);
redsocks_log_error(client, LOG_ERR, "bufferevent_write");
redsocks_drop_client(client);
return;
}
}
}
free(post_buffer);
}
static void socks4_read_cb(struct bufferevent *buffev, void *_arg)
{
redsocks_client *client = _arg;
assert(client->state >= socks4_request_sent);
redsocks_touch_client(client);
if (client->state == socks4_request_sent) {
socks4_reply reply;
if (redsocks_read_expected(client, bufferevent_get_input(buffev), &reply, sizes_greater_equal, sizeof(reply)) < 0)
return;
client->state = socks4_reply_came;
if (reply.ver != 0) {
redsocks_log_error(client, LOG_NOTICE, "Socks4 server reported unexpected reply version...");
redsocks_drop_client(client);
}
else if (reply.status == socks4_status_ok)
redsocks_start_relay(client);
else {
redsocks_log_error(client, LOG_NOTICE, "Socks4 server status: %s (%i)",
reply.status == socks4_status_fail ? "fail" :
reply.status == socks4_status_no_ident ? "no ident" :
reply.status == socks4_status_fake_ident ? "fake ident" : "?",
reply.status);
redsocks_drop_client(client);
}
}
}
static void ss_relay_connected(struct bufferevent *buffev, void *_arg)
{
redsocks_client *client = _arg;
ss_header_ipv4 header;
size_t len = 0;
assert(buffev == client->relay);
assert(client->state == ss_new);
redsocks_touch_client(client);
if (!red_is_socket_connected_ok(buffev)) {
redsocks_log_error(client, LOG_DEBUG, "failed to connect to destination");
redsocks_drop_client(client);
return;
}
client->relay_connected = 1;
/* We do not need to detect timeouts any more.
The two peers will handle it. */
bufferevent_set_timeouts(client->relay, NULL, NULL);
if (!redsocks_start_relay(client))
{
/* overwrite theread callback to my function */
bufferevent_setcb(client->client, ss_client_readcb,
ss_client_writecb,
redsocks_event_error,
client);
bufferevent_setcb(client->relay, ss_relay_readcb,
ss_relay_writecb,
redsocks_event_error,
client);
}
else
{
redsocks_log_error(client, LOG_DEBUG, "failed to start relay");
redsocks_drop_client(client);
return;
}
/* build and send header */
// TODO: Better implementation and IPv6 Support
header.addr_type = ss_addrtype_ipv4;
header.addr = client->destaddr.sin_addr.s_addr;
header.port = client->destaddr.sin_port;
len += sizeof(header);
encrypt_mem(client, (char *)&header, len, client->relay, 0);
client->state = ss_connected;
// Write any data received from client side to relay.
if (evbuffer_get_length(bufferevent_get_input(client->client)))
ss_relay_writecb(client->relay, client);
return;
}
static void ss_relay_writecb(struct bufferevent *buffev, void *_arg)
{
redsocks_client *client = _arg;
struct bufferevent * from = client->client;
struct bufferevent * to = buffev;
size_t input_size = evbuffer_get_contiguous_space(bufferevent_get_input(from));
size_t output_size = evbuffer_get_length(bufferevent_get_output(to));
assert(buffev == client->relay);
redsocks_touch_client(client);
if (process_shutdown_on_write_(client, from, to))
return;
if (client->state == ss_connected)
{
/* encrypt and forward data received from client side */
if (output_size < to->wm_write.high)
{
if (input_size)
encrypt_buffer(client, from, to);
if (!(client->client_evshut & EV_READ) && bufferevent_enable(from, EV_READ) == -1)
redsocks_log_errno(client, LOG_ERR, "bufferevent_enable");
}
}
else
{
redsocks_drop_client(client);
}
}
static void socks5_read_auth_methods(struct bufferevent *buffev, redsocks_client *client, socks5_client *socks5)
{
socks5_method_reply reply;
const char *error = NULL;
if (redsocks_read_expected(client, buffev->input, &reply, sizes_equal, sizeof(reply)) < 0)
return;
error = socks5_is_known_auth_method(&reply, socks5->do_password);
if (error) {
redsocks_log_error(client, LOG_NOTICE, "socks5_is_known_auth_method: %s", error);
redsocks_drop_client(client);
}
else if (reply.method == socks5_auth_none) {
redsocks_write_helper(
buffev, client,
socks5_mkconnect, socks5_request_sent, sizeof(socks5_reply)
);
}
else if (reply.method == socks5_auth_password) {
redsocks_write_helper(
buffev, client,
socks5_mkpassword, socks5_auth_sent, sizeof(socks5_auth_reply)
);
}
}
static void auto_relay_connected(struct bufferevent *buffev, void *_arg)
{
redsocks_client *client = _arg;
assert(buffev == client->relay);
redsocks_touch_client(client);
if (!red_is_socket_connected_ok(buffev)) {
if (client->state == socks5_pre_detect && !auto_retry_or_drop(client))
return;
redsocks_log_error(client, LOG_DEBUG, "failed to connect to proxy");
goto fail;
}
/* We do not need to detect timeouts any more.
The two peers will handle it. */
bufferevent_set_timeouts(client->relay, NULL, NULL);
client->relay->readcb = client->instance->relay_ss->readcb;
client->relay->writecb = client->instance->relay_ss->writecb;
client->relay->writecb(buffev, _arg);
return;
fail:
redsocks_drop_client(client);
}
static void auto_connect_relay(redsocks_client *client)
{
socks5_client *socks5 = (void*)(client + 1);
struct timeval tv;
tv.tv_sec = CONNECT_TIMEOUT_SECONDS;
tv.tv_usec = 0;
if (client->state == socks5_pre_detect)
{
if (is_addr_in_cache(&client->destaddr))
{
client->state = socks5_new; /* Connect SOCKS5 */
redsocks_log_error(client, LOG_DEBUG, "Found in cache");
}
}
client->relay = red_connect_relay2( client->state == socks5_pre_detect
? &client->destaddr : &client->instance->config.relayaddr,
auto_relay_connected, auto_event_error, client,
client->state == socks5_pre_detect ? &tv: NULL);
socks5->time_connect_relay = redsocks_time(NULL);
if (!client->relay) {
redsocks_log_errno(client, LOG_ERR, "auto_connect_relay");
redsocks_drop_client(client);
}
}
static void ss_relay_readcb(struct bufferevent *buffev, void *_arg)
{
redsocks_client *client = _arg;
struct bufferevent * from = buffev;
struct bufferevent * to = client->client;
size_t input_size = evbuffer_get_contiguous_space(bufferevent_get_input(from));
size_t output_size = evbuffer_get_length(bufferevent_get_output(to));
assert(buffev == client->relay);
redsocks_touch_client(client);
if (client->state == ss_connected)
{
/* decrypt and forward data to client side */
if (output_size < to->wm_write.high)
{
if (input_size)
decrypt_buffer(client, from, to);
if (bufferevent_enable(from, EV_READ) == -1)
redsocks_log_errno(client, LOG_ERR, "bufferevent_enable");
}
else
{
if (bufferevent_disable(from, EV_READ) == -1)
redsocks_log_errno(client, LOG_ERR, "bufferevent_disable");
}
}
else
{
redsocks_drop_client(client);
}
}
static void socks5_read_reply(struct bufferevent *buffev, redsocks_client *client, socks5_client *socks5)
{
socks5_reply reply;
if (redsocks_read_expected(client, buffev->input, &reply, sizes_greater_equal, sizeof(reply)) < 0)
return;
if (reply.ver != socks5_ver) {
redsocks_log_error(client, LOG_NOTICE, "Socks5 server reported unexpected reply version...");
redsocks_drop_client(client);
}
else if (reply.status == socks5_status_succeeded) {
socks5_state nextstate;
size_t len;
if (reply.addrtype == socks5_addrtype_ipv4) {
len = socks5->to_skip = sizeof(socks5_addr_ipv4);
nextstate = socks5_skip_address;
}
else if (reply.addrtype == socks5_addrtype_ipv6) {
len = socks5->to_skip = sizeof(socks5_addr_ipv6);
nextstate = socks5_skip_address;
}
else if (reply.addrtype == socks5_addrtype_domain) {
socks5_addr_domain domain;
len = sizeof(domain.size);
nextstate = socks5_skip_domain;
}
else {
redsocks_log_error(client, LOG_NOTICE, "Socks5 server reported unexpected address type...");
redsocks_drop_client(client);
return;
}
redsocks_write_helper(
buffev, client,
NULL, nextstate, len
);
}
else {
redsocks_log_error(client, LOG_NOTICE, "Socks5 server status: %s (%i)",
/* 0 <= reply.status && */ reply.status < SIZEOF_ARRAY(socks5_strstatus)
? socks5_strstatus[reply.status] : "?", reply.status);
redsocks_drop_client(client);
}
}
static void auto_event_error(struct bufferevent *buffev, short what, void *_arg)
{
redsocks_client *client = _arg;
int saved_errno = errno;
assert(buffev == client->relay || buffev == client->client);
redsocks_touch_client(client);
redsocks_log_errno(client, LOG_DEBUG, "Errno: %d, State: %d, what: %x", saved_errno, client->state, what);
if (buffev == client->relay)
{
if ( client->state == socks5_pre_detect
&& what == (EVBUFFER_WRITE|EVBUFFER_TIMEOUT))
{
/* In case timeout occurs for connecting relay, we try to connect
to target with SOCKS5 proxy. It is possible that the connection to
target can be set up a bit longer than the timeout value we set.
However, it is still better to make connection via proxy. */
auto_retry(client, 1);
return;
}
if (client->state == socks5_pre_detect && saved_errno == ECONNRESET)
if (!auto_retry_or_drop(client))
return;
if (client->state == socks5_direct && what == (EVBUFFER_READ|EVBUFFER_ERROR)
&& saved_errno == ECONNRESET )
{
if (!auto_retry_or_drop(client))
return;
}
}
if (what == (EVBUFFER_READ|EVBUFFER_EOF)) {
struct bufferevent *antiev;
if (buffev == client->relay)
antiev = client->client;
else
antiev = client->relay;
redsocks_shutdown(client, buffev, SHUT_RD);
if (antiev != NULL && EVBUFFER_LENGTH(antiev->output) == 0)
redsocks_shutdown(client, antiev, SHUT_WR);
}
else {
/*
myerrno = red_socket_geterrno(buffev);
redsocks_log_errno(client, LOG_NOTICE, "%s error, code " event_fmt_str,
buffev == client->relay ? "relay" : "client",
event_fmt(what));
*/
redsocks_drop_client(client);
}
}
static void socks5_read_auth_reply(struct bufferevent *buffev, redsocks_client *client, socks5_client *socks5)
{
socks5_auth_reply reply;
if (redsocks_read_expected(client, buffev->input, &reply, sizes_equal, sizeof(reply)) < 0)
return;
if (reply.ver != socks5_password_ver) {
redsocks_log_error(client, LOG_NOTICE, "Socks5 server reported unexpected auth reply version...");
redsocks_drop_client(client);
}
else if (reply.status == socks5_password_passed)
redsocks_write_helper(
buffev, client,
socks5_mkconnect, socks5_request_sent, sizeof(socks5_reply)
);
else
redsocks_drop_client(client);
}
static void auto_event_error(struct bufferevent *buffev, short what, void *_arg)
{
redsocks_client *client = _arg;
autoproxy_client * aclient = (void*)(client + 1) + client->instance->relay_ss->payload_len;
int saved_errno = errno;
assert(buffev == client->relay || buffev == client->client);
redsocks_touch_client(client);
redsocks_log_errno(client, LOG_DEBUG, "%s errno(%d), State: %d, what: " event_fmt_str,
buffev == client->client?"client":"relay",
saved_errno, aclient->state, event_fmt(what));
if (buffev == client->relay)
{
if ( aclient->state == AUTOPROXY_NEW
&& what == (EVBUFFER_WRITE|EVBUFFER_TIMEOUT))
{
on_connection_blocked(client);
/* In case timeout occurs while connecting relay, we try to connect
to target via SOCKS5 proxy. It is possible that the connection to
target can be set up a bit longer than the timeout value we set.
However, it is still better to make connection via proxy. */
auto_retry(client, 1);
return;
}
if (aclient->state == AUTOPROXY_NEW && saved_errno == ECONNRESET)
if (!auto_retry_or_drop(client))
return;
if (aclient->state == AUTOPROXY_CONNECTED && what == (EVBUFFER_READ|EVBUFFER_ERROR)
&& saved_errno == ECONNRESET )
{
if (!auto_retry_or_drop(client))
return;
}
}
if (what == (EVBUFFER_READ|EVBUFFER_EOF)) {
struct bufferevent *antiev;
if (buffev == client->relay)
antiev = client->client;
else
antiev = client->relay;
redsocks_shutdown(client, buffev, SHUT_RD);
if (antiev != NULL && EVBUFFER_LENGTH(antiev->output) == 0)
redsocks_shutdown(client, antiev, SHUT_WR);
}
else {
redsocks_drop_client(client);
}
}
static void httpr_connect_relay(redsocks_client *client)
{
int error;
client->client->readcb = httpr_client_read_cb;
error = bufferevent_enable(client->client, EV_READ);
if (error) {
redsocks_log_errno(client, LOG_ERR, "bufferevent_enable");
redsocks_drop_client(client);
}
}
static void auto_connect_relay(redsocks_client *client)
{
autoproxy_client * aclient = (void*)(client + 1) + client->instance->relay_ss->payload_len;
struct timeval tv;
tv.tv_sec = client->instance->config.timeout;
tv.tv_usec = 0;
time_t * acc_time = NULL;
time_t now = redsocks_time(NULL);
/* use default timeout if timeout is not configured */
if (tv.tv_sec == 0)
tv.tv_sec = DEFAULT_CONNECT_TIMEOUT_SECONDS;
if (aclient->state == AUTOPROXY_NEW)
{
acc_time = get_addr_time_in_cache(&client->destaddr);
if (acc_time)
{
if (now - *acc_time < CACHE_ITEM_STALE_SECONDS )
{
redsocks_log_error(client, LOG_DEBUG, "Found dest IP in cache");
auto_retry(client, 0);
return ;
}
else
{
/* stale this address in cache */
del_addr_from_cache(&client->destaddr);
/* update timeout value for quick detection */
tv.tv_sec = QUICK_CONNECT_TIMEOUT_SECONDS;
}
}
/* connect to target directly without going through proxy */
client->relay = red_connect_relay2(&client->destaddr,
auto_relay_connected, auto_event_error, client,
&tv);
aclient->time_connect_relay = redsocks_time(NULL);
if (!client->relay) {
redsocks_log_errno(client, LOG_ERR, "auto_connect_relay");
redsocks_drop_client(client);
}
}
else
{
redsocks_log_errno(client, LOG_ERR, "invalid state: %d", aclient->state);
}
}
static int direct_connect_relay(redsocks_client *client)
{
char * interface = client->instance->config.interface;
struct timeval tv = {client->instance->config.timeout, 0};
// Allowing binding relay socket to specified IP for outgoing connections
client->relay = red_connect_relay(interface, &client->destaddr, NULL,
redsocks_relay_connected, redsocks_event_error, client, &tv);
if (!client->relay)
{
redsocks_log_errno(client, LOG_ERR, "red_connect_relay");
redsocks_drop_client(client);
return -1;
}
return 0;
}
static void direct_write_cb(struct bufferevent *buffev, void *_arg)
{
redsocks_client *client = _arg;
redsocks_touch_client(client);
if (client->state == 0)
{
client->state = 1;
if (redsocks_start_relay(client))
{
// Failed to start relay. Drop connection.
redsocks_drop_client(client);
return;
}
// Write any data received from client to relay
if (evbuffer_get_length(bufferevent_get_input(client->client)))
client->instance->relay_ss->writecb(buffev, client);
}
}
static void auto_relay_connected(struct bufferevent *buffev, void *_arg)
{
redsocks_client *client = _arg;
autoproxy_client * aclient = (void*)(client + 1) + client->instance->relay_ss->payload_len;
assert(buffev == client->relay);
redsocks_touch_client(client);
if (!red_is_socket_connected_ok(buffev)) {
if (aclient->state == AUTOPROXY_NEW && !auto_retry_or_drop(client))
return;
redsocks_log_error(client, LOG_DEBUG, "failed to connect to proxy");
goto fail;
}
/* update client state */
aclient->state = AUTOPROXY_CONNECTED;
/* We do not need to detect timeouts any more.
The two peers will handle it. */
bufferevent_set_timeouts(client->relay, NULL, NULL);
if (!redsocks_start_relay(client))
{
/* overwrite theread callback to my function */
client->client->readcb = direct_relay_clientreadcb;
client->client->writecb = direct_relay_clientwritecb;
client->relay->readcb = direct_relay_relayreadcb;
client->relay->writecb = direct_relay_relaywritecb;
}
else
{
redsocks_log_error(client, LOG_DEBUG, "failed to start relay");
goto fail;
}
client->relay->writecb(buffev, _arg);
return;
fail:
redsocks_drop_client(client);
}
static int ss_connect_relay(redsocks_client *client)
{
struct timeval tv;
tv.tv_sec = client->instance->config.timeout;
tv.tv_usec = 0;
/* use default timeout if timeout is not configured */
if (tv.tv_sec == 0)
tv.tv_sec = DEFAULT_CONNECT_TIMEOUT;
client->relay = red_connect_relay2(&client->instance->config.relayaddr,
NULL, ss_relay_connected, redsocks_event_error, client,
&tv);
if (!client->relay) {
redsocks_log_errno(client, LOG_ERR, "ss_connect_relay");
redsocks_drop_client(client);
return -1;
}
return 0;
}
static int direct_connect_relay(redsocks_client *client)
{
char * interface = client->instance->config.interface;
// Allowing binding relay socket to specified IP for outgoing connections
if (interface && strlen(interface))
{
client->relay = red_connect_relay_if(interface,
&client->destaddr, NULL,
redsocks_relay_connected, redsocks_event_error, client);
}
else
client->relay = red_connect_relay(&client->destaddr, NULL,
redsocks_relay_connected, redsocks_event_error, client);
if (!client->relay)
{
redsocks_log_errno(client, LOG_ERR, "red_connect_relay");
redsocks_drop_client(client);
return -1;
}
return 0;
}
static void socks5_read_cb(struct bufferevent *buffev, void *_arg)
{
redsocks_client *client = _arg;
socks5_client *socks5 = red_payload(client);
redsocks_touch_client(client);
if (client->state == socks5_method_sent) {
socks5_read_auth_methods(buffev, client, socks5);
}
else if (client->state == socks5_auth_sent) {
socks5_read_auth_reply(buffev, client, socks5);
}
else if (client->state == socks5_request_sent) {
socks5_read_reply(buffev, client, socks5);
}
else if (client->state == socks5_skip_domain) {
socks5_addr_ipv4 ipv4; // all socks5_addr*.port are equal
uint8_t size;
if (redsocks_read_expected(client, buffev->input, &size, sizes_greater_equal, sizeof(size)) < 0)
return;
socks5->to_skip = size + sizeof(ipv4.port);
redsocks_write_helper(
buffev, client,
NULL, socks5_skip_address, socks5->to_skip
);
}
else if (client->state == socks5_skip_address) {
uint8_t data[socks5->to_skip];
if (redsocks_read_expected(client, buffev->input, data, sizes_greater_equal, socks5->to_skip) < 0)
return;
redsocks_start_relay(client);
}
else {
redsocks_drop_client(client);
}
}
static void httpr_client_read_cb(struct bufferevent *buffev, void *_arg)
{
redsocks_client *client = _arg;
httpr_client *httpr = (void*)(client + 1);
redsocks_touch_client(client);
if (client->state >= httpr_recv_request_headers) {
httpr_client_read_content(buffev, client);
return;
}
char *line = NULL;
int connect_relay = 0;
while (!connect_relay && (line = redsocks_evbuffer_readline(buffev->input))) {
int skip_line = 0;
int do_drop = 0;
if (strlen(line) > 0) {
if (!httpr->firstline) {
httpr->firstline = line;
line = 0;
}
else if (strncasecmp(line, "Host", 4) == 0) {
httpr->has_host = 1;
char *ptr = line + 5;
while (*ptr && isspace(*ptr))
ptr ++;
httpr->host = calloc(strlen(ptr) + 1, 1);
strcpy(httpr->host, ptr);
} else if (strncasecmp(line, "Proxy-Connection", 16) == 0)
skip_line = 1;
else if (strncasecmp(line, "Connection", 10) == 0)
skip_line = 1;
}
else { // last line of request
if (!httpr->firstline || httpr_toss_http_firstline(client) < 0)
do_drop = 1;
if (!httpr->has_host) {
char host[32]; // "Host: 123.456.789.012:34567"
int written_wo_null = snprintf(host, sizeof(host), "Host: %s",
fmt_http_host(client->destaddr));
UNUSED(written_wo_null);
assert(0 < written_wo_null && written_wo_null < sizeof(host));
if (httpr_append_header(client, host) < 0)
do_drop = 1;
}
if (httpr_append_header(client, "Proxy-Connection: close") < 0)
do_drop = 1;
if (httpr_append_header(client, "Connection: close") < 0)
do_drop = 1;
connect_relay = 1;
}
if (line && !skip_line)
if (httpr_append_header(client, line) < 0)
do_drop = 1;
free(line);
if (do_drop) {
redsocks_drop_client(client);
return;
}
}
if (connect_relay) {
client->state = httpr_recv_request_headers;
httpr_client_read_content(buffev, client);
redsocks_connect_relay(client);
}
}
static void httpr_relay_write_cb(struct bufferevent *buffev, void *_arg)
{
redsocks_client *client = _arg;
httpr_client *httpr = (void*)(client + 1);
int len = 0;
assert(client->state >= httpr_recv_request_headers);
redsocks_touch_client(client);
if (client->state == httpr_recv_request_headers) {
if (httpr->firstline) {
len = bufferevent_write(client->relay, httpr->firstline, strlen(httpr->firstline));
if (len < 0) {
redsocks_log_errno(client, LOG_ERR, "bufferevent_write");
redsocks_drop_client(client);
return;
}
}
http_auth *auth = (void*)(client->instance + 1);
++auth->last_auth_count;
const char *auth_scheme = NULL;
char *auth_string = NULL;
if (auth->last_auth_query != NULL) {
/* find previous auth challange */
if (strncasecmp(auth->last_auth_query, "Basic", 5) == 0) {
auth_string = basic_authentication_encode(client->instance->config.login, client->instance->config.password);
auth_scheme = "Basic";
} else if (strncasecmp(auth->last_auth_query, "Digest", 6) == 0 && httpr->firstline) {
/* calculate method & uri */
char *ptr = strchr(httpr->firstline, ' '), *ptr2;
char *method = calloc(ptr - httpr->firstline + 1, 1);
memcpy(method, httpr->firstline, ptr - httpr->firstline);
method[ptr - httpr->firstline] = 0;
ptr = strchr(httpr->firstline, '/');
if (!ptr || *++ptr != '/') {
free(method);
redsocks_log_error(client, LOG_NOTICE, "malformed request came");
redsocks_drop_client(client);
return;
}
if (!(ptr = strchr(++ptr, '/')) || !(ptr2 = strchr(ptr, ' '))) {
free(method);
redsocks_log_error(client, LOG_NOTICE, "malformed request came");
redsocks_drop_client(client);
return;
}
char *uri = calloc(ptr2 - ptr + 1, 1);
memcpy(uri, ptr, ptr2 - ptr);
uri[ptr2 - ptr] = 0;
/* prepare an random string for cnounce */
char cnounce[17];
snprintf(cnounce, sizeof(cnounce), "%08x%08x", red_randui32(), red_randui32());
auth_string = digest_authentication_encode(auth->last_auth_query + 7, //line
client->instance->config.login, client->instance->config.password, //user, pass
method, uri, auth->last_auth_count, cnounce); // method, path, nc, cnounce
free(method);
free(uri);
auth_scheme = "Digest";
}
}
if (auth_string != NULL) {
len = 0;
len |= bufferevent_write(client->relay, auth_response_header, strlen(auth_response_header));
len |= bufferevent_write(client->relay, " ", 1);
len |= bufferevent_write(client->relay, auth_scheme, strlen(auth_scheme));
len |= bufferevent_write(client->relay, " ", 1);
len |= bufferevent_write(client->relay, auth_string, strlen(auth_string));
len |= bufferevent_write(client->relay, "\r\n", 2);
if (len) {
redsocks_log_errno(client, LOG_ERR, "bufferevent_write");
redsocks_drop_client(client);
return;
}
}
free(auth_string);
len = bufferevent_write(client->relay, httpr->client_buffer.buff, httpr->client_buffer.len);
if (len < 0) {
redsocks_log_errno(client, LOG_ERR, "bufferevent_write");
redsocks_drop_client(client);
return;
}
client->state = httpr_request_sent;
buffev->wm_read.low = 1;
buffev->wm_read.high = HTTP_HEAD_WM_HIGH;
bufferevent_enable(buffev, EV_READ);
}
}
static void httpr_relay_read_cb(struct bufferevent *buffev, void *_arg)
{
redsocks_client *client = _arg;
httpr_client *httpr = (void*)(client + 1);
int dropped = 0;
assert(client->state >= httpr_request_sent);
redsocks_touch_client(client);
httpr_buffer_fini(&httpr->relay_buffer);
httpr_buffer_init(&httpr->relay_buffer);
if (client->state == httpr_request_sent) {
size_t len = EVBUFFER_LENGTH(buffev->input);
char *line = redsocks_evbuffer_readline(buffev->input);
if (line) {
httpr_buffer_append(&httpr->relay_buffer, line, strlen(line));
httpr_buffer_append(&httpr->relay_buffer, "\r\n", 2);
unsigned int code;
if (sscanf(line, "HTTP/%*u.%*u %u", &code) == 1) { // 1 == one _assigned_ match
if (code == 407) { // auth failed
http_auth *auth = (void*)(client->instance + 1);
if (auth->last_auth_query != NULL && auth->last_auth_count == 1) {
redsocks_log_error(client, LOG_NOTICE, "proxy auth failed");
redsocks_drop_client(client);
dropped = 1;
} else if (client->instance->config.login == NULL || client->instance->config.password == NULL) {
redsocks_log_error(client, LOG_NOTICE, "proxy auth required, but no login information provided");
redsocks_drop_client(client);
dropped = 1;
} else {
free(line);
char *auth_request = get_auth_request_header(buffev->input);
if (!auth_request) {
redsocks_log_error(client, LOG_NOTICE, "403 found, but no proxy auth challenge");
redsocks_drop_client(client);
dropped = 1;
} else {
free(auth->last_auth_query);
char *ptr = auth_request;
ptr += strlen(auth_request_header);
while (isspace(*ptr))
ptr++;
auth->last_auth_query = calloc(strlen(ptr) + 1, 1);
strcpy(auth->last_auth_query, ptr);
auth->last_auth_count = 0;
free(auth_request);
httpr_buffer_fini(&httpr->relay_buffer);
if (bufferevent_disable(client->relay, EV_WRITE)) {
redsocks_log_errno(client, LOG_ERR, "bufferevent_disable");
return;
}
/* close relay tunnel */
redsocks_close(EVENT_FD(&client->relay->ev_write));
bufferevent_free(client->relay);
/* set to initial state*/
client->state = httpr_recv_request_headers;
/* and reconnect */
redsocks_connect_relay(client);
return;
}
}
} else if (100 <= code && code <= 999) {
client->state = httpr_reply_came;
} else {
redsocks_log_error(client, LOG_NOTICE, "%s", line);
redsocks_drop_client(client);
dropped = 1;
}
}
free(line);
}
else if (len >= HTTP_HEAD_WM_HIGH) {
redsocks_drop_client(client);
dropped = 1;
}
}
if (dropped)
return;
while (client->state == httpr_reply_came) {
char *line = redsocks_evbuffer_readline(buffev->input);
if (line) {
httpr_buffer_append(&httpr->relay_buffer, line, strlen(line));
httpr_buffer_append(&httpr->relay_buffer, "\r\n", 2);
if (strlen(line) == 0) {
client->state = httpr_headers_skipped;
}
free(line);
}
else {
break;
}
}
if (client->state == httpr_headers_skipped) {
if (bufferevent_write(client->client, httpr->relay_buffer.buff, httpr->relay_buffer.len) != 0) {
redsocks_log_error(client, LOG_NOTICE, "bufferevent_write");
redsocks_drop_client(client);
return;
}
redsocks_start_relay(client);
}
}
static void httpc_read_cb(struct bufferevent *buffev, void *_arg)
{
redsocks_client *client = _arg;
assert(client->relay == buffev);
assert(client->state == httpc_request_sent || client->state == httpc_reply_came);
redsocks_touch_client(client);
// evbuffer_add() triggers callbacks, so we can't write to client->client
// till we know that we're going to ONFAIL_FORWARD_HTTP_ERR.
// And the decision is made when all the headers are processed.
struct evbuffer* tee = NULL;
const bool do_errtee = client->instance->config.on_proxy_fail == ONFAIL_FORWARD_HTTP_ERR;
if (client->state == httpc_request_sent) {
size_t len = evbuffer_get_length(buffev->input);
char *line = redsocks_evbuffer_readline(buffev->input);
if (line) {
unsigned int code;
if (sscanf(line, "HTTP/%*u.%*u %u", &code) == 1) { // 1 == one _assigned_ match
if (code == 407) { // auth failed
http_auth *auth = red_http_auth(client->instance);
if (auth->last_auth_query != NULL && auth->last_auth_count == 1) {
redsocks_log_error(client, LOG_NOTICE, "HTTP Proxy auth failed: %s", line);
client->state = httpc_no_way;
} else if (client->instance->config.login == NULL || client->instance->config.password == NULL) {
redsocks_log_error(client, LOG_NOTICE, "HTTP Proxy auth required, but no login/password configured: %s", line);
client->state = httpc_no_way;
} else {
if (do_errtee)
tee = evbuffer_new();
char *auth_request = http_auth_request_header(buffev->input, tee);
if (!auth_request) {
redsocks_log_error(client, LOG_NOTICE, "HTTP Proxy auth required, but no <%s> header found: %s", auth_request_header, line);
client->state = httpc_no_way;
} else {
free(line);
if (tee)
evbuffer_free(tee);
free(auth->last_auth_query);
char *ptr = auth_request;
ptr += strlen(auth_request_header);
while (isspace(*ptr))
ptr++;
size_t last_auth_query_len = strlen(ptr) + 1;
auth->last_auth_query = calloc(last_auth_query_len, 1);
memcpy(auth->last_auth_query, ptr, last_auth_query_len);
auth->last_auth_count = 0;
free(auth_request);
if (bufferevent_disable(client->relay, EV_WRITE)) {
redsocks_log_errno(client, LOG_ERR, "bufferevent_disable");
return;
}
/* close relay tunnel */
redsocks_bufferevent_free(client->relay);
/* set to initial state*/
client->state = httpc_new;
/* and reconnect */
redsocks_connect_relay(client);
return;
}
}
} else if (200 <= code && code <= 299) {
client->state = httpc_reply_came;
} else {
redsocks_log_error(client, LOG_NOTICE, "HTTP Proxy error: %s", line);
client->state = httpc_no_way;
}
} else {
redsocks_log_error(client, LOG_NOTICE, "HTTP Proxy bad firstline: %s", line);
client->state = httpc_no_way;
}
if (do_errtee && client->state == httpc_no_way) {
if (bufferevent_write(client->client, line, strlen(line)) != 0 ||
bufferevent_write(client->client, "\r\n", 2) != 0)
{
redsocks_log_errno(client, LOG_NOTICE, "bufferevent_write");
goto fail;
}
}
free(line);
}
else if (len >= HTTP_HEAD_WM_HIGH) {
redsocks_log_error(client, LOG_NOTICE, "HTTP Proxy reply is too long, %zu bytes", len);
client->state = httpc_no_way;
}
}
if (do_errtee && client->state == httpc_no_way) {
if (tee) {
if (bufferevent_write_buffer(client->client, tee) != 0) {
redsocks_log_errno(client, LOG_NOTICE, "bufferevent_write_buffer");
goto fail;
}
}
redsocks_shutdown(client, client->client, SHUT_RD);
const size_t avail = evbuffer_get_length(client->client->input);
if (avail) {
if (evbuffer_drain(client->client->input, avail) != 0) {
redsocks_log_errno(client, LOG_NOTICE, "evbuffer_drain");
goto fail;
}
}
redsocks_shutdown(client, client->relay, SHUT_WR);
client->state = httpc_headers_skipped;
}
fail:
if (tee) {
evbuffer_free(tee);
}
if (client->state == httpc_no_way) {
redsocks_drop_client(client);
return;
}
while (client->state == httpc_reply_came) {
char *line = redsocks_evbuffer_readline(buffev->input);
if (line) {
if (strlen(line) == 0) {
client->state = httpc_headers_skipped;
}
free(line);
}
else {
break;
}
}
if (client->state == httpc_headers_skipped) {
redsocks_start_relay(client);
}
}