static gboolean ssl_connected(gpointer data, gint source,
b_input_condition cond)
{
struct scd *conn = data;
/* Right now we don't have any verification functionality for NSS. */
if (conn->verify) {
conn->func(conn->data, 1, NULL, cond);
if (source >= 0) {
closesocket(source);
}
g_free(conn->hostname);
g_free(conn);
return FALSE;
}
if (source == -1) {
goto ssl_connected_failure;
}
/* Until we find out how to handle non-blocking I/O with NSS... */
sock_make_blocking(conn->fd);
conn->prfd = SSL_ImportFD(NULL, PR_ImportTCPSocket(source));
if (!conn->prfd) {
goto ssl_connected_failure;
}
SSL_OptionSet(conn->prfd, SSL_SECURITY, PR_TRUE);
SSL_OptionSet(conn->prfd, SSL_HANDSHAKE_AS_CLIENT, PR_TRUE);
SSL_BadCertHook(conn->prfd, (SSLBadCertHandler) nss_bad_cert, NULL);
SSL_AuthCertificateHook(conn->prfd, (SSLAuthCertificate) nss_auth_cert,
(void *) CERT_GetDefaultCertDB());
SSL_SetURL(conn->prfd, conn->hostname);
SSL_ResetHandshake(conn->prfd, PR_FALSE);
if (SSL_ForceHandshake(conn->prfd)) {
goto ssl_connected_failure;
}
conn->established = TRUE;
conn->func(conn->data, 0, conn, cond);
return FALSE;
ssl_connected_failure:
conn->func(conn->data, 0, NULL, cond);
if (conn->prfd) {
PR_Close(conn->prfd);
} else if (source >= 0) {
/* proxy_disconnect() would be redundant here */
closesocket(source);
}
g_free(conn->hostname);
g_free(conn);
return FALSE;
}
static gboolean gaim_io_connected(gpointer data, gint source, b_input_condition cond)
{
struct PHB *phb = data;
unsigned int len;
int error = ETIMEDOUT;
len = sizeof(error);
#ifndef _WIN32
if (getsockopt(source, SOL_SOCKET, SO_ERROR, &error, &len) < 0) {
closesocket(source);
b_event_remove(phb->inpa);
if( phb->proxy_func )
phb->proxy_func(phb->proxy_data, -1, GAIM_INPUT_READ);
else {
phb->func(phb->data, -1, GAIM_INPUT_READ);
g_free(phb);
}
return FALSE;
}
#endif
sock_make_blocking(source);
b_event_remove(phb->inpa);
if( phb->proxy_func )
phb->proxy_func(phb->proxy_data, source, GAIM_INPUT_READ);
else {
phb->func(phb->data, source, GAIM_INPUT_READ);
g_free(phb);
}
return FALSE;
}
static gboolean http_canwrite(gpointer data, gint source, b_input_condition cond)
{
char cmd[384];
struct PHB *phb = data;
unsigned int len;
int error = ETIMEDOUT;
if (phb->inpa > 0)
b_event_remove(phb->inpa);
len = sizeof(error);
if (getsockopt(source, SOL_SOCKET, SO_ERROR, &error, &len) < 0) {
close(source);
phb->func(phb->data, -1, GAIM_INPUT_READ);
g_free(phb->host);
g_free(phb);
return FALSE;
}
sock_make_blocking(source);
g_snprintf(cmd, sizeof(cmd), "CONNECT %s:%d HTTP/1.1\r\nHost: %s:%d\r\n", phb->host, phb->port,
phb->host, phb->port);
if (send(source, cmd, strlen(cmd), 0) < 0) {
close(source);
phb->func(phb->data, -1, GAIM_INPUT_READ);
g_free(phb->host);
g_free(phb);
return FALSE;
}
if (strlen(proxyuser) > 0) {
char *t1, *t2;
t1 = g_strdup_printf("%s:%s", proxyuser, proxypass);
t2 = tobase64(t1);
g_free(t1);
g_snprintf(cmd, sizeof(cmd), "Proxy-Authorization: Basic %s\r\n", t2);
g_free(t2);
if (send(source, cmd, strlen(cmd), 0) < 0) {
close(source);
phb->func(phb->data, -1, GAIM_INPUT_READ);
g_free(phb->host);
g_free(phb);
return FALSE;
}
}
g_snprintf(cmd, sizeof(cmd), "\r\n");
if (send(source, cmd, strlen(cmd), 0) < 0) {
close(source);
phb->func(phb->data, -1, GAIM_INPUT_READ);
g_free(phb->host);
g_free(phb);
return FALSE;
}
phb->inpa = b_input_add(source, GAIM_INPUT_READ, http_canread, phb);
return FALSE;
}
static gboolean s4_canwrite(gpointer data, gint source, b_input_condition cond)
{
unsigned char packet[12];
struct hostent *hp;
struct PHB *phb = data;
socklen_t len;
int error = ETIMEDOUT;
gboolean is_socks4a = (proxytype == PROXY_SOCKS4A);
if (phb->inpa > 0) {
b_event_remove(phb->inpa);
}
len = sizeof(error);
if (getsockopt(source, SOL_SOCKET, SO_ERROR, &error, &len) < 0) {
return phb_free(phb, FALSE);
}
sock_make_blocking(source);
if (!is_socks4a && !(hp = gethostbyname(phb->host))) {
return phb_free(phb, FALSE);
}
packet[0] = 4;
packet[1] = 1;
packet[2] = phb->port >> 8;
packet[3] = phb->port & 0xff;
if (is_socks4a) {
packet[4] = 0;
packet[5] = 0;
packet[6] = 0;
packet[7] = 1;
} else {
packet[4] = (unsigned char) (hp->h_addr_list[0])[0];
packet[5] = (unsigned char) (hp->h_addr_list[0])[1];
packet[6] = (unsigned char) (hp->h_addr_list[0])[2];
packet[7] = (unsigned char) (hp->h_addr_list[0])[3];
}
packet[8] = 0;
if (write(source, packet, 9) != 9) {
return phb_free(phb, FALSE);
}
if (is_socks4a) {
size_t host_len = strlen(phb->host) + 1; /* include the \0 */
if (write(source, phb->host, host_len) != host_len) {
return phb_free(phb, FALSE);
}
}
phb->inpa = b_input_add(source, B_EV_IO_READ, s4_canread, phb);
return FALSE;
}
/*
* XXX this is nearly as ugly as proxyconnect().
*/
int aim_conn_completeconnect(aim_session_t *sess, aim_conn_t *conn)
{
fd_set fds, wfds;
struct timeval tv;
int res, error = ETIMEDOUT;
aim_rxcallback_t userfunc;
if (!conn || (conn->fd == -1))
return -1;
if (!(conn->status & AIM_CONN_STATUS_INPROGRESS))
return -1;
FD_ZERO(&fds);
FD_SET(conn->fd, &fds);
FD_ZERO(&wfds);
FD_SET(conn->fd, &wfds);
tv.tv_sec = 0;
tv.tv_usec = 0;
if ((res = select(conn->fd+1, &fds, &wfds, NULL, &tv)) == -1) {
error = errno;
aim_conn_close(conn);
errno = error;
return -1;
} else if (res == 0) {
return 0; /* hasn't really completed yet... */
}
if (FD_ISSET(conn->fd, &fds) || FD_ISSET(conn->fd, &wfds)) {
socklen_t len = sizeof(error);
if (getsockopt(conn->fd, SOL_SOCKET, SO_ERROR, &error, &len) < 0)
error = errno;
}
if (error) {
aim_conn_close(conn);
errno = error;
return -1;
}
sock_make_blocking(conn->fd);
conn->status &= ~AIM_CONN_STATUS_INPROGRESS;
if ((userfunc = aim_callhandler(sess, conn, AIM_CB_FAM_SPECIAL, AIM_CB_SPECIAL_CONNCOMPLETE)))
userfunc(sess, NULL, conn);
/* Flush out the queues if there was something waiting for this conn */
aim_tx_flushqueue(sess);
return 0;
}
static gboolean s4_canwrite(gpointer data, gint source, b_input_condition cond)
{
unsigned char packet[12];
struct hostent *hp;
struct PHB *phb = data;
unsigned int len;
int error = ETIMEDOUT;
if (phb->inpa > 0)
b_event_remove(phb->inpa);
len = sizeof(error);
if (getsockopt(source, SOL_SOCKET, SO_ERROR, &error, &len) < 0) {
close(source);
phb->func(phb->data, -1, GAIM_INPUT_READ);
g_free(phb->host);
g_free(phb);
return FALSE;
}
sock_make_blocking(source);
/* XXX does socks4 not support host name lookups by the proxy? */
if (!(hp = gethostbyname(phb->host))) {
close(source);
phb->func(phb->data, -1, GAIM_INPUT_READ);
g_free(phb->host);
g_free(phb);
return FALSE;
}
packet[0] = 4;
packet[1] = 1;
packet[2] = phb->port >> 8;
packet[3] = phb->port & 0xff;
packet[4] = (unsigned char)(hp->h_addr_list[0])[0];
packet[5] = (unsigned char)(hp->h_addr_list[0])[1];
packet[6] = (unsigned char)(hp->h_addr_list[0])[2];
packet[7] = (unsigned char)(hp->h_addr_list[0])[3];
packet[8] = 0;
if (write(source, packet, 9) != 9) {
close(source);
phb->func(phb->data, -1, GAIM_INPUT_READ);
g_free(phb->host);
g_free(phb);
return FALSE;
}
phb->inpa = b_input_add(source, GAIM_INPUT_READ, s4_canread, phb);
return FALSE;
}
static gboolean gaim_io_connected(gpointer data, gint source, b_input_condition cond)
{
struct PHB *phb = data;
socklen_t len;
int error = ETIMEDOUT;
len = sizeof(error);
if (getsockopt(source, SOL_SOCKET, SO_ERROR, &error, &len) < 0 || error) {
if ((phb->gai_cur = phb->gai_cur->ai_next)) {
int new_fd;
b_event_remove(phb->inpa);
if ((new_fd = proxy_connect_none(NULL, 0, phb))) {
b_event_remove(phb->inpa);
closesocket(source);
dup2(new_fd, source);
closesocket(new_fd);
phb->inpa = b_input_add(source, B_EV_IO_WRITE, gaim_io_connected, phb);
return FALSE;
}
}
freeaddrinfo(phb->gai);
closesocket(source);
b_event_remove(phb->inpa);
phb->inpa = 0;
if( phb->proxy_func )
phb->proxy_func(phb->proxy_data, -1, B_EV_IO_READ);
else {
phb->func(phb->data, -1, B_EV_IO_READ);
g_free(phb);
}
return FALSE;
}
freeaddrinfo(phb->gai);
sock_make_blocking(source);
b_event_remove(phb->inpa);
phb->inpa = 0;
if( phb->proxy_func )
phb->proxy_func(phb->proxy_data, source, B_EV_IO_READ);
else {
phb->func(phb->data, source, B_EV_IO_READ);
g_free(phb);
}
return FALSE;
}
static gboolean ssl_handshake( gpointer data, gint source, b_input_condition cond )
{
struct scd *conn = data;
int st, stver;
if( ( st = gnutls_handshake( conn->session ) ) < 0 )
{
if( st == GNUTLS_E_AGAIN || st == GNUTLS_E_INTERRUPTED )
{
conn->inpa = b_input_add( conn->fd, ssl_getdirection( conn ),
ssl_handshake, data );
}
else
{
conn->func( conn->data, 0, NULL, cond );
gnutls_deinit( conn->session );
closesocket( conn->fd );
g_free( conn );
}
}
else
{
if( conn->verify && ( stver = verify_certificate_callback( conn->session ) ) != 0 )
{
conn->func( conn->data, stver, NULL, cond );
gnutls_deinit( conn->session );
closesocket( conn->fd );
g_free( conn );
}
else
{
/* For now we can't handle non-blocking perfectly everywhere... */
sock_make_blocking( conn->fd );
conn->established = TRUE;
conn->func( conn->data, 0, conn, cond );
}
}
return FALSE;
}
static gboolean s5_canwrite(gpointer data, gint source, b_input_condition cond)
{
unsigned char buf[512];
int i;
struct PHB *phb = data;
unsigned int len;
int error = ETIMEDOUT;
if (phb->inpa > 0)
b_event_remove(phb->inpa);
len = sizeof(error);
if (getsockopt(source, SOL_SOCKET, SO_ERROR, &error, &len) < 0) {
close(source);
phb->func(phb->data, -1, GAIM_INPUT_READ);
g_free(phb->host);
g_free(phb);
return FALSE;
}
sock_make_blocking(source);
i = 0;
buf[0] = 0x05; /* SOCKS version 5 */
if (proxyuser[0]) {
buf[1] = 0x02; /* two methods */
buf[2] = 0x00; /* no authentication */
buf[3] = 0x02; /* username/password authentication */
i = 4;
} else {
buf[1] = 0x01;
buf[2] = 0x00;
i = 3;
}
if (write(source, buf, i) < i) {
close(source);
phb->func(phb->data, -1, GAIM_INPUT_READ);
g_free(phb->host);
g_free(phb);
return FALSE;
}
phb->inpa = b_input_add(source, GAIM_INPUT_READ, s5_canread, phb);
return FALSE;
}
static gboolean ssl_handshake(gpointer data, gint source, b_input_condition cond)
{
struct scd *conn = data;
int st;
if ((st = SSL_connect(conn->ssl)) < 0) {
conn->lasterr = SSL_get_error(conn->ssl, st);
if (conn->lasterr != SSL_ERROR_WANT_READ && conn->lasterr != SSL_ERROR_WANT_WRITE) {
conn->func(conn->data, 0, NULL, cond);
ssl_disconnect(conn);
return FALSE;
}
conn->inpa = b_input_add(conn->fd, ssl_getdirection(conn), ssl_handshake, data);
return FALSE;
}
conn->established = TRUE;
sock_make_blocking(conn->fd); /* For now... */
conn->func(conn->data, 0, conn, cond);
return FALSE;
}
static gboolean ssl_connected( gpointer data, gint source, b_input_condition cond )
{
struct scd *conn = data;
if( source == -1 )
goto ssl_connected_failure;
/* Until we find out how to handle non-blocking I/O with NSS... */
sock_make_blocking( conn->fd );
conn->prfd = SSL_ImportFD(NULL, PR_ImportTCPSocket(source));
SSL_OptionSet(conn->prfd, SSL_SECURITY, PR_TRUE);
SSL_OptionSet(conn->prfd, SSL_HANDSHAKE_AS_CLIENT, PR_TRUE);
SSL_BadCertHook(conn->prfd, (SSLBadCertHandler)nss_bad_cert, NULL);
SSL_AuthCertificateHook(conn->prfd, (SSLAuthCertificate)nss_auth_cert, (void *)CERT_GetDefaultCertDB());
SSL_ResetHandshake(conn->prfd, PR_FALSE);
if (SSL_ForceHandshake(conn->prfd)) {
goto ssl_connected_failure;
}
conn->established = TRUE;
conn->func( conn->data, conn, cond );
return FALSE;
ssl_connected_failure:
conn->func( conn->data, NULL, cond );
PR_Close( conn -> prfd );
if( source >= 0 ) closesocket( source );
g_free( conn );
return FALSE;
}
