static int localproxy_select_result(int fd, int event)
{
Local_Proxy_Socket s;
char buf[20480];
int ret;
if (!(s = find234(localproxy_by_fromfd, &fd, localproxy_fromfd_find)) &&
!(s = find234(localproxy_by_tofd, &fd, localproxy_tofd_find)) )
return 1; /* boggle */
if (event == 1) {
assert(fd == s->from_cmd);
ret = read(fd, buf, sizeof(buf));
if (ret < 0) {
return plug_closing(s->plug, strerror(errno), errno, 0);
} else if (ret == 0) {
return plug_closing(s->plug, NULL, 0, 0);
} else {
return plug_receive(s->plug, 0, buf, ret);
}
} else if (event == 2) {
assert(fd == s->to_cmd);
if (localproxy_try_send(s))
plug_sent(s->plug, bufchain_size(&s->pending_output_data));
return 1;
}
return 1;
}
static int handle_gotdata(struct handle *h, void *data, int len)
{
Handle_Socket ps = (Handle_Socket) handle_get_privdata(h);
if (len < 0) {
return plug_closing(ps->plug, "Read error from handle",
0, 0);
} else if (len == 0) {
return plug_closing(ps->plug, NULL, 0, 0);
} else {
assert(ps->frozen != FREEZING && ps->frozen != THAWING);
if (ps->frozen == FREEZING) {
/*
* If we've received data while this socket is supposed to
* be frozen (because the read winhandl.c started before
* sk_set_frozen was called has now returned) then buffer
* the data for when we unfreeze.
*/
bufchain_add(&ps->inputdata, data, len);
/*
* And return a very large backlog, to prevent further
* data arriving from winhandl until we unfreeze.
*/
return INT_MAX;
} else {
return plug_receive(ps->plug, 0, data, len);
}
}
}
int localproxy_gotdata(struct handle *h, void *data, int len) {
Local_Proxy_Socket ps = (Local_Proxy_Socket) handle_get_privdata(h);
if (len < 0) {
return plug_closing(ps->plug, "Read error from local proxy command", 0,
0);
} else if (len == 0) {
return plug_closing(ps->plug, NULL, 0, 0);
} else {
return plug_receive(ps->plug, 1, data, len);
}
}
int proxy_socks5_selectchap(Proxy_Socket p)
{
if (p->cfg.proxy_username[0] || p->cfg.proxy_password[0]) {
char chapbuf[514];
int ulen;
chapbuf[0] = '\x01'; /* Version */
chapbuf[1] = '\x02'; /* Number of attributes sent */
chapbuf[2] = '\x11'; /* First attribute - algorithms list */
chapbuf[3] = '\x01'; /* Only one CHAP algorithm */
chapbuf[4] = '\x85'; /* ...and it's HMAC-MD5, the core one */
chapbuf[5] = '\x02'; /* Second attribute - username */
ulen = strlen(p->cfg.proxy_username);
if (ulen > 255) ulen = 255; if (ulen < 1) ulen = 1;
chapbuf[6] = ulen;
memcpy(chapbuf+7, p->cfg.proxy_username, ulen);
sk_write(p->sub_socket, chapbuf, ulen + 7);
p->chap_num_attributes = 0;
p->chap_num_attributes_processed = 0;
p->chap_current_attribute = -1;
p->chap_current_datalen = 0;
p->state = 8;
} else
plug_closing(p->plug, "Proxy error: Server chose "
"CHAP authentication but we didn't offer it!",
PROXY_ERROR_GENERAL, 0);
return 1;
}
static int plug_proxy_closing(Plug p, const char *error_msg, int error_code,
int calling_back) {
Proxy_Plug pp = (Proxy_Plug) p;
Proxy_Socket ps = pp->proxy_socket;
if (ps->state != PROXY_STATE_ACTIVE) {
ps->closing_error_msg = error_msg;
ps->closing_error_code = error_code;
ps->closing_calling_back = calling_back;
return ps->negotiate(ps, PROXY_CHANGE_CLOSING);
}
return plug_closing(ps->plug, error_msg, error_code, calling_back);
}
static void handle_sentdata(struct handle *h, int new_backlog)
{
Handle_Socket ps = (Handle_Socket) handle_get_privdata(h);
if (new_backlog < 0) {
/* Special case: this is actually reporting an error writing
* to the underlying handle, and our input value is the error
* code itself, negated. */
plug_closing(ps->plug, win_strerror(-new_backlog), -new_backlog, 0);
return;
}
plug_sent(ps->plug, new_backlog);
}
static void plug_proxy_closing (Plug p, const char *error_msg,
int error_code, int calling_back)
{
ProxySocket *ps = FROMFIELD(p, ProxySocket, plugvt);
if (ps->state != PROXY_STATE_ACTIVE) {
ps->closing_error_msg = error_msg;
ps->closing_error_code = error_code;
ps->closing_calling_back = calling_back;
ps->negotiate(ps, PROXY_CHANGE_CLOSING);
} else {
plug_closing(ps->plug, error_msg, error_code, calling_back);
}
}
static int localproxy_try_send(Local_Proxy_Socket ps)
{
int sent = 0;
while (bufchain_size(&ps->pending_output_data) > 0) {
void *data;
int len, ret;
bufchain_prefix(&ps->pending_output_data, &data, &len);
ret = write(ps->to_cmd, data, len);
if (ret < 0 && errno != EWOULDBLOCK) {
plug_closing(ps->plug, strerror(errno), errno, 0);
return 0;
} else if (ret <= 0) {
break;
} else {
bufchain_consume(&ps->pending_output_data, ret);
sent += ret;
}
}
if (ps->outgoingeof == EOF_PENDING) {
del234(localproxy_by_tofd, ps);
close(ps->to_cmd);
uxsel_del(ps->to_cmd);
ps->to_cmd = -1;
ps->outgoingeof = EOF_SENT;
}
if (bufchain_size(&ps->pending_output_data) == 0)
uxsel_del(ps->to_cmd);
else
uxsel_set(ps->to_cmd, 2, localproxy_select_result);
return sent;
}
int proxy_socks5_handlechap(Proxy_Socket p)
{
/* CHAP authentication reply format:
* version number (1 bytes) = 1
* number of commands (1 byte)
*
* For each command:
* command identifier (1 byte)
* data length (1 byte)
*/
unsigned char data[260];
unsigned char outbuf[20];
while (p->chap_num_attributes == 0 ||
p->chap_num_attributes_processed < p->chap_num_attributes) {
if (p->chap_num_attributes == 0 || p->chap_current_attribute == -1) {
/* CHAP normally reads in two bytes, either at the
* beginning or for each attribute/value pair. But if
* we're waiting for the value's data, we might not want
* to read 2 bytes.
*/
if (bufchain_size(&p->pending_input_data) < 2)
return 1; /* not got anything yet */
/* get the response */
bufchain_fetch(&p->pending_input_data, data, 2);
bufchain_consume(&p->pending_input_data, 2);
}
if (p->chap_num_attributes == 0) {
/* If there are no attributes, this is our first msg
* with the server, where we negotiate version and
* number of attributes
*/
if (data[0] != 0x01) {
plug_closing(p->plug,
"Proxy error: SOCKS proxy wants"
" a different CHAP version",
PROXY_ERROR_GENERAL,
0);
return 1;
}
if (data[1] == 0x00) {
plug_closing(p->plug,
"Proxy error: SOCKS proxy won't"
" negotiate CHAP with us",
PROXY_ERROR_GENERAL,
0);
return 1;
}
p->chap_num_attributes = data[1];
} else {
if (p->chap_current_attribute == -1) {
/* We have to read in each attribute/value pair -
* those we don't understand can be ignored, but
* there are a few we'll need to handle.
*/
p->chap_current_attribute = data[0];
p->chap_current_datalen = data[1];
}
if (bufchain_size(&p->pending_input_data) < p->chap_current_datalen)
return 1; /* not got everything yet */
/* get the response */
bufchain_fetch(&p->pending_input_data, data, p->chap_current_datalen);
bufchain_consume(&p->pending_input_data, p->chap_current_datalen);
switch (p->chap_current_attribute) {
case 0x00:
/* Successful authentication */
if (data[0] == 0x00)
p->state = 2;
else {
plug_closing(p->plug,
"Proxy error: SOCKS proxy"
" refused CHAP authentication",
PROXY_ERROR_GENERAL,
0);
return 1;
}
break;
case 0x03:
outbuf[0] = 0x01; /* Version */
outbuf[1] = 0x01; /* One attribute */
outbuf[2] = 0x04; /* Response */
outbuf[3] = 0x10; /* Length */
hmacmd5_chap(data,
p->chap_current_datalen,
conf_get_str(p->conf, CONF_proxy_password),
&outbuf[4]);
sk_write(p->sub_socket, (char *)outbuf, 20);
break;
case 0x11:
/* Chose a protocol */
if (data[0] != 0x85) {
plug_closing(p->plug,
"Proxy error: Server chose "
"CHAP of other than HMAC-MD5 but we "
"didn't offer it!",
PROXY_ERROR_GENERAL,
0);
return 1;
}
break;
}
p->chap_current_attribute = -1;
p->chap_num_attributes_processed++;
}
if (p->state == 8 &&
p->chap_num_attributes_processed >= p->chap_num_attributes) {
p->chap_num_attributes = 0;
p->chap_num_attributes_processed = 0;
p->chap_current_datalen = 0;
}
}
return 0;
}
int proxy_socks5_selectchap(Proxy_Socket p) {
plug_closing(p->plug, "Proxy error: Trying to handle a SOCKS5 CHAP request"
" in telnet-only build", PROXY_ERROR_GENERAL, 0);
return 1;
}
