From 7717b6f647feb250c0b94d038f72a640a7888915 Mon Sep 17 00:00:00 2001 From: Logan Dethrow Date: Tue, 28 Jun 2011 19:54:53 -0400 Subject: STORM-1112 More cleanup of SOCKS 5 proxy code. Renamed llsocks5.cpp to llproxy.cpp. --- indra/llmessage/CMakeLists.txt | 4 +- indra/llmessage/llcurl.cpp | 38 ++--- indra/llmessage/lliosocket.h | 2 +- indra/llmessage/llpacketring.cpp | 40 +++--- indra/llmessage/llproxy.cpp | 294 +++++++++++++++++++++++++++++++++++++++ indra/llmessage/llproxy.h | 244 ++++++++++++++++++++++++++++++++ indra/llmessage/llsocks5.cpp | 285 ------------------------------------- indra/llmessage/llsocks5.h | 241 -------------------------------- indra/llmessage/net.cpp | 2 +- 9 files changed, 568 insertions(+), 582 deletions(-) create mode 100644 indra/llmessage/llproxy.cpp create mode 100644 indra/llmessage/llproxy.h delete mode 100644 indra/llmessage/llsocks5.cpp delete mode 100644 indra/llmessage/llsocks5.h (limited to 'indra/llmessage') diff --git a/indra/llmessage/CMakeLists.txt b/indra/llmessage/CMakeLists.txt index 4b679ef6a5..0f40a670fa 100644 --- a/indra/llmessage/CMakeLists.txt +++ b/indra/llmessage/CMakeLists.txt @@ -65,6 +65,7 @@ set(llmessage_SOURCE_FILES llpacketbuffer.cpp llpacketring.cpp llpartdata.cpp + llproxy.cpp llpumpio.cpp llregionpresenceverifier.cpp llsdappservices.cpp @@ -76,7 +77,6 @@ set(llmessage_SOURCE_FILES llsdrpcserver.cpp llservicebuilder.cpp llservice.cpp - llsocks5.cpp llstoredmessage.cpp lltemplatemessagebuilder.cpp lltemplatemessagedispatcher.cpp @@ -162,6 +162,7 @@ set(llmessage_HEADER_FILES llpacketring.h llpartdata.h llpumpio.h + llproxy.h llqueryflags.h llregionflags.h llregionhandle.h @@ -175,7 +176,6 @@ set(llmessage_HEADER_FILES llsdrpcserver.h llservice.h llservicebuilder.h - llsocks5.h llstoredmessage.h lltaskname.h llteleportflags.h diff --git a/indra/llmessage/llcurl.cpp b/indra/llmessage/llcurl.cpp index 32dd438e68..0b368196d2 100644 --- a/indra/llmessage/llcurl.cpp +++ b/indra/llmessage/llcurl.cpp @@ -46,12 +46,12 @@ #endif #include "llbufferstream.h" -#include "llstl.h" #include "llsdserialize.h" +#include "llproxy.h" +#include "llstl.h" #include "llthread.h" #include "lltimer.h" -#include "llsocks5.h" ////////////////////////////////////////////////////////////////////////////// /* @@ -357,27 +357,6 @@ LLCurl::Easy* LLCurl::Easy::getEasy() // multi handles cache if they are added to one. CURLcode result = curl_easy_setopt(easy->mCurlEasyHandle, CURLOPT_DNS_CACHE_TIMEOUT, 0); check_curl_code(result); - - //Set the CURL options for either Socks or HTTP proxy - if (LLSocks::getInstance()->isHTTPProxyEnabled()) - { - std::string address = LLSocks::getInstance()->getHTTPProxy().getIPString(); - U16 port = LLSocks::getInstance()->getHTTPProxy().getPort(); - curl_easy_setopt(easy->mCurlEasyHandle, CURLOPT_PROXY,address.c_str()); - curl_easy_setopt(easy->mCurlEasyHandle, CURLOPT_PROXYPORT,port); - if (LLSocks::getInstance()->getHTTPProxyType() == LLPROXY_SOCKS) - { - curl_easy_setopt(easy->mCurlEasyHandle, CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5); - if(LLSocks::getInstance()->getSelectedAuthMethod()==METHOD_PASSWORD) - { - curl_easy_setopt(easy->mCurlEasyHandle, CURLOPT_PROXYUSERPWD,LLSocks::getInstance()->getProxyUserPwd().c_str()); - } - } - else - { - curl_easy_setopt(easy->mCurlEasyHandle, CURLOPT_PROXYTYPE, CURLPROXY_HTTP); - } - } ++gCurlEasyCount; return easy; @@ -557,18 +536,19 @@ void LLCurl::Easy::prepRequest(const std::string& url, //setopt(CURLOPT_VERBOSE, 1); // usefull for debugging setopt(CURLOPT_NOSIGNAL, 1); - if (LLSocks::getInstance()->isHTTPProxyEnabled()) + // Set the CURL options for either Socks or HTTP proxy + if (LLProxy::getInstance()->isHTTPProxyEnabled()) { - std::string address = LLSocks::getInstance()->getHTTPProxy().getIPString(); - U16 port = LLSocks::getInstance()->getHTTPProxy().getPort(); + std::string address = LLProxy::getInstance()->getHTTPProxy().getIPString(); + U16 port = LLProxy::getInstance()->getHTTPProxy().getPort(); setoptString(CURLOPT_PROXY, address.c_str()); setopt(CURLOPT_PROXYPORT, port); - if (LLSocks::getInstance()->getHTTPProxyType() == LLPROXY_SOCKS) + if (LLProxy::getInstance()->getHTTPProxyType() == LLPROXY_SOCKS) { setopt(CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5); - if(LLSocks::getInstance()->getSelectedAuthMethod()==METHOD_PASSWORD) + if(LLProxy::getInstance()->getSelectedAuthMethod()==METHOD_PASSWORD) { - setoptString(CURLOPT_PROXYUSERPWD,LLSocks::getInstance()->getProxyUserPwd()); + setoptString(CURLOPT_PROXYUSERPWD, LLProxy::getInstance()->getProxyUserPwdCURL()); } } else diff --git a/indra/llmessage/lliosocket.h b/indra/llmessage/lliosocket.h index 6806e5084a..ec60470459 100644 --- a/indra/llmessage/lliosocket.h +++ b/indra/llmessage/lliosocket.h @@ -159,7 +159,7 @@ protected: public: /** - * @brief Do not call this directly. + * @brief Do not call this directly. Use LLSocket::ptr_t.reset() instead. */ ~LLSocket(); diff --git a/indra/llmessage/llpacketring.cpp b/indra/llmessage/llpacketring.cpp index 62aaca0672..91ab1df149 100644 --- a/indra/llmessage/llpacketring.cpp +++ b/indra/llmessage/llpacketring.cpp @@ -37,19 +37,13 @@ // linden library includes #include "llerror.h" -#include "message.h" -#include "llsocks5.h" #include "lltimer.h" -#include "timing.h" +#include "llproxy.h" #include "llrand.h" +#include "message.h" +#include "timing.h" #include "u64.h" - - - - - - /////////////////////////////////////////////////////////// LLPacketRing::LLPacketRing () : mUseInThrottle(FALSE), @@ -231,28 +225,28 @@ S32 LLPacketRing::receivePacket (S32 socket, char *datap) else { // no delay, pull straight from net - if (LLSocks::isEnabled()) + if (LLProxy::isEnabled()) { - U8 buffer[MAX_BUFFER_SIZE]; - packet_size = receive_packet(socket, (char*)buffer); + U8 buffer[NET_BUFFER_SIZE]; + packet_size = receive_packet(socket, reinterpret_cast(buffer)); if (packet_size > 10) { - memcpy(datap,buffer+10,packet_size-10); + // *FIX We are assuming ATYP is 0x01 (IPv4), not 0x03 (hostname) or 0x04 (IPv6) + memcpy(datap, buffer + 10, packet_size - 10); + proxywrap_t * header = reinterpret_cast(buffer); + mLastSender.setAddress(header->addr); + mLastSender.setPort(ntohs(header->port)); } else { - packet_size=0; + packet_size = 0; } - - proxywrap_t * header = (proxywrap_t *)buffer; - mLastSender.setAddress(header->addr); - mLastSender.setPort(ntohs(header->port)); } else { - packet_size = receive_packet(socket, datap); - mLastSender = ::get_sender(); + packet_size = receive_packet(socket, datap); + mLastSender = ::get_sender(); } mLastReceivingIF = ::get_receiving_interface(); @@ -352,7 +346,7 @@ BOOL LLPacketRing::sendPacket(int h_socket, char * send_buffer, S32 buf_size, LL BOOL LLPacketRing::doSendPacket(int h_socket, const char * send_buffer, S32 buf_size, LLHost host) { - if (!LLSocks::isEnabled()) + if (!LLProxy::isEnabled()) { return send_packet(h_socket, send_buffer, buf_size, host.getAddress(), host.getPort()); } @@ -364,7 +358,7 @@ BOOL LLPacketRing::doSendPacket(int h_socket, const char * send_buffer, S32 buf_ socks_header->atype = ADDRESS_IPV4; socks_header->frag = 0; - memcpy(mProxyWrappedSendBuffer+10, send_buffer, buf_size); + memcpy(mProxyWrappedSendBuffer + 10, send_buffer, buf_size); - return send_packet(h_socket,(const char*) mProxyWrappedSendBuffer, buf_size+10, LLSocks::getInstance()->getUDPProxy().getAddress(), LLSocks::getInstance()->getUDPProxy().getPort()); + return send_packet(h_socket,(const char*) mProxyWrappedSendBuffer, buf_size + 10, LLProxy::getInstance()->getUDPProxy().getAddress(), LLProxy::getInstance()->getUDPProxy().getPort()); } diff --git a/indra/llmessage/llproxy.cpp b/indra/llmessage/llproxy.cpp new file mode 100644 index 0000000000..6bc9e8b62b --- /dev/null +++ b/indra/llmessage/llproxy.cpp @@ -0,0 +1,294 @@ +/** + * @file llsocks5.cpp + * @brief SOCKS 5 implementation + * + * $LicenseInfo:firstyear=2011&license=viewerlgpl$ + * Second Life Viewer Source Code + * Copyright (C) 2011, Linden Research, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; + * version 2.1 of the License only. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + * + * Linden Research, Inc., 945 Battery Street, San Francisco, CA 94111 USA + * $/LicenseInfo$ + */ + +#include "linden_common.h" + +#include "llproxy.h" + +#include + +#include "llapr.h" +#include "llhost.h" +#include "message.h" +#include "net.h" + +// Static class variable instances + +// We want this to be static to avoid excessive indirection on every +// incoming packet just to do a simple bool test. The getter for this +// member is also static +bool LLProxy::sUDPProxyEnabled = false; +bool LLProxy::sHTTPProxyEnabled = false; + +// Some helpful TCP functions +static LLSocket::ptr_t tcp_open_channel(apr_pool_t* pool, LLHost host); // Open a TCP channel to a given host +static void tcp_close_channel(LLSocket::ptr_t handle); // Close an open TCP channel +static int tcp_handshake(LLSocket::ptr_t handle, char * dataout, apr_size_t outlen, char * datain, apr_size_t maxinlen); // Do a TCP data handshake + + +LLProxy::LLProxy(): + mProxyType(LLPROXY_SOCKS), + mUDPProxy(), + mTCPProxy(), + mHTTPProxy(), + mAuthMethodSelected(METHOD_NOAUTH), + mSocksUsername(), + mSocksPassword(), + mPool(gAPRPoolp) +{ +} + +LLProxy::~LLProxy() +{ + tcp_close_channel(mProxyControlChannel); + sUDPProxyEnabled = false; + sHTTPProxyEnabled = false; +} + +// Perform a SOCKS 5 authentication and UDP association to the proxy +// specified by proxy, and associate UDP port message_port +int LLProxy::proxyHandshake(LLHost proxy, U32 message_port) +{ + int result; + + /* SOCKS 5 Auth request */ + socks_auth_request_t socks_auth_request; + socks_auth_response_t socks_auth_response; + + socks_auth_request.version = SOCKS_VERSION; // SOCKS version 5 + socks_auth_request.num_methods = 1; // Sending 1 method. + socks_auth_request.methods = mAuthMethodSelected; // Send only the selected method. + + result = tcp_handshake(mProxyControlChannel, (char*)&socks_auth_request, sizeof(socks_auth_request), (char*)&socks_auth_response, sizeof(socks_auth_response)); + if (result != 0) + { + llwarns << "SOCKS authentication request failed, error on TCP control channel : " << result << llendl; + stopProxy(); + return SOCKS_CONNECT_ERROR; + } + + if (socks_auth_response.method == AUTH_NOT_ACCEPTABLE) + { + llwarns << "SOCKS 5 server refused all our authentication methods" << llendl; + stopProxy(); + return SOCKS_NOT_ACCEPTABLE; + } + + // SOCKS 5 USERNAME/PASSWORD authentication + if (socks_auth_response.method == METHOD_PASSWORD) + { + // The server has requested a username/password combination + U32 request_size = mSocksUsername.size() + mSocksPassword.size() + 3; + char * password_auth = new char[request_size]; + password_auth[0] = 0x01; + password_auth[1] = mSocksUsername.size(); + memcpy(&password_auth[2], mSocksUsername.c_str(), mSocksUsername.size()); + password_auth[mSocksUsername.size() + 2] = mSocksPassword.size(); + memcpy(&password_auth[mSocksUsername.size()+3], mSocksPassword.c_str(), mSocksPassword.size()); + + authmethod_password_reply_t password_reply; + + result = tcp_handshake(mProxyControlChannel, password_auth, request_size, (char*)&password_reply, sizeof(authmethod_password_reply_t)); + delete[] password_auth; + + if (result != 0) + { + llwarns << "SOCKS authentication failed, error on TCP control channel : " << result << llendl; + stopProxy(); + return SOCKS_CONNECT_ERROR; + } + + if (password_reply.status != AUTH_SUCCESS) + { + llwarns << "SOCKS authentication failed" << llendl; + stopProxy(); + return SOCKS_AUTH_FAIL; + } + } + + /* SOCKS5 connect request */ + + socks_command_request_t connect_request; + socks_command_response_t connect_reply; + + connect_request.version = SOCKS_VERSION; // SOCKS V5 + connect_request.command = COMMAND_UDP_ASSOCIATE; // Associate UDP + connect_request.reserved = FIELD_RESERVED; + connect_request.atype = ADDRESS_IPV4; + connect_request.address = htonl(0); // 0.0.0.0 + connect_request.port = htons(0); // 0 + // "If the client is not in possession of the information at the time of the UDP ASSOCIATE, + // the client MUST use a port number and address of all zeros. RFC 1928" + + result = tcp_handshake(mProxyControlChannel, (char*)&connect_request, sizeof(socks_command_request_t), (char*)&connect_reply, sizeof(socks_command_response_t)); + if (result != 0) + { + llwarns << "SOCKS connect request failed, error on TCP control channel : " << result << llendl; + stopProxy(); + return SOCKS_CONNECT_ERROR; + } + + if (connect_reply.reply != REPLY_REQUEST_GRANTED) + { + //Something went wrong + llwarns << "Connection to SOCKS 5 server failed, UDP forward request not granted" << llendl; + stopProxy(); + return SOCKS_UDP_FWD_NOT_GRANTED; + } + + mUDPProxy.setPort(ntohs(connect_reply.port)); // reply port is in network byte order + mUDPProxy.setAddress(proxy.getAddress()); + // All good now we have been given the UDP port to send requests that need forwarding. + llinfos << "SOCKS 5 UDP proxy connected on " << mUDPProxy << llendl; + return SOCKS_OK; +} + +int LLProxy::startProxy(std::string host, U32 port) +{ + mTCPProxy.setHostByName(host); + mTCPProxy.setPort(port); + + int status; + + if (mProxyControlChannel) + { + tcp_close_channel(mProxyControlChannel); + } + + mProxyControlChannel = tcp_open_channel(mPool, mTCPProxy); + if (!mProxyControlChannel) + { + return SOCKS_HOST_CONNECT_FAILED; + } + status = proxyHandshake(mTCPProxy, (U32)gMessageSystem->mPort); + if (status == SOCKS_OK) + { + sUDPProxyEnabled = true; + } + else + { + stopProxy(); + } + return status; + +} + +void LLProxy::stopProxy() +{ + sUDPProxyEnabled = false; + + // If the SOCKS proxy is requested to stop and we are using that for http as well + // then we must shut down any http proxy operations. But it is allowable if web + // proxy is being used to continue proxying http. + + if(LLPROXY_SOCKS == mProxyType) + { + sHTTPProxyEnabled = false; + } + + if (mProxyControlChannel) + { + tcp_close_channel(mProxyControlChannel); + } +} + +void LLProxy::setAuthNone() +{ + mAuthMethodSelected = METHOD_NOAUTH; +} + +void LLProxy::setAuthPassword(const std::string &username, const std::string &password) +{ + mAuthMethodSelected = METHOD_PASSWORD; + mSocksUsername = username; + mSocksPassword = password; +} + +void LLProxy::enableHTTPProxy(LLHost httpHost, LLHttpProxyType type) +{ + sHTTPProxyEnabled = true; + mHTTPProxy = httpHost; + mProxyType = type; +} + +static int tcp_handshake(LLSocket::ptr_t handle, char * dataout, apr_size_t outlen, char * datain, apr_size_t maxinlen) +{ + apr_socket_t* apr_socket = handle->getSocket(); + apr_status_t rv; + + apr_size_t expected_len = outlen; + + apr_socket_opt_set(apr_socket, APR_SO_NONBLOCK, -5); // Blocking connection, 5 second timeout + apr_socket_timeout_set(apr_socket, (APR_USEC_PER_SEC * 5)); + + rv = apr_socket_send(apr_socket, dataout, &outlen); + if (rv != APR_SUCCESS || expected_len != outlen) + { + llwarns << "Error sending data to proxy control channel" << llendl; + ll_apr_warn_status(rv); + return -1; + } + + expected_len = maxinlen; + do + { + rv = apr_socket_recv(apr_socket, datain, &maxinlen); + llinfos << "Receiving packets." << llendl; + llwarns << "Proxy control channel status: " << rv << llendl; + } while (APR_STATUS_IS_EAGAIN(rv)); + + if (rv != APR_SUCCESS) + { + llwarns << "Error receiving data from proxy control channel, status: " << rv << llendl; + llwarns << "Received " << maxinlen << " bytes." << llendl; + ll_apr_warn_status(rv); + return rv; + } + else if (expected_len != maxinlen) + { + llwarns << "Incorrect data received length in proxy control channel" << llendl; + return -1; + } + + return 0; +} + +static LLSocket::ptr_t tcp_open_channel(apr_pool_t* pool, LLHost host) +{ + LLSocket::ptr_t socket = LLSocket::create(gAPRPoolp, LLSocket::STREAM_TCP); + bool connected = socket->blockingConnect(host); + if (!connected) + { + tcp_close_channel(socket); + } + + return socket; +} + +static void tcp_close_channel(LLSocket::ptr_t handle) +{ + handle.reset(); +} diff --git a/indra/llmessage/llproxy.h b/indra/llmessage/llproxy.h new file mode 100644 index 0000000000..979514a7e0 --- /dev/null +++ b/indra/llmessage/llproxy.h @@ -0,0 +1,244 @@ +/** + * @file llsocks5.h + * @brief Socks 5 implementation + * + * $LicenseInfo:firstyear=2011&license=viewerlgpl$ + * Second Life Viewer Source Code + * Copyright (C) 2011, Linden Research, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; + * version 2.1 of the License only. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + * + * Linden Research, Inc., 945 Battery Street, San Francisco, CA 94111 USA + * $/LicenseInfo$ + */ + +#ifndef LL_PROXY_H +#define LL_PROXY_H + +#include "llhost.h" +#include "lliosocket.h" +#include "llmemory.h" +#include "llsingleton.h" +#include + +// Error codes returned from the StartProxy method + +#define SOCKS_OK 0 +#define SOCKS_CONNECT_ERROR (-1) +#define SOCKS_NOT_PERMITTED (-2) +#define SOCKS_NOT_ACCEPTABLE (-3) +#define SOCKS_AUTH_FAIL (-4) +#define SOCKS_UDP_FWD_NOT_GRANTED (-5) +#define SOCKS_HOST_CONNECT_FAILED (-6) + +#ifndef MAXHOSTNAMELEN +#define MAXHOSTNAMELEN (255 + 1) /* socks5: 255, +1 for len. */ +#endif + +#define SOCKS_VERSION 0x05 // we are using SOCKS 5 + +// SOCKS 5 address/hostname types +#define ADDRESS_IPV4 0x01 +#define ADDRESS_HOSTNAME 0x03 +#define ADDRESS_IPV6 0x04 + +// Lets just use our own ipv4 struct rather than dragging in system +// specific headers +union ipv4_address_t { + U8 octets[4]; + U32 addr32; +}; + +// SOCKS 5 control channel commands +#define COMMAND_TCP_STREAM 0x01 +#define COMMAND_TCP_BIND 0x02 +#define COMMAND_UDP_ASSOCIATE 0x03 + +// SOCKS 5 command replies +#define REPLY_REQUEST_GRANTED 0x00 +#define REPLY_GENERAL_FAIL 0x01 +#define REPLY_RULESET_FAIL 0x02 +#define REPLY_NETWORK_UNREACHABLE 0x03 +#define REPLY_HOST_UNREACHABLE 0x04 +#define REPLY_CONNECTION_REFUSED 0x05 +#define REPLY_TTL_EXPIRED 0x06 +#define REPLY_PROTOCOL_ERROR 0x07 +#define REPLY_TYPE_NOT_SUPPORTED 0x08 + +#define FIELD_RESERVED 0x00 + +// The standard SOCKS 5 request packet +// Push current alignment to stack and set alignment to 1 byte boundary +// This enabled us to use structs directly to set up and receive network packets +// into the correct fields, without fear of boundary alignment causing issues +#pragma pack(push,1) + +// SOCKS 5 command packet +struct socks_command_request_t { + U8 version; + U8 command; + U8 reserved; + U8 atype; + U32 address; + U16 port; +}; + +// Standard SOCKS 5 reply packet +struct socks_command_response_t { + U8 version; + U8 reply; + U8 reserved; + U8 atype; + U8 add_bytes[4]; + U16 port; +}; + +#define AUTH_NOT_ACCEPTABLE 0xFF // reply if preferred methods are not available +#define AUTH_SUCCESS 0x00 // reply if authentication successful + +// SOCKS 5 authentication request, stating which methods the client supports +struct socks_auth_request_t { + U8 version; + U8 num_methods; + U8 methods; // We are only using a single method currently +}; + +// SOCKS 5 authentication response packet, stating server preferred method +struct socks_auth_response_t { + U8 version; + U8 method; +}; + +// SOCKS 5 password reply packet +struct authmethod_password_reply_t { + U8 version; + U8 status; +}; + +// SOCKS 5 UDP packet header +struct proxywrap_t { + U16 rsv; + U8 frag; + U8 atype; + U32 addr; + U16 port; +}; + +#pragma pack(pop) /* restore original alignment from stack */ + + +// Currently selected http proxy type +enum LLHttpProxyType +{ + LLPROXY_SOCKS = 0, + LLPROXY_HTTP = 1 +}; + +// Auth types +enum LLSocks5AuthType +{ + METHOD_NOAUTH = 0x00, // Client supports no auth + METHOD_GSSAPI = 0x01, // Client supports GSSAPI (Not currently supported) + METHOD_PASSWORD = 0x02 // Client supports username/password +}; + +class LLProxy: public LLSingleton +{ +public: + LLProxy(); + ~LLProxy(); + + // Start a connection to the SOCKS 5 proxy + int startProxy(std::string host, U32 port); + + // Disconnect and clean up any connection to the SOCKS 5 proxy + void stopProxy(); + + // Set up to use Password auth when connecting to the SOCKS proxy + void setAuthPassword(const std::string &username, const std::string &password); + + // Set up to use No Auth when connecting to the SOCKS proxy + void setAuthNone(); + + // get the currently selected auth method + LLSocks5AuthType getSelectedAuthMethod() const { return mAuthMethodSelected; } + + // static check for enabled status for UDP packets + static bool isEnabled() { return sUDPProxyEnabled; } + + // static check for enabled status for http packets + static bool isHTTPProxyEnabled() { return sHTTPProxyEnabled; } + + // Proxy HTTP packets via httpHost, which can be a SOCKS 5 or a HTTP proxy + // as specified in type + void enableHTTPProxy(LLHost httpHost, LLHttpProxyType type); + + // Stop proxying HTTP packets + void disableHTTPProxy() { sHTTPProxyEnabled = false; }; + + // Get the UDP proxy address and port + LLHost getUDPProxy() const { return mUDPProxy; } + + // Get the SOCKS 5 TCP control channel address and port + LLHost getTCPProxy() const { return mTCPProxy; } + + // Get the HTTP proxy address and port + LLHost getHTTPProxy() const { return mHTTPProxy; } + + // Get the currently selected HTTP proxy type + LLHttpProxyType getHTTPProxyType() const { return mProxyType; } + + // Get the username password in a curl compatible format + std::string getProxyUserPwdCURL() const { return (mSocksUsername + ":" + mSocksPassword); } + + std::string getSocksPwd() const { return mSocksPassword; } + std::string getSocksUser() const { return mSocksUsername; } + +private: + + // Open a communication channel to the SOCKS 5 proxy proxy, at port messagePort + int proxyHandshake(LLHost proxy, U32 messagePort); + + // socket handle to proxy TCP control channel + LLSocket::ptr_t mProxyControlChannel; + + // is the UDP proxy enabled? + static bool sUDPProxyEnabled; + // is the http proxy enabled? + static bool sHTTPProxyEnabled; + + // currently selected http proxy type + LLHttpProxyType mProxyType; + + // UDP proxy address and port + LLHost mUDPProxy; + // TCP Proxy control channel address and port + LLHost mTCPProxy; + // HTTP proxy address and port + LLHost mHTTPProxy; + + // SOCKS 5 auth method selected + LLSocks5AuthType mAuthMethodSelected; + + // SOCKS 5 username + std::string mSocksUsername; + // SOCKS 5 password + std::string mSocksPassword; + + // APR pool for the socket + apr_pool_t* mPool; +}; + +#endif diff --git a/indra/llmessage/llsocks5.cpp b/indra/llmessage/llsocks5.cpp deleted file mode 100644 index 278350bf25..0000000000 --- a/indra/llmessage/llsocks5.cpp +++ /dev/null @@ -1,285 +0,0 @@ -/** - * @file llsocks5.cpp - * @brief SOCKS 5 implementation - * - * $LicenseInfo:firstyear=2011&license=viewerlgpl$ - * Second Life Viewer Source Code - * Copyright (C) 2011, Linden Research, Inc. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; - * version 2.1 of the License only. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - * - * Linden Research, Inc., 945 Battery Street, San Francisco, CA 94111 USA - * $/LicenseInfo$ - */ - -#include "linden_common.h" - -#include "llsocks5.h" - -#include - -#include "llapr.h" -#include "llhost.h" -#include "message.h" -#include "net.h" - -// Static class variable instances - -// We want this to be static to avoid excessive indirection on every -// incoming packet just to do a simple bool test. The getter for this -// member is also static -bool LLSocks::sUDPProxyEnabled; -bool LLSocks::sHTTPProxyEnabled; - -// Some helpful TCP functions -static LLSocket::ptr_t tcp_open_channel(LLHost host); // Open a TCP channel to a given host -static void tcp_close_channel(LLSocket::ptr_t handle); // Close an open TCP channel -static int tcp_handshake(LLSocket::ptr_t handle, char * dataout, apr_size_t outlen, char * datain, apr_size_t maxinlen); // Do a TCP data handshake - - -LLSocks::LLSocks() -{ - sUDPProxyEnabled = false; - sHTTPProxyEnabled = false; - mProxyControlChannel.reset(); - mProxyType = LLPROXY_SOCKS; -} - -// Perform a SOCKS 5 authentication and UDP association to the proxy -// specified by proxy, and associate UDP port message_port -int LLSocks::proxyHandshake(LLHost proxy, U32 message_port) -{ - int result; - - /* SOCKS 5 Auth request */ - socks_auth_request_t socks_auth_request; - socks_auth_response_t socks_auth_response; - - socks_auth_request.version = SOCKS_VERSION; // SOCKS version 5 - socks_auth_request.num_methods = 1; // Sending 1 method. - socks_auth_request.methods = mAuthMethodSelected; // Send only the selected method. - - result = tcp_handshake(mProxyControlChannel, (char*)&socks_auth_request, sizeof(socks_auth_request_t), (char*)&socks_auth_response, sizeof(socks_auth_response_t)); - if (result != 0) - { - llwarns << "SOCKS authentication request failed, error on TCP control channel : " << result << llendl; - stopProxy(); - return SOCKS_CONNECT_ERROR; - } - - if (socks_auth_response.method == AUTH_NOT_ACCEPTABLE) - { - llwarns << "SOCKS 5 server refused all our authentication methods" << llendl; - stopProxy(); - return SOCKS_NOT_ACCEPTABLE; - } - - // SOCKS 5 USERNAME/PASSWORD authentication - if (socks_auth_response.method == METHOD_PASSWORD) - { - // The server has requested a username/password combination - U32 request_size = mSocksUsername.size() + mSocksPassword.size() + 3; - char * password_auth = new char[request_size]; - password_auth[0] = 0x01; - password_auth[1] = mSocksUsername.size(); - memcpy(&password_auth[2], mSocksUsername.c_str(), mSocksUsername.size()); - password_auth[mSocksUsername.size()+2] = mSocksPassword.size(); - memcpy(&password_auth[mSocksUsername.size()+3], mSocksPassword.c_str(), mSocksPassword.size()); - - authmethod_password_reply_t password_reply; - - result = tcp_handshake(mProxyControlChannel, password_auth, request_size, (char*)&password_reply, sizeof(authmethod_password_reply_t)); - delete[] password_auth; - - if (result != 0) - { - llwarns << "SOCKS authentication failed, error on TCP control channel : " << result << llendl; - stopProxy(); - return SOCKS_CONNECT_ERROR; - } - - if (password_reply.status != AUTH_SUCCESS) - { - llwarns << "SOCKS authentication failed" << llendl; - stopProxy(); - return SOCKS_AUTH_FAIL; - } - } - - /* SOCKS5 connect request */ - - socks_command_request_t connect_request; - socks_command_response_t connect_reply; - - connect_request.version = SOCKS_VERSION; // SOCKS V5 - connect_request.command = COMMAND_UDP_ASSOCIATE; // Associate UDP - connect_request.reserved = FIELD_RESERVED; - connect_request.atype = ADDRESS_IPV4; - connect_request.address = htonl(0); // 0.0.0.0 - connect_request.port = htons(0); // 0 - // "If the client is not in possesion of the information at the time of the UDP ASSOCIATE, - // the client MUST use a port number and address of all zeros. RFC 1928" - - result = tcp_handshake(mProxyControlChannel, (char*)&connect_request, sizeof(socks_command_request_t), (char*)&connect_reply, sizeof(socks_command_response_t)); - if (result != 0) - { - llwarns << "SOCKS connect request failed, error on TCP control channel : " << result << llendl; - stopProxy(); - return SOCKS_CONNECT_ERROR; - } - - if (connect_reply.reply != REPLY_REQUEST_GRANTED) - { - //Something went wrong - llwarns << "Connection to SOCKS 5 server failed, UDP forward request not granted" << llendl; - stopProxy(); - return SOCKS_UDP_FWD_NOT_GRANTED; - } - - mUDPProxy.setPort(ntohs(connect_reply.port)); // reply port is in network byte order - mUDPProxy.setAddress(proxy.getAddress()); - // All good now we have been given the UDP port to send requests that need forwarding. - llinfos << "SOCKS 5 UDP proxy connected on " << mUDPProxy << llendl; - return SOCKS_OK; -} - -int LLSocks::startProxy(LLHost proxy, U32 message_port) -{ - int status; - - mTCPProxy = proxy; - - if (mProxyControlChannel) - { - tcp_close_channel(mProxyControlChannel); - } - - mProxyControlChannel = tcp_open_channel(mTCPProxy); - if (!mProxyControlChannel) - { - return SOCKS_HOST_CONNECT_FAILED; - } - status = proxyHandshake(proxy, message_port); - if (status == SOCKS_OK) - { - sUDPProxyEnabled = true; - } - return status; -} - -int LLSocks::startProxy(std::string host, U32 port) -{ - mTCPProxy.setHostByName(host); - mTCPProxy.setPort(port); - return startProxy(mTCPProxy, (U32)gMessageSystem->mPort); -} - -void LLSocks::stopProxy() -{ - sUDPProxyEnabled = false; - - // If the SOCKS proxy is requested to stop and we are using that for http as well - // then we must shut down any http proxy operations. But it is allowable if web - // proxy is being used to continue proxying http. - - if(LLPROXY_SOCKS == mProxyType) - { - sHTTPProxyEnabled = false; - } - - if (mProxyControlChannel) - { - tcp_close_channel(mProxyControlChannel); - } -} - -void LLSocks::setAuthNone() -{ - mAuthMethodSelected = METHOD_NOAUTH; -} - -void LLSocks::setAuthPassword(std::string username, std::string password) -{ - mAuthMethodSelected = METHOD_PASSWORD; - mSocksUsername = username; - mSocksPassword = password; -} - -void LLSocks::enableHTTPProxy(LLHost httpHost, LLHttpProxyType type) -{ - sHTTPProxyEnabled = true; - mHTTPProxy = httpHost; - mProxyType = type; -} - -static int tcp_handshake(LLSocket::ptr_t handle, char * dataout, apr_size_t outlen, char * datain, apr_size_t maxinlen) -{ - apr_socket_t* apr_socket = handle->getSocket(); - apr_status_t rv; - - apr_size_t expected_len = outlen; - - apr_socket_opt_set(apr_socket, APR_SO_NONBLOCK, -5); // Blocking connection, 5 second timeout - apr_socket_timeout_set(apr_socket, (APR_USEC_PER_SEC * 5)); - - rv = apr_socket_send(apr_socket, dataout, &outlen); - if (rv != APR_SUCCESS || expected_len != outlen) - { - llwarns << "Error sending data to proxy control channel" << llendl; - ll_apr_warn_status(rv); - return -1; - } - - expected_len = maxinlen; - do - { - rv = apr_socket_recv(apr_socket, datain, &maxinlen); - llinfos << "Receiving packets." << llendl; - llwarns << "Proxy control channel status: " << rv << llendl; - } while (APR_STATUS_IS_EAGAIN(rv)); - - if (rv != APR_SUCCESS) - { - llwarns << "Error receiving data from proxy control channel, status: " << rv << llendl; - llwarns << "Received " << maxinlen << " bytes." << llendl; - ll_apr_warn_status(rv); - return rv; - } - else if (expected_len != maxinlen) - { - llwarns << "Incorrect data received length in proxy control channel" << llendl; - return -1; - } - - return 0; -} - -static LLSocket::ptr_t tcp_open_channel(LLHost host) -{ - LLSocket::ptr_t socket = LLSocket::create(gAPRPoolp, LLSocket::STREAM_TCP); - bool connected = socket->blockingConnect(host); - if (!connected) - { - tcp_close_channel(socket); - } - - return socket; -} - -static void tcp_close_channel(LLSocket::ptr_t handle) -{ - handle.reset(); -} - diff --git a/indra/llmessage/llsocks5.h b/indra/llmessage/llsocks5.h deleted file mode 100644 index 3c10f661de..0000000000 --- a/indra/llmessage/llsocks5.h +++ /dev/null @@ -1,241 +0,0 @@ -/** - * @file llsocks5.h - * @brief Socks 5 implementation - * - * $LicenseInfo:firstyear=2011&license=viewerlgpl$ - * Second Life Viewer Source Code - * Copyright (C) 2011, Linden Research, Inc. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; - * version 2.1 of the License only. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - * - * Linden Research, Inc., 945 Battery Street, San Francisco, CA 94111 USA - * $/LicenseInfo$ - */ - -#ifndef LL_SOCKS5_H -#define LL_SOCKS5_H - -#include "llhost.h" -#include "lliosocket.h" -#include "llmemory.h" -#include "llsingleton.h" -#include - -// Error codes returned from the StartProxy method - -#define SOCKS_OK 0 -#define SOCKS_CONNECT_ERROR (-1) -#define SOCKS_NOT_PERMITTED (-2) -#define SOCKS_NOT_ACCEPTABLE (-3) -#define SOCKS_AUTH_FAIL (-4) -#define SOCKS_UDP_FWD_NOT_GRANTED (-5) -#define SOCKS_HOST_CONNECT_FAILED (-6) - -#ifndef MAXHOSTNAMELEN -#define MAXHOSTNAMELEN (255 + 1) /* socks5: 255, +1 for len. */ -#endif - -#define SOCKS_VERSION 0x05 // we are using SOCKS 5 - -// SOCKS 5 address/hostname types -#define ADDRESS_IPV4 0x01 -#define ADDRESS_HOSTNAME 0x03 -#define ADDRESS_IPV6 0x04 - -// Lets just use our own ipv4 struct rather than dragging in system -// specific headers -union ipv4_address_t { - U8 octets[4]; - U32 addr32; -}; - -// SOCKS 5 control channel commands -#define COMMAND_TCP_STREAM 0x01 -#define COMMAND_TCP_BIND 0x02 -#define COMMAND_UDP_ASSOCIATE 0x03 - -// SOCKS 5 command replies -#define REPLY_REQUEST_GRANTED 0x00 -#define REPLY_GENERAL_FAIL 0x01 -#define REPLY_RULESET_FAIL 0x02 -#define REPLY_NETWORK_UNREACHABLE 0x03 -#define REPLY_HOST_UNREACHABLE 0x04 -#define REPLY_CONNECTION_REFUSED 0x05 -#define REPLY_TTL_EXPIRED 0x06 -#define REPLY_PROTOCOL_ERROR 0x07 -#define REPLY_TYPE_NOT_SUPPORTED 0x08 - -#define FIELD_RESERVED 0x00 - -// The standard SOCKS 5 request packet -// Push current alignment to stack and set alignment to 1 byte boundary -// This enabled us to use structs directly to set up and receive network packets -// into the correct fields, without fear of boundary alignment causing issues -#pragma pack(push,1) - -// SOCKS 5 command packet -struct socks_command_request_t { - U8 version; - U8 command; - U8 reserved; - U8 atype; - U32 address; - U16 port; -}; - -// Standard SOCKS 5 reply packet -struct socks_command_response_t { - U8 version; - U8 reply; - U8 reserved; - U8 atype; - U8 add_bytes[4]; - U16 port; -}; - -#define AUTH_NOT_ACCEPTABLE 0xFF // reply if preferred methods are not available -#define AUTH_SUCCESS 0x00 // reply if authentication successful - -// SOCKS 5 authentication request, stating which methods the client supports -struct socks_auth_request_t { - U8 version; - U8 num_methods; - U8 methods; // We are only using a single method currently -}; - -// SOCKS 5 authentication response packet, stating server preferred method -struct socks_auth_response_t { - U8 version; - U8 method; -}; - -// SOCKS 5 password reply packet -struct authmethod_password_reply_t { - U8 version; - U8 status; -}; - -// SOCKS 5 UDP packet header -struct proxywrap_t { - U16 rsv; - U8 frag; - U8 atype; - U32 addr; - U16 port; -}; - -#pragma pack(pop) /* restore original alignment from stack */ - - -// Currently selected http proxy type -enum LLHttpProxyType -{ - LLPROXY_SOCKS = 0, - LLPROXY_HTTP = 1 -}; - -// Auth types -enum LLSocks5AuthType -{ - METHOD_NOAUTH = 0x00, // Client supports no auth - METHOD_GSSAPI = 0x01, // Client supports GSSAPI (Not currently supported) - METHOD_PASSWORD = 0x02 // Client supports username/password -}; - -class LLSocks: public LLSingleton -{ -public: - LLSocks(); - - // Start a connection to the SOCKS 5 proxy - int startProxy(std::string host, U32 port); - int startProxy(LLHost proxy, U32 messagePort); - - // Disconnect and clean up any connection to the SOCKS 5 proxy - void stopProxy(); - - // Set up to use Password auth when connecting to the SOCKS proxy - void setAuthPassword(std::string username, std::string password); - - // Set up to use No Auth when connecting to the SOCKS proxy - void setAuthNone(); - - // get the currently selected auth method - LLSocks5AuthType getSelectedAuthMethod() const { return mAuthMethodSelected; } - - // static check for enabled status for UDP packets - static bool isEnabled() { return sUDPProxyEnabled; } - - // static check for enabled status for http packets - static bool isHTTPProxyEnabled() { return sHTTPProxyEnabled; } - - // Proxy HTTP packets via httpHost, which can be a SOCKS 5 or a HTTP proxy - // as specified in type - void enableHTTPProxy(LLHost httpHost, LLHttpProxyType type); - - // Stop proxying HTTP packets - void disableHTTPProxy() { sHTTPProxyEnabled = false; }; - - // Get the UDP proxy address and port - LLHost getUDPProxy() const { return mUDPProxy; } - - // Get the SOCKS 5 TCP control channel address and port - LLHost getTCPProxy() const { return mTCPProxy; } - - // Get the HTTP proxy address and port - LLHost getHTTPProxy() const { return mHTTPProxy; } - - // Get the currently selected HTTP proxy type - LLHttpProxyType getHTTPProxyType() const { return mProxyType; } - - // Get the username password in a curl compatible format - std::string getProxyUserPwd() const { return (mSocksUsername + ":" + mSocksPassword); } - -private: - - // Open a communication channel to the SOCKS 5 proxy proxy, at port messagePort - int proxyHandshake(LLHost proxy, U32 messagePort); - - // socket handle to proxy TCP control channel - LLSocket::ptr_t mProxyControlChannel; - - // is the UDP proxy enabled? - static bool sUDPProxyEnabled; - // is the http proxy enabled? - static bool sHTTPProxyEnabled; - - // currently selected http proxy type - LLHttpProxyType mProxyType; - - // UDP proxy address and port - LLHost mUDPProxy; - // TCP Proxy control channel address and port - LLHost mTCPProxy; - // HTTP proxy address and port - LLHost mHTTPProxy; - - // SOCKS 5 auth method selected - LLSocks5AuthType mAuthMethodSelected; - - // SOCKS 5 username - std::string mSocksUsername; - // SOCKS 5 password - std::string mSocksPassword; - - // APR pool for the socket - apr_pool_t* mPool; -}; - -#endif diff --git a/indra/llmessage/net.cpp b/indra/llmessage/net.cpp index e2d185b959..f8ab55143c 100644 --- a/indra/llmessage/net.cpp +++ b/indra/llmessage/net.cpp @@ -50,7 +50,7 @@ #include "lltimer.h" #include "indra_constants.h" -#include "llsocks5.h" +#include "llproxy.h" // Globals #if LL_WINDOWS -- cgit v1.2.3