From 74d9bf0d5525426feae4ea21e2a81034ddcf4d7f Mon Sep 17 00:00:00 2001 From: Robin Cornelius Date: Mon, 28 Mar 2011 11:20:06 +0100 Subject: VWR-20801 Implement SOCKS 5 Proxy for the viewer --- indra/llmessage/CMakeLists.txt | 2 + indra/llmessage/llcurl.cpp | 44 +++++++ indra/llmessage/llpacketring.cpp | 60 +++++++++- indra/llmessage/llpacketring.h | 3 + indra/llmessage/llsocks5.cpp | 224 ++++++++++++++++++++++++++++++++++++ indra/llmessage/llsocks5.h | 243 +++++++++++++++++++++++++++++++++++++++ indra/llmessage/net.cpp | 156 +++++++++++++++++++++++++ indra/llmessage/net.h | 5 + 8 files changed, 734 insertions(+), 3 deletions(-) create mode 100644 indra/llmessage/llsocks5.cpp create mode 100644 indra/llmessage/llsocks5.h (limited to 'indra/llmessage') diff --git a/indra/llmessage/CMakeLists.txt b/indra/llmessage/CMakeLists.txt index 1cad0f6d22..8c68d38926 100644 --- a/indra/llmessage/CMakeLists.txt +++ b/indra/llmessage/CMakeLists.txt @@ -74,6 +74,7 @@ set(llmessage_SOURCE_FILES llsdrpcserver.cpp llservicebuilder.cpp llservice.cpp + llsocks5.cpp llstoredmessage.cpp lltemplatemessagebuilder.cpp lltemplatemessagedispatcher.cpp @@ -172,6 +173,7 @@ set(llmessage_HEADER_FILES llsdrpcserver.h llservice.h llservicebuilder.h + llsocks5.h llstoredmessage.h lltaskname.h llteleportflags.h diff --git a/indra/llmessage/llcurl.cpp b/indra/llmessage/llcurl.cpp index a485fa0160..020c0d6a4a 100644 --- a/indra/llmessage/llcurl.cpp +++ b/indra/llmessage/llcurl.cpp @@ -50,6 +50,8 @@ #include "llsdserialize.h" #include "llthread.h" +#include "llsocks5.h" + ////////////////////////////////////////////////////////////////////////////// /* The trick to getting curl to do keep-alives is to reuse the @@ -273,6 +275,28 @@ LLCurl::Easy* LLCurl::Easy::getEasy() // set no DMS caching as default for all easy handles. This prevents them adopting a // multi handles cache if they are added to one. curl_easy_setopt(easy->mCurlEasyHandle, CURLOPT_DNS_CACHE_TIMEOUT, 0); + + //Set the CURL options for either Socks or HTTP proxy + if (LLSocks::getInstance()->isHttpProxyEnabled()) + { + std::string address = LLSocks::getInstance()->getHTTPProxy().getIPString(); + U16 port = LLSocks::getInstance()->getHTTPProxy().getPort(); + curl_easy_setopt(easy->mCurlEasyHandle, CURLOPT_PROXY,address.c_str()); + curl_easy_setopt(easy->mCurlEasyHandle, CURLOPT_PROXYPORT,port); + if (LLSocks::getInstance()->getHttpProxyType() == LLPROXY_SOCKS) + { + curl_easy_setopt(easy->mCurlEasyHandle, CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5); + if(LLSocks::getInstance()->getSelectedAuthMethod()==METHOD_PASSWORD) + { + curl_easy_setopt(easy->mCurlEasyHandle, CURLOPT_PROXYUSERPWD,LLSocks::getInstance()->getProxyUserPwd().c_str()); + } + } + else + { + curl_easy_setopt(easy->mCurlEasyHandle, CURLOPT_PROXYTYPE, CURLPROXY_HTTP); + } + } + ++gCurlEasyCount; return easy; } @@ -446,6 +470,26 @@ void LLCurl::Easy::prepRequest(const std::string& url, // setopt(CURLOPT_VERBOSE, 1); // usefull for debugging setopt(CURLOPT_NOSIGNAL, 1); + if (LLSocks::getInstance()->isHttpProxyEnabled()) + { + std::string address = LLSocks::getInstance()->getHTTPProxy().getIPString(); + U16 port = LLSocks::getInstance()->getHTTPProxy().getPort(); + setoptString(CURLOPT_PROXY, address.c_str()); + setopt(CURLOPT_PROXYPORT, port); + if (LLSocks::getInstance()->getHttpProxyType() == LLPROXY_SOCKS) + { + setopt(CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5); + if(LLSocks::getInstance()->getSelectedAuthMethod()==METHOD_PASSWORD) + { + setoptString(CURLOPT_PROXYUSERPWD,LLSocks::getInstance()->getProxyUserPwd()); + } + } + else + { + setopt(CURLOPT_PROXYTYPE, CURLPROXY_HTTP); + } + } + mOutput.reset(new LLBufferArray); setopt(CURLOPT_WRITEFUNCTION, (void*)&curlWriteCallback); setopt(CURLOPT_WRITEDATA, (void*)this); diff --git a/indra/llmessage/llpacketring.cpp b/indra/llmessage/llpacketring.cpp index 8999dec64a..0c8c5f763c 100644 --- a/indra/llmessage/llpacketring.cpp +++ b/indra/llmessage/llpacketring.cpp @@ -35,6 +35,17 @@ #include "llrand.h" #include "u64.h" +#include "llsocks5.h" +#include "message.h" + +#if LL_WINDOWS + #include +#else + #include + #include +#endif + + /////////////////////////////////////////////////////////// LLPacketRing::LLPacketRing () : mUseInThrottle(FALSE), @@ -216,8 +227,31 @@ S32 LLPacketRing::receivePacket (S32 socket, char *datap) else { // no delay, pull straight from net + if (LLSocks::isEnabled()) + { + U8 buffer[MAX_BUFFER_SIZE]; + packet_size = receive_packet(socket, (char*)buffer); + + if (packet_size > 10) + { + memcpy(datap,buffer+10,packet_size-10); + } + else + { + packet_size=0; + } + + proxywrap_t * header; + header = (proxywrap_t *)buffer; + mLastSender.setAddress(header->addr); + mLastSender.setPort(ntohs(header->port)); + } + else + { packet_size = receive_packet(socket, datap); mLastSender = ::get_sender(); + } + mLastReceivingIF = ::get_receiving_interface(); if (packet_size) // did we actually get a packet? @@ -243,7 +277,7 @@ BOOL LLPacketRing::sendPacket(int h_socket, char * send_buffer, S32 buf_size, LL BOOL status = TRUE; if (!mUseOutThrottle) { - return send_packet(h_socket, send_buffer, buf_size, host.getAddress(), host.getPort() ); + return doSendPacket(h_socket, send_buffer, buf_size, host ); } else { @@ -264,7 +298,7 @@ BOOL LLPacketRing::sendPacket(int h_socket, char * send_buffer, S32 buf_size, LL mOutBufferLength -= packetp->getSize(); packet_size = packetp->getSize(); - status = send_packet(h_socket, packetp->getData(), packet_size, packetp->getHost().getAddress(), packetp->getHost().getPort()); + status = doSendPacket(h_socket, packetp->getData(), packet_size, packetp->getHost()); delete packetp; // Update the throttle @@ -273,7 +307,7 @@ BOOL LLPacketRing::sendPacket(int h_socket, char * send_buffer, S32 buf_size, LL else { // If the queue's empty, we can just send this packet right away. - status = send_packet(h_socket, send_buffer, buf_size, host.getAddress(), host.getPort() ); + status = doSendPacket(h_socket, send_buffer, buf_size, host ); packet_size = buf_size; // Update the throttle @@ -311,3 +345,23 @@ BOOL LLPacketRing::sendPacket(int h_socket, char * send_buffer, S32 buf_size, LL return status; } + +BOOL LLPacketRing::doSendPacket(int h_socket, const char * send_buffer, S32 buf_size, LLHost host) +{ + + if (!LLSocks::isEnabled()) + { + return send_packet(h_socket, send_buffer, buf_size, host.getAddress(), host.getPort()); + } + + proxywrap_t *socks_header = (proxywrap_t *)&mProxyWrappedSendBuffer; + socks_header->rsv = 0; + socks_header->addr = host.getAddress(); + socks_header->port = htons(host.getPort()); + socks_header->atype = ADDRESS_IPV4; + socks_header->frag = 0; + + memcpy(mProxyWrappedSendBuffer+10, send_buffer, buf_size); + + return send_packet(h_socket,(const char*) mProxyWrappedSendBuffer, buf_size+10, LLSocks::getInstance()->getUDPProxy().getAddress(), LLSocks::getInstance()->getUDPProxy().getPort()); +} diff --git a/indra/llmessage/llpacketring.h b/indra/llmessage/llpacketring.h index e6409d2048..2fe2f8e1e9 100644 --- a/indra/llmessage/llpacketring.h +++ b/indra/llmessage/llpacketring.h @@ -82,6 +82,9 @@ protected: LLHost mLastSender; LLHost mLastReceivingIF; + + BOOL doSendPacket(int h_socket, const char * send_buffer, S32 buf_size, LLHost host); + U8 mProxyWrappedSendBuffer[NET_BUFFER_SIZE]; }; diff --git a/indra/llmessage/llsocks5.cpp b/indra/llmessage/llsocks5.cpp new file mode 100644 index 0000000000..1f458a007c --- /dev/null +++ b/indra/llmessage/llsocks5.cpp @@ -0,0 +1,224 @@ +/** + * @file llsocks5.cpp + * @brief Socks 5 implementation + * + * $LicenseInfo:firstyear=2000&license=viewergpl$ + * + * Copyright (c) 2000-2009, Linden Research, Inc. + * + * Second Life Viewer Source Code + * The source code in this file ("Source Code") is provided by Linden Lab + * to you under the terms of the GNU General Public License, version 2.0 + * ("GPL"), unless you have obtained a separate licensing agreement + * ("Other License"), formally executed by you and Linden Lab. Terms of + * the GPL can be found in doc/GPL-license.txt in this distribution, or + * online at http://secondlifegrid.net/programs/open_source/licensing/gplv2 + * + * There are special exceptions to the terms and conditions of the GPL as + * it is applied to this Source Code. View the full text of the exception + * in the file doc/FLOSS-exception.txt in this software distribution, or + * online at + * http://secondlifegrid.net/programs/open_source/licensing/flossexception + * + * By copying, modifying or distributing this software, you acknowledge + * that you have read and understood your obligations described above, + * and agree to abide by those obligations. + * + * ALL LINDEN LAB SOURCE CODE IS PROVIDED "AS IS." LINDEN LAB MAKES NO + * WARRANTIES, EXPRESS, IMPLIED OR OTHERWISE, REGARDING ITS ACCURACY, + * COMPLETENESS OR PERFORMANCE. + * $/LicenseInfo$ + */ + +#include + +#include "linden_common.h" +#include "net.h" +#include "llhost.h" +#include "message.h" +#include "llsocks5.h" + +// Static class variable instances + +// We want this to be static to avoid excessive indirection on every +// incomming packet just to do a simple bool test. The getter for this +// member is also static +bool LLSocks::sUdpProxyEnabled; +bool LLSocks::sHttpProxyEnabled; + +LLSocks::LLSocks() +{ + sUdpProxyEnabled = false; + sHttpProxyEnabled = false; + hProxyControlChannel = 0; + mProxyType = LLPROXY_SOCKS; +} + +// Perform a Socks5 authentication and UDP assioacation to the proxy +// specified by proxy, and assiocate UDP port message_port +int LLSocks::proxyHandshake(LLHost proxy, U32 message_port) +{ + int result; + + /* Socks 5 Auth request */ + socks_auth_request_t socks_auth_request; + socks_auth_response_t socks_auth_response; + + socks_auth_request.version = SOCKS_VERSION; // Socks version 5 + socks_auth_request.num_methods = 1; // Sending 1 method + socks_auth_request.methods = mAuthMethodSelected; // send only the selected metho + + result = tcp_handshake(hProxyControlChannel, (char*)&socks_auth_request, sizeof(socks_auth_request_t), (char*)&socks_auth_response, sizeof(socks_auth_response_t)); + if (result != 0) + { + llwarns << "Socks authentication request failed, error on TCP control channel : " << result << llendl; + stopProxy(); + return SOCKS_CONNECT_ERROR; + } + + if (socks_auth_response.method == AUTH_NOT_ACCEPTABLE) + { + llwarns << "Socks5 server refused all our authentication methods" << llendl; + stopProxy(); + return SOCKS_NOT_ACCEPTABLE; + } + + // SOCKS5 USERNAME/PASSWORD authentication + if (socks_auth_response.method == METHOD_PASSWORD) + { + // The server has requested a username/password combination + U32 request_size = mSocksUsername.size() + mSocksPassword.size() + 3; + char * password_auth = (char *)malloc(request_size); + password_auth[0] = 0x01; + password_auth[1] = mSocksUsername.size(); + memcpy(&password_auth[2],mSocksUsername.c_str(), mSocksUsername.size()); + password_auth[mSocksUsername.size()+2] = mSocksPassword.size(); + memcpy(&password_auth[mSocksUsername.size()+3], mSocksPassword.c_str(), mSocksPassword.size()); + + authmethod_password_reply_t password_reply; + + result = tcp_handshake(hProxyControlChannel, password_auth, request_size, (char*)&password_reply, sizeof(authmethod_password_reply_t)); + free (password_auth); + + if (result != 0) + { + llwarns << "Socks authentication failed, error on TCP control channel : " << result << llendl; + stopProxy(); + return SOCKS_CONNECT_ERROR; + } + + if (password_reply.status != AUTH_SUCCESS) + { + llwarns << "Socks authentication failed" << llendl; + stopProxy(); + return SOCKS_AUTH_FAIL; + } + } + + /* SOCKS5 connect request */ + + socks_command_request_t connect_request; + socks_command_response_t connect_reply; + + connect_request.version = SOCKS_VERSION; //Socks V5 + connect_request.command = COMMAND_UDP_ASSOCIATE; // Associate UDP + connect_request.flag = FIELD_RESERVED; + connect_request.atype = ADDRESS_IPV4; + connect_request.address = 0; // 0.0.0.0 We are not fussy about address + // UDP is promiscious receive for our protocol + connect_request.port = 0; // Port must be 0 if you ever want to connect via NAT and your router does port rewrite for you + + result = tcp_handshake(hProxyControlChannel, (char*)&connect_request, sizeof(socks_command_request_t), (char*)&connect_reply, sizeof(socks_command_response_t)); + if (result != 0) + { + llwarns << "Socks connect request failed, error on TCP control channel : " << result << llendl; + stopProxy(); + return SOCKS_CONNECT_ERROR; + } + + if (connect_reply.reply != REPLY_REQUEST_GRANTED) + { + //Something went wrong + llwarns << "Connection to SOCKS5 server failed, UDP forward request not granted" << llendl; + stopProxy(); + return SOCKS_UDP_FWD_NOT_GRANTED; + } + + mUDPProxy.setPort(ntohs(connect_reply.port)); // reply port is in network byte order + mUDPProxy.setAddress(proxy.getAddress()); + // All good now we have been given the UDP port to send requests that need forwarding. + llinfos << "Socks 5 UDP proxy connected on " << mUDPProxy << llendl; + return SOCKS_OK; +} + +int LLSocks::startProxy(LLHost proxy, U32 message_port) +{ + int status; + + mTCPProxy = proxy; + + if (hProxyControlChannel) + { + tcp_close_channel(hProxyControlChannel); + hProxyControlChannel=0; + } + + hProxyControlChannel = tcp_open_channel(proxy); + if (hProxyControlChannel == -1) + { + return SOCKS_HOST_CONNECT_FAILED; + } + + status = proxyHandshake(proxy, message_port); + if (status == SOCKS_OK) + { + sUdpProxyEnabled=true; + } + return status; +} + +int LLSocks::startProxy(std::string host, U32 port) +{ + mTCPProxy.setHostByName(host); + mTCPProxy.setPort(port); + return startProxy(mTCPProxy, (U32)gMessageSystem->mPort); +} + +void LLSocks::stopProxy() +{ + sUdpProxyEnabled = false; + + // If the Socks proxy is requested to stop and we are using that for http as well + // then we must shut down any http proxy operations. But it is allowable if web + // proxy is being used to continue proxying http. + + if(LLPROXY_SOCKS == mProxyType) + { + sHttpProxyEnabled = false; + } + + if (hProxyControlChannel) + { + tcp_close_channel(hProxyControlChannel); + hProxyControlChannel=0; + } +} + +void LLSocks::setAuthNone() +{ + mAuthMethodSelected = METHOD_NOAUTH; +} + +void LLSocks::setAuthPassword(std::string username, std::string password) +{ + mAuthMethodSelected = METHOD_PASSWORD; + mSocksUsername = username; + mSocksPassword = password; +} + +void LLSocks::EnableHttpProxy(LLHost httpHost, LLHttpProxyType type) +{ + sHttpProxyEnabled = true; + mHTTPProxy = httpHost; + mProxyType = type; +} diff --git a/indra/llmessage/llsocks5.h b/indra/llmessage/llsocks5.h new file mode 100644 index 0000000000..83e311a962 --- /dev/null +++ b/indra/llmessage/llsocks5.h @@ -0,0 +1,243 @@ +/** + * @file llsocks5.h + * @brief Socks 5 implementation + * + * $LicenseInfo:firstyear=2001&license=viewergpl$ + * + * Copyright (c) 2001-2009, Linden Research, Inc. + * + * Second Life Viewer Source Code + * The source code in this file ("Source Code") is provided by Linden Lab + * to you under the terms of the GNU General Public License, version 2.0 + * ("GPL"), unless you have obtained a separate licensing agreement + * ("Other License"), formally executed by you and Linden Lab. Terms of + * the GPL can be found in doc/GPL-license.txt in this distribution, or + * online at http://secondlifegrid.net/programs/open_source/licensing/gplv2 + * + * There are special exceptions to the terms and conditions of the GPL as + * it is applied to this Source Code. View the full text of the exception + * in the file doc/FLOSS-exception.txt in this software distribution, or + * online at + * http://secondlifegrid.net/programs/open_source/licensing/flossexception + * + * By copying, modifying or distributing this software, you acknowledge + * that you have read and understood your obligations described above, + * and agree to abide by those obligations. + * + * ALL LINDEN LAB SOURCE CODE IS PROVIDED "AS IS." LINDEN LAB MAKES NO + * WARRANTIES, EXPRESS, IMPLIED OR OTHERWISE, REGARDING ITS ACCURACY, + * COMPLETENESS OR PERFORMANCE. + * $/LicenseInfo$ + */ + +#ifndef LL_SOCKS5_H +#define LL_SOCKS5_H + +#include "llhost.h" +#include "llmemory.h" +#include "llsingleton.h" +#include + +// Error codes returned from the StartProxy method + +#define SOCKS_OK 0 +#define SOCKS_CONNECT_ERROR -1 +#define SOCKS_NOT_PERMITTED -2 +#define SOCKS_NOT_ACCEPTABLE -3 +#define SOCKS_AUTH_FAIL -4 +#define SOCKS_UDP_FWD_NOT_GRANTED -5 +#define SOCKS_HOST_CONNECT_FAILED -6 + +#ifndef MAXHOSTNAMELEN +#define MAXHOSTNAMELEN (255 + 1) /* socks5: 255, +1 for len. */ +#endif + +#define SOCKS_VERSION 0x05 // we are using socks 5 + +// socks 5 address/hostname types +#define ADDRESS_IPV4 0x01 +#define ADDRESS_HOSTNAME 0x03 +#define ADDRESS_IPV6 0x04 + +// Lets just use our own ipv4 struct rather than dragging in system +// specific headers +union ipv4_address_t { + unsigned char octects[4]; + U32 addr32; +}; + +// Socks 5 control channel commands +#define COMMAND_TCP_STREAM 0x01 +#define COMMAND_TCP_BIND 0x02 +#define COMMAND_UDP_ASSOCIATE 0x03 + +// Socks 5 command replys +#define REPLY_REQUEST_GRANTED 0x00 +#define REPLY_GENERAL_FAIL 0x01 +#define REPLY_RULESET_FAIL 0x02 +#define REPLY_NETWORK_UNREACHABLE 0x03 +#define REPLY_HOST_UNREACHABLE 0x04 +#define REPLY_CONNECTION_REFUSED 0x05 +#define REPLY_TTL_EXPIRED 0x06 +#define REPLY_PROTOCOL_ERROR 0x07 +#define REPLY_TYPE_NOT_SUPPORTED 0x08 + +#define FIELD_RESERVED 0x00 + +// The standard socks5 request packet +// Push current alignment to stack and set alignment to 1 byte boundary +// This enabled us to use structs directly to set up and receive network packets +// into the correct fields, without fear of boundary alignment causing issues +#pragma pack(push,1) + +// Socks5 command packet +struct socks_command_request_t { + unsigned char version; + unsigned char command; + unsigned char flag; + unsigned char atype; + U32 address; + U16 port; +}; + +// Standard socks5 reply packet +struct socks_command_response_t { + unsigned char version; + unsigned char reply; + unsigned char flag; + unsigned char atype; + unsigned char add_bytes[4]; + U16 port; +}; + +#define AUTH_NOT_ACCEPTABLE 0xFF // reply if prefered methods are not avaiable +#define AUTH_SUCCESS 0x00 // reply if authentication successfull + +// socks 5 authentication request, stating which methods the client supports +struct socks_auth_request_t { + unsigned char version; + unsigned char num_methods; + unsigned char methods; // We are only using a single method currently +}; + +// socks 5 authentication response packet, stating server prefered method +struct socks_auth_response_t { + unsigned char version; + unsigned char method; +}; + +// socks 5 password reply packet +struct authmethod_password_reply_t { + unsigned char version; + unsigned char status; +}; + +// socks 5 UDP packet header +struct proxywrap_t { + U16 rsv; + U8 frag; + U8 atype; + U32 addr; + U16 port; +}; + +#pragma pack(pop) /* restore original alignment from stack */ + + +// Currently selected http proxy type +enum LLHttpProxyType +{ + LLPROXY_SOCKS = 0, + LLPROXY_HTTP = 1 +}; + +// Auth types +enum LLSocks5AuthType +{ + METHOD_NOAUTH = 0x00, // Client supports no auth + METHOD_GSSAPI = 0x01, // Client supports GSSAPI (Not currently supported) + METHOD_PASSWORD = 0x02 // Client supports username/password +}; + +class LLSocks: public LLSingleton +{ +public: + LLSocks(); + + // Start a connection to the socks 5 proxy + int startProxy(std::string host,U32 port); + int startProxy(LLHost proxy,U32 messagePort); + + // Disconnect and clean up any connection to the socks 5 proxy + void stopProxy(); + + // Set up to use Password auth when connecting to the socks proxy + void setAuthPassword(std::string username,std::string password); + + // Set up to use No Auth when connecting to the socks proxy; + void setAuthNone(); + + // get the currently selected auth method + LLSocks5AuthType getSelectedAuthMethod() { return mAuthMethodSelected; }; + + // static check for enabled status for UDP packets + static bool isEnabled(){return sUdpProxyEnabled;}; + + // static check for enabled status for http packets + static bool isHttpProxyEnabled(){return sHttpProxyEnabled;}; + + // Proxy http packets via httpHost, which can be a Socks5 or a http proxy + // as specified in type + void EnableHttpProxy(LLHost httpHost,LLHttpProxyType type); + + // Stop proxying http packets + void DisableHttpProxy() {sHttpProxyEnabled = false;}; + + // get the UDP proxy address and port + LLHost getUDPProxy(){return mUDPProxy;}; + + // get the socks 5 TCP control channel address and port + LLHost getTCPProxy(){return mTCPProxy;}; + + //get the http proxy address and port + LLHost getHTTPProxy(){return mHTTPProxy;}; + + // get the currently selected http proxy type + LLHttpProxyType getHttpProxyType(){return mProxyType;}; + + //Get the username password in a curl compatible format + std::string getProxyUserPwd(){ return (mSocksUsername + ":" + mSocksPassword);}; + +private: + + // Open a communication channel to the socks5 proxy proxy, at port messagePort + int proxyHandshake(LLHost proxy,U32 messagePort); + + // socket handle to proxy tcp control channel + S32 hProxyControlChannel; + + // is the UDP proxy enabled + static bool sUdpProxyEnabled; + // is the http proxy enabled + static bool sHttpProxyEnabled; + + // currently selected http proxy type + LLHttpProxyType mProxyType; + + // UDP proxy address and port + LLHost mUDPProxy; + // TCP Proxy control channel address and port + LLHost mTCPProxy; + // HTTP proxy address and port + LLHost mHTTPProxy; + + // socks 5 auth method selected + LLSocks5AuthType mAuthMethodSelected; + + // socks 5 username + std::string mSocksUsername; + // socks 5 password + std::string mSocksPassword; +}; + +#endif diff --git a/indra/llmessage/net.cpp b/indra/llmessage/net.cpp index 97611c3b51..ab5c1950c6 100644 --- a/indra/llmessage/net.cpp +++ b/indra/llmessage/net.cpp @@ -50,6 +50,7 @@ #include "lltimer.h" #include "indra_constants.h" +#include "llsocks5.h" // Globals #if LL_WINDOWS @@ -189,6 +190,90 @@ U32 ip_string_to_u32(const char* ip_string) #if LL_WINDOWS +int tcp_handshake(S32 handle, char * dataout, int outlen, char * datain, int maxinlen) +{ + int result; + result = send(handle, dataout, outlen, 0); + if (result != outlen) + { + S32 err = WSAGetLastError(); + llwarns << "Error sending data to proxy control channel, number of bytes sent were " << result << " error code was " << err << llendl; + return -1; + } + + result = recv(handle, datain, maxinlen, 0); + if (result != maxinlen) + { + S32 err = WSAGetLastError(); + llwarns << "Error receiving data from proxy control channel, number of bytes received were " << result << " error code was " << err << llendl; + return -1; + } + + return 0; +} + +S32 tcp_open_channel(LLHost host) +{ + // Open a TCP channel + // Jump through some hoops to ensure that if the request hosts is down + // or not reachable connect() does not block + + S32 handle; + handle = socket(AF_INET, SOCK_STREAM, 0); + if (!handle) + { + llwarns << "Error opening TCP control socket, socket() returned " << handle << llendl; + return -1; + } + + struct sockaddr_in address; + address.sin_port = htons(host.getPort()); + address.sin_family = AF_INET; + address.sin_addr.s_addr = host.getAddress(); + + // Non blocking + WSAEVENT hEvent=WSACreateEvent(); + WSAEventSelect(handle, hEvent, FD_CONNECT) ; + connect(handle, (struct sockaddr*)&address, sizeof(address)) ; + // Wait fot 5 seconds, if we can't get a TCP channel open in this + // time frame then there is something badly wrong. + WaitForSingleObject(hEvent, 1000*5); // 5 seconds time out + + WSANETWORKEVENTS netevents; + WSAEnumNetworkEvents(handle,hEvent,&netevents); + + // Check the async event status to see if we connected + if ((netevents.lNetworkEvents & FD_CONNECT) == FD_CONNECT) + { + if (netevents.iErrorCode[FD_CONNECT_BIT] != 0) + { + llwarns << "Unable to open TCP channel, WSA returned an error code of " << netevents.iErrorCode[FD_CONNECT_BIT] << llendl; + WSACloseEvent(hEvent); + return -1; + } + + // Now we are connected disable non blocking + // we don't need support an async interface as + // currently our only consumer (socks5) will make one round + // of packets then just hold the connection open + WSAEventSelect(handle, hEvent, NULL) ; + unsigned long NonBlock = 0; + ioctlsocket(handle, FIONBIO, &NonBlock); + + return handle; + } + + llwarns << "Unable to open TCP channel, Timeout is the host up?" << netevents.iErrorCode[FD_CONNECT_BIT] << llendl; + return -1; +} + +void tcp_close_channel(S32 handle) +{ + llinfos << "Closing TCP channel" << llendl; + shutdown(handle, SD_BOTH); + closesocket(handle); +} + S32 start_net(S32& socket_out, int& nPort) { // Create socket, make non-blocking @@ -385,6 +470,77 @@ BOOL send_packet(int hSocket, const char *sendBuffer, int size, U32 recipient, i #else + +int tcp_handshake(S32 handle, char * dataout, int outlen, char * datain, int maxinlen) +{ + if (send(handle, dataout, outlen, 0) != outlen) + { + llwarns << "Error sending data to proxy control channel" << llendl; + return -1; + } + + if (recv(handle, datain, maxinlen, 0) != maxinlen) + { + llwarns << "Error receiving data to proxy control channel" << llendl; + return -1; + } + + return 0; +} + +S32 tcp_open_channel(LLHost host) +{ + S32 handle; + handle = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); + if (!handle) + { + llwarns << "Error opening TCP control socket, socket() returned " << handle << llendl; + return -1; + } + + struct sockaddr_in address; + address.sin_port = htons(host.getPort()); + address.sin_family = AF_INET; + address.sin_addr.s_addr = host.getAddress(); + + // Set the socket to non blocking for the connect() + int flags = fcntl(handle, F_GETFL, 0); + fcntl(handle, F_SETFL, flags | O_NONBLOCK); + + S32 error = connect(handle, (sockaddr*)&address, sizeof(address)); + if (error && (errno != EINPROGRESS)) + { + llwarns << "Unable to open TCP channel, error code: " << errno << llendl; + return -1; + } + + struct timeval timeout; + timeout.tv_sec = 5; // Maximum time to wait for the connect() to complete + timeout.tv_usec = 0; + fd_set fds; + FD_ZERO(&fds); + FD_SET(handle, &fds); + + // See if we have connectde or time out after 5 seconds + U32 rc = select(sizeof(fds)*8, NULL, &fds, NULL, &timeout); + + if (rc != 1) // we require exactly one descriptor to be set + { + llwarns << "Unable to open TCP channel" << llendl; + return -1; + } + + // Return the socket to blocking operations + fcntl(handle, F_SETFL, flags); + + return handle; +} + +void tcp_close_channel(S32 handle) +{ + close(handle); +} + // Create socket, make non-blocking S32 start_net(S32& socket_out, int& nPort) { diff --git a/indra/llmessage/net.h b/indra/llmessage/net.h index 9f4f5c5821..d93ed20c98 100644 --- a/indra/llmessage/net.h +++ b/indra/llmessage/net.h @@ -52,6 +52,11 @@ U32 get_sender_ip(void); LLHost get_receiving_interface(); U32 get_receiving_interface_ip(void); +// Some helpful tcp functions added for the socks 5 proxy support +S32 tcp_open_channel(LLHost host); // Open a tcp channel to a given host +void tcp_close_channel(S32 handle); // Close an open tcp channel +int tcp_handshake(S32 handle, char * dataout, int outlen, char * datain, int maxinlen); // Do a TCP data handshake + const char* u32_to_ip_string(U32 ip); // Returns pointer to internal string buffer, "(bad IP addr)" on failure, cannot nest calls char* u32_to_ip_string(U32 ip, char *ip_string); // NULL on failure, ip_string on success, you must allocate at least MAXADDRSTR chars U32 ip_string_to_u32(const char* ip_string); // Wrapper for inet_addr() -- cgit v1.2.3 From 6ce2c20a06e32825f4e4260575059a9867510ecd Mon Sep 17 00:00:00 2001 From: Logan Dethrow Date: Fri, 10 Jun 2011 17:34:00 -0400 Subject: STORM-1112 First pass at cleanup of SOCKS 5 proxy code based on Linden Coding Standard and comments in the code review. --- indra/llmessage/llpacketring.cpp | 23 +-- indra/llmessage/llsocks5.cpp | 295 ++++++++++++++++++++------------------- indra/llmessage/llsocks5.h | 184 ++++++++++++------------ indra/llmessage/net.cpp | 61 ++++---- indra/llmessage/net.h | 4 +- 5 files changed, 288 insertions(+), 279 deletions(-) (limited to 'indra/llmessage') diff --git a/indra/llmessage/llpacketring.cpp b/indra/llmessage/llpacketring.cpp index 0c8c5f763c..62aaca0672 100644 --- a/indra/llmessage/llpacketring.cpp +++ b/indra/llmessage/llpacketring.cpp @@ -28,22 +28,26 @@ #include "llpacketring.h" +#if LL_WINDOWS + #include +#else + #include + #include +#endif + // linden library includes #include "llerror.h" +#include "message.h" +#include "llsocks5.h" #include "lltimer.h" #include "timing.h" #include "llrand.h" #include "u64.h" -#include "llsocks5.h" -#include "message.h" -#if LL_WINDOWS - #include -#else - #include - #include -#endif + + + /////////////////////////////////////////////////////////// @@ -241,8 +245,7 @@ S32 LLPacketRing::receivePacket (S32 socket, char *datap) packet_size=0; } - proxywrap_t * header; - header = (proxywrap_t *)buffer; + proxywrap_t * header = (proxywrap_t *)buffer; mLastSender.setAddress(header->addr); mLastSender.setPort(ntohs(header->port)); } diff --git a/indra/llmessage/llsocks5.cpp b/indra/llmessage/llsocks5.cpp index 8a63287f22..7eac27d4bb 100644 --- a/indra/llmessage/llsocks5.cpp +++ b/indra/llmessage/llsocks5.cpp @@ -35,184 +35,185 @@ // Static class variable instances // We want this to be static to avoid excessive indirection on every -// incomming packet just to do a simple bool test. The getter for this +// incoming packet just to do a simple bool test. The getter for this // member is also static bool LLSocks::sUdpProxyEnabled; bool LLSocks::sHttpProxyEnabled; LLSocks::LLSocks() { - sUdpProxyEnabled = false; - sHttpProxyEnabled = false; - hProxyControlChannel = 0; - mProxyType = LLPROXY_SOCKS; + sUdpProxyEnabled = false; + sHttpProxyEnabled = false; + mProxyControlChannel = 0; + mProxyType = LLPROXY_SOCKS; } -// Perform a Socks5 authentication and UDP assioacation to the proxy -// specified by proxy, and assiocate UDP port message_port +// Perform a Socks5 authentication and UDP association to the proxy +// specified by proxy, and associate UDP port message_port int LLSocks::proxyHandshake(LLHost proxy, U32 message_port) { - int result; - - /* Socks 5 Auth request */ - socks_auth_request_t socks_auth_request; - socks_auth_response_t socks_auth_response; - - socks_auth_request.version = SOCKS_VERSION; // Socks version 5 - socks_auth_request.num_methods = 1; // Sending 1 method - socks_auth_request.methods = mAuthMethodSelected; // send only the selected metho - - result = tcp_handshake(hProxyControlChannel, (char*)&socks_auth_request, sizeof(socks_auth_request_t), (char*)&socks_auth_response, sizeof(socks_auth_response_t)); - if (result != 0) - { - llwarns << "Socks authentication request failed, error on TCP control channel : " << result << llendl; - stopProxy(); - return SOCKS_CONNECT_ERROR; - } - - if (socks_auth_response.method == AUTH_NOT_ACCEPTABLE) - { - llwarns << "Socks5 server refused all our authentication methods" << llendl; - stopProxy(); - return SOCKS_NOT_ACCEPTABLE; - } - - // SOCKS5 USERNAME/PASSWORD authentication - if (socks_auth_response.method == METHOD_PASSWORD) - { - // The server has requested a username/password combination - U32 request_size = mSocksUsername.size() + mSocksPassword.size() + 3; - char * password_auth = (char *)malloc(request_size); - password_auth[0] = 0x01; - password_auth[1] = mSocksUsername.size(); - memcpy(&password_auth[2],mSocksUsername.c_str(), mSocksUsername.size()); - password_auth[mSocksUsername.size()+2] = mSocksPassword.size(); - memcpy(&password_auth[mSocksUsername.size()+3], mSocksPassword.c_str(), mSocksPassword.size()); - - authmethod_password_reply_t password_reply; - - result = tcp_handshake(hProxyControlChannel, password_auth, request_size, (char*)&password_reply, sizeof(authmethod_password_reply_t)); - free (password_auth); - - if (result != 0) - { - llwarns << "Socks authentication failed, error on TCP control channel : " << result << llendl; - stopProxy(); - return SOCKS_CONNECT_ERROR; - } - - if (password_reply.status != AUTH_SUCCESS) - { - llwarns << "Socks authentication failed" << llendl; - stopProxy(); - return SOCKS_AUTH_FAIL; - } - } - - /* SOCKS5 connect request */ - - socks_command_request_t connect_request; - socks_command_response_t connect_reply; - - connect_request.version = SOCKS_VERSION; //Socks V5 - connect_request.command = COMMAND_UDP_ASSOCIATE; // Associate UDP - connect_request.flag = FIELD_RESERVED; - connect_request.atype = ADDRESS_IPV4; - connect_request.address = 0; // 0.0.0.0 We are not fussy about address - // UDP is promiscious receive for our protocol - connect_request.port = 0; // Port must be 0 if you ever want to connect via NAT and your router does port rewrite for you - - result = tcp_handshake(hProxyControlChannel, (char*)&connect_request, sizeof(socks_command_request_t), (char*)&connect_reply, sizeof(socks_command_response_t)); - if (result != 0) - { - llwarns << "Socks connect request failed, error on TCP control channel : " << result << llendl; - stopProxy(); - return SOCKS_CONNECT_ERROR; - } - - if (connect_reply.reply != REPLY_REQUEST_GRANTED) - { - //Something went wrong - llwarns << "Connection to SOCKS5 server failed, UDP forward request not granted" << llendl; - stopProxy(); - return SOCKS_UDP_FWD_NOT_GRANTED; - } - - mUDPProxy.setPort(ntohs(connect_reply.port)); // reply port is in network byte order - mUDPProxy.setAddress(proxy.getAddress()); - // All good now we have been given the UDP port to send requests that need forwarding. - llinfos << "Socks 5 UDP proxy connected on " << mUDPProxy << llendl; - return SOCKS_OK; + int result; + + /* Socks 5 Auth request */ + socks_auth_request_t socks_auth_request; + socks_auth_response_t socks_auth_response; + + socks_auth_request.version = SOCKS_VERSION; // Socks version 5 + socks_auth_request.num_methods = 1; // Sending 1 method + socks_auth_request.methods = mAuthMethodSelected; // send only the selected method + + result = tcp_handshake(mProxyControlChannel, (char*)&socks_auth_request, sizeof(socks_auth_request_t), (char*)&socks_auth_response, sizeof(socks_auth_response_t)); + if (result != 0) + { + llwarns << "Socks authentication request failed, error on TCP control channel : " << result << llendl; + stopProxy(); + return SOCKS_CONNECT_ERROR; + } + + if (socks_auth_response.method == AUTH_NOT_ACCEPTABLE) + { + llwarns << "Socks5 server refused all our authentication methods" << llendl; + stopProxy(); + return SOCKS_NOT_ACCEPTABLE; + } + + // SOCKS5 USERNAME/PASSWORD authentication + if (socks_auth_response.method == METHOD_PASSWORD) + { + // The server has requested a username/password combination + U32 request_size = mSocksUsername.size() + mSocksPassword.size() + 3; + // char * password_auth = (char *)malloc(request_size); + char * password_auth = new char[request_size]; + password_auth[0] = 0x01; + password_auth[1] = mSocksUsername.size(); + memcpy(&password_auth[2], mSocksUsername.c_str(), mSocksUsername.size()); + password_auth[mSocksUsername.size()+2] = mSocksPassword.size(); + memcpy(&password_auth[mSocksUsername.size()+3], mSocksPassword.c_str(), mSocksPassword.size()); + + authmethod_password_reply_t password_reply; + + result = tcp_handshake(mProxyControlChannel, password_auth, request_size, (char*)&password_reply, sizeof(authmethod_password_reply_t)); + delete[] password_auth; + + if (result != 0) + { + llwarns << "Socks authentication failed, error on TCP control channel : " << result << llendl; + stopProxy(); + return SOCKS_CONNECT_ERROR; + } + + if (password_reply.status != AUTH_SUCCESS) + { + llwarns << "Socks authentication failed" << llendl; + stopProxy(); + return SOCKS_AUTH_FAIL; + } + } + + /* SOCKS5 connect request */ + + socks_command_request_t connect_request; + socks_command_response_t connect_reply; + + connect_request.version = SOCKS_VERSION; //Socks V5 + connect_request.command = COMMAND_UDP_ASSOCIATE; // Associate UDP + connect_request.flag = FIELD_RESERVED; + connect_request.atype = ADDRESS_IPV4; + connect_request.address = 0; // 0.0.0.0 We are not fussy about address + // UDP is promiscuous receive for our protocol + connect_request.port = 0; // Port must be 0 if you ever want to connect via NAT and your router does port rewrite for you + + result = tcp_handshake(mProxyControlChannel, (char*)&connect_request, sizeof(socks_command_request_t), (char*)&connect_reply, sizeof(socks_command_response_t)); + if (result != 0) + { + llwarns << "Socks connect request failed, error on TCP control channel : " << result << llendl; + stopProxy(); + return SOCKS_CONNECT_ERROR; + } + + if (connect_reply.reply != REPLY_REQUEST_GRANTED) + { + //Something went wrong + llwarns << "Connection to SOCKS5 server failed, UDP forward request not granted" << llendl; + stopProxy(); + return SOCKS_UDP_FWD_NOT_GRANTED; + } + + mUDPProxy.setPort(ntohs(connect_reply.port)); // reply port is in network byte order + mUDPProxy.setAddress(proxy.getAddress()); + // All good now we have been given the UDP port to send requests that need forwarding. + llinfos << "Socks 5 UDP proxy connected on " << mUDPProxy << llendl; + return SOCKS_OK; } int LLSocks::startProxy(LLHost proxy, U32 message_port) { - int status; - - mTCPProxy = proxy; - - if (hProxyControlChannel) - { - tcp_close_channel(hProxyControlChannel); - hProxyControlChannel=0; - } - - hProxyControlChannel = tcp_open_channel(proxy); - if (hProxyControlChannel == -1) - { - return SOCKS_HOST_CONNECT_FAILED; - } - - status = proxyHandshake(proxy, message_port); - if (status == SOCKS_OK) - { - sUdpProxyEnabled=true; - } - return status; + int status; + + mTCPProxy = proxy; + + if (mProxyControlChannel) + { + tcp_close_channel(mProxyControlChannel); + mProxyControlChannel = 0; + } + + mProxyControlChannel = tcp_open_channel(proxy); + if (mProxyControlChannel == -1) + { + return SOCKS_HOST_CONNECT_FAILED; + } + + status = proxyHandshake(proxy, message_port); + if (status == SOCKS_OK) + { + sUdpProxyEnabled = true; + } + return status; } int LLSocks::startProxy(std::string host, U32 port) { - mTCPProxy.setHostByName(host); - mTCPProxy.setPort(port); - return startProxy(mTCPProxy, (U32)gMessageSystem->mPort); + mTCPProxy.setHostByName(host); + mTCPProxy.setPort(port); + return startProxy(mTCPProxy, (U32)gMessageSystem->mPort); } void LLSocks::stopProxy() { - sUdpProxyEnabled = false; - - // If the Socks proxy is requested to stop and we are using that for http as well - // then we must shut down any http proxy operations. But it is allowable if web - // proxy is being used to continue proxying http. - - if(LLPROXY_SOCKS == mProxyType) - { - sHttpProxyEnabled = false; - } - - if (hProxyControlChannel) - { - tcp_close_channel(hProxyControlChannel); - hProxyControlChannel=0; - } + sUdpProxyEnabled = false; + + // If the Socks proxy is requested to stop and we are using that for http as well + // then we must shut down any http proxy operations. But it is allowable if web + // proxy is being used to continue proxying http. + + if(LLPROXY_SOCKS == mProxyType) + { + sHttpProxyEnabled = false; + } + + if (mProxyControlChannel) + { + tcp_close_channel(mProxyControlChannel); + mProxyControlChannel = 0; + } } void LLSocks::setAuthNone() { - mAuthMethodSelected = METHOD_NOAUTH; + mAuthMethodSelected = METHOD_NOAUTH; } void LLSocks::setAuthPassword(std::string username, std::string password) { - mAuthMethodSelected = METHOD_PASSWORD; - mSocksUsername = username; - mSocksPassword = password; + mAuthMethodSelected = METHOD_PASSWORD; + mSocksUsername = username; + mSocksPassword = password; } -void LLSocks::EnableHttpProxy(LLHost httpHost, LLHttpProxyType type) +void LLSocks::enableHttpProxy(LLHost httpHost, LLHttpProxyType type) { - sHttpProxyEnabled = true; - mHTTPProxy = httpHost; - mProxyType = type; + sHttpProxyEnabled = true; + mHTTPProxy = httpHost; + mProxyType = type; } diff --git a/indra/llmessage/llsocks5.h b/indra/llmessage/llsocks5.h index a78acb8b23..171a933d32 100644 --- a/indra/llmessage/llsocks5.h +++ b/indra/llmessage/llsocks5.h @@ -35,12 +35,12 @@ // Error codes returned from the StartProxy method #define SOCKS_OK 0 -#define SOCKS_CONNECT_ERROR -1 -#define SOCKS_NOT_PERMITTED -2 -#define SOCKS_NOT_ACCEPTABLE -3 -#define SOCKS_AUTH_FAIL -4 -#define SOCKS_UDP_FWD_NOT_GRANTED -5 -#define SOCKS_HOST_CONNECT_FAILED -6 +#define SOCKS_CONNECT_ERROR (-1) +#define SOCKS_NOT_PERMITTED (-2) +#define SOCKS_NOT_ACCEPTABLE (-3) +#define SOCKS_AUTH_FAIL (-4) +#define SOCKS_UDP_FWD_NOT_GRANTED (-5) +#define SOCKS_HOST_CONNECT_FAILED (-6) #ifndef MAXHOSTNAMELEN #define MAXHOSTNAMELEN (255 + 1) /* socks5: 255, +1 for len. */ @@ -56,8 +56,8 @@ // Lets just use our own ipv4 struct rather than dragging in system // specific headers union ipv4_address_t { - unsigned char octects[4]; - U32 addr32; + unsigned char octets[4]; + U32 addr32; }; // Socks 5 control channel commands @@ -86,53 +86,53 @@ union ipv4_address_t { // Socks5 command packet struct socks_command_request_t { - unsigned char version; - unsigned char command; - unsigned char flag; - unsigned char atype; - U32 address; - U16 port; + unsigned char version; + unsigned char command; + unsigned char flag; + unsigned char atype; + U32 address; + U16 port; }; // Standard socks5 reply packet struct socks_command_response_t { - unsigned char version; - unsigned char reply; - unsigned char flag; - unsigned char atype; - unsigned char add_bytes[4]; - U16 port; + unsigned char version; + unsigned char reply; + unsigned char flag; + unsigned char atype; + unsigned char add_bytes[4]; + U16 port; }; -#define AUTH_NOT_ACCEPTABLE 0xFF // reply if prefered methods are not avaiable -#define AUTH_SUCCESS 0x00 // reply if authentication successfull +#define AUTH_NOT_ACCEPTABLE 0xFF // reply if preferred methods are not available +#define AUTH_SUCCESS 0x00 // reply if authentication successful // socks 5 authentication request, stating which methods the client supports struct socks_auth_request_t { - unsigned char version; - unsigned char num_methods; - unsigned char methods; // We are only using a single method currently + unsigned char version; + unsigned char num_methods; + unsigned char methods; // We are only using a single method currently }; // socks 5 authentication response packet, stating server prefered method struct socks_auth_response_t { - unsigned char version; - unsigned char method; + unsigned char version; + unsigned char method; }; // socks 5 password reply packet struct authmethod_password_reply_t { - unsigned char version; - unsigned char status; + unsigned char version; + unsigned char status; }; // socks 5 UDP packet header struct proxywrap_t { - U16 rsv; - U8 frag; - U8 atype; - U32 addr; - U16 port; + U16 rsv; + U8 frag; + U8 atype; + U32 addr; + U16 port; }; #pragma pack(pop) /* restore original alignment from stack */ @@ -141,97 +141,97 @@ struct proxywrap_t { // Currently selected http proxy type enum LLHttpProxyType { - LLPROXY_SOCKS = 0, - LLPROXY_HTTP = 1 + LLPROXY_SOCKS = 0, + LLPROXY_HTTP = 1 }; // Auth types enum LLSocks5AuthType { - METHOD_NOAUTH = 0x00, // Client supports no auth - METHOD_GSSAPI = 0x01, // Client supports GSSAPI (Not currently supported) - METHOD_PASSWORD = 0x02 // Client supports username/password + METHOD_NOAUTH = 0x00, // Client supports no auth + METHOD_GSSAPI = 0x01, // Client supports GSSAPI (Not currently supported) + METHOD_PASSWORD = 0x02 // Client supports username/password }; class LLSocks: public LLSingleton { public: - LLSocks(); + LLSocks(); - // Start a connection to the socks 5 proxy - int startProxy(std::string host,U32 port); - int startProxy(LLHost proxy,U32 messagePort); + // Start a connection to the socks 5 proxy + int startProxy(std::string host,U32 port); + int startProxy(LLHost proxy,U32 messagePort); - // Disconnect and clean up any connection to the socks 5 proxy - void stopProxy(); + // Disconnect and clean up any connection to the socks 5 proxy + void stopProxy(); - // Set up to use Password auth when connecting to the socks proxy - void setAuthPassword(std::string username,std::string password); + // Set up to use Password auth when connecting to the socks proxy + void setAuthPassword(std::string username,std::string password); - // Set up to use No Auth when connecting to the socks proxy; - void setAuthNone(); + // Set up to use No Auth when connecting to the socks proxy + void setAuthNone(); - // get the currently selected auth method - LLSocks5AuthType getSelectedAuthMethod() { return mAuthMethodSelected; }; + // get the currently selected auth method + LLSocks5AuthType getSelectedAuthMethod() const { return mAuthMethodSelected; } - // static check for enabled status for UDP packets - static bool isEnabled(){return sUdpProxyEnabled;}; + // static check for enabled status for UDP packets + static bool isEnabled() { return sUdpProxyEnabled; } - // static check for enabled status for http packets - static bool isHttpProxyEnabled(){return sHttpProxyEnabled;}; + // static check for enabled status for http packets + static bool isHttpProxyEnabled() { return sHttpProxyEnabled; } - // Proxy http packets via httpHost, which can be a Socks5 or a http proxy - // as specified in type - void EnableHttpProxy(LLHost httpHost,LLHttpProxyType type); + // Proxy http packets via httpHost, which can be a Socks5 or a http proxy + // as specified in type + void enableHttpProxy(LLHost httpHost, LLHttpProxyType type); - // Stop proxying http packets - void DisableHttpProxy() {sHttpProxyEnabled = false;}; + // Stop proxying http packets + void disableHttpProxy() { sHttpProxyEnabled = false; }; - // get the UDP proxy address and port - LLHost getUDPProxy(){return mUDPProxy;}; + // Get the UDP proxy address and port + LLHost getUDPProxy() const { return mUDPProxy; } - // get the socks 5 TCP control channel address and port - LLHost getTCPProxy(){return mTCPProxy;}; + // Get the socks 5 TCP control channel address and port + LLHost getTCPProxy() const { return mTCPProxy; } - //get the http proxy address and port - LLHost getHTTPProxy(){return mHTTPProxy;}; + // Get the http proxy address and port + LLHost getHTTPProxy() const { return mHTTPProxy; } - // get the currently selected http proxy type - LLHttpProxyType getHttpProxyType(){return mProxyType;}; + // Get the currently selected http proxy type + LLHttpProxyType getHttpProxyType() const { return mProxyType; } - //Get the username password in a curl compatible format - std::string getProxyUserPwd(){ return (mSocksUsername + ":" + mSocksPassword);}; + // Get the username password in a curl compatible format + std::string getProxyUserPwd() const { return (mSocksUsername + ":" + mSocksPassword); } private: - // Open a communication channel to the socks5 proxy proxy, at port messagePort - int proxyHandshake(LLHost proxy,U32 messagePort); + // Open a communication channel to the socks5 proxy proxy, at port messagePort + int proxyHandshake(LLHost proxy,U32 messagePort); - // socket handle to proxy tcp control channel - S32 hProxyControlChannel; + // socket handle to proxy tcp control channel + S32 mProxyControlChannel; - // is the UDP proxy enabled - static bool sUdpProxyEnabled; - // is the http proxy enabled - static bool sHttpProxyEnabled; + // is the UDP proxy enabled? + static bool sUdpProxyEnabled; + // is the http proxy enabled? + static bool sHttpProxyEnabled; - // currently selected http proxy type - LLHttpProxyType mProxyType; + // currently selected http proxy type + LLHttpProxyType mProxyType; - // UDP proxy address and port - LLHost mUDPProxy; - // TCP Proxy control channel address and port - LLHost mTCPProxy; - // HTTP proxy address and port - LLHost mHTTPProxy; + // UDP proxy address and port + LLHost mUDPProxy; + // TCP Proxy control channel address and port + LLHost mTCPProxy; + // HTTP proxy address and port + LLHost mHTTPProxy; - // socks 5 auth method selected - LLSocks5AuthType mAuthMethodSelected; + // socks 5 auth method selected + LLSocks5AuthType mAuthMethodSelected; - // socks 5 username - std::string mSocksUsername; - // socks 5 password - std::string mSocksPassword; + // socks 5 username + std::string mSocksUsername; + // socks 5 password + std::string mSocksPassword; }; #endif diff --git a/indra/llmessage/net.cpp b/indra/llmessage/net.cpp index ab5c1950c6..a51d80ff48 100644 --- a/indra/llmessage/net.cpp +++ b/indra/llmessage/net.cpp @@ -175,7 +175,7 @@ U32 ip_string_to_u32(const char* ip_string) // use wildcard addresses. -Ambroff U32 ip = inet_addr(ip_string); if (ip == INADDR_NONE - && strncmp(ip_string, BROADCAST_ADDRESS_STRING, MAXADDRSTR) != 0) + && strncmp(ip_string, BROADCAST_ADDRESS_STRING, MAXADDRSTR) != 0) { llwarns << "ip_string_to_u32() failed, Error: Invalid IP string '" << ip_string << "'" << llendl; return INVALID_HOST_IP_ADDRESS; @@ -220,9 +220,10 @@ S32 tcp_open_channel(LLHost host) S32 handle; handle = socket(AF_INET, SOCK_STREAM, 0); - if (!handle) + if (INVALID_SOCKET == handle) { - llwarns << "Error opening TCP control socket, socket() returned " << handle << llendl; + llwarns << "Error opening TCP control socket, socket() returned " + << WSAGetLastError() << ", " << DecodeError(WSAGetLastError()) << llendl; return -1; } @@ -232,15 +233,15 @@ S32 tcp_open_channel(LLHost host) address.sin_addr.s_addr = host.getAddress(); // Non blocking - WSAEVENT hEvent=WSACreateEvent(); + WSAEVENT hEvent = WSACreateEvent(); WSAEventSelect(handle, hEvent, FD_CONNECT) ; connect(handle, (struct sockaddr*)&address, sizeof(address)) ; - // Wait fot 5 seconds, if we can't get a TCP channel open in this + // Wait for 5 seconds, if we can't get a TCP channel open in this // time frame then there is something badly wrong. - WaitForSingleObject(hEvent, 1000*5); // 5 seconds time out + WaitForSingleObject(hEvent, 1000 * 5); // 5 seconds time out WSANETWORKEVENTS netevents; - WSAEnumNetworkEvents(handle,hEvent,&netevents); + WSAEnumNetworkEvents(handle, hEvent, &netevents); // Check the async event status to see if we connected if ((netevents.lNetworkEvents & FD_CONNECT) == FD_CONNECT) @@ -249,6 +250,7 @@ S32 tcp_open_channel(LLHost host) { llwarns << "Unable to open TCP channel, WSA returned an error code of " << netevents.iErrorCode[FD_CONNECT_BIT] << llendl; WSACloseEvent(hEvent); + tcp_close_channel(handle); return -1; } @@ -264,6 +266,7 @@ S32 tcp_open_channel(LLHost host) } llwarns << "Unable to open TCP channel, Timeout is the host up?" << netevents.iErrorCode[FD_CONNECT_BIT] << llendl; + tcp_close_channel(handle); return -1; } @@ -277,7 +280,7 @@ void tcp_close_channel(S32 handle) S32 start_net(S32& socket_out, int& nPort) { // Create socket, make non-blocking - // Init WinSock + // Init WinSock int nRet; int hSocket; @@ -286,7 +289,7 @@ S32 start_net(S32& socket_out, int& nPort) int buff_size = 4; // Initialize windows specific stuff - if(WSAStartup(0x0202, &stWSAData)) + if (WSAStartup(0x0202, &stWSAData)) { S32 err = WSAGetLastError(); WSACleanup(); @@ -295,8 +298,8 @@ S32 start_net(S32& socket_out, int& nPort) } // Get a datagram socket - hSocket = (int)socket(AF_INET, SOCK_DGRAM, 0); - if (hSocket == INVALID_SOCKET) + hSocket = (int)socket(AF_INET, SOCK_DGRAM, 0); + if (hSocket == INVALID_SOCKET) { S32 err = WSAGetLastError(); WSACleanup(); @@ -389,7 +392,7 @@ S32 start_net(S32& socket_out, int& nPort) // Setup a destination address stDstAddr.sin_family = AF_INET; stDstAddr.sin_addr.s_addr = INVALID_HOST_IP_ADDRESS; - stDstAddr.sin_port = htons(nPort); + stDstAddr.sin_port = htons(nPort); socket_out = hSocket; return 0; @@ -492,9 +495,9 @@ S32 tcp_open_channel(LLHost host) { S32 handle; handle = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); - if (!handle) + if (-1 == handle) { - llwarns << "Error opening TCP control socket, socket() returned " << handle << llendl; + llwarns << "Error opening TCP control socket, socket() returned " << handle << "error code: " << errno << llendl; return -1; } @@ -511,6 +514,7 @@ S32 tcp_open_channel(LLHost host) if (error && (errno != EINPROGRESS)) { llwarns << "Unable to open TCP channel, error code: " << errno << llendl; + tcp_close_channel(handle); return -1; } @@ -521,12 +525,13 @@ S32 tcp_open_channel(LLHost host) FD_ZERO(&fds); FD_SET(handle, &fds); - // See if we have connectde or time out after 5 seconds - U32 rc = select(sizeof(fds)*8, NULL, &fds, NULL, &timeout); + // See if we have connected or time out after 5 seconds + S32 rc = select(sizeof(fds)*8, NULL, &fds, NULL, &timeout); if (rc != 1) // we require exactly one descriptor to be set { llwarns << "Unable to open TCP channel" << llendl; + tcp_close_channel(handle); return -1; } @@ -549,10 +554,10 @@ S32 start_net(S32& socket_out, int& nPort) int rec_size = RECEIVE_BUFFER_SIZE; socklen_t buff_size = 4; - + // Create socket - hSocket = socket(AF_INET, SOCK_DGRAM, 0); - if (hSocket < 0) + hSocket = socket(AF_INET, SOCK_DGRAM, 0); + if (hSocket < 0) { llwarns << "socket() failed" << llendl; return 1; @@ -585,7 +590,7 @@ S32 start_net(S32& socket_out, int& nPort) } else { - // Name the socket (assign the local port number to receive on) + // Name the socket (assign the local port number to receive on) stLclAddr.sin_family = AF_INET; stLclAddr.sin_addr.s_addr = htonl(INADDR_ANY); stLclAddr.sin_port = htons(nPort); @@ -630,7 +635,7 @@ S32 start_net(S32& socket_out, int& nPort) nPort = attempt_port; } // Set socket to be non-blocking - fcntl(hSocket, F_SETFL, O_NONBLOCK); + fcntl(hSocket, F_SETFL, O_NONBLOCK); // set a large receive buffer nRet = setsockopt(hSocket, SOL_SOCKET, SO_RCVBUF, (char *)&rec_size, buff_size); if (nRet) @@ -666,8 +671,8 @@ S32 start_net(S32& socket_out, int& nPort) // Setup a destination address char achMCAddr[MAXADDRSTR] = "127.0.0.1"; /* Flawfinder: ignore */ stDstAddr.sin_family = AF_INET; - stDstAddr.sin_addr.s_addr = ip_string_to_u32(achMCAddr); - stDstAddr.sin_port = htons(nPort); + stDstAddr.sin_addr.s_addr = ip_string_to_u32(achMCAddr); + stDstAddr.sin_port = htons(nPort); socket_out = hSocket; return 0; @@ -693,7 +698,7 @@ static int recvfrom_destip( int socket, void *buf, int len, struct sockaddr *fro iov[0].iov_base = buf; iov[0].iov_len = len; - memset( &msg, 0, sizeof msg ); + memset(&msg, 0, sizeof msg); msg.msg_name = from; msg.msg_namelen = *fromlen; msg.msg_iov = iov; @@ -701,14 +706,14 @@ static int recvfrom_destip( int socket, void *buf, int len, struct sockaddr *fro msg.msg_control = &cmsg; msg.msg_controllen = sizeof(cmsg); - size = recvmsg( socket, &msg, 0 ); + size = recvmsg(socket, &msg, 0); - if( size == -1 ) + if (size == -1) { return -1; } - for( cmsgptr = CMSG_FIRSTHDR(&msg); cmsgptr != NULL; cmsgptr = CMSG_NXTHDR( &msg, cmsgptr ) ) + for (cmsgptr = CMSG_FIRSTHDR(&msg); cmsgptr != NULL; cmsgptr = CMSG_NXTHDR( &msg, cmsgptr)) { if( cmsgptr->cmsg_level == SOL_IP && cmsgptr->cmsg_type == IP_PKTINFO ) { @@ -806,7 +811,7 @@ BOOL send_packet(int hSocket, const char * sendBuffer, int size, U32 recipient, } } } - while ( resend && send_attempts < 3); + while (resend && send_attempts < 3); if (send_attempts >= 3) { diff --git a/indra/llmessage/net.h b/indra/llmessage/net.h index d93ed20c98..047e8ce646 100644 --- a/indra/llmessage/net.h +++ b/indra/llmessage/net.h @@ -46,10 +46,10 @@ S32 receive_packet(int hSocket, char * receiveBuffer); BOOL send_packet(int hSocket, const char *sendBuffer, int size, U32 recipient, int nPort); // Returns TRUE on success. //void get_sender(char * tmp); -LLHost get_sender(); +LLHost get_sender(); U32 get_sender_port(); U32 get_sender_ip(void); -LLHost get_receiving_interface(); +LLHost get_receiving_interface(); U32 get_receiving_interface_ip(void); // Some helpful tcp functions added for the socks 5 proxy support -- cgit v1.2.3 From 20100ba38c6d3fa16ab11be2ed326ab0964c4c21 Mon Sep 17 00:00:00 2001 From: Logan Dethrow Date: Tue, 21 Jun 2011 17:09:12 -0400 Subject: Refactored SOCKS 5 handshake to use existing LLSocket class. --- indra/llmessage/llcurl.cpp | 8 +- indra/llmessage/llsocks5.cpp | 73 +++++++-------- indra/llmessage/llsocks5.h | 129 ++++++++++++------------- indra/llmessage/net.cpp | 219 ++++++++++++------------------------------- indra/llmessage/net.h | 11 ++- 5 files changed, 171 insertions(+), 269 deletions(-) (limited to 'indra/llmessage') diff --git a/indra/llmessage/llcurl.cpp b/indra/llmessage/llcurl.cpp index 9c507517c7..32dd438e68 100644 --- a/indra/llmessage/llcurl.cpp +++ b/indra/llmessage/llcurl.cpp @@ -359,13 +359,13 @@ LLCurl::Easy* LLCurl::Easy::getEasy() check_curl_code(result); //Set the CURL options for either Socks or HTTP proxy - if (LLSocks::getInstance()->isHttpProxyEnabled()) + if (LLSocks::getInstance()->isHTTPProxyEnabled()) { std::string address = LLSocks::getInstance()->getHTTPProxy().getIPString(); U16 port = LLSocks::getInstance()->getHTTPProxy().getPort(); curl_easy_setopt(easy->mCurlEasyHandle, CURLOPT_PROXY,address.c_str()); curl_easy_setopt(easy->mCurlEasyHandle, CURLOPT_PROXYPORT,port); - if (LLSocks::getInstance()->getHttpProxyType() == LLPROXY_SOCKS) + if (LLSocks::getInstance()->getHTTPProxyType() == LLPROXY_SOCKS) { curl_easy_setopt(easy->mCurlEasyHandle, CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5); if(LLSocks::getInstance()->getSelectedAuthMethod()==METHOD_PASSWORD) @@ -557,13 +557,13 @@ void LLCurl::Easy::prepRequest(const std::string& url, //setopt(CURLOPT_VERBOSE, 1); // usefull for debugging setopt(CURLOPT_NOSIGNAL, 1); - if (LLSocks::getInstance()->isHttpProxyEnabled()) + if (LLSocks::getInstance()->isHTTPProxyEnabled()) { std::string address = LLSocks::getInstance()->getHTTPProxy().getIPString(); U16 port = LLSocks::getInstance()->getHTTPProxy().getPort(); setoptString(CURLOPT_PROXY, address.c_str()); setopt(CURLOPT_PROXYPORT, port); - if (LLSocks::getInstance()->getHttpProxyType() == LLPROXY_SOCKS) + if (LLSocks::getInstance()->getHTTPProxyType() == LLPROXY_SOCKS) { setopt(CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5); if(LLSocks::getInstance()->getSelectedAuthMethod()==METHOD_PASSWORD) diff --git a/indra/llmessage/llsocks5.cpp b/indra/llmessage/llsocks5.cpp index 7eac27d4bb..27a31e35b3 100644 --- a/indra/llmessage/llsocks5.cpp +++ b/indra/llmessage/llsocks5.cpp @@ -1,6 +1,6 @@ /** * @file llsocks5.cpp - * @brief Socks 5 implementation + * @brief SOCKS 5 implementation * * $LicenseInfo:firstyear=2011&license=viewerlgpl$ * Second Life Viewer Source Code @@ -37,52 +37,51 @@ // We want this to be static to avoid excessive indirection on every // incoming packet just to do a simple bool test. The getter for this // member is also static -bool LLSocks::sUdpProxyEnabled; -bool LLSocks::sHttpProxyEnabled; +bool LLSocks::sUDPProxyEnabled; +bool LLSocks::sHTTPProxyEnabled; LLSocks::LLSocks() { - sUdpProxyEnabled = false; - sHttpProxyEnabled = false; - mProxyControlChannel = 0; + sUDPProxyEnabled = false; + sHTTPProxyEnabled = false; + mProxyControlChannel.reset(); mProxyType = LLPROXY_SOCKS; } -// Perform a Socks5 authentication and UDP association to the proxy +// Perform a SOCKS 5 authentication and UDP association to the proxy // specified by proxy, and associate UDP port message_port int LLSocks::proxyHandshake(LLHost proxy, U32 message_port) { int result; - /* Socks 5 Auth request */ + /* SOCKS 5 Auth request */ socks_auth_request_t socks_auth_request; socks_auth_response_t socks_auth_response; - socks_auth_request.version = SOCKS_VERSION; // Socks version 5 - socks_auth_request.num_methods = 1; // Sending 1 method - socks_auth_request.methods = mAuthMethodSelected; // send only the selected method + socks_auth_request.version = SOCKS_VERSION; // SOCKS version 5 + socks_auth_request.num_methods = 1; // Sending 1 method. + socks_auth_request.methods = mAuthMethodSelected; // Send only the selected method. result = tcp_handshake(mProxyControlChannel, (char*)&socks_auth_request, sizeof(socks_auth_request_t), (char*)&socks_auth_response, sizeof(socks_auth_response_t)); if (result != 0) { - llwarns << "Socks authentication request failed, error on TCP control channel : " << result << llendl; + llwarns << "SOCKS authentication request failed, error on TCP control channel : " << result << llendl; stopProxy(); return SOCKS_CONNECT_ERROR; } if (socks_auth_response.method == AUTH_NOT_ACCEPTABLE) { - llwarns << "Socks5 server refused all our authentication methods" << llendl; + llwarns << "SOCKS 5 server refused all our authentication methods" << llendl; stopProxy(); return SOCKS_NOT_ACCEPTABLE; } - // SOCKS5 USERNAME/PASSWORD authentication + // SOCKS 5 USERNAME/PASSWORD authentication if (socks_auth_response.method == METHOD_PASSWORD) { // The server has requested a username/password combination U32 request_size = mSocksUsername.size() + mSocksPassword.size() + 3; - // char * password_auth = (char *)malloc(request_size); char * password_auth = new char[request_size]; password_auth[0] = 0x01; password_auth[1] = mSocksUsername.size(); @@ -97,14 +96,14 @@ int LLSocks::proxyHandshake(LLHost proxy, U32 message_port) if (result != 0) { - llwarns << "Socks authentication failed, error on TCP control channel : " << result << llendl; + llwarns << "SOCKS authentication failed, error on TCP control channel : " << result << llendl; stopProxy(); return SOCKS_CONNECT_ERROR; } if (password_reply.status != AUTH_SUCCESS) { - llwarns << "Socks authentication failed" << llendl; + llwarns << "SOCKS authentication failed" << llendl; stopProxy(); return SOCKS_AUTH_FAIL; } @@ -115,18 +114,19 @@ int LLSocks::proxyHandshake(LLHost proxy, U32 message_port) socks_command_request_t connect_request; socks_command_response_t connect_reply; - connect_request.version = SOCKS_VERSION; //Socks V5 - connect_request.command = COMMAND_UDP_ASSOCIATE; // Associate UDP - connect_request.flag = FIELD_RESERVED; - connect_request.atype = ADDRESS_IPV4; - connect_request.address = 0; // 0.0.0.0 We are not fussy about address - // UDP is promiscuous receive for our protocol - connect_request.port = 0; // Port must be 0 if you ever want to connect via NAT and your router does port rewrite for you + connect_request.version = SOCKS_VERSION; // SOCKS V5 + connect_request.command = COMMAND_UDP_ASSOCIATE; // Associate UDP + connect_request.reserved = FIELD_RESERVED; + connect_request.atype = ADDRESS_IPV4; + connect_request.address = htonl(0); // 0.0.0.0 + connect_request.port = htons(0); // 0 + // "If the client is not in possesion of the information at the time of the UDP ASSOCIATE, + // the client MUST use a port number and address of all zeros. RFC 1928" result = tcp_handshake(mProxyControlChannel, (char*)&connect_request, sizeof(socks_command_request_t), (char*)&connect_reply, sizeof(socks_command_response_t)); if (result != 0) { - llwarns << "Socks connect request failed, error on TCP control channel : " << result << llendl; + llwarns << "SOCKS connect request failed, error on TCP control channel : " << result << llendl; stopProxy(); return SOCKS_CONNECT_ERROR; } @@ -134,7 +134,7 @@ int LLSocks::proxyHandshake(LLHost proxy, U32 message_port) if (connect_reply.reply != REPLY_REQUEST_GRANTED) { //Something went wrong - llwarns << "Connection to SOCKS5 server failed, UDP forward request not granted" << llendl; + llwarns << "Connection to SOCKS 5 server failed, UDP forward request not granted" << llendl; stopProxy(); return SOCKS_UDP_FWD_NOT_GRANTED; } @@ -142,7 +142,7 @@ int LLSocks::proxyHandshake(LLHost proxy, U32 message_port) mUDPProxy.setPort(ntohs(connect_reply.port)); // reply port is in network byte order mUDPProxy.setAddress(proxy.getAddress()); // All good now we have been given the UDP port to send requests that need forwarding. - llinfos << "Socks 5 UDP proxy connected on " << mUDPProxy << llendl; + llinfos << "SOCKS 5 UDP proxy connected on " << mUDPProxy << llendl; return SOCKS_OK; } @@ -155,19 +155,17 @@ int LLSocks::startProxy(LLHost proxy, U32 message_port) if (mProxyControlChannel) { tcp_close_channel(mProxyControlChannel); - mProxyControlChannel = 0; } - mProxyControlChannel = tcp_open_channel(proxy); - if (mProxyControlChannel == -1) + mProxyControlChannel = tcp_open_channel(mTCPProxy); + if (!mProxyControlChannel) { return SOCKS_HOST_CONNECT_FAILED; } - status = proxyHandshake(proxy, message_port); if (status == SOCKS_OK) { - sUdpProxyEnabled = true; + sUDPProxyEnabled = true; } return status; } @@ -181,21 +179,20 @@ int LLSocks::startProxy(std::string host, U32 port) void LLSocks::stopProxy() { - sUdpProxyEnabled = false; + sUDPProxyEnabled = false; - // If the Socks proxy is requested to stop and we are using that for http as well + // If the SOCKS proxy is requested to stop and we are using that for http as well // then we must shut down any http proxy operations. But it is allowable if web // proxy is being used to continue proxying http. if(LLPROXY_SOCKS == mProxyType) { - sHttpProxyEnabled = false; + sHTTPProxyEnabled = false; } if (mProxyControlChannel) { tcp_close_channel(mProxyControlChannel); - mProxyControlChannel = 0; } } @@ -211,9 +208,9 @@ void LLSocks::setAuthPassword(std::string username, std::string password) mSocksPassword = password; } -void LLSocks::enableHttpProxy(LLHost httpHost, LLHttpProxyType type) +void LLSocks::enableHTTPProxy(LLHost httpHost, LLHttpProxyType type) { - sHttpProxyEnabled = true; + sHTTPProxyEnabled = true; mHTTPProxy = httpHost; mProxyType = type; } diff --git a/indra/llmessage/llsocks5.h b/indra/llmessage/llsocks5.h index 171a933d32..43a7c82fea 100644 --- a/indra/llmessage/llsocks5.h +++ b/indra/llmessage/llsocks5.h @@ -46,9 +46,9 @@ #define MAXHOSTNAMELEN (255 + 1) /* socks5: 255, +1 for len. */ #endif -#define SOCKS_VERSION 0x05 // we are using socks 5 +#define SOCKS_VERSION 0x05 // we are using SOCKS 5 -// socks 5 address/hostname types +// SOCKS 5 address/hostname types #define ADDRESS_IPV4 0x01 #define ADDRESS_HOSTNAME 0x03 #define ADDRESS_IPV6 0x04 @@ -56,16 +56,16 @@ // Lets just use our own ipv4 struct rather than dragging in system // specific headers union ipv4_address_t { - unsigned char octets[4]; - U32 addr32; + U8 octets[4]; + U32 addr32; }; -// Socks 5 control channel commands +// SOCKS 5 control channel commands #define COMMAND_TCP_STREAM 0x01 #define COMMAND_TCP_BIND 0x02 #define COMMAND_UDP_ASSOCIATE 0x03 -// Socks 5 command replys +// SOCKS 5 command replies #define REPLY_REQUEST_GRANTED 0x00 #define REPLY_GENERAL_FAIL 0x01 #define REPLY_RULESET_FAIL 0x02 @@ -78,61 +78,61 @@ union ipv4_address_t { #define FIELD_RESERVED 0x00 -// The standard socks5 request packet +// The standard SOCKS 5 request packet // Push current alignment to stack and set alignment to 1 byte boundary // This enabled us to use structs directly to set up and receive network packets // into the correct fields, without fear of boundary alignment causing issues #pragma pack(push,1) -// Socks5 command packet +// SOCKS 5 command packet struct socks_command_request_t { - unsigned char version; - unsigned char command; - unsigned char flag; - unsigned char atype; - U32 address; - U16 port; + U8 version; + U8 command; + U8 reserved; + U8 atype; + U32 address; + U16 port; }; -// Standard socks5 reply packet +// Standard SOCKS 5 reply packet struct socks_command_response_t { - unsigned char version; - unsigned char reply; - unsigned char flag; - unsigned char atype; - unsigned char add_bytes[4]; - U16 port; + U8 version; + U8 reply; + U8 reserved; + U8 atype; + U8 add_bytes[4]; + U16 port; }; #define AUTH_NOT_ACCEPTABLE 0xFF // reply if preferred methods are not available #define AUTH_SUCCESS 0x00 // reply if authentication successful -// socks 5 authentication request, stating which methods the client supports +// SOCKS 5 authentication request, stating which methods the client supports struct socks_auth_request_t { - unsigned char version; - unsigned char num_methods; - unsigned char methods; // We are only using a single method currently + U8 version; + U8 num_methods; + U8 methods; // We are only using a single method currently }; -// socks 5 authentication response packet, stating server prefered method +// SOCKS 5 authentication response packet, stating server preferred method struct socks_auth_response_t { - unsigned char version; - unsigned char method; + U8 version; + U8 method; }; -// socks 5 password reply packet +// SOCKS 5 password reply packet struct authmethod_password_reply_t { - unsigned char version; - unsigned char status; + U8 version; + U8 status; }; -// socks 5 UDP packet header +// SOCKS 5 UDP packet header struct proxywrap_t { - U16 rsv; - U8 frag; - U8 atype; - U32 addr; - U16 port; + U16 rsv; + U8 frag; + U8 atype; + U32 addr; + U16 port; }; #pragma pack(pop) /* restore original alignment from stack */ @@ -158,62 +158,62 @@ class LLSocks: public LLSingleton public: LLSocks(); - // Start a connection to the socks 5 proxy - int startProxy(std::string host,U32 port); - int startProxy(LLHost proxy,U32 messagePort); + // Start a connection to the SOCKS 5 proxy + int startProxy(std::string host, U32 port); + int startProxy(LLHost proxy, U32 messagePort); - // Disconnect and clean up any connection to the socks 5 proxy + // Disconnect and clean up any connection to the SOCKS 5 proxy void stopProxy(); - // Set up to use Password auth when connecting to the socks proxy - void setAuthPassword(std::string username,std::string password); + // Set up to use Password auth when connecting to the SOCKS proxy + void setAuthPassword(std::string username, std::string password); - // Set up to use No Auth when connecting to the socks proxy + // Set up to use No Auth when connecting to the SOCKS proxy void setAuthNone(); // get the currently selected auth method LLSocks5AuthType getSelectedAuthMethod() const { return mAuthMethodSelected; } // static check for enabled status for UDP packets - static bool isEnabled() { return sUdpProxyEnabled; } + static bool isEnabled() { return sUDPProxyEnabled; } // static check for enabled status for http packets - static bool isHttpProxyEnabled() { return sHttpProxyEnabled; } + static bool isHTTPProxyEnabled() { return sHTTPProxyEnabled; } - // Proxy http packets via httpHost, which can be a Socks5 or a http proxy + // Proxy HTTP packets via httpHost, which can be a SOCKS 5 or a HTTP proxy // as specified in type - void enableHttpProxy(LLHost httpHost, LLHttpProxyType type); + void enableHTTPProxy(LLHost httpHost, LLHttpProxyType type); - // Stop proxying http packets - void disableHttpProxy() { sHttpProxyEnabled = false; }; + // Stop proxying HTTP packets + void disableHTTPProxy() { sHTTPProxyEnabled = false; }; // Get the UDP proxy address and port LLHost getUDPProxy() const { return mUDPProxy; } - // Get the socks 5 TCP control channel address and port + // Get the SOCKS 5 TCP control channel address and port LLHost getTCPProxy() const { return mTCPProxy; } - // Get the http proxy address and port + // Get the HTTP proxy address and port LLHost getHTTPProxy() const { return mHTTPProxy; } - // Get the currently selected http proxy type - LLHttpProxyType getHttpProxyType() const { return mProxyType; } + // Get the currently selected HTTP proxy type + LLHttpProxyType getHTTPProxyType() const { return mProxyType; } // Get the username password in a curl compatible format std::string getProxyUserPwd() const { return (mSocksUsername + ":" + mSocksPassword); } private: - // Open a communication channel to the socks5 proxy proxy, at port messagePort - int proxyHandshake(LLHost proxy,U32 messagePort); + // Open a communication channel to the SOCKS 5 proxy proxy, at port messagePort + int proxyHandshake(LLHost proxy, U32 messagePort); - // socket handle to proxy tcp control channel - S32 mProxyControlChannel; + // socket handle to proxy TCP control channel + LLSocket::ptr_t mProxyControlChannel; // is the UDP proxy enabled? - static bool sUdpProxyEnabled; + static bool sUDPProxyEnabled; // is the http proxy enabled? - static bool sHttpProxyEnabled; + static bool sHTTPProxyEnabled; // currently selected http proxy type LLHttpProxyType mProxyType; @@ -225,13 +225,16 @@ private: // HTTP proxy address and port LLHost mHTTPProxy; - // socks 5 auth method selected + // SOCKS 5 auth method selected LLSocks5AuthType mAuthMethodSelected; - // socks 5 username + // SOCKS 5 username std::string mSocksUsername; - // socks 5 password + // SOCKS 5 password std::string mSocksPassword; + + // APR pool for the socket + apr_pool_t* mPool; }; #endif diff --git a/indra/llmessage/net.cpp b/indra/llmessage/net.cpp index a51d80ff48..366a1835ca 100644 --- a/indra/llmessage/net.cpp +++ b/indra/llmessage/net.cpp @@ -189,93 +189,6 @@ U32 ip_string_to_u32(const char* ip_string) ////////////////////////////////////////////////////////////////////////////////////////// #if LL_WINDOWS - -int tcp_handshake(S32 handle, char * dataout, int outlen, char * datain, int maxinlen) -{ - int result; - result = send(handle, dataout, outlen, 0); - if (result != outlen) - { - S32 err = WSAGetLastError(); - llwarns << "Error sending data to proxy control channel, number of bytes sent were " << result << " error code was " << err << llendl; - return -1; - } - - result = recv(handle, datain, maxinlen, 0); - if (result != maxinlen) - { - S32 err = WSAGetLastError(); - llwarns << "Error receiving data from proxy control channel, number of bytes received were " << result << " error code was " << err << llendl; - return -1; - } - - return 0; -} - -S32 tcp_open_channel(LLHost host) -{ - // Open a TCP channel - // Jump through some hoops to ensure that if the request hosts is down - // or not reachable connect() does not block - - S32 handle; - handle = socket(AF_INET, SOCK_STREAM, 0); - if (INVALID_SOCKET == handle) - { - llwarns << "Error opening TCP control socket, socket() returned " - << WSAGetLastError() << ", " << DecodeError(WSAGetLastError()) << llendl; - return -1; - } - - struct sockaddr_in address; - address.sin_port = htons(host.getPort()); - address.sin_family = AF_INET; - address.sin_addr.s_addr = host.getAddress(); - - // Non blocking - WSAEVENT hEvent = WSACreateEvent(); - WSAEventSelect(handle, hEvent, FD_CONNECT) ; - connect(handle, (struct sockaddr*)&address, sizeof(address)) ; - // Wait for 5 seconds, if we can't get a TCP channel open in this - // time frame then there is something badly wrong. - WaitForSingleObject(hEvent, 1000 * 5); // 5 seconds time out - - WSANETWORKEVENTS netevents; - WSAEnumNetworkEvents(handle, hEvent, &netevents); - - // Check the async event status to see if we connected - if ((netevents.lNetworkEvents & FD_CONNECT) == FD_CONNECT) - { - if (netevents.iErrorCode[FD_CONNECT_BIT] != 0) - { - llwarns << "Unable to open TCP channel, WSA returned an error code of " << netevents.iErrorCode[FD_CONNECT_BIT] << llendl; - WSACloseEvent(hEvent); - tcp_close_channel(handle); - return -1; - } - - // Now we are connected disable non blocking - // we don't need support an async interface as - // currently our only consumer (socks5) will make one round - // of packets then just hold the connection open - WSAEventSelect(handle, hEvent, NULL) ; - unsigned long NonBlock = 0; - ioctlsocket(handle, FIONBIO, &NonBlock); - - return handle; - } - - llwarns << "Unable to open TCP channel, Timeout is the host up?" << netevents.iErrorCode[FD_CONNECT_BIT] << llendl; - tcp_close_channel(handle); - return -1; -} - -void tcp_close_channel(S32 handle) -{ - llinfos << "Closing TCP channel" << llendl; - shutdown(handle, SD_BOTH); - closesocket(handle); -} S32 start_net(S32& socket_out, int& nPort) { @@ -473,79 +386,6 @@ BOOL send_packet(int hSocket, const char *sendBuffer, int size, U32 recipient, i #else - -int tcp_handshake(S32 handle, char * dataout, int outlen, char * datain, int maxinlen) -{ - if (send(handle, dataout, outlen, 0) != outlen) - { - llwarns << "Error sending data to proxy control channel" << llendl; - return -1; - } - - if (recv(handle, datain, maxinlen, 0) != maxinlen) - { - llwarns << "Error receiving data to proxy control channel" << llendl; - return -1; - } - - return 0; -} - -S32 tcp_open_channel(LLHost host) -{ - S32 handle; - handle = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); - if (-1 == handle) - { - llwarns << "Error opening TCP control socket, socket() returned " << handle << "error code: " << errno << llendl; - return -1; - } - - struct sockaddr_in address; - address.sin_port = htons(host.getPort()); - address.sin_family = AF_INET; - address.sin_addr.s_addr = host.getAddress(); - - // Set the socket to non blocking for the connect() - int flags = fcntl(handle, F_GETFL, 0); - fcntl(handle, F_SETFL, flags | O_NONBLOCK); - - S32 error = connect(handle, (sockaddr*)&address, sizeof(address)); - if (error && (errno != EINPROGRESS)) - { - llwarns << "Unable to open TCP channel, error code: " << errno << llendl; - tcp_close_channel(handle); - return -1; - } - - struct timeval timeout; - timeout.tv_sec = 5; // Maximum time to wait for the connect() to complete - timeout.tv_usec = 0; - fd_set fds; - FD_ZERO(&fds); - FD_SET(handle, &fds); - - // See if we have connected or time out after 5 seconds - S32 rc = select(sizeof(fds)*8, NULL, &fds, NULL, &timeout); - - if (rc != 1) // we require exactly one descriptor to be set - { - llwarns << "Unable to open TCP channel" << llendl; - tcp_close_channel(handle); - return -1; - } - - // Return the socket to blocking operations - fcntl(handle, F_SETFL, flags); - - return handle; -} - -void tcp_close_channel(S32 handle) -{ - close(handle); -} - // Create socket, make non-blocking S32 start_net(S32& socket_out, int& nPort) { @@ -824,4 +664,63 @@ BOOL send_packet(int hSocket, const char * sendBuffer, int size, U32 recipient, #endif +int tcp_handshake(LLSocket::ptr_t handle, char * dataout, apr_size_t outlen, char * datain, apr_size_t maxinlen) +{ + apr_socket_t* apr_socket = handle->getSocket(); + apr_status_t rv; + + apr_size_t expected_len = outlen; + + apr_socket_opt_set(apr_socket, APR_SO_NONBLOCK, -5); // Blocking connection, 5 second timeout + apr_socket_timeout_set(apr_socket, (APR_USEC_PER_SEC * 5)); + + rv = apr_socket_send(apr_socket, dataout, &outlen); + if (rv != APR_SUCCESS || expected_len != outlen) + { + llwarns << "Error sending data to proxy control channel" << llendl; + ll_apr_warn_status(rv); + return -1; + } + + expected_len = maxinlen; + do + { + rv = apr_socket_recv(apr_socket, datain, &maxinlen); + llinfos << "Receiving packets." << llendl; + llwarns << "Proxy control channel status: " << rv << llendl; + } while (APR_STATUS_IS_EAGAIN(rv)); + + if (rv != APR_SUCCESS) + { + llwarns << "Error receiving data from proxy control channel, status: " << rv << llendl; + llwarns << "Received " << maxinlen << " bytes." << llendl; + ll_apr_warn_status(rv); + return rv; + } + else if (expected_len != maxinlen) + { + llwarns << "Incorrect data received length in proxy control channel" << llendl; + return -1; + } + + return 0; +} + +LLSocket::ptr_t tcp_open_channel(LLHost host) +{ + LLSocket::ptr_t socket = LLSocket::create(gAPRPoolp, LLSocket::STREAM_TCP); + bool connected = socket->blockingConnect(host); + if (!connected) + { + tcp_close_channel(socket); + } + + return socket; +} + +void tcp_close_channel(LLSocket::ptr_t handle) +{ + handle.reset(); +} + //EOF diff --git a/indra/llmessage/net.h b/indra/llmessage/net.h index 047e8ce646..0d91cf2a2f 100644 --- a/indra/llmessage/net.h +++ b/indra/llmessage/net.h @@ -27,6 +27,9 @@ #ifndef LL_NET_H #define LL_NET_H +#include "lliosocket.h" +#include "llapr.h" + class LLTimer; class LLHost; @@ -52,10 +55,10 @@ U32 get_sender_ip(void); LLHost get_receiving_interface(); U32 get_receiving_interface_ip(void); -// Some helpful tcp functions added for the socks 5 proxy support -S32 tcp_open_channel(LLHost host); // Open a tcp channel to a given host -void tcp_close_channel(S32 handle); // Close an open tcp channel -int tcp_handshake(S32 handle, char * dataout, int outlen, char * datain, int maxinlen); // Do a TCP data handshake +// Some helpful TCP functions +LLSocket::ptr_t tcp_open_channel(LLHost host); // Open a TCP channel to a given host +void tcp_close_channel(LLSocket::ptr_t handle); // Close an open TCP channel +int tcp_handshake(LLSocket::ptr_t handle, char * dataout, apr_size_t outlen, char * datain, apr_size_t maxinlen); // Do a TCP data handshake const char* u32_to_ip_string(U32 ip); // Returns pointer to internal string buffer, "(bad IP addr)" on failure, cannot nest calls char* u32_to_ip_string(U32 ip, char *ip_string); // NULL on failure, ip_string on success, you must allocate at least MAXADDRSTR chars -- cgit v1.2.3 From f91d40c25949ee8c5b1d5c1babab62d6dd90d0c8 Mon Sep 17 00:00:00 2001 From: Logan Dethrow Date: Wed, 22 Jun 2011 14:35:31 -0400 Subject: Merge, fixed build issues by refactoring SOCKS 5 code. --- indra/llmessage/llsocks5.cpp | 75 ++++++++++++++++++++++++++++++++++++++++++-- indra/llmessage/llsocks5.h | 1 + indra/llmessage/net.cpp | 59 ---------------------------------- indra/llmessage/net.h | 8 ----- 4 files changed, 73 insertions(+), 70 deletions(-) (limited to 'indra/llmessage') diff --git a/indra/llmessage/llsocks5.cpp b/indra/llmessage/llsocks5.cpp index 27a31e35b3..278350bf25 100644 --- a/indra/llmessage/llsocks5.cpp +++ b/indra/llmessage/llsocks5.cpp @@ -24,13 +24,16 @@ * $/LicenseInfo$ */ +#include "linden_common.h" + +#include "llsocks5.h" + #include -#include "linden_common.h" -#include "net.h" +#include "llapr.h" #include "llhost.h" #include "message.h" -#include "llsocks5.h" +#include "net.h" // Static class variable instances @@ -40,6 +43,12 @@ bool LLSocks::sUDPProxyEnabled; bool LLSocks::sHTTPProxyEnabled; +// Some helpful TCP functions +static LLSocket::ptr_t tcp_open_channel(LLHost host); // Open a TCP channel to a given host +static void tcp_close_channel(LLSocket::ptr_t handle); // Close an open TCP channel +static int tcp_handshake(LLSocket::ptr_t handle, char * dataout, apr_size_t outlen, char * datain, apr_size_t maxinlen); // Do a TCP data handshake + + LLSocks::LLSocks() { sUDPProxyEnabled = false; @@ -214,3 +223,63 @@ void LLSocks::enableHTTPProxy(LLHost httpHost, LLHttpProxyType type) mHTTPProxy = httpHost; mProxyType = type; } + +static int tcp_handshake(LLSocket::ptr_t handle, char * dataout, apr_size_t outlen, char * datain, apr_size_t maxinlen) +{ + apr_socket_t* apr_socket = handle->getSocket(); + apr_status_t rv; + + apr_size_t expected_len = outlen; + + apr_socket_opt_set(apr_socket, APR_SO_NONBLOCK, -5); // Blocking connection, 5 second timeout + apr_socket_timeout_set(apr_socket, (APR_USEC_PER_SEC * 5)); + + rv = apr_socket_send(apr_socket, dataout, &outlen); + if (rv != APR_SUCCESS || expected_len != outlen) + { + llwarns << "Error sending data to proxy control channel" << llendl; + ll_apr_warn_status(rv); + return -1; + } + + expected_len = maxinlen; + do + { + rv = apr_socket_recv(apr_socket, datain, &maxinlen); + llinfos << "Receiving packets." << llendl; + llwarns << "Proxy control channel status: " << rv << llendl; + } while (APR_STATUS_IS_EAGAIN(rv)); + + if (rv != APR_SUCCESS) + { + llwarns << "Error receiving data from proxy control channel, status: " << rv << llendl; + llwarns << "Received " << maxinlen << " bytes." << llendl; + ll_apr_warn_status(rv); + return rv; + } + else if (expected_len != maxinlen) + { + llwarns << "Incorrect data received length in proxy control channel" << llendl; + return -1; + } + + return 0; +} + +static LLSocket::ptr_t tcp_open_channel(LLHost host) +{ + LLSocket::ptr_t socket = LLSocket::create(gAPRPoolp, LLSocket::STREAM_TCP); + bool connected = socket->blockingConnect(host); + if (!connected) + { + tcp_close_channel(socket); + } + + return socket; +} + +static void tcp_close_channel(LLSocket::ptr_t handle) +{ + handle.reset(); +} + diff --git a/indra/llmessage/llsocks5.h b/indra/llmessage/llsocks5.h index 43a7c82fea..3c10f661de 100644 --- a/indra/llmessage/llsocks5.h +++ b/indra/llmessage/llsocks5.h @@ -28,6 +28,7 @@ #define LL_SOCKS5_H #include "llhost.h" +#include "lliosocket.h" #include "llmemory.h" #include "llsingleton.h" #include diff --git a/indra/llmessage/net.cpp b/indra/llmessage/net.cpp index 366a1835ca..e2d185b959 100644 --- a/indra/llmessage/net.cpp +++ b/indra/llmessage/net.cpp @@ -664,63 +664,4 @@ BOOL send_packet(int hSocket, const char * sendBuffer, int size, U32 recipient, #endif -int tcp_handshake(LLSocket::ptr_t handle, char * dataout, apr_size_t outlen, char * datain, apr_size_t maxinlen) -{ - apr_socket_t* apr_socket = handle->getSocket(); - apr_status_t rv; - - apr_size_t expected_len = outlen; - - apr_socket_opt_set(apr_socket, APR_SO_NONBLOCK, -5); // Blocking connection, 5 second timeout - apr_socket_timeout_set(apr_socket, (APR_USEC_PER_SEC * 5)); - - rv = apr_socket_send(apr_socket, dataout, &outlen); - if (rv != APR_SUCCESS || expected_len != outlen) - { - llwarns << "Error sending data to proxy control channel" << llendl; - ll_apr_warn_status(rv); - return -1; - } - - expected_len = maxinlen; - do - { - rv = apr_socket_recv(apr_socket, datain, &maxinlen); - llinfos << "Receiving packets." << llendl; - llwarns << "Proxy control channel status: " << rv << llendl; - } while (APR_STATUS_IS_EAGAIN(rv)); - - if (rv != APR_SUCCESS) - { - llwarns << "Error receiving data from proxy control channel, status: " << rv << llendl; - llwarns << "Received " << maxinlen << " bytes." << llendl; - ll_apr_warn_status(rv); - return rv; - } - else if (expected_len != maxinlen) - { - llwarns << "Incorrect data received length in proxy control channel" << llendl; - return -1; - } - - return 0; -} - -LLSocket::ptr_t tcp_open_channel(LLHost host) -{ - LLSocket::ptr_t socket = LLSocket::create(gAPRPoolp, LLSocket::STREAM_TCP); - bool connected = socket->blockingConnect(host); - if (!connected) - { - tcp_close_channel(socket); - } - - return socket; -} - -void tcp_close_channel(LLSocket::ptr_t handle) -{ - handle.reset(); -} - //EOF diff --git a/indra/llmessage/net.h b/indra/llmessage/net.h index 0d91cf2a2f..0f2437479d 100644 --- a/indra/llmessage/net.h +++ b/indra/llmessage/net.h @@ -27,9 +27,6 @@ #ifndef LL_NET_H #define LL_NET_H -#include "lliosocket.h" -#include "llapr.h" - class LLTimer; class LLHost; @@ -55,11 +52,6 @@ U32 get_sender_ip(void); LLHost get_receiving_interface(); U32 get_receiving_interface_ip(void); -// Some helpful TCP functions -LLSocket::ptr_t tcp_open_channel(LLHost host); // Open a TCP channel to a given host -void tcp_close_channel(LLSocket::ptr_t handle); // Close an open TCP channel -int tcp_handshake(LLSocket::ptr_t handle, char * dataout, apr_size_t outlen, char * datain, apr_size_t maxinlen); // Do a TCP data handshake - const char* u32_to_ip_string(U32 ip); // Returns pointer to internal string buffer, "(bad IP addr)" on failure, cannot nest calls char* u32_to_ip_string(U32 ip, char *ip_string); // NULL on failure, ip_string on success, you must allocate at least MAXADDRSTR chars U32 ip_string_to_u32(const char* ip_string); // Wrapper for inet_addr() -- cgit v1.2.3 From 7717b6f647feb250c0b94d038f72a640a7888915 Mon Sep 17 00:00:00 2001 From: Logan Dethrow Date: Tue, 28 Jun 2011 19:54:53 -0400 Subject: STORM-1112 More cleanup of SOCKS 5 proxy code. Renamed llsocks5.cpp to llproxy.cpp. --- indra/llmessage/CMakeLists.txt | 4 +- indra/llmessage/llcurl.cpp | 38 ++--- indra/llmessage/lliosocket.h | 2 +- indra/llmessage/llpacketring.cpp | 40 +++--- indra/llmessage/llproxy.cpp | 294 +++++++++++++++++++++++++++++++++++++++ indra/llmessage/llproxy.h | 244 ++++++++++++++++++++++++++++++++ indra/llmessage/llsocks5.cpp | 285 ------------------------------------- indra/llmessage/llsocks5.h | 241 -------------------------------- indra/llmessage/net.cpp | 2 +- 9 files changed, 568 insertions(+), 582 deletions(-) create mode 100644 indra/llmessage/llproxy.cpp create mode 100644 indra/llmessage/llproxy.h delete mode 100644 indra/llmessage/llsocks5.cpp delete mode 100644 indra/llmessage/llsocks5.h (limited to 'indra/llmessage') diff --git a/indra/llmessage/CMakeLists.txt b/indra/llmessage/CMakeLists.txt index 4b679ef6a5..0f40a670fa 100644 --- a/indra/llmessage/CMakeLists.txt +++ b/indra/llmessage/CMakeLists.txt @@ -65,6 +65,7 @@ set(llmessage_SOURCE_FILES llpacketbuffer.cpp llpacketring.cpp llpartdata.cpp + llproxy.cpp llpumpio.cpp llregionpresenceverifier.cpp llsdappservices.cpp @@ -76,7 +77,6 @@ set(llmessage_SOURCE_FILES llsdrpcserver.cpp llservicebuilder.cpp llservice.cpp - llsocks5.cpp llstoredmessage.cpp lltemplatemessagebuilder.cpp lltemplatemessagedispatcher.cpp @@ -162,6 +162,7 @@ set(llmessage_HEADER_FILES llpacketring.h llpartdata.h llpumpio.h + llproxy.h llqueryflags.h llregionflags.h llregionhandle.h @@ -175,7 +176,6 @@ set(llmessage_HEADER_FILES llsdrpcserver.h llservice.h llservicebuilder.h - llsocks5.h llstoredmessage.h lltaskname.h llteleportflags.h diff --git a/indra/llmessage/llcurl.cpp b/indra/llmessage/llcurl.cpp index 32dd438e68..0b368196d2 100644 --- a/indra/llmessage/llcurl.cpp +++ b/indra/llmessage/llcurl.cpp @@ -46,12 +46,12 @@ #endif #include "llbufferstream.h" -#include "llstl.h" #include "llsdserialize.h" +#include "llproxy.h" +#include "llstl.h" #include "llthread.h" #include "lltimer.h" -#include "llsocks5.h" ////////////////////////////////////////////////////////////////////////////// /* @@ -357,27 +357,6 @@ LLCurl::Easy* LLCurl::Easy::getEasy() // multi handles cache if they are added to one. CURLcode result = curl_easy_setopt(easy->mCurlEasyHandle, CURLOPT_DNS_CACHE_TIMEOUT, 0); check_curl_code(result); - - //Set the CURL options for either Socks or HTTP proxy - if (LLSocks::getInstance()->isHTTPProxyEnabled()) - { - std::string address = LLSocks::getInstance()->getHTTPProxy().getIPString(); - U16 port = LLSocks::getInstance()->getHTTPProxy().getPort(); - curl_easy_setopt(easy->mCurlEasyHandle, CURLOPT_PROXY,address.c_str()); - curl_easy_setopt(easy->mCurlEasyHandle, CURLOPT_PROXYPORT,port); - if (LLSocks::getInstance()->getHTTPProxyType() == LLPROXY_SOCKS) - { - curl_easy_setopt(easy->mCurlEasyHandle, CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5); - if(LLSocks::getInstance()->getSelectedAuthMethod()==METHOD_PASSWORD) - { - curl_easy_setopt(easy->mCurlEasyHandle, CURLOPT_PROXYUSERPWD,LLSocks::getInstance()->getProxyUserPwd().c_str()); - } - } - else - { - curl_easy_setopt(easy->mCurlEasyHandle, CURLOPT_PROXYTYPE, CURLPROXY_HTTP); - } - } ++gCurlEasyCount; return easy; @@ -557,18 +536,19 @@ void LLCurl::Easy::prepRequest(const std::string& url, //setopt(CURLOPT_VERBOSE, 1); // usefull for debugging setopt(CURLOPT_NOSIGNAL, 1); - if (LLSocks::getInstance()->isHTTPProxyEnabled()) + // Set the CURL options for either Socks or HTTP proxy + if (LLProxy::getInstance()->isHTTPProxyEnabled()) { - std::string address = LLSocks::getInstance()->getHTTPProxy().getIPString(); - U16 port = LLSocks::getInstance()->getHTTPProxy().getPort(); + std::string address = LLProxy::getInstance()->getHTTPProxy().getIPString(); + U16 port = LLProxy::getInstance()->getHTTPProxy().getPort(); setoptString(CURLOPT_PROXY, address.c_str()); setopt(CURLOPT_PROXYPORT, port); - if (LLSocks::getInstance()->getHTTPProxyType() == LLPROXY_SOCKS) + if (LLProxy::getInstance()->getHTTPProxyType() == LLPROXY_SOCKS) { setopt(CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5); - if(LLSocks::getInstance()->getSelectedAuthMethod()==METHOD_PASSWORD) + if(LLProxy::getInstance()->getSelectedAuthMethod()==METHOD_PASSWORD) { - setoptString(CURLOPT_PROXYUSERPWD,LLSocks::getInstance()->getProxyUserPwd()); + setoptString(CURLOPT_PROXYUSERPWD, LLProxy::getInstance()->getProxyUserPwdCURL()); } } else diff --git a/indra/llmessage/lliosocket.h b/indra/llmessage/lliosocket.h index 6806e5084a..ec60470459 100644 --- a/indra/llmessage/lliosocket.h +++ b/indra/llmessage/lliosocket.h @@ -159,7 +159,7 @@ protected: public: /** - * @brief Do not call this directly. + * @brief Do not call this directly. Use LLSocket::ptr_t.reset() instead. */ ~LLSocket(); diff --git a/indra/llmessage/llpacketring.cpp b/indra/llmessage/llpacketring.cpp index 62aaca0672..91ab1df149 100644 --- a/indra/llmessage/llpacketring.cpp +++ b/indra/llmessage/llpacketring.cpp @@ -37,19 +37,13 @@ // linden library includes #include "llerror.h" -#include "message.h" -#include "llsocks5.h" #include "lltimer.h" -#include "timing.h" +#include "llproxy.h" #include "llrand.h" +#include "message.h" +#include "timing.h" #include "u64.h" - - - - - - /////////////////////////////////////////////////////////// LLPacketRing::LLPacketRing () : mUseInThrottle(FALSE), @@ -231,28 +225,28 @@ S32 LLPacketRing::receivePacket (S32 socket, char *datap) else { // no delay, pull straight from net - if (LLSocks::isEnabled()) + if (LLProxy::isEnabled()) { - U8 buffer[MAX_BUFFER_SIZE]; - packet_size = receive_packet(socket, (char*)buffer); + U8 buffer[NET_BUFFER_SIZE]; + packet_size = receive_packet(socket, reinterpret_cast(buffer)); if (packet_size > 10) { - memcpy(datap,buffer+10,packet_size-10); + // *FIX We are assuming ATYP is 0x01 (IPv4), not 0x03 (hostname) or 0x04 (IPv6) + memcpy(datap, buffer + 10, packet_size - 10); + proxywrap_t * header = reinterpret_cast(buffer); + mLastSender.setAddress(header->addr); + mLastSender.setPort(ntohs(header->port)); } else { - packet_size=0; + packet_size = 0; } - - proxywrap_t * header = (proxywrap_t *)buffer; - mLastSender.setAddress(header->addr); - mLastSender.setPort(ntohs(header->port)); } else { - packet_size = receive_packet(socket, datap); - mLastSender = ::get_sender(); + packet_size = receive_packet(socket, datap); + mLastSender = ::get_sender(); } mLastReceivingIF = ::get_receiving_interface(); @@ -352,7 +346,7 @@ BOOL LLPacketRing::sendPacket(int h_socket, char * send_buffer, S32 buf_size, LL BOOL LLPacketRing::doSendPacket(int h_socket, const char * send_buffer, S32 buf_size, LLHost host) { - if (!LLSocks::isEnabled()) + if (!LLProxy::isEnabled()) { return send_packet(h_socket, send_buffer, buf_size, host.getAddress(), host.getPort()); } @@ -364,7 +358,7 @@ BOOL LLPacketRing::doSendPacket(int h_socket, const char * send_buffer, S32 buf_ socks_header->atype = ADDRESS_IPV4; socks_header->frag = 0; - memcpy(mProxyWrappedSendBuffer+10, send_buffer, buf_size); + memcpy(mProxyWrappedSendBuffer + 10, send_buffer, buf_size); - return send_packet(h_socket,(const char*) mProxyWrappedSendBuffer, buf_size+10, LLSocks::getInstance()->getUDPProxy().getAddress(), LLSocks::getInstance()->getUDPProxy().getPort()); + return send_packet(h_socket,(const char*) mProxyWrappedSendBuffer, buf_size + 10, LLProxy::getInstance()->getUDPProxy().getAddress(), LLProxy::getInstance()->getUDPProxy().getPort()); } diff --git a/indra/llmessage/llproxy.cpp b/indra/llmessage/llproxy.cpp new file mode 100644 index 0000000000..6bc9e8b62b --- /dev/null +++ b/indra/llmessage/llproxy.cpp @@ -0,0 +1,294 @@ +/** + * @file llsocks5.cpp + * @brief SOCKS 5 implementation + * + * $LicenseInfo:firstyear=2011&license=viewerlgpl$ + * Second Life Viewer Source Code + * Copyright (C) 2011, Linden Research, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; + * version 2.1 of the License only. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + * + * Linden Research, Inc., 945 Battery Street, San Francisco, CA 94111 USA + * $/LicenseInfo$ + */ + +#include "linden_common.h" + +#include "llproxy.h" + +#include + +#include "llapr.h" +#include "llhost.h" +#include "message.h" +#include "net.h" + +// Static class variable instances + +// We want this to be static to avoid excessive indirection on every +// incoming packet just to do a simple bool test. The getter for this +// member is also static +bool LLProxy::sUDPProxyEnabled = false; +bool LLProxy::sHTTPProxyEnabled = false; + +// Some helpful TCP functions +static LLSocket::ptr_t tcp_open_channel(apr_pool_t* pool, LLHost host); // Open a TCP channel to a given host +static void tcp_close_channel(LLSocket::ptr_t handle); // Close an open TCP channel +static int tcp_handshake(LLSocket::ptr_t handle, char * dataout, apr_size_t outlen, char * datain, apr_size_t maxinlen); // Do a TCP data handshake + + +LLProxy::LLProxy(): + mProxyType(LLPROXY_SOCKS), + mUDPProxy(), + mTCPProxy(), + mHTTPProxy(), + mAuthMethodSelected(METHOD_NOAUTH), + mSocksUsername(), + mSocksPassword(), + mPool(gAPRPoolp) +{ +} + +LLProxy::~LLProxy() +{ + tcp_close_channel(mProxyControlChannel); + sUDPProxyEnabled = false; + sHTTPProxyEnabled = false; +} + +// Perform a SOCKS 5 authentication and UDP association to the proxy +// specified by proxy, and associate UDP port message_port +int LLProxy::proxyHandshake(LLHost proxy, U32 message_port) +{ + int result; + + /* SOCKS 5 Auth request */ + socks_auth_request_t socks_auth_request; + socks_auth_response_t socks_auth_response; + + socks_auth_request.version = SOCKS_VERSION; // SOCKS version 5 + socks_auth_request.num_methods = 1; // Sending 1 method. + socks_auth_request.methods = mAuthMethodSelected; // Send only the selected method. + + result = tcp_handshake(mProxyControlChannel, (char*)&socks_auth_request, sizeof(socks_auth_request), (char*)&socks_auth_response, sizeof(socks_auth_response)); + if (result != 0) + { + llwarns << "SOCKS authentication request failed, error on TCP control channel : " << result << llendl; + stopProxy(); + return SOCKS_CONNECT_ERROR; + } + + if (socks_auth_response.method == AUTH_NOT_ACCEPTABLE) + { + llwarns << "SOCKS 5 server refused all our authentication methods" << llendl; + stopProxy(); + return SOCKS_NOT_ACCEPTABLE; + } + + // SOCKS 5 USERNAME/PASSWORD authentication + if (socks_auth_response.method == METHOD_PASSWORD) + { + // The server has requested a username/password combination + U32 request_size = mSocksUsername.size() + mSocksPassword.size() + 3; + char * password_auth = new char[request_size]; + password_auth[0] = 0x01; + password_auth[1] = mSocksUsername.size(); + memcpy(&password_auth[2], mSocksUsername.c_str(), mSocksUsername.size()); + password_auth[mSocksUsername.size() + 2] = mSocksPassword.size(); + memcpy(&password_auth[mSocksUsername.size()+3], mSocksPassword.c_str(), mSocksPassword.size()); + + authmethod_password_reply_t password_reply; + + result = tcp_handshake(mProxyControlChannel, password_auth, request_size, (char*)&password_reply, sizeof(authmethod_password_reply_t)); + delete[] password_auth; + + if (result != 0) + { + llwarns << "SOCKS authentication failed, error on TCP control channel : " << result << llendl; + stopProxy(); + return SOCKS_CONNECT_ERROR; + } + + if (password_reply.status != AUTH_SUCCESS) + { + llwarns << "SOCKS authentication failed" << llendl; + stopProxy(); + return SOCKS_AUTH_FAIL; + } + } + + /* SOCKS5 connect request */ + + socks_command_request_t connect_request; + socks_command_response_t connect_reply; + + connect_request.version = SOCKS_VERSION; // SOCKS V5 + connect_request.command = COMMAND_UDP_ASSOCIATE; // Associate UDP + connect_request.reserved = FIELD_RESERVED; + connect_request.atype = ADDRESS_IPV4; + connect_request.address = htonl(0); // 0.0.0.0 + connect_request.port = htons(0); // 0 + // "If the client is not in possession of the information at the time of the UDP ASSOCIATE, + // the client MUST use a port number and address of all zeros. RFC 1928" + + result = tcp_handshake(mProxyControlChannel, (char*)&connect_request, sizeof(socks_command_request_t), (char*)&connect_reply, sizeof(socks_command_response_t)); + if (result != 0) + { + llwarns << "SOCKS connect request failed, error on TCP control channel : " << result << llendl; + stopProxy(); + return SOCKS_CONNECT_ERROR; + } + + if (connect_reply.reply != REPLY_REQUEST_GRANTED) + { + //Something went wrong + llwarns << "Connection to SOCKS 5 server failed, UDP forward request not granted" << llendl; + stopProxy(); + return SOCKS_UDP_FWD_NOT_GRANTED; + } + + mUDPProxy.setPort(ntohs(connect_reply.port)); // reply port is in network byte order + mUDPProxy.setAddress(proxy.getAddress()); + // All good now we have been given the UDP port to send requests that need forwarding. + llinfos << "SOCKS 5 UDP proxy connected on " << mUDPProxy << llendl; + return SOCKS_OK; +} + +int LLProxy::startProxy(std::string host, U32 port) +{ + mTCPProxy.setHostByName(host); + mTCPProxy.setPort(port); + + int status; + + if (mProxyControlChannel) + { + tcp_close_channel(mProxyControlChannel); + } + + mProxyControlChannel = tcp_open_channel(mPool, mTCPProxy); + if (!mProxyControlChannel) + { + return SOCKS_HOST_CONNECT_FAILED; + } + status = proxyHandshake(mTCPProxy, (U32)gMessageSystem->mPort); + if (status == SOCKS_OK) + { + sUDPProxyEnabled = true; + } + else + { + stopProxy(); + } + return status; + +} + +void LLProxy::stopProxy() +{ + sUDPProxyEnabled = false; + + // If the SOCKS proxy is requested to stop and we are using that for http as well + // then we must shut down any http proxy operations. But it is allowable if web + // proxy is being used to continue proxying http. + + if(LLPROXY_SOCKS == mProxyType) + { + sHTTPProxyEnabled = false; + } + + if (mProxyControlChannel) + { + tcp_close_channel(mProxyControlChannel); + } +} + +void LLProxy::setAuthNone() +{ + mAuthMethodSelected = METHOD_NOAUTH; +} + +void LLProxy::setAuthPassword(const std::string &username, const std::string &password) +{ + mAuthMethodSelected = METHOD_PASSWORD; + mSocksUsername = username; + mSocksPassword = password; +} + +void LLProxy::enableHTTPProxy(LLHost httpHost, LLHttpProxyType type) +{ + sHTTPProxyEnabled = true; + mHTTPProxy = httpHost; + mProxyType = type; +} + +static int tcp_handshake(LLSocket::ptr_t handle, char * dataout, apr_size_t outlen, char * datain, apr_size_t maxinlen) +{ + apr_socket_t* apr_socket = handle->getSocket(); + apr_status_t rv; + + apr_size_t expected_len = outlen; + + apr_socket_opt_set(apr_socket, APR_SO_NONBLOCK, -5); // Blocking connection, 5 second timeout + apr_socket_timeout_set(apr_socket, (APR_USEC_PER_SEC * 5)); + + rv = apr_socket_send(apr_socket, dataout, &outlen); + if (rv != APR_SUCCESS || expected_len != outlen) + { + llwarns << "Error sending data to proxy control channel" << llendl; + ll_apr_warn_status(rv); + return -1; + } + + expected_len = maxinlen; + do + { + rv = apr_socket_recv(apr_socket, datain, &maxinlen); + llinfos << "Receiving packets." << llendl; + llwarns << "Proxy control channel status: " << rv << llendl; + } while (APR_STATUS_IS_EAGAIN(rv)); + + if (rv != APR_SUCCESS) + { + llwarns << "Error receiving data from proxy control channel, status: " << rv << llendl; + llwarns << "Received " << maxinlen << " bytes." << llendl; + ll_apr_warn_status(rv); + return rv; + } + else if (expected_len != maxinlen) + { + llwarns << "Incorrect data received length in proxy control channel" << llendl; + return -1; + } + + return 0; +} + +static LLSocket::ptr_t tcp_open_channel(apr_pool_t* pool, LLHost host) +{ + LLSocket::ptr_t socket = LLSocket::create(gAPRPoolp, LLSocket::STREAM_TCP); + bool connected = socket->blockingConnect(host); + if (!connected) + { + tcp_close_channel(socket); + } + + return socket; +} + +static void tcp_close_channel(LLSocket::ptr_t handle) +{ + handle.reset(); +} diff --git a/indra/llmessage/llproxy.h b/indra/llmessage/llproxy.h new file mode 100644 index 0000000000..979514a7e0 --- /dev/null +++ b/indra/llmessage/llproxy.h @@ -0,0 +1,244 @@ +/** + * @file llsocks5.h + * @brief Socks 5 implementation + * + * $LicenseInfo:firstyear=2011&license=viewerlgpl$ + * Second Life Viewer Source Code + * Copyright (C) 2011, Linden Research, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; + * version 2.1 of the License only. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + * + * Linden Research, Inc., 945 Battery Street, San Francisco, CA 94111 USA + * $/LicenseInfo$ + */ + +#ifndef LL_PROXY_H +#define LL_PROXY_H + +#include "llhost.h" +#include "lliosocket.h" +#include "llmemory.h" +#include "llsingleton.h" +#include + +// Error codes returned from the StartProxy method + +#define SOCKS_OK 0 +#define SOCKS_CONNECT_ERROR (-1) +#define SOCKS_NOT_PERMITTED (-2) +#define SOCKS_NOT_ACCEPTABLE (-3) +#define SOCKS_AUTH_FAIL (-4) +#define SOCKS_UDP_FWD_NOT_GRANTED (-5) +#define SOCKS_HOST_CONNECT_FAILED (-6) + +#ifndef MAXHOSTNAMELEN +#define MAXHOSTNAMELEN (255 + 1) /* socks5: 255, +1 for len. */ +#endif + +#define SOCKS_VERSION 0x05 // we are using SOCKS 5 + +// SOCKS 5 address/hostname types +#define ADDRESS_IPV4 0x01 +#define ADDRESS_HOSTNAME 0x03 +#define ADDRESS_IPV6 0x04 + +// Lets just use our own ipv4 struct rather than dragging in system +// specific headers +union ipv4_address_t { + U8 octets[4]; + U32 addr32; +}; + +// SOCKS 5 control channel commands +#define COMMAND_TCP_STREAM 0x01 +#define COMMAND_TCP_BIND 0x02 +#define COMMAND_UDP_ASSOCIATE 0x03 + +// SOCKS 5 command replies +#define REPLY_REQUEST_GRANTED 0x00 +#define REPLY_GENERAL_FAIL 0x01 +#define REPLY_RULESET_FAIL 0x02 +#define REPLY_NETWORK_UNREACHABLE 0x03 +#define REPLY_HOST_UNREACHABLE 0x04 +#define REPLY_CONNECTION_REFUSED 0x05 +#define REPLY_TTL_EXPIRED 0x06 +#define REPLY_PROTOCOL_ERROR 0x07 +#define REPLY_TYPE_NOT_SUPPORTED 0x08 + +#define FIELD_RESERVED 0x00 + +// The standard SOCKS 5 request packet +// Push current alignment to stack and set alignment to 1 byte boundary +// This enabled us to use structs directly to set up and receive network packets +// into the correct fields, without fear of boundary alignment causing issues +#pragma pack(push,1) + +// SOCKS 5 command packet +struct socks_command_request_t { + U8 version; + U8 command; + U8 reserved; + U8 atype; + U32 address; + U16 port; +}; + +// Standard SOCKS 5 reply packet +struct socks_command_response_t { + U8 version; + U8 reply; + U8 reserved; + U8 atype; + U8 add_bytes[4]; + U16 port; +}; + +#define AUTH_NOT_ACCEPTABLE 0xFF // reply if preferred methods are not available +#define AUTH_SUCCESS 0x00 // reply if authentication successful + +// SOCKS 5 authentication request, stating which methods the client supports +struct socks_auth_request_t { + U8 version; + U8 num_methods; + U8 methods; // We are only using a single method currently +}; + +// SOCKS 5 authentication response packet, stating server preferred method +struct socks_auth_response_t { + U8 version; + U8 method; +}; + +// SOCKS 5 password reply packet +struct authmethod_password_reply_t { + U8 version; + U8 status; +}; + +// SOCKS 5 UDP packet header +struct proxywrap_t { + U16 rsv; + U8 frag; + U8 atype; + U32 addr; + U16 port; +}; + +#pragma pack(pop) /* restore original alignment from stack */ + + +// Currently selected http proxy type +enum LLHttpProxyType +{ + LLPROXY_SOCKS = 0, + LLPROXY_HTTP = 1 +}; + +// Auth types +enum LLSocks5AuthType +{ + METHOD_NOAUTH = 0x00, // Client supports no auth + METHOD_GSSAPI = 0x01, // Client supports GSSAPI (Not currently supported) + METHOD_PASSWORD = 0x02 // Client supports username/password +}; + +class LLProxy: public LLSingleton +{ +public: + LLProxy(); + ~LLProxy(); + + // Start a connection to the SOCKS 5 proxy + int startProxy(std::string host, U32 port); + + // Disconnect and clean up any connection to the SOCKS 5 proxy + void stopProxy(); + + // Set up to use Password auth when connecting to the SOCKS proxy + void setAuthPassword(const std::string &username, const std::string &password); + + // Set up to use No Auth when connecting to the SOCKS proxy + void setAuthNone(); + + // get the currently selected auth method + LLSocks5AuthType getSelectedAuthMethod() const { return mAuthMethodSelected; } + + // static check for enabled status for UDP packets + static bool isEnabled() { return sUDPProxyEnabled; } + + // static check for enabled status for http packets + static bool isHTTPProxyEnabled() { return sHTTPProxyEnabled; } + + // Proxy HTTP packets via httpHost, which can be a SOCKS 5 or a HTTP proxy + // as specified in type + void enableHTTPProxy(LLHost httpHost, LLHttpProxyType type); + + // Stop proxying HTTP packets + void disableHTTPProxy() { sHTTPProxyEnabled = false; }; + + // Get the UDP proxy address and port + LLHost getUDPProxy() const { return mUDPProxy; } + + // Get the SOCKS 5 TCP control channel address and port + LLHost getTCPProxy() const { return mTCPProxy; } + + // Get the HTTP proxy address and port + LLHost getHTTPProxy() const { return mHTTPProxy; } + + // Get the currently selected HTTP proxy type + LLHttpProxyType getHTTPProxyType() const { return mProxyType; } + + // Get the username password in a curl compatible format + std::string getProxyUserPwdCURL() const { return (mSocksUsername + ":" + mSocksPassword); } + + std::string getSocksPwd() const { return mSocksPassword; } + std::string getSocksUser() const { return mSocksUsername; } + +private: + + // Open a communication channel to the SOCKS 5 proxy proxy, at port messagePort + int proxyHandshake(LLHost proxy, U32 messagePort); + + // socket handle to proxy TCP control channel + LLSocket::ptr_t mProxyControlChannel; + + // is the UDP proxy enabled? + static bool sUDPProxyEnabled; + // is the http proxy enabled? + static bool sHTTPProxyEnabled; + + // currently selected http proxy type + LLHttpProxyType mProxyType; + + // UDP proxy address and port + LLHost mUDPProxy; + // TCP Proxy control channel address and port + LLHost mTCPProxy; + // HTTP proxy address and port + LLHost mHTTPProxy; + + // SOCKS 5 auth method selected + LLSocks5AuthType mAuthMethodSelected; + + // SOCKS 5 username + std::string mSocksUsername; + // SOCKS 5 password + std::string mSocksPassword; + + // APR pool for the socket + apr_pool_t* mPool; +}; + +#endif diff --git a/indra/llmessage/llsocks5.cpp b/indra/llmessage/llsocks5.cpp deleted file mode 100644 index 278350bf25..0000000000 --- a/indra/llmessage/llsocks5.cpp +++ /dev/null @@ -1,285 +0,0 @@ -/** - * @file llsocks5.cpp - * @brief SOCKS 5 implementation - * - * $LicenseInfo:firstyear=2011&license=viewerlgpl$ - * Second Life Viewer Source Code - * Copyright (C) 2011, Linden Research, Inc. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; - * version 2.1 of the License only. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - * - * Linden Research, Inc., 945 Battery Street, San Francisco, CA 94111 USA - * $/LicenseInfo$ - */ - -#include "linden_common.h" - -#include "llsocks5.h" - -#include - -#include "llapr.h" -#include "llhost.h" -#include "message.h" -#include "net.h" - -// Static class variable instances - -// We want this to be static to avoid excessive indirection on every -// incoming packet just to do a simple bool test. The getter for this -// member is also static -bool LLSocks::sUDPProxyEnabled; -bool LLSocks::sHTTPProxyEnabled; - -// Some helpful TCP functions -static LLSocket::ptr_t tcp_open_channel(LLHost host); // Open a TCP channel to a given host -static void tcp_close_channel(LLSocket::ptr_t handle); // Close an open TCP channel -static int tcp_handshake(LLSocket::ptr_t handle, char * dataout, apr_size_t outlen, char * datain, apr_size_t maxinlen); // Do a TCP data handshake - - -LLSocks::LLSocks() -{ - sUDPProxyEnabled = false; - sHTTPProxyEnabled = false; - mProxyControlChannel.reset(); - mProxyType = LLPROXY_SOCKS; -} - -// Perform a SOCKS 5 authentication and UDP association to the proxy -// specified by proxy, and associate UDP port message_port -int LLSocks::proxyHandshake(LLHost proxy, U32 message_port) -{ - int result; - - /* SOCKS 5 Auth request */ - socks_auth_request_t socks_auth_request; - socks_auth_response_t socks_auth_response; - - socks_auth_request.version = SOCKS_VERSION; // SOCKS version 5 - socks_auth_request.num_methods = 1; // Sending 1 method. - socks_auth_request.methods = mAuthMethodSelected; // Send only the selected method. - - result = tcp_handshake(mProxyControlChannel, (char*)&socks_auth_request, sizeof(socks_auth_request_t), (char*)&socks_auth_response, sizeof(socks_auth_response_t)); - if (result != 0) - { - llwarns << "SOCKS authentication request failed, error on TCP control channel : " << result << llendl; - stopProxy(); - return SOCKS_CONNECT_ERROR; - } - - if (socks_auth_response.method == AUTH_NOT_ACCEPTABLE) - { - llwarns << "SOCKS 5 server refused all our authentication methods" << llendl; - stopProxy(); - return SOCKS_NOT_ACCEPTABLE; - } - - // SOCKS 5 USERNAME/PASSWORD authentication - if (socks_auth_response.method == METHOD_PASSWORD) - { - // The server has requested a username/password combination - U32 request_size = mSocksUsername.size() + mSocksPassword.size() + 3; - char * password_auth = new char[request_size]; - password_auth[0] = 0x01; - password_auth[1] = mSocksUsername.size(); - memcpy(&password_auth[2], mSocksUsername.c_str(), mSocksUsername.size()); - password_auth[mSocksUsername.size()+2] = mSocksPassword.size(); - memcpy(&password_auth[mSocksUsername.size()+3], mSocksPassword.c_str(), mSocksPassword.size()); - - authmethod_password_reply_t password_reply; - - result = tcp_handshake(mProxyControlChannel, password_auth, request_size, (char*)&password_reply, sizeof(authmethod_password_reply_t)); - delete[] password_auth; - - if (result != 0) - { - llwarns << "SOCKS authentication failed, error on TCP control channel : " << result << llendl; - stopProxy(); - return SOCKS_CONNECT_ERROR; - } - - if (password_reply.status != AUTH_SUCCESS) - { - llwarns << "SOCKS authentication failed" << llendl; - stopProxy(); - return SOCKS_AUTH_FAIL; - } - } - - /* SOCKS5 connect request */ - - socks_command_request_t connect_request; - socks_command_response_t connect_reply; - - connect_request.version = SOCKS_VERSION; // SOCKS V5 - connect_request.command = COMMAND_UDP_ASSOCIATE; // Associate UDP - connect_request.reserved = FIELD_RESERVED; - connect_request.atype = ADDRESS_IPV4; - connect_request.address = htonl(0); // 0.0.0.0 - connect_request.port = htons(0); // 0 - // "If the client is not in possesion of the information at the time of the UDP ASSOCIATE, - // the client MUST use a port number and address of all zeros. RFC 1928" - - result = tcp_handshake(mProxyControlChannel, (char*)&connect_request, sizeof(socks_command_request_t), (char*)&connect_reply, sizeof(socks_command_response_t)); - if (result != 0) - { - llwarns << "SOCKS connect request failed, error on TCP control channel : " << result << llendl; - stopProxy(); - return SOCKS_CONNECT_ERROR; - } - - if (connect_reply.reply != REPLY_REQUEST_GRANTED) - { - //Something went wrong - llwarns << "Connection to SOCKS 5 server failed, UDP forward request not granted" << llendl; - stopProxy(); - return SOCKS_UDP_FWD_NOT_GRANTED; - } - - mUDPProxy.setPort(ntohs(connect_reply.port)); // reply port is in network byte order - mUDPProxy.setAddress(proxy.getAddress()); - // All good now we have been given the UDP port to send requests that need forwarding. - llinfos << "SOCKS 5 UDP proxy connected on " << mUDPProxy << llendl; - return SOCKS_OK; -} - -int LLSocks::startProxy(LLHost proxy, U32 message_port) -{ - int status; - - mTCPProxy = proxy; - - if (mProxyControlChannel) - { - tcp_close_channel(mProxyControlChannel); - } - - mProxyControlChannel = tcp_open_channel(mTCPProxy); - if (!mProxyControlChannel) - { - return SOCKS_HOST_CONNECT_FAILED; - } - status = proxyHandshake(proxy, message_port); - if (status == SOCKS_OK) - { - sUDPProxyEnabled = true; - } - return status; -} - -int LLSocks::startProxy(std::string host, U32 port) -{ - mTCPProxy.setHostByName(host); - mTCPProxy.setPort(port); - return startProxy(mTCPProxy, (U32)gMessageSystem->mPort); -} - -void LLSocks::stopProxy() -{ - sUDPProxyEnabled = false; - - // If the SOCKS proxy is requested to stop and we are using that for http as well - // then we must shut down any http proxy operations. But it is allowable if web - // proxy is being used to continue proxying http. - - if(LLPROXY_SOCKS == mProxyType) - { - sHTTPProxyEnabled = false; - } - - if (mProxyControlChannel) - { - tcp_close_channel(mProxyControlChannel); - } -} - -void LLSocks::setAuthNone() -{ - mAuthMethodSelected = METHOD_NOAUTH; -} - -void LLSocks::setAuthPassword(std::string username, std::string password) -{ - mAuthMethodSelected = METHOD_PASSWORD; - mSocksUsername = username; - mSocksPassword = password; -} - -void LLSocks::enableHTTPProxy(LLHost httpHost, LLHttpProxyType type) -{ - sHTTPProxyEnabled = true; - mHTTPProxy = httpHost; - mProxyType = type; -} - -static int tcp_handshake(LLSocket::ptr_t handle, char * dataout, apr_size_t outlen, char * datain, apr_size_t maxinlen) -{ - apr_socket_t* apr_socket = handle->getSocket(); - apr_status_t rv; - - apr_size_t expected_len = outlen; - - apr_socket_opt_set(apr_socket, APR_SO_NONBLOCK, -5); // Blocking connection, 5 second timeout - apr_socket_timeout_set(apr_socket, (APR_USEC_PER_SEC * 5)); - - rv = apr_socket_send(apr_socket, dataout, &outlen); - if (rv != APR_SUCCESS || expected_len != outlen) - { - llwarns << "Error sending data to proxy control channel" << llendl; - ll_apr_warn_status(rv); - return -1; - } - - expected_len = maxinlen; - do - { - rv = apr_socket_recv(apr_socket, datain, &maxinlen); - llinfos << "Receiving packets." << llendl; - llwarns << "Proxy control channel status: " << rv << llendl; - } while (APR_STATUS_IS_EAGAIN(rv)); - - if (rv != APR_SUCCESS) - { - llwarns << "Error receiving data from proxy control channel, status: " << rv << llendl; - llwarns << "Received " << maxinlen << " bytes." << llendl; - ll_apr_warn_status(rv); - return rv; - } - else if (expected_len != maxinlen) - { - llwarns << "Incorrect data received length in proxy control channel" << llendl; - return -1; - } - - return 0; -} - -static LLSocket::ptr_t tcp_open_channel(LLHost host) -{ - LLSocket::ptr_t socket = LLSocket::create(gAPRPoolp, LLSocket::STREAM_TCP); - bool connected = socket->blockingConnect(host); - if (!connected) - { - tcp_close_channel(socket); - } - - return socket; -} - -static void tcp_close_channel(LLSocket::ptr_t handle) -{ - handle.reset(); -} - diff --git a/indra/llmessage/llsocks5.h b/indra/llmessage/llsocks5.h deleted file mode 100644 index 3c10f661de..0000000000 --- a/indra/llmessage/llsocks5.h +++ /dev/null @@ -1,241 +0,0 @@ -/** - * @file llsocks5.h - * @brief Socks 5 implementation - * - * $LicenseInfo:firstyear=2011&license=viewerlgpl$ - * Second Life Viewer Source Code - * Copyright (C) 2011, Linden Research, Inc. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; - * version 2.1 of the License only. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - * - * Linden Research, Inc., 945 Battery Street, San Francisco, CA 94111 USA - * $/LicenseInfo$ - */ - -#ifndef LL_SOCKS5_H -#define LL_SOCKS5_H - -#include "llhost.h" -#include "lliosocket.h" -#include "llmemory.h" -#include "llsingleton.h" -#include - -// Error codes returned from the StartProxy method - -#define SOCKS_OK 0 -#define SOCKS_CONNECT_ERROR (-1) -#define SOCKS_NOT_PERMITTED (-2) -#define SOCKS_NOT_ACCEPTABLE (-3) -#define SOCKS_AUTH_FAIL (-4) -#define SOCKS_UDP_FWD_NOT_GRANTED (-5) -#define SOCKS_HOST_CONNECT_FAILED (-6) - -#ifndef MAXHOSTNAMELEN -#define MAXHOSTNAMELEN (255 + 1) /* socks5: 255, +1 for len. */ -#endif - -#define SOCKS_VERSION 0x05 // we are using SOCKS 5 - -// SOCKS 5 address/hostname types -#define ADDRESS_IPV4 0x01 -#define ADDRESS_HOSTNAME 0x03 -#define ADDRESS_IPV6 0x04 - -// Lets just use our own ipv4 struct rather than dragging in system -// specific headers -union ipv4_address_t { - U8 octets[4]; - U32 addr32; -}; - -// SOCKS 5 control channel commands -#define COMMAND_TCP_STREAM 0x01 -#define COMMAND_TCP_BIND 0x02 -#define COMMAND_UDP_ASSOCIATE 0x03 - -// SOCKS 5 command replies -#define REPLY_REQUEST_GRANTED 0x00 -#define REPLY_GENERAL_FAIL 0x01 -#define REPLY_RULESET_FAIL 0x02 -#define REPLY_NETWORK_UNREACHABLE 0x03 -#define REPLY_HOST_UNREACHABLE 0x04 -#define REPLY_CONNECTION_REFUSED 0x05 -#define REPLY_TTL_EXPIRED 0x06 -#define REPLY_PROTOCOL_ERROR 0x07 -#define REPLY_TYPE_NOT_SUPPORTED 0x08 - -#define FIELD_RESERVED 0x00 - -// The standard SOCKS 5 request packet -// Push current alignment to stack and set alignment to 1 byte boundary -// This enabled us to use structs directly to set up and receive network packets -// into the correct fields, without fear of boundary alignment causing issues -#pragma pack(push,1) - -// SOCKS 5 command packet -struct socks_command_request_t { - U8 version; - U8 command; - U8 reserved; - U8 atype; - U32 address; - U16 port; -}; - -// Standard SOCKS 5 reply packet -struct socks_command_response_t { - U8 version; - U8 reply; - U8 reserved; - U8 atype; - U8 add_bytes[4]; - U16 port; -}; - -#define AUTH_NOT_ACCEPTABLE 0xFF // reply if preferred methods are not available -#define AUTH_SUCCESS 0x00 // reply if authentication successful - -// SOCKS 5 authentication request, stating which methods the client supports -struct socks_auth_request_t { - U8 version; - U8 num_methods; - U8 methods; // We are only using a single method currently -}; - -// SOCKS 5 authentication response packet, stating server preferred method -struct socks_auth_response_t { - U8 version; - U8 method; -}; - -// SOCKS 5 password reply packet -struct authmethod_password_reply_t { - U8 version; - U8 status; -}; - -// SOCKS 5 UDP packet header -struct proxywrap_t { - U16 rsv; - U8 frag; - U8 atype; - U32 addr; - U16 port; -}; - -#pragma pack(pop) /* restore original alignment from stack */ - - -// Currently selected http proxy type -enum LLHttpProxyType -{ - LLPROXY_SOCKS = 0, - LLPROXY_HTTP = 1 -}; - -// Auth types -enum LLSocks5AuthType -{ - METHOD_NOAUTH = 0x00, // Client supports no auth - METHOD_GSSAPI = 0x01, // Client supports GSSAPI (Not currently supported) - METHOD_PASSWORD = 0x02 // Client supports username/password -}; - -class LLSocks: public LLSingleton -{ -public: - LLSocks(); - - // Start a connection to the SOCKS 5 proxy - int startProxy(std::string host, U32 port); - int startProxy(LLHost proxy, U32 messagePort); - - // Disconnect and clean up any connection to the SOCKS 5 proxy - void stopProxy(); - - // Set up to use Password auth when connecting to the SOCKS proxy - void setAuthPassword(std::string username, std::string password); - - // Set up to use No Auth when connecting to the SOCKS proxy - void setAuthNone(); - - // get the currently selected auth method - LLSocks5AuthType getSelectedAuthMethod() const { return mAuthMethodSelected; } - - // static check for enabled status for UDP packets - static bool isEnabled() { return sUDPProxyEnabled; } - - // static check for enabled status for http packets - static bool isHTTPProxyEnabled() { return sHTTPProxyEnabled; } - - // Proxy HTTP packets via httpHost, which can be a SOCKS 5 or a HTTP proxy - // as specified in type - void enableHTTPProxy(LLHost httpHost, LLHttpProxyType type); - - // Stop proxying HTTP packets - void disableHTTPProxy() { sHTTPProxyEnabled = false; }; - - // Get the UDP proxy address and port - LLHost getUDPProxy() const { return mUDPProxy; } - - // Get the SOCKS 5 TCP control channel address and port - LLHost getTCPProxy() const { return mTCPProxy; } - - // Get the HTTP proxy address and port - LLHost getHTTPProxy() const { return mHTTPProxy; } - - // Get the currently selected HTTP proxy type - LLHttpProxyType getHTTPProxyType() const { return mProxyType; } - - // Get the username password in a curl compatible format - std::string getProxyUserPwd() const { return (mSocksUsername + ":" + mSocksPassword); } - -private: - - // Open a communication channel to the SOCKS 5 proxy proxy, at port messagePort - int proxyHandshake(LLHost proxy, U32 messagePort); - - // socket handle to proxy TCP control channel - LLSocket::ptr_t mProxyControlChannel; - - // is the UDP proxy enabled? - static bool sUDPProxyEnabled; - // is the http proxy enabled? - static bool sHTTPProxyEnabled; - - // currently selected http proxy type - LLHttpProxyType mProxyType; - - // UDP proxy address and port - LLHost mUDPProxy; - // TCP Proxy control channel address and port - LLHost mTCPProxy; - // HTTP proxy address and port - LLHost mHTTPProxy; - - // SOCKS 5 auth method selected - LLSocks5AuthType mAuthMethodSelected; - - // SOCKS 5 username - std::string mSocksUsername; - // SOCKS 5 password - std::string mSocksPassword; - - // APR pool for the socket - apr_pool_t* mPool; -}; - -#endif diff --git a/indra/llmessage/net.cpp b/indra/llmessage/net.cpp index e2d185b959..f8ab55143c 100644 --- a/indra/llmessage/net.cpp +++ b/indra/llmessage/net.cpp @@ -50,7 +50,7 @@ #include "lltimer.h" #include "indra_constants.h" -#include "llsocks5.h" +#include "llproxy.h" // Globals #if LL_WINDOWS -- cgit v1.2.3 From 975975029d7f248cdf917da670ffd6c6b98d40c1 Mon Sep 17 00:00:00 2001 From: Logan Dethrow Date: Tue, 5 Jul 2011 16:55:43 -0400 Subject: STORM-1112 Fixed crash on quit. Other minor fixes: * Reordered HTTP proxy choices in settings dialog * Now using setBlocking and setNonBlocking LLSocket methods during TCP handshakes. * Made those LLSocket methods available outside the class. --- indra/llmessage/lliosocket.cpp | 2 + indra/llmessage/lliosocket.h | 16 ++++---- indra/llmessage/llproxy.cpp | 93 +++++++++++++++++++++++------------------- indra/llmessage/llproxy.h | 7 +++- 4 files changed, 65 insertions(+), 53 deletions(-) (limited to 'indra/llmessage') diff --git a/indra/llmessage/lliosocket.cpp b/indra/llmessage/lliosocket.cpp index 8c752fbe30..a349849c30 100644 --- a/indra/llmessage/lliosocket.cpp +++ b/indra/llmessage/lliosocket.cpp @@ -251,10 +251,12 @@ LLSocket::~LLSocket() { ll_debug_socket("Destroying socket", mSocket); apr_socket_close(mSocket); + mSocket = NULL; } if(mPool) { apr_pool_destroy(mPool); + mPool = NULL; } } diff --git a/indra/llmessage/lliosocket.h b/indra/llmessage/lliosocket.h index 5a2eaf2d44..be0f7dfcc6 100644 --- a/indra/llmessage/lliosocket.h +++ b/indra/llmessage/lliosocket.h @@ -145,13 +145,6 @@ public: */ apr_socket_t* getSocket() const { return mSocket; } -protected: - /** - * @brief Protected constructor since should only make sockets - * with one of the two create() calls. - */ - LLSocket(apr_socket_t* socket, apr_pool_t* pool); - /** * @brief Set default socket options, with SO_NONBLOCK = 0 and a timeout in us. * @param timeout Number of microseconds to wait on this socket. Any @@ -164,9 +157,16 @@ protected: */ void setNonBlocking(); +protected: + /** + * @brief Protected constructor since should only make sockets + * with one of the two create() calls. + */ + LLSocket(apr_socket_t* socket, apr_pool_t* pool); + public: /** - * @brief Do not call this directly. Use LLSocket::ptr_t.reset() instead. + * @brief Do not call this directly. */ ~LLSocket(); diff --git a/indra/llmessage/llproxy.cpp b/indra/llmessage/llproxy.cpp index 6bc9e8b62b..6278751c31 100644 --- a/indra/llmessage/llproxy.cpp +++ b/indra/llmessage/llproxy.cpp @@ -45,9 +45,8 @@ bool LLProxy::sHTTPProxyEnabled = false; // Some helpful TCP functions static LLSocket::ptr_t tcp_open_channel(apr_pool_t* pool, LLHost host); // Open a TCP channel to a given host -static void tcp_close_channel(LLSocket::ptr_t handle); // Close an open TCP channel -static int tcp_handshake(LLSocket::ptr_t handle, char * dataout, apr_size_t outlen, char * datain, apr_size_t maxinlen); // Do a TCP data handshake - +static void tcp_close_channel(LLSocket::ptr_t* handle_ptr); // Close an open TCP channel +static S32 tcp_handshake(LLSocket::ptr_t handle, char * dataout, apr_size_t outlen, char * datain, apr_size_t maxinlen); // Do a TCP data handshake LLProxy::LLProxy(): mProxyType(LLPROXY_SOCKS), @@ -63,16 +62,16 @@ LLProxy::LLProxy(): LLProxy::~LLProxy() { - tcp_close_channel(mProxyControlChannel); + stopProxy(); sUDPProxyEnabled = false; sHTTPProxyEnabled = false; } // Perform a SOCKS 5 authentication and UDP association to the proxy // specified by proxy, and associate UDP port message_port -int LLProxy::proxyHandshake(LLHost proxy, U32 message_port) +S32 LLProxy::proxyHandshake(LLHost proxy, U32 message_port) { - int result; + S32 result; /* SOCKS 5 Auth request */ socks_auth_request_t socks_auth_request; @@ -153,7 +152,6 @@ int LLProxy::proxyHandshake(LLHost proxy, U32 message_port) if (connect_reply.reply != REPLY_REQUEST_GRANTED) { - //Something went wrong llwarns << "Connection to SOCKS 5 server failed, UDP forward request not granted" << llendl; stopProxy(); return SOCKS_UDP_FWD_NOT_GRANTED; @@ -161,21 +159,21 @@ int LLProxy::proxyHandshake(LLHost proxy, U32 message_port) mUDPProxy.setPort(ntohs(connect_reply.port)); // reply port is in network byte order mUDPProxy.setAddress(proxy.getAddress()); - // All good now we have been given the UDP port to send requests that need forwarding. + // The connection was successful. We now have the UDP port to send requests that need forwarding to. llinfos << "SOCKS 5 UDP proxy connected on " << mUDPProxy << llendl; return SOCKS_OK; } -int LLProxy::startProxy(std::string host, U32 port) +S32 LLProxy::startProxy(std::string host, U32 port) { mTCPProxy.setHostByName(host); mTCPProxy.setPort(port); - int status; + S32 status; if (mProxyControlChannel) { - tcp_close_channel(mProxyControlChannel); + tcp_close_channel(&mProxyControlChannel); } mProxyControlChannel = tcp_open_channel(mPool, mTCPProxy); @@ -200,9 +198,9 @@ void LLProxy::stopProxy() { sUDPProxyEnabled = false; - // If the SOCKS proxy is requested to stop and we are using that for http as well - // then we must shut down any http proxy operations. But it is allowable if web - // proxy is being used to continue proxying http. + // If the SOCKS proxy is requested to stop and we are using that for HTTP as well + // then we must shut down any HTTP proxy operations. But it is allowable if web + // proxy is being used to continue proxying HTTP. if(LLPROXY_SOCKS == mProxyType) { @@ -211,7 +209,7 @@ void LLProxy::stopProxy() if (mProxyControlChannel) { - tcp_close_channel(mProxyControlChannel); + tcp_close_channel(&mProxyControlChannel); } } @@ -234,46 +232,53 @@ void LLProxy::enableHTTPProxy(LLHost httpHost, LLHttpProxyType type) mProxyType = type; } -static int tcp_handshake(LLSocket::ptr_t handle, char * dataout, apr_size_t outlen, char * datain, apr_size_t maxinlen) +//static +void LLProxy::cleanupClass() { + LLProxy::getInstance()->stopProxy(); +} + +static S32 tcp_handshake(LLSocket::ptr_t handle, char * dataout, apr_size_t outlen, char * datain, apr_size_t maxinlen) +{ + apr_socket_t* apr_socket = handle->getSocket(); - apr_status_t rv; + apr_status_t rv = APR_SUCCESS; apr_size_t expected_len = outlen; - apr_socket_opt_set(apr_socket, APR_SO_NONBLOCK, -5); // Blocking connection, 5 second timeout - apr_socket_timeout_set(apr_socket, (APR_USEC_PER_SEC * 5)); + handle->setBlocking(1000); - rv = apr_socket_send(apr_socket, dataout, &outlen); - if (rv != APR_SUCCESS || expected_len != outlen) + rv = apr_socket_send(apr_socket, dataout, &outlen); + if (APR_SUCCESS != rv || expected_len != outlen) { llwarns << "Error sending data to proxy control channel" << llendl; ll_apr_warn_status(rv); - return -1; } - - expected_len = maxinlen; - do - { - rv = apr_socket_recv(apr_socket, datain, &maxinlen); - llinfos << "Receiving packets." << llendl; - llwarns << "Proxy control channel status: " << rv << llendl; - } while (APR_STATUS_IS_EAGAIN(rv)); - - if (rv != APR_SUCCESS) + else if (expected_len != outlen) { - llwarns << "Error receiving data from proxy control channel, status: " << rv << llendl; - llwarns << "Received " << maxinlen << " bytes." << llendl; - ll_apr_warn_status(rv); - return rv; + llwarns << "Error sending data to proxy control channel" << llendl; + rv = -1; } - else if (expected_len != maxinlen) + + if (APR_SUCCESS == rv) { - llwarns << "Incorrect data received length in proxy control channel" << llendl; - return -1; + expected_len = maxinlen; + rv = apr_socket_recv(apr_socket, datain, &maxinlen); + if (rv != APR_SUCCESS) + { + llwarns << "Error receiving data from proxy control channel, status: " << rv << llendl; + ll_apr_warn_status(rv); + } + else if (expected_len != maxinlen) + { + llwarns << "Received incorrect amount of data in proxy control channel" << llendl; + rv = -1; + } } - return 0; + handle->setNonBlocking(); + + return rv; } static LLSocket::ptr_t tcp_open_channel(apr_pool_t* pool, LLHost host) @@ -282,13 +287,15 @@ static LLSocket::ptr_t tcp_open_channel(apr_pool_t* pool, LLHost host) bool connected = socket->blockingConnect(host); if (!connected) { - tcp_close_channel(socket); + tcp_close_channel(&socket); } return socket; } -static void tcp_close_channel(LLSocket::ptr_t handle) +// Pass a pointer-to-pointer to avoid changing use_count(). +static void tcp_close_channel(LLSocket::ptr_t* handle_ptr) { - handle.reset(); + lldebugs << "Resetting proxy LLSocket handle, use_count == " << handle_ptr->use_count() << llendl; + handle_ptr->reset(); } diff --git a/indra/llmessage/llproxy.h b/indra/llmessage/llproxy.h index 979514a7e0..498ffce24e 100644 --- a/indra/llmessage/llproxy.h +++ b/indra/llmessage/llproxy.h @@ -161,11 +161,14 @@ public: ~LLProxy(); // Start a connection to the SOCKS 5 proxy - int startProxy(std::string host, U32 port); + S32 startProxy(std::string host, U32 port); // Disconnect and clean up any connection to the SOCKS 5 proxy void stopProxy(); + // Delete LLProxy singleton, destroying the APR pool used by the control channel. + static void cleanupClass(); + // Set up to use Password auth when connecting to the SOCKS proxy void setAuthPassword(const std::string &username, const std::string &password); @@ -209,7 +212,7 @@ public: private: // Open a communication channel to the SOCKS 5 proxy proxy, at port messagePort - int proxyHandshake(LLHost proxy, U32 messagePort); + S32 proxyHandshake(LLHost proxy, U32 messagePort); // socket handle to proxy TCP control channel LLSocket::ptr_t mProxyControlChannel; -- cgit v1.2.3 From f630f997c0d1ceb52872304474160850c0abde72 Mon Sep 17 00:00:00 2001 From: Logan Dethrow Date: Wed, 6 Jul 2011 18:49:22 -0400 Subject: Changed lllog messages in llproxy.cpp to new macros. --- indra/llmessage/llproxy.cpp | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) (limited to 'indra/llmessage') diff --git a/indra/llmessage/llproxy.cpp b/indra/llmessage/llproxy.cpp index 6278751c31..0143803f2b 100644 --- a/indra/llmessage/llproxy.cpp +++ b/indra/llmessage/llproxy.cpp @@ -84,14 +84,14 @@ S32 LLProxy::proxyHandshake(LLHost proxy, U32 message_port) result = tcp_handshake(mProxyControlChannel, (char*)&socks_auth_request, sizeof(socks_auth_request), (char*)&socks_auth_response, sizeof(socks_auth_response)); if (result != 0) { - llwarns << "SOCKS authentication request failed, error on TCP control channel : " << result << llendl; + LL_WARNS("Proxy") << "SOCKS authentication request failed, error on TCP control channel : " << result << LL_ENDL; stopProxy(); return SOCKS_CONNECT_ERROR; } if (socks_auth_response.method == AUTH_NOT_ACCEPTABLE) { - llwarns << "SOCKS 5 server refused all our authentication methods" << llendl; + LL_WARNS("Proxy") << "SOCKS 5 server refused all our authentication methods" << LL_ENDL; stopProxy(); return SOCKS_NOT_ACCEPTABLE; } @@ -115,14 +115,14 @@ S32 LLProxy::proxyHandshake(LLHost proxy, U32 message_port) if (result != 0) { - llwarns << "SOCKS authentication failed, error on TCP control channel : " << result << llendl; + LL_WARNS("Proxy") << "SOCKS authentication failed, error on TCP control channel : " << result << LL_ENDL; stopProxy(); return SOCKS_CONNECT_ERROR; } if (password_reply.status != AUTH_SUCCESS) { - llwarns << "SOCKS authentication failed" << llendl; + LL_WARNS("Proxy") << "SOCKS authentication failed" << LL_ENDL; stopProxy(); return SOCKS_AUTH_FAIL; } @@ -145,14 +145,14 @@ S32 LLProxy::proxyHandshake(LLHost proxy, U32 message_port) result = tcp_handshake(mProxyControlChannel, (char*)&connect_request, sizeof(socks_command_request_t), (char*)&connect_reply, sizeof(socks_command_response_t)); if (result != 0) { - llwarns << "SOCKS connect request failed, error on TCP control channel : " << result << llendl; + LL_WARNS("Proxy") << "SOCKS connect request failed, error on TCP control channel : " << result << LL_ENDL; stopProxy(); return SOCKS_CONNECT_ERROR; } if (connect_reply.reply != REPLY_REQUEST_GRANTED) { - llwarns << "Connection to SOCKS 5 server failed, UDP forward request not granted" << llendl; + LL_WARNS("Proxy") << "Connection to SOCKS 5 server failed, UDP forward request not granted" << LL_ENDL; stopProxy(); return SOCKS_UDP_FWD_NOT_GRANTED; } @@ -160,7 +160,7 @@ S32 LLProxy::proxyHandshake(LLHost proxy, U32 message_port) mUDPProxy.setPort(ntohs(connect_reply.port)); // reply port is in network byte order mUDPProxy.setAddress(proxy.getAddress()); // The connection was successful. We now have the UDP port to send requests that need forwarding to. - llinfos << "SOCKS 5 UDP proxy connected on " << mUDPProxy << llendl; + LL_INFOS("Proxy") << "SOCKS 5 UDP proxy connected on " << mUDPProxy << LL_ENDL; return SOCKS_OK; } @@ -251,12 +251,12 @@ static S32 tcp_handshake(LLSocket::ptr_t handle, char * dataout, apr_size_t outl rv = apr_socket_send(apr_socket, dataout, &outlen); if (APR_SUCCESS != rv || expected_len != outlen) { - llwarns << "Error sending data to proxy control channel" << llendl; + LL_WARNS("Proxy") << "Error sending data to proxy control channel" << LL_ENDL; ll_apr_warn_status(rv); } else if (expected_len != outlen) { - llwarns << "Error sending data to proxy control channel" << llendl; + LL_WARNS("Proxy") << "Error sending data to proxy control channel" << LL_ENDL; rv = -1; } @@ -266,12 +266,12 @@ static S32 tcp_handshake(LLSocket::ptr_t handle, char * dataout, apr_size_t outl rv = apr_socket_recv(apr_socket, datain, &maxinlen); if (rv != APR_SUCCESS) { - llwarns << "Error receiving data from proxy control channel, status: " << rv << llendl; + LL_WARNS("Proxy") << "Error receiving data from proxy control channel, status: " << rv << LL_ENDL; ll_apr_warn_status(rv); } else if (expected_len != maxinlen) { - llwarns << "Received incorrect amount of data in proxy control channel" << llendl; + LL_WARNS("Proxy") << "Received incorrect amount of data in proxy control channel" << LL_ENDL; rv = -1; } } @@ -296,6 +296,6 @@ static LLSocket::ptr_t tcp_open_channel(apr_pool_t* pool, LLHost host) // Pass a pointer-to-pointer to avoid changing use_count(). static void tcp_close_channel(LLSocket::ptr_t* handle_ptr) { - lldebugs << "Resetting proxy LLSocket handle, use_count == " << handle_ptr->use_count() << llendl; + LL_DEBUGS("Proxy") << "Resetting proxy LLSocket handle, use_count == " << handle_ptr->use_count() << LL_ENDL; handle_ptr->reset(); } -- cgit v1.2.3 From cfce3686dea74dfa2a6c92dbd1e8e1ae8518f259 Mon Sep 17 00:00:00 2001 From: Logan Dethrow Date: Wed, 13 Jul 2011 11:40:50 -0400 Subject: STORM-1112 Fixed network buffers that need to have space for the SOCKS proxy header. --- indra/llmessage/llcurl.cpp | 4 ++-- indra/llmessage/llpacketring.cpp | 20 ++++++++++---------- indra/llmessage/llpacketring.h | 13 ++++++++----- indra/llmessage/llproxy.h | 4 +++- 4 files changed, 23 insertions(+), 18 deletions(-) (limited to 'indra/llmessage') diff --git a/indra/llmessage/llcurl.cpp b/indra/llmessage/llcurl.cpp index 0b368196d2..25249e9444 100644 --- a/indra/llmessage/llcurl.cpp +++ b/indra/llmessage/llcurl.cpp @@ -533,7 +533,7 @@ void LLCurl::Easy::prepRequest(const std::string& url, if (post) setoptString(CURLOPT_ENCODING, ""); - //setopt(CURLOPT_VERBOSE, 1); // usefull for debugging + //setopt(CURLOPT_VERBOSE, 1); // useful for debugging setopt(CURLOPT_NOSIGNAL, 1); // Set the CURL options for either Socks or HTTP proxy @@ -546,7 +546,7 @@ void LLCurl::Easy::prepRequest(const std::string& url, if (LLProxy::getInstance()->getHTTPProxyType() == LLPROXY_SOCKS) { setopt(CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5); - if(LLProxy::getInstance()->getSelectedAuthMethod()==METHOD_PASSWORD) + if(LLProxy::getInstance()->getSelectedAuthMethod() == METHOD_PASSWORD) { setoptString(CURLOPT_PROXYUSERPWD, LLProxy::getInstance()->getProxyUserPwdCURL()); } diff --git a/indra/llmessage/llpacketring.cpp b/indra/llmessage/llpacketring.cpp index 91ab1df149..a86b7b4370 100644 --- a/indra/llmessage/llpacketring.cpp +++ b/indra/llmessage/llpacketring.cpp @@ -227,13 +227,13 @@ S32 LLPacketRing::receivePacket (S32 socket, char *datap) // no delay, pull straight from net if (LLProxy::isEnabled()) { - U8 buffer[NET_BUFFER_SIZE]; + U8 buffer[NET_BUFFER_SIZE + SOCKS_HEADER_SIZE]; packet_size = receive_packet(socket, reinterpret_cast(buffer)); - if (packet_size > 10) + if (packet_size > SOCKS_HEADER_SIZE) { // *FIX We are assuming ATYP is 0x01 (IPv4), not 0x03 (hostname) or 0x04 (IPv6) - memcpy(datap, buffer + 10, packet_size - 10); + memcpy(datap, buffer + SOCKS_HEADER_SIZE, packet_size - SOCKS_HEADER_SIZE); proxywrap_t * header = reinterpret_cast(buffer); mLastSender.setAddress(header->addr); mLastSender.setPort(ntohs(header->port)); @@ -274,7 +274,7 @@ BOOL LLPacketRing::sendPacket(int h_socket, char * send_buffer, S32 buf_size, LL BOOL status = TRUE; if (!mUseOutThrottle) { - return doSendPacket(h_socket, send_buffer, buf_size, host ); + return sendPacketImpl(h_socket, send_buffer, buf_size, host ); } else { @@ -295,7 +295,7 @@ BOOL LLPacketRing::sendPacket(int h_socket, char * send_buffer, S32 buf_size, LL mOutBufferLength -= packetp->getSize(); packet_size = packetp->getSize(); - status = doSendPacket(h_socket, packetp->getData(), packet_size, packetp->getHost()); + status = sendPacketImpl(h_socket, packetp->getData(), packet_size, packetp->getHost()); delete packetp; // Update the throttle @@ -304,7 +304,7 @@ BOOL LLPacketRing::sendPacket(int h_socket, char * send_buffer, S32 buf_size, LL else { // If the queue's empty, we can just send this packet right away. - status = doSendPacket(h_socket, send_buffer, buf_size, host ); + status = sendPacketImpl(h_socket, send_buffer, buf_size, host ); packet_size = buf_size; // Update the throttle @@ -343,7 +343,7 @@ BOOL LLPacketRing::sendPacket(int h_socket, char * send_buffer, S32 buf_size, LL return status; } -BOOL LLPacketRing::doSendPacket(int h_socket, const char * send_buffer, S32 buf_size, LLHost host) +BOOL LLPacketRing::sendPacketImpl(int h_socket, const char * send_buffer, S32 buf_size, LLHost host) { if (!LLProxy::isEnabled()) @@ -351,14 +351,14 @@ BOOL LLPacketRing::doSendPacket(int h_socket, const char * send_buffer, S32 buf_ return send_packet(h_socket, send_buffer, buf_size, host.getAddress(), host.getPort()); } - proxywrap_t *socks_header = (proxywrap_t *)&mProxyWrappedSendBuffer; + proxywrap_t *socks_header = reinterpret_cast(&mProxyWrappedSendBuffer); socks_header->rsv = 0; socks_header->addr = host.getAddress(); socks_header->port = htons(host.getPort()); socks_header->atype = ADDRESS_IPV4; socks_header->frag = 0; - memcpy(mProxyWrappedSendBuffer + 10, send_buffer, buf_size); + memcpy(mProxyWrappedSendBuffer + SOCKS_HEADER_SIZE, send_buffer, buf_size); - return send_packet(h_socket,(const char*) mProxyWrappedSendBuffer, buf_size + 10, LLProxy::getInstance()->getUDPProxy().getAddress(), LLProxy::getInstance()->getUDPProxy().getPort()); + return send_packet(h_socket, (const char*) mProxyWrappedSendBuffer, buf_size + 10, LLProxy::getInstance()->getUDPProxy().getAddress(), LLProxy::getInstance()->getUDPProxy().getPort()); } diff --git a/indra/llmessage/llpacketring.h b/indra/llmessage/llpacketring.h index 2fe2f8e1e9..7edcc834db 100644 --- a/indra/llmessage/llpacketring.h +++ b/indra/llmessage/llpacketring.h @@ -30,11 +30,11 @@ #include -#include "llpacketbuffer.h" #include "llhost.h" -#include "net.h" +#include "llpacketbuffer.h" +#include "llproxy.h" #include "llthrottle.h" - +#include "net.h" class LLPacketRing { @@ -83,8 +83,11 @@ protected: LLHost mLastSender; LLHost mLastReceivingIF; - BOOL doSendPacket(int h_socket, const char * send_buffer, S32 buf_size, LLHost host); - U8 mProxyWrappedSendBuffer[NET_BUFFER_SIZE]; + + U8 mProxyWrappedSendBuffer[NET_BUFFER_SIZE + SOCKS_HEADER_SIZE]; + +private: + BOOL sendPacketImpl(int h_socket, const char * send_buffer, S32 buf_size, LLHost host); }; diff --git a/indra/llmessage/llproxy.h b/indra/llmessage/llproxy.h index 498ffce24e..7893545b9d 100644 --- a/indra/llmessage/llproxy.h +++ b/indra/llmessage/llproxy.h @@ -49,6 +49,8 @@ #define SOCKS_VERSION 0x05 // we are using SOCKS 5 +#define SOCKS_HEADER_SIZE 10 + // SOCKS 5 address/hostname types #define ADDRESS_IPV4 0x01 #define ADDRESS_HOSTNAME 0x03 @@ -139,7 +141,7 @@ struct proxywrap_t { #pragma pack(pop) /* restore original alignment from stack */ -// Currently selected http proxy type +// Currently selected HTTP proxy type enum LLHttpProxyType { LLPROXY_SOCKS = 0, -- cgit v1.2.3 From cb24dff9e36a963af280be1aead9424be8a678b6 Mon Sep 17 00:00:00 2001 From: Logan Dethrow Date: Wed, 13 Jul 2011 16:46:36 -0400 Subject: Code cleanup for the SOCKS 5 proxy viewer. --- indra/llmessage/llcurl.cpp | 10 +++++----- indra/llmessage/llpacketring.cpp | 2 ++ indra/llmessage/llproxy.cpp | 6 +++--- indra/llmessage/llproxy.h | 2 +- indra/llmessage/net.cpp | 2 -- 5 files changed, 11 insertions(+), 11 deletions(-) (limited to 'indra/llmessage') diff --git a/indra/llmessage/llcurl.cpp b/indra/llmessage/llcurl.cpp index 25249e9444..a7ce4310c1 100644 --- a/indra/llmessage/llcurl.cpp +++ b/indra/llmessage/llcurl.cpp @@ -206,7 +206,7 @@ namespace boost void intrusive_ptr_release(LLCurl::Responder* p) { - if(p && 0 == --p->mReferenceCount) + if (p && 0 == --p->mReferenceCount) { delete p; } @@ -406,11 +406,11 @@ const char* LLCurl::Easy::getErrorBuffer() void LLCurl::Easy::setCA() { - if(!sCAPath.empty()) + if (!sCAPath.empty()) { setoptString(CURLOPT_CAPATH, sCAPath); } - if(!sCAFile.empty()) + if (!sCAFile.empty()) { setoptString(CURLOPT_CAINFO, sCAFile); } @@ -546,7 +546,7 @@ void LLCurl::Easy::prepRequest(const std::string& url, if (LLProxy::getInstance()->getHTTPProxyType() == LLPROXY_SOCKS) { setopt(CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5); - if(LLProxy::getInstance()->getSelectedAuthMethod() == METHOD_PASSWORD) + if (LLProxy::getInstance()->getSelectedAuthMethod() == METHOD_PASSWORD) { setoptString(CURLOPT_PROXYUSERPWD, LLProxy::getInstance()->getProxyUserPwdCURL()); } @@ -568,7 +568,7 @@ void LLCurl::Easy::prepRequest(const std::string& url, setopt(CURLOPT_HEADERDATA, (void*)this); // Allow up to five redirects - if(responder && responder->followRedir()) + if (responder && responder->followRedir()) { setopt(CURLOPT_FOLLOWLOCATION, 1); setopt(CURLOPT_MAXREDIRS, MAX_REDIRECTS); diff --git a/indra/llmessage/llpacketring.cpp b/indra/llmessage/llpacketring.cpp index a86b7b4370..ba82957b47 100644 --- a/indra/llmessage/llpacketring.cpp +++ b/indra/llmessage/llpacketring.cpp @@ -237,6 +237,8 @@ S32 LLPacketRing::receivePacket (S32 socket, char *datap) proxywrap_t * header = reinterpret_cast(buffer); mLastSender.setAddress(header->addr); mLastSender.setPort(ntohs(header->port)); + + packet_size -= SOCKS_HEADER_SIZE; // The unwrapped packet size } else { diff --git a/indra/llmessage/llproxy.cpp b/indra/llmessage/llproxy.cpp index 0143803f2b..11a5c480f0 100644 --- a/indra/llmessage/llproxy.cpp +++ b/indra/llmessage/llproxy.cpp @@ -110,7 +110,7 @@ S32 LLProxy::proxyHandshake(LLHost proxy, U32 message_port) authmethod_password_reply_t password_reply; - result = tcp_handshake(mProxyControlChannel, password_auth, request_size, (char*)&password_reply, sizeof(authmethod_password_reply_t)); + result = tcp_handshake(mProxyControlChannel, password_auth, request_size, (char*)&password_reply, sizeof(password_reply)); delete[] password_auth; if (result != 0) @@ -142,7 +142,7 @@ S32 LLProxy::proxyHandshake(LLHost proxy, U32 message_port) // "If the client is not in possession of the information at the time of the UDP ASSOCIATE, // the client MUST use a port number and address of all zeros. RFC 1928" - result = tcp_handshake(mProxyControlChannel, (char*)&connect_request, sizeof(socks_command_request_t), (char*)&connect_reply, sizeof(socks_command_response_t)); + result = tcp_handshake(mProxyControlChannel, (char*)&connect_request, sizeof(connect_request), (char*)&connect_reply, sizeof(connect_reply)); if (result != 0) { LL_WARNS("Proxy") << "SOCKS connect request failed, error on TCP control channel : " << result << LL_ENDL; @@ -202,7 +202,7 @@ void LLProxy::stopProxy() // then we must shut down any HTTP proxy operations. But it is allowable if web // proxy is being used to continue proxying HTTP. - if(LLPROXY_SOCKS == mProxyType) + if (LLPROXY_SOCKS == mProxyType) { sHTTPProxyEnabled = false; } diff --git a/indra/llmessage/llproxy.h b/indra/llmessage/llproxy.h index 7893545b9d..cf2dfdc60e 100644 --- a/indra/llmessage/llproxy.h +++ b/indra/llmessage/llproxy.h @@ -191,7 +191,7 @@ public: void enableHTTPProxy(LLHost httpHost, LLHttpProxyType type); // Stop proxying HTTP packets - void disableHTTPProxy() { sHTTPProxyEnabled = false; }; + void disableHTTPProxy() { sHTTPProxyEnabled = false; } // Get the UDP proxy address and port LLHost getUDPProxy() const { return mUDPProxy; } diff --git a/indra/llmessage/net.cpp b/indra/llmessage/net.cpp index f8ab55143c..85aef5da00 100644 --- a/indra/llmessage/net.cpp +++ b/indra/llmessage/net.cpp @@ -50,8 +50,6 @@ #include "lltimer.h" #include "indra_constants.h" -#include "llproxy.h" - // Globals #if LL_WINDOWS -- cgit v1.2.3 From 792667ff8ef13e16823d96b490ea9a4f498425ea Mon Sep 17 00:00:00 2001 From: Logan Dethrow Date: Tue, 19 Jul 2011 14:20:21 -0400 Subject: STORM-1112 Added LLProxy::applyProxySettings() to apply proxy settings to curl handles. Added call to that function everywhere curl handles are created in the viewer. --- indra/llmessage/llcurl.cpp | 125 ++------------------------------- indra/llmessage/llcurl.h | 103 +++++++++++++++++++++++++++ indra/llmessage/llhttpassetstorage.cpp | 5 ++ indra/llmessage/llhttpclient.cpp | 5 +- indra/llmessage/llproxy.cpp | 88 +++++++++++++++++++++++ indra/llmessage/llproxy.h | 10 +++ indra/llmessage/llurlrequest.cpp | 2 + 7 files changed, 216 insertions(+), 122 deletions(-) (limited to 'indra/llmessage') diff --git a/indra/llmessage/llcurl.cpp b/indra/llmessage/llcurl.cpp index a7ce4310c1..2b6d3e5dc4 100644 --- a/indra/llmessage/llcurl.cpp +++ b/indra/llmessage/llcurl.cpp @@ -46,8 +46,8 @@ #endif #include "llbufferstream.h" -#include "llsdserialize.h" #include "llproxy.h" +#include "llsdserialize.h" #include "llstl.h" #include "llthread.h" #include "lltimer.h" @@ -216,73 +216,6 @@ namespace boost ////////////////////////////////////////////////////////////////////////////// - -class LLCurl::Easy -{ - LOG_CLASS(Easy); - -private: - Easy(); - -public: - static Easy* getEasy(); - ~Easy(); - - CURL* getCurlHandle() const { return mCurlEasyHandle; } - - void setErrorBuffer(); - void setCA(); - - void setopt(CURLoption option, S32 value); - // These assume the setter does not free value! - void setopt(CURLoption option, void* value); - void setopt(CURLoption option, char* value); - // Copies the string so that it is gauranteed to stick around - void setoptString(CURLoption option, const std::string& value); - - void slist_append(const char* str); - void setHeaders(); - - U32 report(CURLcode); - void getTransferInfo(LLCurl::TransferInfo* info); - - void prepRequest(const std::string& url, const std::vector& headers, ResponderPtr, bool post = false); - - const char* getErrorBuffer(); - - std::stringstream& getInput() { return mInput; } - std::stringstream& getHeaderOutput() { return mHeaderOutput; } - LLIOPipe::buffer_ptr_t& getOutput() { return mOutput; } - const LLChannelDescriptors& getChannels() { return mChannels; } - - void resetState(); - - static CURL* allocEasyHandle(); - static void releaseEasyHandle(CURL* handle); - -private: - friend class LLCurl; - - CURL* mCurlEasyHandle; - struct curl_slist* mHeaders; - - std::stringstream mRequest; - LLChannelDescriptors mChannels; - LLIOPipe::buffer_ptr_t mOutput; - std::stringstream mInput; - std::stringstream mHeaderOutput; - char mErrorBuffer[CURL_ERROR_SIZE]; - - // Note: char*'s not strings since we pass pointers to curl - std::vector mStrings; - - ResponderPtr mResponder; - - static std::set sFreeHandles; - static std::set sActiveHandles; - static LLMutex* sHandleMutex; -}; - std::set LLCurl::Easy::sFreeHandles; std::set LLCurl::Easy::sActiveHandles; LLMutex* LLCurl::Easy::sHandleMutex = NULL; @@ -537,25 +470,7 @@ void LLCurl::Easy::prepRequest(const std::string& url, setopt(CURLOPT_NOSIGNAL, 1); // Set the CURL options for either Socks or HTTP proxy - if (LLProxy::getInstance()->isHTTPProxyEnabled()) - { - std::string address = LLProxy::getInstance()->getHTTPProxy().getIPString(); - U16 port = LLProxy::getInstance()->getHTTPProxy().getPort(); - setoptString(CURLOPT_PROXY, address.c_str()); - setopt(CURLOPT_PROXYPORT, port); - if (LLProxy::getInstance()->getHTTPProxyType() == LLPROXY_SOCKS) - { - setopt(CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5); - if (LLProxy::getInstance()->getSelectedAuthMethod() == METHOD_PASSWORD) - { - setoptString(CURLOPT_PROXYUSERPWD, LLProxy::getInstance()->getProxyUserPwdCURL()); - } - } - else - { - setopt(CURLOPT_PROXYTYPE, CURLPROXY_HTTP); - } - } + LLProxy::getInstance()->applyProxySettings(this); mOutput.reset(new LLBufferArray); setopt(CURLOPT_WRITEFUNCTION, (void*)&curlWriteCallback); @@ -602,40 +517,6 @@ void LLCurl::Easy::prepRequest(const std::string& url, //////////////////////////////////////////////////////////////////////////// -class LLCurl::Multi -{ - LOG_CLASS(Multi); -public: - - Multi(); - ~Multi(); - - Easy* allocEasy(); - bool addEasy(Easy* easy); - - void removeEasy(Easy* easy); - - S32 process(); - S32 perform(); - - CURLMsg* info_read(S32* msgs_in_queue); - - S32 mQueued; - S32 mErrorCount; - -private: - void easyFree(Easy*); - - CURLM* mCurlMultiHandle; - - typedef std::set easy_active_list_t; - easy_active_list_t mEasyActiveList; - typedef std::map easy_active_map_t; - easy_active_map_t mEasyActiveMap; - typedef std::set easy_free_list_t; - easy_free_list_t mEasyFreeList; -}; - LLCurl::Multi::Multi() : mQueued(0), mErrorCount(0) @@ -981,6 +862,8 @@ LLCurlEasyRequest::LLCurlEasyRequest() { mEasy->setErrorBuffer(); mEasy->setCA(); + // Set proxy settings if configured to do so. + LLProxy::getInstance()->applyProxySettings(mEasy); } } diff --git a/indra/llmessage/llcurl.h b/indra/llmessage/llcurl.h index 4ce3fa1078..5dd894d9b8 100644 --- a/indra/llmessage/llcurl.h +++ b/indra/llmessage/llcurl.h @@ -184,6 +184,106 @@ private: static const unsigned int MAX_REDIRECTS; }; +class LLCurl::Easy +{ + LOG_CLASS(Easy); + +private: + Easy(); + +public: + static Easy* getEasy(); + ~Easy(); + + CURL* getCurlHandle() const { return mCurlEasyHandle; } + + void setErrorBuffer(); + void setCA(); + + void setopt(CURLoption option, S32 value); + // These assume the setter does not free value! + void setopt(CURLoption option, void* value); + void setopt(CURLoption option, char* value); + // Copies the string so that it is guaranteed to stick around + void setoptString(CURLoption option, const std::string& value); + + void slist_append(const char* str); + void setHeaders(); + + U32 report(CURLcode); + void getTransferInfo(LLCurl::TransferInfo* info); + + void prepRequest(const std::string& url, const std::vector& headers, ResponderPtr, bool post = false); + + const char* getErrorBuffer(); + + std::stringstream& getInput() { return mInput; } + std::stringstream& getHeaderOutput() { return mHeaderOutput; } + LLIOPipe::buffer_ptr_t& getOutput() { return mOutput; } + const LLChannelDescriptors& getChannels() { return mChannels; } + + void resetState(); + + static CURL* allocEasyHandle(); + static void releaseEasyHandle(CURL* handle); + +private: + friend class LLCurl; + + CURL* mCurlEasyHandle; + struct curl_slist* mHeaders; + + std::stringstream mRequest; + LLChannelDescriptors mChannels; + LLIOPipe::buffer_ptr_t mOutput; + std::stringstream mInput; + std::stringstream mHeaderOutput; + char mErrorBuffer[CURL_ERROR_SIZE]; + + // Note: char*'s not strings since we pass pointers to curl + std::vector mStrings; + + ResponderPtr mResponder; + + static std::set sFreeHandles; + static std::set sActiveHandles; + static LLMutex* sHandleMutex; +}; + +class LLCurl::Multi +{ + LOG_CLASS(Multi); +public: + + Multi(); + ~Multi(); + + Easy* allocEasy(); + bool addEasy(Easy* easy); + + void removeEasy(Easy* easy); + + S32 process(); + S32 perform(); + + CURLMsg* info_read(S32* msgs_in_queue); + + S32 mQueued; + S32 mErrorCount; + +private: + void easyFree(Easy*); + + CURLM* mCurlMultiHandle; + + typedef std::set easy_active_list_t; + easy_active_list_t mEasyActiveList; + typedef std::map easy_active_map_t; + easy_active_map_t mEasyActiveMap; + typedef std::set easy_free_list_t; + easy_free_list_t mEasyFreeList; +}; + namespace boost { void intrusive_ptr_add_ref(LLCurl::Responder* p); @@ -250,4 +350,7 @@ private: bool mResultReturned; }; +void check_curl_code(CURLcode code); +void check_curl_multi_code(CURLMcode code); + #endif // LL_LLCURL_H diff --git a/indra/llmessage/llhttpassetstorage.cpp b/indra/llmessage/llhttpassetstorage.cpp index 5a38b7fd9f..2bca517e97 100644 --- a/indra/llmessage/llhttpassetstorage.cpp +++ b/indra/llmessage/llhttpassetstorage.cpp @@ -33,6 +33,7 @@ #include "indra_constants.h" #include "message.h" +#include "llproxy.h" #include "llvfile.h" #include "llvfs.h" @@ -232,6 +233,10 @@ void LLHTTPAssetRequest::setupCurlHandle() { // *NOTE: Similar code exists in mapserver/llcurlutil.cpp JC mCurlHandle = curl_easy_init(); + + // Apply proxy settings if configured to do so + LLProxy::getInstance()->applyProxySettings(mCurlHandle); + curl_easy_setopt(mCurlHandle, CURLOPT_NOSIGNAL, 1); curl_easy_setopt(mCurlHandle, CURLOPT_NOPROGRESS, 1); curl_easy_setopt(mCurlHandle, CURLOPT_URL, mURLBuffer.c_str()); diff --git a/indra/llmessage/llhttpclient.cpp b/indra/llmessage/llhttpclient.cpp index 0e5206a520..dd4e3a6300 100644 --- a/indra/llmessage/llhttpclient.cpp +++ b/indra/llmessage/llhttpclient.cpp @@ -428,6 +428,9 @@ static LLSD blocking_request( std::string body_str; // other request method checks root cert first, we skip? + + // Apply configured proxy settings + LLProxy::getInstance()->applyProxySettings(curlp); // * Set curl handle options curl_easy_setopt(curlp, CURLOPT_NOSIGNAL, 1); // don't use SIGALRM for timeouts @@ -436,7 +439,7 @@ static LLSD blocking_request( curl_easy_setopt(curlp, CURLOPT_WRITEDATA, &http_buffer); curl_easy_setopt(curlp, CURLOPT_URL, url.c_str()); curl_easy_setopt(curlp, CURLOPT_ERRORBUFFER, curl_error_buffer); - + // * Setup headers (don't forget to free them after the call!) curl_slist* headers_list = NULL; if (headers.isMap()) diff --git a/indra/llmessage/llproxy.cpp b/indra/llmessage/llproxy.cpp index 11a5c480f0..6040472cba 100644 --- a/indra/llmessage/llproxy.cpp +++ b/indra/llmessage/llproxy.cpp @@ -28,9 +28,12 @@ #include "llproxy.h" +#include #include +#include #include "llapr.h" +#include "llcurl.h" #include "llhost.h" #include "message.h" #include "net.h" @@ -65,6 +68,10 @@ LLProxy::~LLProxy() stopProxy(); sUDPProxyEnabled = false; sHTTPProxyEnabled = false; + + // Delete c_str versions of the addresses and credentials. + for_each(mSOCKSAuthStrings.begin(), mSOCKSAuthStrings.end(), DeletePointerArray()); + for_each(mSOCKSAddrStrings.begin(), mSOCKSAddrStrings.end(), DeletePointerArray()); } // Perform a SOCKS 5 authentication and UDP association to the proxy @@ -223,6 +230,11 @@ void LLProxy::setAuthPassword(const std::string &username, const std::string &pa mAuthMethodSelected = METHOD_PASSWORD; mSocksUsername = username; mSocksPassword = password; + + U32 size = username.length() + password.length() + 2; + char* curl_auth_string = new char[size]; + snprintf(curl_auth_string, size, "%s:%s", username.c_str(), password.c_str()); + mSOCKSAuthStrings.push_back(curl_auth_string); } void LLProxy::enableHTTPProxy(LLHost httpHost, LLHttpProxyType type) @@ -230,6 +242,11 @@ void LLProxy::enableHTTPProxy(LLHost httpHost, LLHttpProxyType type) sHTTPProxyEnabled = true; mHTTPProxy = httpHost; mProxyType = type; + + U32 size = httpHost.getIPString().length() + 1; + char* socks_addr_string = new char[size]; + strncpy(socks_addr_string, httpHost.getIPString().c_str(), size); + mSOCKSAddrStrings.push_back(socks_addr_string); } //static @@ -238,6 +255,77 @@ void LLProxy::cleanupClass() LLProxy::getInstance()->stopProxy(); } +// Apply proxy settings to CuRL request if either type of HTTP proxy is enabled. +void LLProxy::applyProxySettings(LLCurl::Easy* handle) +{ + if (LLProxy::getInstance()->isHTTPProxyEnabled()) + { + std::string address = LLProxy::getInstance()->getHTTPProxy().getIPString(); + U16 port = LLProxy::getInstance()->getHTTPProxy().getPort(); + handle->setoptString(CURLOPT_PROXY, address.c_str()); + handle->setopt(CURLOPT_PROXYPORT, port); + if (LLProxy::getInstance()->getHTTPProxyType() == LLPROXY_SOCKS) + { + handle->setopt(CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5); + if (LLProxy::getInstance()->getSelectedAuthMethod() == METHOD_PASSWORD) + { + handle->setoptString(CURLOPT_PROXYUSERPWD, LLProxy::getInstance()->getProxyUserPwdCURL()); + } + } + else + { + handle->setopt(CURLOPT_PROXYTYPE, CURLPROXY_HTTP); + } + } +} + +void LLProxy::applyProxySettings(LLCurlEasyRequest* handle) +{ + if (LLProxy::getInstance()->isHTTPProxyEnabled()) + { + std::string address = LLProxy::getInstance()->getHTTPProxy().getIPString(); + U16 port = LLProxy::getInstance()->getHTTPProxy().getPort(); + handle->setoptString(CURLOPT_PROXY, address.c_str()); + handle->setopt(CURLOPT_PROXYPORT, port); + if (LLProxy::getInstance()->getHTTPProxyType() == LLPROXY_SOCKS) + { + handle->setopt(CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5); + if (LLProxy::getInstance()->getSelectedAuthMethod() == METHOD_PASSWORD) + { + handle->setoptString(CURLOPT_PROXYUSERPWD, LLProxy::getInstance()->getProxyUserPwdCURL()); + } + } + else + { + handle->setopt(CURLOPT_PROXYTYPE, CURLPROXY_HTTP); + } + } +} + +void LLProxy::applyProxySettings(CURL* handle) +{ + if (LLProxy::getInstance()->isHTTPProxyEnabled()) + { + check_curl_code(curl_easy_setopt(handle, CURLOPT_PROXY, mSOCKSAddrStrings.back())); + + U16 port = LLProxy::getInstance()->getHTTPProxy().getPort(); + check_curl_code(curl_easy_setopt(handle, CURLOPT_PROXYPORT, port)); + + if (LLProxy::getInstance()->getHTTPProxyType() == LLPROXY_SOCKS) + { + check_curl_code(curl_easy_setopt(handle, CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5)); + if (LLProxy::getInstance()->getSelectedAuthMethod() == METHOD_PASSWORD) + { + check_curl_code(curl_easy_setopt(handle, CURLOPT_PROXYUSERPWD, mSOCKSAuthStrings.back())); + } + } + else + { + check_curl_code(curl_easy_setopt(handle, CURLOPT_PROXYTYPE, CURLPROXY_HTTP)); + } + } +} + static S32 tcp_handshake(LLSocket::ptr_t handle, char * dataout, apr_size_t outlen, char * datain, apr_size_t maxinlen) { diff --git a/indra/llmessage/llproxy.h b/indra/llmessage/llproxy.h index cf2dfdc60e..7d1431a4b3 100644 --- a/indra/llmessage/llproxy.h +++ b/indra/llmessage/llproxy.h @@ -27,6 +27,7 @@ #ifndef LL_PROXY_H #define LL_PROXY_H +#include "llcurl.h" #include "llhost.h" #include "lliosocket.h" #include "llmemory.h" @@ -211,6 +212,11 @@ public: std::string getSocksPwd() const { return mSocksPassword; } std::string getSocksUser() const { return mSocksUsername; } + // Apply the current proxy settings to a curl request. Doesn't do anything if sHTTPProxyEnabled is false. + void applyProxySettings(CURL* handle); + void applyProxySettings(LLCurl::Easy* handle); + void applyProxySettings(LLCurlEasyRequest* handle); + private: // Open a communication channel to the SOCKS 5 proxy proxy, at port messagePort @@ -242,6 +248,10 @@ private: // SOCKS 5 password std::string mSocksPassword; + // Vectors to store valid pointers to string options that have been passed to CURL requests. + std::vector mSOCKSAuthStrings; + std::vector mSOCKSAddrStrings; + // APR pool for the socket apr_pool_t* mPool; }; diff --git a/indra/llmessage/llurlrequest.cpp b/indra/llmessage/llurlrequest.cpp index 28bd09fc4c..6fe9dce7d3 100644 --- a/indra/llmessage/llurlrequest.cpp +++ b/indra/llmessage/llurlrequest.cpp @@ -35,6 +35,7 @@ #include "llcurl.h" #include "llioutil.h" #include "llmemtype.h" +#include "llproxy.h" #include "llpumpio.h" #include "llsd.h" #include "llstring.h" @@ -415,6 +416,7 @@ void LLURLRequest::initialize() LLMemType m1(LLMemType::MTYPE_IO_URL_REQUEST); mState = STATE_INITIALIZED; mDetail = new LLURLRequestDetail; + LLProxy::getInstance()->applyProxySettings(mDetail->mCurlRequest); mDetail->mCurlRequest->setopt(CURLOPT_NOSIGNAL, 1); mDetail->mCurlRequest->setWriteCallback(&downCallback, (void*)this); mDetail->mCurlRequest->setReadCallback(&upCallback, (void*)this); -- cgit v1.2.3 From 859dc52c30a8c750047323399caa4fec18adfb2d Mon Sep 17 00:00:00 2001 From: Logan Dethrow Date: Thu, 21 Jul 2011 15:16:54 -0400 Subject: STORM-1112 Protected LLProxy members during cross-thread calls to LLProxy::applyProxySettings() --- indra/llmessage/llproxy.cpp | 72 ++++++++++++++++++++++++++-------------- indra/llmessage/llproxy.h | 21 ++++++++---- indra/llmessage/llurlrequest.cpp | 3 +- 3 files changed, 62 insertions(+), 34 deletions(-) (limited to 'indra/llmessage') diff --git a/indra/llmessage/llproxy.cpp b/indra/llmessage/llproxy.cpp index 6040472cba..d34ad1a811 100644 --- a/indra/llmessage/llproxy.cpp +++ b/indra/llmessage/llproxy.cpp @@ -59,7 +59,10 @@ LLProxy::LLProxy(): mAuthMethodSelected(METHOD_NOAUTH), mSocksUsername(), mSocksPassword(), - mPool(gAPRPoolp) + mPool(gAPRPoolp), + mSOCKSAuthStrings(), + mHTTPProxyAddrStrings(), + mProxyMutex(0) { } @@ -71,7 +74,7 @@ LLProxy::~LLProxy() // Delete c_str versions of the addresses and credentials. for_each(mSOCKSAuthStrings.begin(), mSOCKSAuthStrings.end(), DeletePointerArray()); - for_each(mSOCKSAddrStrings.begin(), mSOCKSAddrStrings.end(), DeletePointerArray()); + for_each(mHTTPProxyAddrStrings.begin(), mHTTPProxyAddrStrings.end(), DeletePointerArray()); } // Perform a SOCKS 5 authentication and UDP association to the proxy @@ -211,7 +214,7 @@ void LLProxy::stopProxy() if (LLPROXY_SOCKS == mProxyType) { - sHTTPProxyEnabled = false; + void disableHTTPProxy(); } if (mProxyControlChannel) @@ -234,42 +237,61 @@ void LLProxy::setAuthPassword(const std::string &username, const std::string &pa U32 size = username.length() + password.length() + 2; char* curl_auth_string = new char[size]; snprintf(curl_auth_string, size, "%s:%s", username.c_str(), password.c_str()); + + LLMutexLock lock(&mProxyMutex); mSOCKSAuthStrings.push_back(curl_auth_string); } void LLProxy::enableHTTPProxy(LLHost httpHost, LLHttpProxyType type) { + LLMutexLock lock(&mProxyMutex); + sHTTPProxyEnabled = true; mHTTPProxy = httpHost; mProxyType = type; U32 size = httpHost.getIPString().length() + 1; - char* socks_addr_string = new char[size]; - strncpy(socks_addr_string, httpHost.getIPString().c_str(), size); - mSOCKSAddrStrings.push_back(socks_addr_string); + char* http_addr_string = new char[size]; + strncpy(http_addr_string, httpHost.getIPString().c_str(), size); + mHTTPProxyAddrStrings.push_back(http_addr_string); +} + +void LLProxy::enableHTTPProxy() +{ + LLMutexLock lock(&mProxyMutex); + + sHTTPProxyEnabled = true; +} + +void LLProxy::disableHTTPProxy() +{ + LLMutexLock lock(&mProxyMutex); + + sHTTPProxyEnabled = false; } //static void LLProxy::cleanupClass() { - LLProxy::getInstance()->stopProxy(); + getInstance()->stopProxy(); + deleteSingleton(); } // Apply proxy settings to CuRL request if either type of HTTP proxy is enabled. void LLProxy::applyProxySettings(LLCurl::Easy* handle) { - if (LLProxy::getInstance()->isHTTPProxyEnabled()) + if (sHTTPProxyEnabled) { - std::string address = LLProxy::getInstance()->getHTTPProxy().getIPString(); - U16 port = LLProxy::getInstance()->getHTTPProxy().getPort(); + std::string address = mHTTPProxy.getIPString(); + U16 port = mHTTPProxy.getPort(); handle->setoptString(CURLOPT_PROXY, address.c_str()); handle->setopt(CURLOPT_PROXYPORT, port); - if (LLProxy::getInstance()->getHTTPProxyType() == LLPROXY_SOCKS) + if (mProxyType == LLPROXY_SOCKS) { handle->setopt(CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5); - if (LLProxy::getInstance()->getSelectedAuthMethod() == METHOD_PASSWORD) + if (mAuthMethodSelected == METHOD_PASSWORD) { - handle->setoptString(CURLOPT_PROXYUSERPWD, LLProxy::getInstance()->getProxyUserPwdCURL()); + handle->setoptString(CURLOPT_PROXYUSERPWD, getProxyUserPwdCURL()); } } else @@ -281,18 +303,18 @@ void LLProxy::applyProxySettings(LLCurl::Easy* handle) void LLProxy::applyProxySettings(LLCurlEasyRequest* handle) { - if (LLProxy::getInstance()->isHTTPProxyEnabled()) + if (sHTTPProxyEnabled) { - std::string address = LLProxy::getInstance()->getHTTPProxy().getIPString(); - U16 port = LLProxy::getInstance()->getHTTPProxy().getPort(); + std::string address = mHTTPProxy.getIPString(); + U16 port = mHTTPProxy.getPort(); handle->setoptString(CURLOPT_PROXY, address.c_str()); handle->setopt(CURLOPT_PROXYPORT, port); - if (LLProxy::getInstance()->getHTTPProxyType() == LLPROXY_SOCKS) + if (mProxyType == LLPROXY_SOCKS) { handle->setopt(CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5); - if (LLProxy::getInstance()->getSelectedAuthMethod() == METHOD_PASSWORD) + if (mAuthMethodSelected == METHOD_PASSWORD) { - handle->setoptString(CURLOPT_PROXYUSERPWD, LLProxy::getInstance()->getProxyUserPwdCURL()); + handle->setoptString(CURLOPT_PROXYUSERPWD, getProxyUserPwdCURL()); } } else @@ -304,17 +326,17 @@ void LLProxy::applyProxySettings(LLCurlEasyRequest* handle) void LLProxy::applyProxySettings(CURL* handle) { - if (LLProxy::getInstance()->isHTTPProxyEnabled()) + LLMutexLock lock(&mProxyMutex); + if (sHTTPProxyEnabled) { - check_curl_code(curl_easy_setopt(handle, CURLOPT_PROXY, mSOCKSAddrStrings.back())); - - U16 port = LLProxy::getInstance()->getHTTPProxy().getPort(); + check_curl_code(curl_easy_setopt(handle, CURLOPT_PROXY, mHTTPProxyAddrStrings.back())); + U16 port = mHTTPProxy.getPort(); check_curl_code(curl_easy_setopt(handle, CURLOPT_PROXYPORT, port)); - if (LLProxy::getInstance()->getHTTPProxyType() == LLPROXY_SOCKS) + if (mProxyType == LLPROXY_SOCKS) { check_curl_code(curl_easy_setopt(handle, CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5)); - if (LLProxy::getInstance()->getSelectedAuthMethod() == METHOD_PASSWORD) + if (mAuthMethodSelected == METHOD_PASSWORD) { check_curl_code(curl_easy_setopt(handle, CURLOPT_PROXYUSERPWD, mSOCKSAuthStrings.back())); } diff --git a/indra/llmessage/llproxy.h b/indra/llmessage/llproxy.h index 7d1431a4b3..df1ec9121e 100644 --- a/indra/llmessage/llproxy.h +++ b/indra/llmessage/llproxy.h @@ -32,6 +32,7 @@ #include "lliosocket.h" #include "llmemory.h" #include "llsingleton.h" +#include "llthread.h" #include // Error codes returned from the StartProxy method @@ -190,9 +191,10 @@ public: // Proxy HTTP packets via httpHost, which can be a SOCKS 5 or a HTTP proxy // as specified in type void enableHTTPProxy(LLHost httpHost, LLHttpProxyType type); + void enableHTTPProxy(); // Stop proxying HTTP packets - void disableHTTPProxy() { sHTTPProxyEnabled = false; } + void disableHTTPProxy(); // Get the UDP proxy address and port LLHost getUDPProxy() const { return mUDPProxy; } @@ -218,16 +220,17 @@ public: void applyProxySettings(LLCurlEasyRequest* handle); private: - // Open a communication channel to the SOCKS 5 proxy proxy, at port messagePort S32 proxyHandshake(LLHost proxy, U32 messagePort); +private: // socket handle to proxy TCP control channel LLSocket::ptr_t mProxyControlChannel; - // is the UDP proxy enabled? + // Is the UDP proxy enabled? static bool sUDPProxyEnabled; - // is the http proxy enabled? + // Is the HTTP proxy enabled? + // Do not toggle directly, use enableHTTPProxy() and disableHTTPProxy() static bool sHTTPProxyEnabled; // currently selected http proxy type @@ -235,7 +238,7 @@ private: // UDP proxy address and port LLHost mUDPProxy; - // TCP Proxy control channel address and port + // TCP proxy control channel address and port LLHost mTCPProxy; // HTTP proxy address and port LLHost mHTTPProxy; @@ -248,9 +251,13 @@ private: // SOCKS 5 password std::string mSocksPassword; - // Vectors to store valid pointers to string options that have been passed to CURL requests. + // Vectors to store valid pointers to string options that might have been set on CURL requests. + // This results in a behavior similar to LLCurl::Easy::setoptstring() std::vector mSOCKSAuthStrings; - std::vector mSOCKSAddrStrings; + std::vector mHTTPProxyAddrStrings; + + // Mutex to protect members in cross-thread calls to applyProxySettings() + LLMutex mProxyMutex; // APR pool for the socket apr_pool_t* mPool; diff --git a/indra/llmessage/llurlrequest.cpp b/indra/llmessage/llurlrequest.cpp index 6fe9dce7d3..528830dc56 100644 --- a/indra/llmessage/llurlrequest.cpp +++ b/indra/llmessage/llurlrequest.cpp @@ -228,8 +228,7 @@ void LLURLRequest::useProxy(bool use_proxy) } } - - lldebugs << "use_proxy = " << (use_proxy?'Y':'N') << ", env_proxy = " << (env_proxy ? env_proxy : "(null)") << llendl; + LL_DEBUGS("Proxy") << "use_proxy = " << (use_proxy?'Y':'N') << ", env_proxy = " << (env_proxy ? env_proxy : "(null)") << LL_ENDL; if (env_proxy && use_proxy) { -- cgit v1.2.3 From f15d28a636da7b6d2784d9301e7a030b5bd38a8c Mon Sep 17 00:00:00 2001 From: Logan Dethrow Date: Thu, 28 Jul 2011 13:47:20 -0400 Subject: Proxy cleanup in llstartup.cpp and llproxy.cpp. --- indra/llmessage/llcurl.h | 2 ++ indra/llmessage/llproxy.cpp | 45 +++++---------------------------------------- 2 files changed, 7 insertions(+), 40 deletions(-) (limited to 'indra/llmessage') diff --git a/indra/llmessage/llcurl.h b/indra/llmessage/llcurl.h index 79f5eeb927..d60d3b6f40 100644 --- a/indra/llmessage/llcurl.h +++ b/indra/llmessage/llcurl.h @@ -355,6 +355,8 @@ public: bool getResult(CURLcode* result, LLCurl::TransferInfo* info = NULL); std::string getErrorString(); + LLCurl::Easy* getEasy() const { return mEasy; } + private: CURLMsg* info_read(S32* queue, LLCurl::TransferInfo* info); diff --git a/indra/llmessage/llproxy.cpp b/indra/llmessage/llproxy.cpp index d34ad1a811..e1970f1368 100644 --- a/indra/llmessage/llproxy.cpp +++ b/indra/llmessage/llproxy.cpp @@ -278,50 +278,15 @@ void LLProxy::cleanupClass() } // Apply proxy settings to CuRL request if either type of HTTP proxy is enabled. -void LLProxy::applyProxySettings(LLCurl::Easy* handle) +void LLProxy::applyProxySettings(LLCurlEasyRequest* handle) { - if (sHTTPProxyEnabled) - { - std::string address = mHTTPProxy.getIPString(); - U16 port = mHTTPProxy.getPort(); - handle->setoptString(CURLOPT_PROXY, address.c_str()); - handle->setopt(CURLOPT_PROXYPORT, port); - if (mProxyType == LLPROXY_SOCKS) - { - handle->setopt(CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5); - if (mAuthMethodSelected == METHOD_PASSWORD) - { - handle->setoptString(CURLOPT_PROXYUSERPWD, getProxyUserPwdCURL()); - } - } - else - { - handle->setopt(CURLOPT_PROXYTYPE, CURLPROXY_HTTP); - } - } + applyProxySettings(handle->getEasy()); } -void LLProxy::applyProxySettings(LLCurlEasyRequest* handle) + +void LLProxy::applyProxySettings(LLCurl::Easy* handle) { - if (sHTTPProxyEnabled) - { - std::string address = mHTTPProxy.getIPString(); - U16 port = mHTTPProxy.getPort(); - handle->setoptString(CURLOPT_PROXY, address.c_str()); - handle->setopt(CURLOPT_PROXYPORT, port); - if (mProxyType == LLPROXY_SOCKS) - { - handle->setopt(CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5); - if (mAuthMethodSelected == METHOD_PASSWORD) - { - handle->setoptString(CURLOPT_PROXYUSERPWD, getProxyUserPwdCURL()); - } - } - else - { - handle->setopt(CURLOPT_PROXYTYPE, CURLPROXY_HTTP); - } - } + applyProxySettings(handle->getCurlHandle()); } void LLProxy::applyProxySettings(CURL* handle) -- cgit v1.2.3 From d2c72cb7e92896cb414e357ef262d91b0498a6b7 Mon Sep 17 00:00:00 2001 From: Logan Dethrow Date: Fri, 29 Jul 2011 15:38:20 -0400 Subject: STORM-1112 Input sanitization of proxy options. --- indra/llmessage/llproxy.cpp | 79 +++++++++++++++++++++++++++++++-------------- indra/llmessage/llproxy.h | 18 ++++++++--- 2 files changed, 68 insertions(+), 29 deletions(-) (limited to 'indra/llmessage') diff --git a/indra/llmessage/llproxy.cpp b/indra/llmessage/llproxy.cpp index e1970f1368..381308fb2a 100644 --- a/indra/llmessage/llproxy.cpp +++ b/indra/llmessage/llproxy.cpp @@ -68,7 +68,7 @@ LLProxy::LLProxy(): LLProxy::~LLProxy() { - stopProxy(); + stopSOCKSProxy(); sUDPProxyEnabled = false; sHTTPProxyEnabled = false; @@ -95,14 +95,14 @@ S32 LLProxy::proxyHandshake(LLHost proxy, U32 message_port) if (result != 0) { LL_WARNS("Proxy") << "SOCKS authentication request failed, error on TCP control channel : " << result << LL_ENDL; - stopProxy(); + stopSOCKSProxy(); return SOCKS_CONNECT_ERROR; } if (socks_auth_response.method == AUTH_NOT_ACCEPTABLE) { LL_WARNS("Proxy") << "SOCKS 5 server refused all our authentication methods" << LL_ENDL; - stopProxy(); + stopSOCKSProxy(); return SOCKS_NOT_ACCEPTABLE; } @@ -126,14 +126,14 @@ S32 LLProxy::proxyHandshake(LLHost proxy, U32 message_port) if (result != 0) { LL_WARNS("Proxy") << "SOCKS authentication failed, error on TCP control channel : " << result << LL_ENDL; - stopProxy(); + stopSOCKSProxy(); return SOCKS_CONNECT_ERROR; } if (password_reply.status != AUTH_SUCCESS) { LL_WARNS("Proxy") << "SOCKS authentication failed" << LL_ENDL; - stopProxy(); + stopSOCKSProxy(); return SOCKS_AUTH_FAIL; } } @@ -156,14 +156,14 @@ S32 LLProxy::proxyHandshake(LLHost proxy, U32 message_port) if (result != 0) { LL_WARNS("Proxy") << "SOCKS connect request failed, error on TCP control channel : " << result << LL_ENDL; - stopProxy(); + stopSOCKSProxy(); return SOCKS_CONNECT_ERROR; } if (connect_reply.reply != REPLY_REQUEST_GRANTED) { LL_WARNS("Proxy") << "Connection to SOCKS 5 server failed, UDP forward request not granted" << LL_ENDL; - stopProxy(); + stopSOCKSProxy(); return SOCKS_UDP_FWD_NOT_GRANTED; } @@ -174,37 +174,49 @@ S32 LLProxy::proxyHandshake(LLHost proxy, U32 message_port) return SOCKS_OK; } -S32 LLProxy::startProxy(std::string host, U32 port) +S32 LLProxy::startSOCKSProxy(LLHost host) { - mTCPProxy.setHostByName(host); - mTCPProxy.setPort(port); + S32 status = SOCKS_OK; - S32 status; + if (host.isOk()) + { + mTCPProxy = host; + } + else + { + status = SOCKS_INVALID_HOST; + } - if (mProxyControlChannel) + if (mProxyControlChannel && status == SOCKS_OK) { tcp_close_channel(&mProxyControlChannel); } - mProxyControlChannel = tcp_open_channel(mPool, mTCPProxy); - if (!mProxyControlChannel) + if (status == SOCKS_OK) + { + mProxyControlChannel = tcp_open_channel(mPool, mTCPProxy); + if (!mProxyControlChannel) + { + status = SOCKS_HOST_CONNECT_FAILED; + } + } + + if (status == SOCKS_OK) { - return SOCKS_HOST_CONNECT_FAILED; + status = proxyHandshake(mTCPProxy, (U32)gMessageSystem->mPort); } - status = proxyHandshake(mTCPProxy, (U32)gMessageSystem->mPort); if (status == SOCKS_OK) { sUDPProxyEnabled = true; } else { - stopProxy(); + stopSOCKSProxy(); } return status; - } -void LLProxy::stopProxy() +void LLProxy::stopSOCKSProxy() { sUDPProxyEnabled = false; @@ -228,8 +240,15 @@ void LLProxy::setAuthNone() mAuthMethodSelected = METHOD_NOAUTH; } -void LLProxy::setAuthPassword(const std::string &username, const std::string &password) +bool LLProxy::setAuthPassword(const std::string &username, const std::string &password) { + if (username.length() > SOCKSMAXUSERNAMELEN || password.length() > SOCKSMAXPASSWORDLEN || + username.length() < SOCKSMINUSERNAMELEN || password.length() < SOCKSMINPASSWORDLEN) + { + LL_WARNS("Proxy") << "Invalid SOCKS 5 password or username length." << LL_ENDL; + return false; + } + mAuthMethodSelected = METHOD_PASSWORD; mSocksUsername = username; mSocksPassword = password; @@ -240,10 +259,18 @@ void LLProxy::setAuthPassword(const std::string &username, const std::string &pa LLMutexLock lock(&mProxyMutex); mSOCKSAuthStrings.push_back(curl_auth_string); + + return true; } -void LLProxy::enableHTTPProxy(LLHost httpHost, LLHttpProxyType type) -{ +bool LLProxy::enableHTTPProxy(LLHost httpHost, LLHttpProxyType type) +{ + if (httpHost.isOk()) + { + LL_WARNS("Proxy") << "Invalid SOCKS 5 Server" << LL_ENDL; + return false; + } + LLMutexLock lock(&mProxyMutex); sHTTPProxyEnabled = true; @@ -254,13 +281,17 @@ void LLProxy::enableHTTPProxy(LLHost httpHost, LLHttpProxyType type) char* http_addr_string = new char[size]; strncpy(http_addr_string, httpHost.getIPString().c_str(), size); mHTTPProxyAddrStrings.push_back(http_addr_string); + + return true; } -void LLProxy::enableHTTPProxy() +bool LLProxy::enableHTTPProxy() { LLMutexLock lock(&mProxyMutex); sHTTPProxyEnabled = true; + + return true; } void LLProxy::disableHTTPProxy() @@ -273,7 +304,7 @@ void LLProxy::disableHTTPProxy() //static void LLProxy::cleanupClass() { - getInstance()->stopProxy(); + getInstance()->stopSOCKSProxy(); deleteSingleton(); } diff --git a/indra/llmessage/llproxy.h b/indra/llmessage/llproxy.h index df1ec9121e..ce5bdec5ad 100644 --- a/indra/llmessage/llproxy.h +++ b/indra/llmessage/llproxy.h @@ -44,11 +44,19 @@ #define SOCKS_AUTH_FAIL (-4) #define SOCKS_UDP_FWD_NOT_GRANTED (-5) #define SOCKS_HOST_CONNECT_FAILED (-6) +#define SOCKS_INVALID_HOST (-7) + #ifndef MAXHOSTNAMELEN #define MAXHOSTNAMELEN (255 + 1) /* socks5: 255, +1 for len. */ #endif +#define SOCKSMAXUSERNAMELEN 255 +#define SOCKSMAXPASSWORDLEN 255 + +#define SOCKSMINUSERNAMELEN 1 +#define SOCKSMINPASSWORDLEN 1 + #define SOCKS_VERSION 0x05 // we are using SOCKS 5 #define SOCKS_HEADER_SIZE 10 @@ -165,16 +173,16 @@ public: ~LLProxy(); // Start a connection to the SOCKS 5 proxy - S32 startProxy(std::string host, U32 port); + S32 startSOCKSProxy(LLHost host); // Disconnect and clean up any connection to the SOCKS 5 proxy - void stopProxy(); + void stopSOCKSProxy(); // Delete LLProxy singleton, destroying the APR pool used by the control channel. static void cleanupClass(); // Set up to use Password auth when connecting to the SOCKS proxy - void setAuthPassword(const std::string &username, const std::string &password); + bool setAuthPassword(const std::string &username, const std::string &password); // Set up to use No Auth when connecting to the SOCKS proxy void setAuthNone(); @@ -190,8 +198,8 @@ public: // Proxy HTTP packets via httpHost, which can be a SOCKS 5 or a HTTP proxy // as specified in type - void enableHTTPProxy(LLHost httpHost, LLHttpProxyType type); - void enableHTTPProxy(); + bool enableHTTPProxy(LLHost httpHost, LLHttpProxyType type); + bool enableHTTPProxy(); // Stop proxying HTTP packets void disableHTTPProxy(); -- cgit v1.2.3 From 97bedac2a1274f26a6a346afccea7596f1d13923 Mon Sep 17 00:00:00 2001 From: Logan Dethrow Date: Tue, 2 Aug 2011 11:08:07 -0400 Subject: Proxy: Improved mutex usage in LLProxy. Introduced an LLAtomic member to track the status of the http proxy that can be checked without locking a mutex. --- indra/llmessage/llproxy.cpp | 129 ++++++++++++++++++++++++++------------------ indra/llmessage/llproxy.h | 72 ++++++++++++------------- 2 files changed, 114 insertions(+), 87 deletions(-) (limited to 'indra/llmessage') diff --git a/indra/llmessage/llproxy.cpp b/indra/llmessage/llproxy.cpp index 381308fb2a..b224757673 100644 --- a/indra/llmessage/llproxy.cpp +++ b/indra/llmessage/llproxy.cpp @@ -1,6 +1,6 @@ /** - * @file llsocks5.cpp - * @brief SOCKS 5 implementation + * @file llproxy.cpp + * @brief UDP and HTTP proxy communications * * $LicenseInfo:firstyear=2011&license=viewerlgpl$ * Second Life Viewer Source Code @@ -28,7 +28,6 @@ #include "llproxy.h" -#include #include #include @@ -44,7 +43,6 @@ // incoming packet just to do a simple bool test. The getter for this // member is also static bool LLProxy::sUDPProxyEnabled = false; -bool LLProxy::sHTTPProxyEnabled = false; // Some helpful TCP functions static LLSocket::ptr_t tcp_open_channel(apr_pool_t* pool, LLHost host); // Open a TCP channel to a given host @@ -52,17 +50,16 @@ static void tcp_close_channel(LLSocket::ptr_t* handle_ptr); // Close an open TCP static S32 tcp_handshake(LLSocket::ptr_t handle, char * dataout, apr_size_t outlen, char * datain, apr_size_t maxinlen); // Do a TCP data handshake LLProxy::LLProxy(): - mProxyType(LLPROXY_SOCKS), + mHTTPProxyEnabled(false), + mProxyMutex(0), mUDPProxy(), mTCPProxy(), + mPool(gAPRPoolp), mHTTPProxy(), + mProxyType(LLPROXY_SOCKS), mAuthMethodSelected(METHOD_NOAUTH), mSocksUsername(), - mSocksPassword(), - mPool(gAPRPoolp), - mSOCKSAuthStrings(), - mHTTPProxyAddrStrings(), - mProxyMutex(0) + mSocksPassword() { } @@ -70,11 +67,7 @@ LLProxy::~LLProxy() { stopSOCKSProxy(); sUDPProxyEnabled = false; - sHTTPProxyEnabled = false; - - // Delete c_str versions of the addresses and credentials. - for_each(mSOCKSAuthStrings.begin(), mSOCKSAuthStrings.end(), DeletePointerArray()); - for_each(mHTTPProxyAddrStrings.begin(), mHTTPProxyAddrStrings.end(), DeletePointerArray()); + mHTTPProxyEnabled = false; } // Perform a SOCKS 5 authentication and UDP association to the proxy @@ -89,7 +82,7 @@ S32 LLProxy::proxyHandshake(LLHost proxy, U32 message_port) socks_auth_request.version = SOCKS_VERSION; // SOCKS version 5 socks_auth_request.num_methods = 1; // Sending 1 method. - socks_auth_request.methods = mAuthMethodSelected; // Send only the selected method. + socks_auth_request.methods = getSelectedAuthMethod(); // Send only the selected method. result = tcp_handshake(mProxyControlChannel, (char*)&socks_auth_request, sizeof(socks_auth_request), (char*)&socks_auth_response, sizeof(socks_auth_response)); if (result != 0) @@ -110,13 +103,15 @@ S32 LLProxy::proxyHandshake(LLHost proxy, U32 message_port) if (socks_auth_response.method == METHOD_PASSWORD) { // The server has requested a username/password combination - U32 request_size = mSocksUsername.size() + mSocksPassword.size() + 3; + std::string socks_username(getSocksUser()); + std::string socks_password(getSocksPwd()); + U32 request_size = socks_username.size() + socks_password.size() + 3; char * password_auth = new char[request_size]; password_auth[0] = 0x01; - password_auth[1] = mSocksUsername.size(); - memcpy(&password_auth[2], mSocksUsername.c_str(), mSocksUsername.size()); - password_auth[mSocksUsername.size() + 2] = mSocksPassword.size(); - memcpy(&password_auth[mSocksUsername.size()+3], mSocksPassword.c_str(), mSocksPassword.size()); + password_auth[1] = socks_username.size(); + memcpy(&password_auth[2], socks_username.c_str(), socks_username.size()); + password_auth[socks_username.size() + 2] = socks_password.size(); + memcpy(&password_auth[socks_username.size()+3], socks_password.c_str(), socks_password.size()); authmethod_password_reply_t password_reply; @@ -224,7 +219,7 @@ void LLProxy::stopSOCKSProxy() // then we must shut down any HTTP proxy operations. But it is allowable if web // proxy is being used to continue proxying HTTP. - if (LLPROXY_SOCKS == mProxyType) + if (LLPROXY_SOCKS == getHTTPProxyType()) { void disableHTTPProxy(); } @@ -237,6 +232,8 @@ void LLProxy::stopSOCKSProxy() void LLProxy::setAuthNone() { + LLMutexLock lock(&mProxyMutex); + mAuthMethodSelected = METHOD_NOAUTH; } @@ -249,23 +246,18 @@ bool LLProxy::setAuthPassword(const std::string &username, const std::string &pa return false; } + LLMutexLock lock(&mProxyMutex); + mAuthMethodSelected = METHOD_PASSWORD; mSocksUsername = username; mSocksPassword = password; - U32 size = username.length() + password.length() + 2; - char* curl_auth_string = new char[size]; - snprintf(curl_auth_string, size, "%s:%s", username.c_str(), password.c_str()); - - LLMutexLock lock(&mProxyMutex); - mSOCKSAuthStrings.push_back(curl_auth_string); - return true; } bool LLProxy::enableHTTPProxy(LLHost httpHost, LLHttpProxyType type) { - if (httpHost.isOk()) + if (!httpHost.isOk()) { LL_WARNS("Proxy") << "Invalid SOCKS 5 Server" << LL_ENDL; return false; @@ -273,14 +265,10 @@ bool LLProxy::enableHTTPProxy(LLHost httpHost, LLHttpProxyType type) LLMutexLock lock(&mProxyMutex); - sHTTPProxyEnabled = true; mHTTPProxy = httpHost; mProxyType = type; - U32 size = httpHost.getIPString().length() + 1; - char* http_addr_string = new char[size]; - strncpy(http_addr_string, httpHost.getIPString().c_str(), size); - mHTTPProxyAddrStrings.push_back(http_addr_string); + mHTTPProxyEnabled = true; return true; } @@ -289,7 +277,7 @@ bool LLProxy::enableHTTPProxy() { LLMutexLock lock(&mProxyMutex); - sHTTPProxyEnabled = true; + mHTTPProxyEnabled = true; return true; } @@ -298,7 +286,40 @@ void LLProxy::disableHTTPProxy() { LLMutexLock lock(&mProxyMutex); - sHTTPProxyEnabled = false; + mHTTPProxyEnabled = false; +} + +// Get the HTTP proxy address and port +LLHost LLProxy::getHTTPProxy() const +{ + LLMutexLock lock(&mProxyMutex); + return mHTTPProxy; +} + +// Get the currently selected HTTP proxy type +LLHttpProxyType LLProxy::getHTTPProxyType() const +{ + LLMutexLock lock(&mProxyMutex); + return mProxyType; +} + +std::string LLProxy::getSocksPwd() const +{ + LLMutexLock lock(&mProxyMutex); + return mSocksPassword; +} + +std::string LLProxy::getSocksUser() const +{ + LLMutexLock lock(&mProxyMutex); + return mSocksUsername; +} + +// get the currently selected auth method +LLSocks5AuthType LLProxy::getSelectedAuthMethod() const +{ + LLMutexLock lock(&mProxyMutex); + return mAuthMethodSelected; } //static @@ -322,24 +343,30 @@ void LLProxy::applyProxySettings(LLCurl::Easy* handle) void LLProxy::applyProxySettings(CURL* handle) { - LLMutexLock lock(&mProxyMutex); - if (sHTTPProxyEnabled) + // Do a faster unlocked check to see if we are supposed to proxy. + if (mHTTPProxyEnabled) { - check_curl_code(curl_easy_setopt(handle, CURLOPT_PROXY, mHTTPProxyAddrStrings.back())); - U16 port = mHTTPProxy.getPort(); - check_curl_code(curl_easy_setopt(handle, CURLOPT_PROXYPORT, port)); - - if (mProxyType == LLPROXY_SOCKS) + // We think we should proxy, lock the proxy mutex. + LLMutexLock lock(&mProxyMutex); + // Now test again to verify that the proxy wasn't disabled between the first check and the lock. + if (mHTTPProxyEnabled) { - check_curl_code(curl_easy_setopt(handle, CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5)); - if (mAuthMethodSelected == METHOD_PASSWORD) + check_curl_code(curl_easy_setopt(handle, CURLOPT_PROXY, mHTTPProxy.getIPString().c_str())); + check_curl_code(curl_easy_setopt(handle, CURLOPT_PROXYPORT, mHTTPProxy.getPort())); + + if (mProxyType == LLPROXY_SOCKS) { - check_curl_code(curl_easy_setopt(handle, CURLOPT_PROXYUSERPWD, mSOCKSAuthStrings.back())); + check_curl_code(curl_easy_setopt(handle, CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5)); + if (mAuthMethodSelected == METHOD_PASSWORD) + { + std::string auth_string = mSocksUsername + ":" + mSocksPassword; + check_curl_code(curl_easy_setopt(handle, CURLOPT_PROXYUSERPWD, auth_string.c_str())); + } + } + else + { + check_curl_code(curl_easy_setopt(handle, CURLOPT_PROXYTYPE, CURLPROXY_HTTP)); } - } - else - { - check_curl_code(curl_easy_setopt(handle, CURLOPT_PROXYTYPE, CURLPROXY_HTTP)); } } } diff --git a/indra/llmessage/llproxy.h b/indra/llmessage/llproxy.h index ce5bdec5ad..22954f2733 100644 --- a/indra/llmessage/llproxy.h +++ b/indra/llmessage/llproxy.h @@ -1,6 +1,6 @@ /** - * @file llsocks5.h - * @brief Socks 5 implementation + * @file llproxy.h + * @brief UDP and HTTP proxy communications * * $LicenseInfo:firstyear=2011&license=viewerlgpl$ * Second Life Viewer Source Code @@ -188,13 +188,14 @@ public: void setAuthNone(); // get the currently selected auth method - LLSocks5AuthType getSelectedAuthMethod() const { return mAuthMethodSelected; } + LLSocks5AuthType getSelectedAuthMethod() const; // static check for enabled status for UDP packets static bool isEnabled() { return sUDPProxyEnabled; } - // static check for enabled status for http packets - static bool isHTTPProxyEnabled() { return sHTTPProxyEnabled; } + // check for enabled status for HTTP packets + // mHTTPProxyEnabled is atomic, so no locking is required for thread safety. + bool isHTTPProxyEnabled() const { return mHTTPProxyEnabled; } // Proxy HTTP packets via httpHost, which can be a SOCKS 5 or a HTTP proxy // as specified in type @@ -204,6 +205,11 @@ public: // Stop proxying HTTP packets void disableHTTPProxy(); + // Apply the current proxy settings to a curl request. Doesn't do anything if mHTTPProxyEnabled is false. + void applyProxySettings(CURL* handle); + void applyProxySettings(LLCurl::Easy* handle); + void applyProxySettings(LLCurlEasyRequest* handle); + // Get the UDP proxy address and port LLHost getUDPProxy() const { return mUDPProxy; } @@ -211,46 +217,51 @@ public: LLHost getTCPProxy() const { return mTCPProxy; } // Get the HTTP proxy address and port - LLHost getHTTPProxy() const { return mHTTPProxy; } + LLHost getHTTPProxy() const; // Get the currently selected HTTP proxy type - LLHttpProxyType getHTTPProxyType() const { return mProxyType; } + LLHttpProxyType getHTTPProxyType() const; - // Get the username password in a curl compatible format - std::string getProxyUserPwdCURL() const { return (mSocksUsername + ":" + mSocksPassword); } - - std::string getSocksPwd() const { return mSocksPassword; } - std::string getSocksUser() const { return mSocksUsername; } - - // Apply the current proxy settings to a curl request. Doesn't do anything if sHTTPProxyEnabled is false. - void applyProxySettings(CURL* handle); - void applyProxySettings(LLCurl::Easy* handle); - void applyProxySettings(LLCurlEasyRequest* handle); + std::string getSocksPwd() const; + std::string getSocksUser() const; private: // Open a communication channel to the SOCKS 5 proxy proxy, at port messagePort S32 proxyHandshake(LLHost proxy, U32 messagePort); private: - // socket handle to proxy TCP control channel - LLSocket::ptr_t mProxyControlChannel; + // Is the HTTP proxy enabled? + // Safe to read in any thread, do not write directly, + // use enableHTTPProxy() and disableHTTPProxy() instead. + mutable LLAtomic32 mHTTPProxyEnabled; + + // Mutex to protect shared members in non-main thread calls to applyProxySettings() + mutable LLMutex mProxyMutex; + + // MEMBERS READ AND WRITTEN ONLY IN THE MAIN THREAD. DO NOT SHARE! // Is the UDP proxy enabled? static bool sUDPProxyEnabled; - // Is the HTTP proxy enabled? - // Do not toggle directly, use enableHTTPProxy() and disableHTTPProxy() - static bool sHTTPProxyEnabled; - - // currently selected http proxy type - LLHttpProxyType mProxyType; // UDP proxy address and port LLHost mUDPProxy; // TCP proxy control channel address and port LLHost mTCPProxy; + + // socket handle to proxy TCP control channel + LLSocket::ptr_t mProxyControlChannel; + + // APR pool for the socket + apr_pool_t* mPool; + + // MEMBERS WRITTEN IN MAIN THREAD AND READ IN ANY THREAD. ONLY READ OR WRITE AFTER LOCKING mProxyMutex! + // HTTP proxy address and port LLHost mHTTPProxy; + // Currently selected HTTP proxy type. Can be web or socks. + LLHttpProxyType mProxyType; + // SOCKS 5 auth method selected LLSocks5AuthType mAuthMethodSelected; @@ -258,17 +269,6 @@ private: std::string mSocksUsername; // SOCKS 5 password std::string mSocksPassword; - - // Vectors to store valid pointers to string options that might have been set on CURL requests. - // This results in a behavior similar to LLCurl::Easy::setoptstring() - std::vector mSOCKSAuthStrings; - std::vector mHTTPProxyAddrStrings; - - // Mutex to protect members in cross-thread calls to applyProxySettings() - LLMutex mProxyMutex; - - // APR pool for the socket - apr_pool_t* mPool; }; #endif -- cgit v1.2.3 From d3b4cc34a8d388ab66ef2ca717ee0d814d87ff3d Mon Sep 17 00:00:00 2001 From: Logan Dethrow Date: Tue, 2 Aug 2011 17:18:54 -0400 Subject: LLProxy cleanup. * Removed early returns in LLStartup::handleSocksProxy * Corrected some cases that would result in handleSocksProxy not being called again during login if settings changed * Allowed for short replies in tcp_handshake in LLProxy.cpp * Renamed LLProxy::isEnabled() to LLProxy::isSocksProxyEnabled() to clarify its use. --- indra/llmessage/llpacketring.cpp | 4 ++-- indra/llmessage/llproxy.cpp | 12 +++++++----- indra/llmessage/llproxy.h | 2 +- 3 files changed, 10 insertions(+), 8 deletions(-) (limited to 'indra/llmessage') diff --git a/indra/llmessage/llpacketring.cpp b/indra/llmessage/llpacketring.cpp index ba82957b47..7628984de4 100644 --- a/indra/llmessage/llpacketring.cpp +++ b/indra/llmessage/llpacketring.cpp @@ -225,7 +225,7 @@ S32 LLPacketRing::receivePacket (S32 socket, char *datap) else { // no delay, pull straight from net - if (LLProxy::isEnabled()) + if (LLProxy::isSOCKSProxyEnabled()) { U8 buffer[NET_BUFFER_SIZE + SOCKS_HEADER_SIZE]; packet_size = receive_packet(socket, reinterpret_cast(buffer)); @@ -348,7 +348,7 @@ BOOL LLPacketRing::sendPacket(int h_socket, char * send_buffer, S32 buf_size, LL BOOL LLPacketRing::sendPacketImpl(int h_socket, const char * send_buffer, S32 buf_size, LLHost host) { - if (!LLProxy::isEnabled()) + if (!LLProxy::isSOCKSProxyEnabled()) { return send_packet(h_socket, send_buffer, buf_size, host.getAddress(), host.getPort()); } diff --git a/indra/llmessage/llproxy.cpp b/indra/llmessage/llproxy.cpp index b224757673..d2e64e60ac 100644 --- a/indra/llmessage/llproxy.cpp +++ b/indra/llmessage/llproxy.cpp @@ -382,14 +382,15 @@ static S32 tcp_handshake(LLSocket::ptr_t handle, char * dataout, apr_size_t outl handle->setBlocking(1000); rv = apr_socket_send(apr_socket, dataout, &outlen); - if (APR_SUCCESS != rv || expected_len != outlen) + if (APR_SUCCESS != rv) { - LL_WARNS("Proxy") << "Error sending data to proxy control channel" << LL_ENDL; + LL_WARNS("Proxy") << "Error sending data to proxy control channel, status: " << rv << LL_ENDL; ll_apr_warn_status(rv); } else if (expected_len != outlen) { - LL_WARNS("Proxy") << "Error sending data to proxy control channel" << LL_ENDL; + LL_WARNS("Proxy") << "Incorrect data length sent. Expected: " << expected_len << + " Sent: " << outlen << LL_ENDL; rv = -1; } @@ -402,9 +403,10 @@ static S32 tcp_handshake(LLSocket::ptr_t handle, char * dataout, apr_size_t outl LL_WARNS("Proxy") << "Error receiving data from proxy control channel, status: " << rv << LL_ENDL; ll_apr_warn_status(rv); } - else if (expected_len != maxinlen) + else if (expected_len < maxinlen) { - LL_WARNS("Proxy") << "Received incorrect amount of data in proxy control channel" << LL_ENDL; + LL_WARNS("Proxy") << "Incorrect data length received. Expected: " << expected_len << + " Received: " << maxinlen << LL_ENDL; rv = -1; } } diff --git a/indra/llmessage/llproxy.h b/indra/llmessage/llproxy.h index 22954f2733..68c40561c8 100644 --- a/indra/llmessage/llproxy.h +++ b/indra/llmessage/llproxy.h @@ -191,7 +191,7 @@ public: LLSocks5AuthType getSelectedAuthMethod() const; // static check for enabled status for UDP packets - static bool isEnabled() { return sUDPProxyEnabled; } + static bool isSOCKSProxyEnabled() { return sUDPProxyEnabled; } // check for enabled status for HTTP packets // mHTTPProxyEnabled is atomic, so no locking is required for thread safety. -- cgit v1.2.3 From 37f88470850cf572f30b0d1dae2f46a8e3b43977 Mon Sep 17 00:00:00 2001 From: Logan Dethrow Date: Thu, 4 Aug 2011 11:17:03 -0400 Subject: LLProxy: Added another attempt to download gpu and feature tables after successfully setting up a proxy. Other minor changes: Clarified why we are using SOCKS5 as the "grid" argument to store proxy credentials. Added class wide logging to the LLProxy class. --- indra/llmessage/llproxy.cpp | 8 +++----- indra/llmessage/llproxy.h | 1 + 2 files changed, 4 insertions(+), 5 deletions(-) (limited to 'indra/llmessage') diff --git a/indra/llmessage/llproxy.cpp b/indra/llmessage/llproxy.cpp index d2e64e60ac..bdffa34fbc 100644 --- a/indra/llmessage/llproxy.cpp +++ b/indra/llmessage/llproxy.cpp @@ -85,7 +85,7 @@ S32 LLProxy::proxyHandshake(LLHost proxy, U32 message_port) socks_auth_request.methods = getSelectedAuthMethod(); // Send only the selected method. result = tcp_handshake(mProxyControlChannel, (char*)&socks_auth_request, sizeof(socks_auth_request), (char*)&socks_auth_response, sizeof(socks_auth_response)); - if (result != 0) + if (result != APR_SUCCESS) { LL_WARNS("Proxy") << "SOCKS authentication request failed, error on TCP control channel : " << result << LL_ENDL; stopSOCKSProxy(); @@ -118,7 +118,7 @@ S32 LLProxy::proxyHandshake(LLHost proxy, U32 message_port) result = tcp_handshake(mProxyControlChannel, password_auth, request_size, (char*)&password_reply, sizeof(password_reply)); delete[] password_auth; - if (result != 0) + if (result != APR_SUCCESS) { LL_WARNS("Proxy") << "SOCKS authentication failed, error on TCP control channel : " << result << LL_ENDL; stopSOCKSProxy(); @@ -148,7 +148,7 @@ S32 LLProxy::proxyHandshake(LLHost proxy, U32 message_port) // the client MUST use a port number and address of all zeros. RFC 1928" result = tcp_handshake(mProxyControlChannel, (char*)&connect_request, sizeof(connect_request), (char*)&connect_reply, sizeof(connect_reply)); - if (result != 0) + if (result != APR_SUCCESS) { LL_WARNS("Proxy") << "SOCKS connect request failed, error on TCP control channel : " << result << LL_ENDL; stopSOCKSProxy(); @@ -335,7 +335,6 @@ void LLProxy::applyProxySettings(LLCurlEasyRequest* handle) applyProxySettings(handle->getEasy()); } - void LLProxy::applyProxySettings(LLCurl::Easy* handle) { applyProxySettings(handle->getCurlHandle()); @@ -373,7 +372,6 @@ void LLProxy::applyProxySettings(CURL* handle) static S32 tcp_handshake(LLSocket::ptr_t handle, char * dataout, apr_size_t outlen, char * datain, apr_size_t maxinlen) { - apr_socket_t* apr_socket = handle->getSocket(); apr_status_t rv = APR_SUCCESS; diff --git a/indra/llmessage/llproxy.h b/indra/llmessage/llproxy.h index 68c40561c8..534455a6dd 100644 --- a/indra/llmessage/llproxy.h +++ b/indra/llmessage/llproxy.h @@ -168,6 +168,7 @@ enum LLSocks5AuthType class LLProxy: public LLSingleton { + LOG_CLASS(LLProxy); public: LLProxy(); ~LLProxy(); -- cgit v1.2.3 From 5915da89f06106d0e811c6655144df93d35144f8 Mon Sep 17 00:00:00 2001 From: Logan Dethrow Date: Mon, 8 Aug 2011 15:53:06 -0400 Subject: LLProxy cleanup. Made the socks proxy start first in llstartup.cpp Moved initialization of the proxy to before the HTTP table fetch Added Doxygen comments to LLProxy methods. Removed call to applyProxySettings in llxmlrpctransaction.cpp since the ctor of LLCurlEasyRequest will apply the proxy settings. --- indra/llmessage/llproxy.cpp | 149 +++++++++++++++++++++++++++++++++++++++----- indra/llmessage/llproxy.h | 99 ++++++++++++++++++++++++----- 2 files changed, 216 insertions(+), 32 deletions(-) (limited to 'indra/llmessage') diff --git a/indra/llmessage/llproxy.cpp b/indra/llmessage/llproxy.cpp index bdffa34fbc..3f4a6accbf 100644 --- a/indra/llmessage/llproxy.cpp +++ b/indra/llmessage/llproxy.cpp @@ -34,8 +34,6 @@ #include "llapr.h" #include "llcurl.h" #include "llhost.h" -#include "message.h" -#include "net.h" // Static class variable instances @@ -44,10 +42,10 @@ // member is also static bool LLProxy::sUDPProxyEnabled = false; -// Some helpful TCP functions +// Some helpful TCP static functions. +static S32 tcp_handshake(LLSocket::ptr_t handle, char * dataout, apr_size_t outlen, char * datain, apr_size_t maxinlen); // Do a TCP data handshake static LLSocket::ptr_t tcp_open_channel(apr_pool_t* pool, LLHost host); // Open a TCP channel to a given host static void tcp_close_channel(LLSocket::ptr_t* handle_ptr); // Close an open TCP channel -static S32 tcp_handshake(LLSocket::ptr_t handle, char * dataout, apr_size_t outlen, char * datain, apr_size_t maxinlen); // Do a TCP data handshake LLProxy::LLProxy(): mHTTPProxyEnabled(false), @@ -70,9 +68,15 @@ LLProxy::~LLProxy() mHTTPProxyEnabled = false; } -// Perform a SOCKS 5 authentication and UDP association to the proxy -// specified by proxy, and associate UDP port message_port -S32 LLProxy::proxyHandshake(LLHost proxy, U32 message_port) +/** + * @brief Open the SOCKS 5 TCP control channel. + * + * Perform a SOCKS 5 authentication and UDP association to the proxy server. + * + * @param proxy The SOCKS 5 server to connect to. + * @return SOCKS_OK if successful, otherwise a socks error code from llproxy.h. + */ +S32 LLProxy::proxyHandshake(LLHost proxy) { S32 result; @@ -169,6 +173,16 @@ S32 LLProxy::proxyHandshake(LLHost proxy, U32 message_port) return SOCKS_OK; } +/** + * @brief Initiates a SOCKS 5 proxy session. + * + * Performs basic checks on host to verify that it is a valid address. Opens the control channel + * and then negotiates the proxy connection with the server. + * + * + * @param host Socks server to connect to. + * @return SOCKS_OK if successful, otherwise a SOCKS error code defined in llproxy.h. + */ S32 LLProxy::startSOCKSProxy(LLHost host) { S32 status = SOCKS_OK; @@ -198,7 +212,7 @@ S32 LLProxy::startSOCKSProxy(LLHost host) if (status == SOCKS_OK) { - status = proxyHandshake(mTCPProxy, (U32)gMessageSystem->mPort); + status = proxyHandshake(mTCPProxy); } if (status == SOCKS_OK) { @@ -211,6 +225,13 @@ S32 LLProxy::startSOCKSProxy(LLHost host) return status; } +/** + * @brief Stop using the SOCKS 5 proxy. + * + * This will stop sending UDP packets through the SOCKS 5 proxy + * and will also stop the HTTP proxy if it is configured to use SOCKS. + * The proxy control channel will also be disconnected. + */ void LLProxy::stopSOCKSProxy() { sUDPProxyEnabled = false; @@ -230,6 +251,9 @@ void LLProxy::stopSOCKSProxy() } } +/** + * @brief Set the proxy's SOCKS authentication method to none. + */ void LLProxy::setAuthNone() { LLMutexLock lock(&mProxyMutex); @@ -237,6 +261,18 @@ void LLProxy::setAuthNone() mAuthMethodSelected = METHOD_NOAUTH; } +/** + * @brief Set the proxy's SOCKS authentication method to password. + * + * Check whether the lengths of the supplied username + * and password conform to the lengths allowed by the + * SOCKS protocol. + * + * @param username The SOCKS username to send. + * @param password The SOCKS password to send. + * @return Return true if applying the settings was successful. No changes are made if false. + * + */ bool LLProxy::setAuthPassword(const std::string &username, const std::string &password) { if (username.length() > SOCKSMAXUSERNAMELEN || password.length() > SOCKSMAXPASSWORDLEN || @@ -255,6 +291,15 @@ bool LLProxy::setAuthPassword(const std::string &username, const std::string &pa return true; } +/** + * @brief Enable the HTTP proxy for either SOCKS or HTTP. + * + * Check the supplied host to see if it is a valid IP and port. + * + * @param httpHost Proxy server to connect to. + * @param type Is the host a SOCKS or HTTP proxy. + * @return Return true if applying the setting was successful. No changes are made if false. + */ bool LLProxy::enableHTTPProxy(LLHost httpHost, LLHttpProxyType type) { if (!httpHost.isOk()) @@ -273,15 +318,31 @@ bool LLProxy::enableHTTPProxy(LLHost httpHost, LLHttpProxyType type) return true; } +/** + * @brief Enable the HTTP proxy without changing the proxy settings. + * + * This should not be called unless the proxy has already been set up. + * + * @return Return true only if the current settings are valid and the proxy was enabled. + */ bool LLProxy::enableHTTPProxy() { + bool ok; + LLMutexLock lock(&mProxyMutex); - mHTTPProxyEnabled = true; + ok = (mHTTPProxy.isOk()); + if (ok) + { + mHTTPProxyEnabled = true; + } - return true; + return ok; } +/** + * @brief Disable the HTTP proxy. + */ void LLProxy::disableHTTPProxy() { LLMutexLock lock(&mProxyMutex); @@ -289,39 +350,59 @@ void LLProxy::disableHTTPProxy() mHTTPProxyEnabled = false; } -// Get the HTTP proxy address and port +/** + * @brief Get the HTTP proxy address and port + */ +// LLHost LLProxy::getHTTPProxy() const { LLMutexLock lock(&mProxyMutex); return mHTTPProxy; } -// Get the currently selected HTTP proxy type +/** + * @brief Get the currently selected HTTP proxy type + */ LLHttpProxyType LLProxy::getHTTPProxyType() const { LLMutexLock lock(&mProxyMutex); return mProxyType; } +/** + * @brief Get the SOCKS 5 password. + */ std::string LLProxy::getSocksPwd() const { LLMutexLock lock(&mProxyMutex); return mSocksPassword; } +/** + * @brief Get the SOCKS 5 username. + */ std::string LLProxy::getSocksUser() const { LLMutexLock lock(&mProxyMutex); return mSocksUsername; } -// get the currently selected auth method +/** + * @brief Get the currently selected SOCKS 5 authentication method. + * + * @return Returns either none or password. + */ LLSocks5AuthType LLProxy::getSelectedAuthMethod() const { LLMutexLock lock(&mProxyMutex); return mAuthMethodSelected; } +/** + * @brief Stop the LLProxy and make certain that any APR pools and classes are deleted before terminating APR. + * + * Deletes the LLProxy singleton, destroying the APR pool used by the control channel as well as . + */ //static void LLProxy::cleanupClass() { @@ -329,7 +410,6 @@ void LLProxy::cleanupClass() deleteSingleton(); } -// Apply proxy settings to CuRL request if either type of HTTP proxy is enabled. void LLProxy::applyProxySettings(LLCurlEasyRequest* handle) { applyProxySettings(handle->getEasy()); @@ -340,6 +420,17 @@ void LLProxy::applyProxySettings(LLCurl::Easy* handle) applyProxySettings(handle->getCurlHandle()); } +/** + * @brief Apply proxy settings to a CuRL request if an HTTP proxy is enabled. + * + * This method has been designed to be safe to call from + * any thread in the viewer. This allows requests in the + * texture fetch thread to be aware of the proxy settings. + * When the HTTP proxy is enabled, the proxy mutex will + * be locked every time this method is called. + * + * @param handle A pointer to a valid CURL request, before it has been performed. + */ void LLProxy::applyProxySettings(CURL* handle) { // Do a faster unlocked check to see if we are supposed to proxy. @@ -370,6 +461,19 @@ void LLProxy::applyProxySettings(CURL* handle) } } +/** + * @brief Send one TCP packet and receive one in return. + * + * This operation is done synchronously with a 1000ms timeout. Therefore, it should not be used when a blocking + * operation would impact the operation of the viewer. + * + * @param handle_ptr Pointer to a connected LLSocket of type STREAM_TCP. + * @param dataout Data to send. + * @param outlen Length of dataout. + * @param datain Buffer for received data. Undefined if return value is not APR_SUCCESS. + * @param maxinlen Maximum possible length of received data. Short reads are allowed. + * @return Indicates APR status code of exchange. APR_SUCCESS if exchange was successful, -1 if invalid data length was received. + */ static S32 tcp_handshake(LLSocket::ptr_t handle, char * dataout, apr_size_t outlen, char * datain, apr_size_t maxinlen) { apr_socket_t* apr_socket = handle->getSocket(); @@ -414,9 +518,18 @@ static S32 tcp_handshake(LLSocket::ptr_t handle, char * dataout, apr_size_t outl return rv; } +/** + * @brief Open a LLSocket and do a blocking connect to the chosen host. + * + * Checks for a successful connection, and makes sure the connection is closed if it fails. + * + * @param pool APR pool to pass into the LLSocket. + * @param host The host to open the connection to. + * @return The created socket. Will evaluate as NULL if the connection is unsuccessful. + */ static LLSocket::ptr_t tcp_open_channel(apr_pool_t* pool, LLHost host) { - LLSocket::ptr_t socket = LLSocket::create(gAPRPoolp, LLSocket::STREAM_TCP); + LLSocket::ptr_t socket = LLSocket::create(pool, LLSocket::STREAM_TCP); bool connected = socket->blockingConnect(host); if (!connected) { @@ -426,7 +539,11 @@ static LLSocket::ptr_t tcp_open_channel(apr_pool_t* pool, LLHost host) return socket; } -// Pass a pointer-to-pointer to avoid changing use_count(). +/** + * @brief Close the socket. + * + * @param handle_ptr A pointer-to-pointer to avoid increasing the use count. + */ static void tcp_close_channel(LLSocket::ptr_t* handle_ptr) { LL_DEBUGS("Proxy") << "Resetting proxy LLSocket handle, use_count == " << handle_ptr->use_count() << LL_ENDL; diff --git a/indra/llmessage/llproxy.h b/indra/llmessage/llproxy.h index 534455a6dd..29e7e28567 100644 --- a/indra/llmessage/llproxy.h +++ b/indra/llmessage/llproxy.h @@ -35,7 +35,7 @@ #include "llthread.h" #include -// Error codes returned from the StartProxy method +// SOCKS error codes returned from the StartProxy method #define SOCKS_OK 0 #define SOCKS_CONNECT_ERROR (-1) @@ -166,11 +166,86 @@ enum LLSocks5AuthType METHOD_PASSWORD = 0x02 // Client supports username/password }; +/** + * @brief Manage SOCKS 5 UDP proxy and HTTP proxy. + * + * This class is responsible for managing two interconnected tasks, + * connecting to a SOCKS 5 proxy for use by LLPacketRing to send UDP + * packets and managing proxy settings for HTTP requests. + * + *

Threading:

+ * Because HTTP requests can be generated in threads outside the + * main thread, it is necessary for some of the information stored + * by this class to be available to other threads. The members that + * need to be read across threads are in a labeled section below. + * To protect those members, a mutex, mProxyMutex should be locked + * before reading or writing those members. Methods that can lock + * mProxyMutex are in a labeled section below. Those methods should + * not be called while the mutex is already locked. + * + * There is also a LLAtomic type flag (mHTTPProxyEnabled) that is used + * to track whether the HTTP proxy is currently enabled. This allows + * for faster unlocked checks to see if the proxy is enabled. This + * allows us to cut down on the performance hit when the proxy is + * disabled compared to before this class was introduced. + * + *

UDP Proxying:

+ * UDP datagrams are proxied via a SOCKS 5 proxy with the UDP associate + * command. To initiate the proxy, a TCP socket connection is opened + * to the SOCKS 5 host, and after a handshake exchange, the server + * returns a port and address to send the UDP traffic that is to be + * proxied to. The LLProxy class tracks this address and port after the + * exchange and provides it to LLPacketRing when required to. All UDP + * proxy management occurs in the main thread. + * + *

HTTP Proxying:

+ * This class allows all viewer HTTP packets to be sent through a proxy. + * The user can select whether to send HTTP packets through a standard + * "web" HTTP proxy, through a SOCKS 5 proxy, or to not proxy HTTP + * communication. This class does not manage the integrated web browser + * proxy, which is handled in llviewermedia.cpp. + * + * The implementation of HTTP proxying is handled by libcurl. LLProxy + * is responsible for managing the HTTP proxy options and provides a + * thread-safe method to apply those options to a curl request + * (LLProxy::applyProxySettings()). This method is overloaded + * to accommodate the various abstraction libcurl layers that exist + * throughout the viewer (LLCurlEasyRequest, LLCurl::Easy, and CURL). + * + * If you are working with LLCurl or LLCurlEasyRequest objects, + * the configured proxy settings will be applied in the constructors + * of those request handles. If you are working with CURL objects + * directly, you will need to pass the handle of the request to + * applyProxySettings() before issuing the request. + * + * To ensure thread safety, all LLProxy members that relate to the HTTP + * proxy require the LLProxyMutex to be locked before accessing. + */ class LLProxy: public LLSingleton { LOG_CLASS(LLProxy); public: + // METHODS THAT DO NOT LOCK mProxyMutex! + LLProxy(); + + // static check for enabled status for UDP packets + static bool isSOCKSProxyEnabled() { return sUDPProxyEnabled; } + + // check for enabled status for HTTP packets + // mHTTPProxyEnabled is atomic, so no locking is required for thread safety. + bool isHTTPProxyEnabled() const { return mHTTPProxyEnabled; } + + // Get the UDP proxy address and port + LLHost getUDPProxy() const { return mUDPProxy; } + + // Get the SOCKS 5 TCP control channel address and port + LLHost getTCPProxy() const { return mTCPProxy; } + + // END OF NON-LOCKING METHODS + + // METHODS THAT DO LOCK mProxyMutex! DO NOT CALL WHILE mProxyMutex IS LOCKED! + ~LLProxy(); // Start a connection to the SOCKS 5 proxy @@ -188,16 +263,9 @@ public: // Set up to use No Auth when connecting to the SOCKS proxy void setAuthNone(); - // get the currently selected auth method + // Get the currently selected auth method. LLSocks5AuthType getSelectedAuthMethod() const; - // static check for enabled status for UDP packets - static bool isSOCKSProxyEnabled() { return sUDPProxyEnabled; } - - // check for enabled status for HTTP packets - // mHTTPProxyEnabled is atomic, so no locking is required for thread safety. - bool isHTTPProxyEnabled() const { return mHTTPProxyEnabled; } - // Proxy HTTP packets via httpHost, which can be a SOCKS 5 or a HTTP proxy // as specified in type bool enableHTTPProxy(LLHost httpHost, LLHttpProxyType type); @@ -211,12 +279,6 @@ public: void applyProxySettings(LLCurl::Easy* handle); void applyProxySettings(LLCurlEasyRequest* handle); - // Get the UDP proxy address and port - LLHost getUDPProxy() const { return mUDPProxy; } - - // Get the SOCKS 5 TCP control channel address and port - LLHost getTCPProxy() const { return mTCPProxy; } - // Get the HTTP proxy address and port LLHost getHTTPProxy() const; @@ -226,9 +288,10 @@ public: std::string getSocksPwd() const; std::string getSocksUser() const; + // END OF LOCKING METHODS private: // Open a communication channel to the SOCKS 5 proxy proxy, at port messagePort - S32 proxyHandshake(LLHost proxy, U32 messagePort); + S32 proxyHandshake(LLHost proxy); private: // Is the HTTP proxy enabled? @@ -255,6 +318,8 @@ private: // APR pool for the socket apr_pool_t* mPool; + // END OF UNSHARED MEMBERS + // MEMBERS WRITTEN IN MAIN THREAD AND READ IN ANY THREAD. ONLY READ OR WRITE AFTER LOCKING mProxyMutex! // HTTP proxy address and port @@ -270,6 +335,8 @@ private: std::string mSocksUsername; // SOCKS 5 password std::string mSocksPassword; + + // END OF SHARED MEMBERS }; #endif -- cgit v1.2.3 From 3743ec176c3c8fc1b93b2133e385331140819d8f Mon Sep 17 00:00:00 2001 From: Logan Dethrow Date: Mon, 15 Aug 2011 13:21:33 -0400 Subject: LLProxy: Removed unneeded call to LLProxy::applyProxySettings, since it was already being called. --- indra/llmessage/llurlrequest.cpp | 1 - 1 file changed, 1 deletion(-) (limited to 'indra/llmessage') diff --git a/indra/llmessage/llurlrequest.cpp b/indra/llmessage/llurlrequest.cpp index a186596582..d5400e4169 100644 --- a/indra/llmessage/llurlrequest.cpp +++ b/indra/llmessage/llurlrequest.cpp @@ -438,7 +438,6 @@ void LLURLRequest::initialize() LLMemType m1(LLMemType::MTYPE_IO_URL_REQUEST); mState = STATE_INITIALIZED; mDetail = new LLURLRequestDetail; - LLProxy::getInstance()->applyProxySettings(mDetail->mCurlRequest); mDetail->mCurlRequest->setopt(CURLOPT_NOSIGNAL, 1); mDetail->mCurlRequest->setWriteCallback(&downCallback, (void*)this); mDetail->mCurlRequest->setReadCallback(&upCallback, (void*)this); -- cgit v1.2.3 From ff870e977034cc17292aeb8d274ed553c7b2e3e3 Mon Sep 17 00:00:00 2001 From: Logan Dethrow Date: Mon, 15 Aug 2011 13:22:23 -0400 Subject: Back out later: Turned on curl verbose logging for debugging purposes. --- indra/llmessage/llcurl.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'indra/llmessage') diff --git a/indra/llmessage/llcurl.cpp b/indra/llmessage/llcurl.cpp index bfdf49c74b..9ddf8e2824 100644 --- a/indra/llmessage/llcurl.cpp +++ b/indra/llmessage/llcurl.cpp @@ -469,7 +469,7 @@ void LLCurl::Easy::prepRequest(const std::string& url, if (post) setoptString(CURLOPT_ENCODING, ""); - //setopt(CURLOPT_VERBOSE, 1); // useful for debugging + setopt(CURLOPT_VERBOSE, 1); // useful for debugging setopt(CURLOPT_NOSIGNAL, 1); // Set the CURL options for either Socks or HTTP proxy -- cgit v1.2.3 From 61a7a874aa699d0549eb6aef2ee79ee81a384bdb Mon Sep 17 00:00:00 2001 From: Logan Dethrow Date: Mon, 15 Aug 2011 20:05:28 -0400 Subject: Backed out rev 42d5f5df0a6a. Code was apparently needed afterall. --- indra/llmessage/llurlrequest.cpp | 1 + 1 file changed, 1 insertion(+) (limited to 'indra/llmessage') diff --git a/indra/llmessage/llurlrequest.cpp b/indra/llmessage/llurlrequest.cpp index d5400e4169..a186596582 100644 --- a/indra/llmessage/llurlrequest.cpp +++ b/indra/llmessage/llurlrequest.cpp @@ -438,6 +438,7 @@ void LLURLRequest::initialize() LLMemType m1(LLMemType::MTYPE_IO_URL_REQUEST); mState = STATE_INITIALIZED; mDetail = new LLURLRequestDetail; + LLProxy::getInstance()->applyProxySettings(mDetail->mCurlRequest); mDetail->mCurlRequest->setopt(CURLOPT_NOSIGNAL, 1); mDetail->mCurlRequest->setWriteCallback(&downCallback, (void*)this); mDetail->mCurlRequest->setReadCallback(&upCallback, (void*)this); -- cgit v1.2.3 From 797b4df42a17f0674a1ac64946deca50b726e523 Mon Sep 17 00:00:00 2001 From: Logan Dethrow Date: Tue, 16 Aug 2011 17:35:16 -0400 Subject: Backed out changeset 694594710de2 --- indra/llmessage/llurlrequest.cpp | 1 - 1 file changed, 1 deletion(-) (limited to 'indra/llmessage') diff --git a/indra/llmessage/llurlrequest.cpp b/indra/llmessage/llurlrequest.cpp index a186596582..d5400e4169 100644 --- a/indra/llmessage/llurlrequest.cpp +++ b/indra/llmessage/llurlrequest.cpp @@ -438,7 +438,6 @@ void LLURLRequest::initialize() LLMemType m1(LLMemType::MTYPE_IO_URL_REQUEST); mState = STATE_INITIALIZED; mDetail = new LLURLRequestDetail; - LLProxy::getInstance()->applyProxySettings(mDetail->mCurlRequest); mDetail->mCurlRequest->setopt(CURLOPT_NOSIGNAL, 1); mDetail->mCurlRequest->setWriteCallback(&downCallback, (void*)this); mDetail->mCurlRequest->setReadCallback(&upCallback, (void*)this); -- cgit v1.2.3 From 4fb809eed5fbed458b5be883fba7196a5712aa48 Mon Sep 17 00:00:00 2001 From: Logan Dethrow Date: Thu, 18 Aug 2011 16:10:49 -0400 Subject: Backed out revision cbc793dcd3db to disable libcurl verbose logging. --- indra/llmessage/llcurl.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'indra/llmessage') diff --git a/indra/llmessage/llcurl.cpp b/indra/llmessage/llcurl.cpp index 9ddf8e2824..bfdf49c74b 100644 --- a/indra/llmessage/llcurl.cpp +++ b/indra/llmessage/llcurl.cpp @@ -469,7 +469,7 @@ void LLCurl::Easy::prepRequest(const std::string& url, if (post) setoptString(CURLOPT_ENCODING, ""); - setopt(CURLOPT_VERBOSE, 1); // useful for debugging + //setopt(CURLOPT_VERBOSE, 1); // useful for debugging setopt(CURLOPT_NOSIGNAL, 1); // Set the CURL options for either Socks or HTTP proxy -- cgit v1.2.3