2
0

socks.c 22 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718
  1. /***************************************************************************
  2. * _ _ ____ _
  3. * Project ___| | | | _ \| |
  4. * / __| | | | |_) | |
  5. * | (__| |_| | _ <| |___
  6. * \___|\___/|_| \_\_____|
  7. *
  8. * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
  9. *
  10. * This software is licensed as described in the file COPYING, which
  11. * you should have received as part of this distribution. The terms
  12. * are also available at http://curl.haxx.se/docs/copyright.html.
  13. *
  14. * You may opt to use, copy, modify, merge, publish, distribute and/or sell
  15. * copies of the Software, and permit persons to whom the Software is
  16. * furnished to do so, under the terms of the COPYING file.
  17. *
  18. * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  19. * KIND, either express or implied.
  20. *
  21. ***************************************************************************/
  22. #include "setup.h"
  23. #if !defined(CURL_DISABLE_PROXY) || defined(USE_WINDOWS_SSPI)
  24. #ifdef HAVE_SYS_SOCKET_H
  25. #include <sys/socket.h>
  26. #endif
  27. #ifdef HAVE_NETINET_IN_H
  28. #include <netinet/in.h>
  29. #endif
  30. #ifdef HAVE_ARPA_INET_H
  31. #include <arpa/inet.h>
  32. #endif
  33. #include "urldata.h"
  34. #include "sendf.h"
  35. #include "strequal.h"
  36. #include "select.h"
  37. #include "connect.h"
  38. #include "timeval.h"
  39. #include "socks.h"
  40. /* The last #include file should be: */
  41. #include "memdebug.h"
  42. /*
  43. * Helper read-from-socket functions. Does the same as Curl_read() but it
  44. * blocks until all bytes amount of buffersize will be read. No more, no less.
  45. *
  46. * This is STUPID BLOCKING behaviour which we frown upon, but right now this
  47. * is what we have...
  48. */
  49. int Curl_blockread_all(struct connectdata *conn, /* connection data */
  50. curl_socket_t sockfd, /* read from this socket */
  51. char *buf, /* store read data here */
  52. ssize_t buffersize, /* max amount to read */
  53. ssize_t *n) /* amount bytes read */
  54. {
  55. ssize_t nread;
  56. ssize_t allread = 0;
  57. int result;
  58. long timeleft;
  59. *n = 0;
  60. for(;;) {
  61. timeleft = Curl_timeleft(conn->data, NULL, TRUE);
  62. if(timeleft < 0) {
  63. /* we already got the timeout */
  64. result = CURLE_OPERATION_TIMEDOUT;
  65. break;
  66. }
  67. if(Curl_socket_ready(sockfd, CURL_SOCKET_BAD, timeleft) <= 0) {
  68. result = ~CURLE_OK;
  69. break;
  70. }
  71. result = Curl_read_plain(sockfd, buf, buffersize, &nread);
  72. if(CURLE_AGAIN == result)
  73. continue;
  74. else if(result)
  75. break;
  76. if(buffersize == nread) {
  77. allread += nread;
  78. *n = allread;
  79. result = CURLE_OK;
  80. break;
  81. }
  82. if(!nread) {
  83. result = ~CURLE_OK;
  84. break;
  85. }
  86. buffersize -= nread;
  87. buf += nread;
  88. allread += nread;
  89. }
  90. return result;
  91. }
  92. /*
  93. * This function logs in to a SOCKS4 proxy and sends the specifics to the final
  94. * destination server.
  95. *
  96. * Reference :
  97. * http://socks.permeo.com/protocol/socks4.protocol
  98. *
  99. * Note :
  100. * Set protocol4a=true for "SOCKS 4A (Simple Extension to SOCKS 4 Protocol)"
  101. * Nonsupport "Identification Protocol (RFC1413)"
  102. */
  103. CURLcode Curl_SOCKS4(const char *proxy_name,
  104. const char *hostname,
  105. int remote_port,
  106. int sockindex,
  107. struct connectdata *conn,
  108. bool protocol4a)
  109. {
  110. #define SOCKS4REQLEN 262
  111. unsigned char socksreq[SOCKS4REQLEN]; /* room for SOCKS4 request incl. user
  112. id */
  113. int result;
  114. CURLcode code;
  115. curl_socket_t sock = conn->sock[sockindex];
  116. struct SessionHandle *data = conn->data;
  117. if(Curl_timeleft(data, NULL, TRUE) < 0) {
  118. /* time-out, bail out, go home */
  119. failf(data, "Connection time-out");
  120. return CURLE_OPERATION_TIMEDOUT;
  121. }
  122. curlx_nonblock(sock, FALSE);
  123. /*
  124. * Compose socks4 request
  125. *
  126. * Request format
  127. *
  128. * +----+----+----+----+----+----+----+----+----+----+....+----+
  129. * | VN | CD | DSTPORT | DSTIP | USERID |NULL|
  130. * +----+----+----+----+----+----+----+----+----+----+....+----+
  131. * # of bytes: 1 1 2 4 variable 1
  132. */
  133. socksreq[0] = 4; /* version (SOCKS4) */
  134. socksreq[1] = 1; /* connect */
  135. socksreq[2] = (unsigned char)((remote_port >> 8) & 0xff); /* PORT MSB */
  136. socksreq[3] = (unsigned char)(remote_port & 0xff); /* PORT LSB */
  137. /* DNS resolve only for SOCKS4, not SOCKS4a */
  138. if(!protocol4a) {
  139. struct Curl_dns_entry *dns;
  140. Curl_addrinfo *hp=NULL;
  141. int rc;
  142. rc = Curl_resolv(conn, hostname, remote_port, &dns);
  143. if(rc == CURLRESOLV_ERROR)
  144. return CURLE_COULDNT_RESOLVE_PROXY;
  145. if(rc == CURLRESOLV_PENDING)
  146. /* ignores the return code, but 'dns' remains NULL on failure */
  147. (void)Curl_resolver_wait_resolv(conn, &dns);
  148. /*
  149. * We cannot use 'hostent' as a struct that Curl_resolv() returns. It
  150. * returns a Curl_addrinfo pointer that may not always look the same.
  151. */
  152. if(dns)
  153. hp=dns->addr;
  154. if(hp) {
  155. char buf[64];
  156. unsigned short ip[4];
  157. Curl_printable_address(hp, buf, sizeof(buf));
  158. if(4 == sscanf( buf, "%hu.%hu.%hu.%hu",
  159. &ip[0], &ip[1], &ip[2], &ip[3])) {
  160. /* Set DSTIP */
  161. socksreq[4] = (unsigned char)ip[0];
  162. socksreq[5] = (unsigned char)ip[1];
  163. socksreq[6] = (unsigned char)ip[2];
  164. socksreq[7] = (unsigned char)ip[3];
  165. }
  166. else
  167. hp = NULL; /* fail! */
  168. Curl_resolv_unlock(data, dns); /* not used anymore from now on */
  169. }
  170. if(!hp) {
  171. failf(data, "Failed to resolve \"%s\" for SOCKS4 connect.",
  172. hostname);
  173. return CURLE_COULDNT_RESOLVE_HOST;
  174. }
  175. }
  176. /*
  177. * This is currently not supporting "Identification Protocol (RFC1413)".
  178. */
  179. socksreq[8] = 0; /* ensure empty userid is NUL-terminated */
  180. if(proxy_name)
  181. strlcat((char*)socksreq + 8, proxy_name, sizeof(socksreq) - 8);
  182. /*
  183. * Make connection
  184. */
  185. {
  186. ssize_t actualread;
  187. ssize_t written;
  188. ssize_t hostnamelen = 0;
  189. int packetsize = 9 +
  190. (int)strlen((char*)socksreq + 8); /* size including NUL */
  191. /* If SOCKS4a, set special invalid IP address 0.0.0.x */
  192. if(protocol4a) {
  193. socksreq[4] = 0;
  194. socksreq[5] = 0;
  195. socksreq[6] = 0;
  196. socksreq[7] = 1;
  197. /* If still enough room in buffer, also append hostname */
  198. hostnamelen = (ssize_t)strlen(hostname) + 1; /* length including NUL */
  199. if(packetsize + hostnamelen <= SOCKS4REQLEN)
  200. strcpy((char*)socksreq + packetsize, hostname);
  201. else
  202. hostnamelen = 0; /* Flag: hostname did not fit in buffer */
  203. }
  204. /* Send request */
  205. code = Curl_write_plain(conn, sock, (char *)socksreq,
  206. packetsize + hostnamelen,
  207. &written);
  208. if((code != CURLE_OK) || (written != packetsize + hostnamelen)) {
  209. failf(data, "Failed to send SOCKS4 connect request.");
  210. return CURLE_COULDNT_CONNECT;
  211. }
  212. if(protocol4a && hostnamelen == 0) {
  213. /* SOCKS4a with very long hostname - send that name separately */
  214. hostnamelen = (ssize_t)strlen(hostname) + 1;
  215. code = Curl_write_plain(conn, sock, (char *)hostname, hostnamelen,
  216. &written);
  217. if((code != CURLE_OK) || (written != hostnamelen)) {
  218. failf(data, "Failed to send SOCKS4 connect request.");
  219. return CURLE_COULDNT_CONNECT;
  220. }
  221. }
  222. packetsize = 8; /* receive data size */
  223. /* Receive response */
  224. result = Curl_blockread_all(conn, sock, (char *)socksreq, packetsize,
  225. &actualread);
  226. if((result != CURLE_OK) || (actualread != packetsize)) {
  227. failf(data, "Failed to receive SOCKS4 connect request ack.");
  228. return CURLE_COULDNT_CONNECT;
  229. }
  230. /*
  231. * Response format
  232. *
  233. * +----+----+----+----+----+----+----+----+
  234. * | VN | CD | DSTPORT | DSTIP |
  235. * +----+----+----+----+----+----+----+----+
  236. * # of bytes: 1 1 2 4
  237. *
  238. * VN is the version of the reply code and should be 0. CD is the result
  239. * code with one of the following values:
  240. *
  241. * 90: request granted
  242. * 91: request rejected or failed
  243. * 92: request rejected because SOCKS server cannot connect to
  244. * identd on the client
  245. * 93: request rejected because the client program and identd
  246. * report different user-ids
  247. */
  248. /* wrong version ? */
  249. if(socksreq[0] != 0) {
  250. failf(data,
  251. "SOCKS4 reply has wrong version, version should be 4.");
  252. return CURLE_COULDNT_CONNECT;
  253. }
  254. /* Result */
  255. switch(socksreq[1]) {
  256. case 90:
  257. infof(data, "SOCKS4%s request granted.\n", protocol4a?"a":"");
  258. break;
  259. case 91:
  260. failf(data,
  261. "Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d)"
  262. ", request rejected or failed.",
  263. (unsigned char)socksreq[4], (unsigned char)socksreq[5],
  264. (unsigned char)socksreq[6], (unsigned char)socksreq[7],
  265. ((socksreq[8] << 8) | socksreq[9]),
  266. socksreq[1]);
  267. return CURLE_COULDNT_CONNECT;
  268. case 92:
  269. failf(data,
  270. "Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d)"
  271. ", request rejected because SOCKS server cannot connect to "
  272. "identd on the client.",
  273. (unsigned char)socksreq[4], (unsigned char)socksreq[5],
  274. (unsigned char)socksreq[6], (unsigned char)socksreq[7],
  275. ((socksreq[8] << 8) | socksreq[9]),
  276. socksreq[1]);
  277. return CURLE_COULDNT_CONNECT;
  278. case 93:
  279. failf(data,
  280. "Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d)"
  281. ", request rejected because the client program and identd "
  282. "report different user-ids.",
  283. (unsigned char)socksreq[4], (unsigned char)socksreq[5],
  284. (unsigned char)socksreq[6], (unsigned char)socksreq[7],
  285. ((socksreq[8] << 8) | socksreq[9]),
  286. socksreq[1]);
  287. return CURLE_COULDNT_CONNECT;
  288. default:
  289. failf(data,
  290. "Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d)"
  291. ", Unknown.",
  292. (unsigned char)socksreq[4], (unsigned char)socksreq[5],
  293. (unsigned char)socksreq[6], (unsigned char)socksreq[7],
  294. ((socksreq[8] << 8) | socksreq[9]),
  295. socksreq[1]);
  296. return CURLE_COULDNT_CONNECT;
  297. }
  298. }
  299. curlx_nonblock(sock, TRUE);
  300. return CURLE_OK; /* Proxy was successful! */
  301. }
  302. /*
  303. * This function logs in to a SOCKS5 proxy and sends the specifics to the final
  304. * destination server.
  305. */
  306. CURLcode Curl_SOCKS5(const char *proxy_name,
  307. const char *proxy_password,
  308. const char *hostname,
  309. int remote_port,
  310. int sockindex,
  311. struct connectdata *conn)
  312. {
  313. /*
  314. According to the RFC1928, section "6. Replies". This is what a SOCK5
  315. replies:
  316. +----+-----+-------+------+----------+----------+
  317. |VER | REP | RSV | ATYP | BND.ADDR | BND.PORT |
  318. +----+-----+-------+------+----------+----------+
  319. | 1 | 1 | X'00' | 1 | Variable | 2 |
  320. +----+-----+-------+------+----------+----------+
  321. Where:
  322. o VER protocol version: X'05'
  323. o REP Reply field:
  324. o X'00' succeeded
  325. */
  326. unsigned char socksreq[600]; /* room for large user/pw (255 max each) */
  327. ssize_t actualread;
  328. ssize_t written;
  329. int result;
  330. CURLcode code;
  331. curl_socket_t sock = conn->sock[sockindex];
  332. struct SessionHandle *data = conn->data;
  333. long timeout;
  334. bool socks5_resolve_local = (conn->proxytype == CURLPROXY_SOCKS5)?TRUE:FALSE;
  335. const size_t hostname_len = strlen(hostname);
  336. ssize_t packetsize = 0;
  337. /* RFC1928 chapter 5 specifies max 255 chars for domain name in packet */
  338. if(!socks5_resolve_local && hostname_len > 255) {
  339. infof(conn->data,"SOCKS5: server resolving disabled for hostnames of "
  340. "length > 255 [actual len=%zu]\n", hostname_len);
  341. socks5_resolve_local = TRUE;
  342. }
  343. /* get timeout */
  344. timeout = Curl_timeleft(data, NULL, TRUE);
  345. if(timeout < 0) {
  346. /* time-out, bail out, go home */
  347. failf(data, "Connection time-out");
  348. return CURLE_OPERATION_TIMEDOUT;
  349. }
  350. curlx_nonblock(sock, TRUE);
  351. /* wait until socket gets connected */
  352. result = Curl_socket_ready(CURL_SOCKET_BAD, sock, timeout);
  353. if(-1 == result) {
  354. failf(conn->data, "SOCKS5: no connection here");
  355. return CURLE_COULDNT_CONNECT;
  356. }
  357. else if(0 == result) {
  358. failf(conn->data, "SOCKS5: connection timeout");
  359. return CURLE_OPERATION_TIMEDOUT;
  360. }
  361. if(result & CURL_CSELECT_ERR) {
  362. failf(conn->data, "SOCKS5: error occurred during connection");
  363. return CURLE_COULDNT_CONNECT;
  364. }
  365. socksreq[0] = 5; /* version */
  366. #if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)
  367. socksreq[1] = (char)(proxy_name ? 3 : 2); /* number of methods (below) */
  368. socksreq[2] = 0; /* no authentication */
  369. socksreq[3] = 1; /* gssapi */
  370. socksreq[4] = 2; /* username/password */
  371. #else
  372. socksreq[1] = (char)(proxy_name ? 2 : 1); /* number of methods (below) */
  373. socksreq[2] = 0; /* no authentication */
  374. socksreq[3] = 2; /* username/password */
  375. #endif
  376. curlx_nonblock(sock, FALSE);
  377. code = Curl_write_plain(conn, sock, (char *)socksreq, (2 + (int)socksreq[1]),
  378. &written);
  379. if((code != CURLE_OK) || (written != (2 + (int)socksreq[1]))) {
  380. failf(data, "Unable to send initial SOCKS5 request.");
  381. return CURLE_COULDNT_CONNECT;
  382. }
  383. curlx_nonblock(sock, TRUE);
  384. result = Curl_socket_ready(sock, CURL_SOCKET_BAD, timeout);
  385. if(-1 == result) {
  386. failf(conn->data, "SOCKS5 nothing to read");
  387. return CURLE_COULDNT_CONNECT;
  388. }
  389. else if(0 == result) {
  390. failf(conn->data, "SOCKS5 read timeout");
  391. return CURLE_OPERATION_TIMEDOUT;
  392. }
  393. if(result & CURL_CSELECT_ERR) {
  394. failf(conn->data, "SOCKS5 read error occurred");
  395. return CURLE_RECV_ERROR;
  396. }
  397. curlx_nonblock(sock, FALSE);
  398. result=Curl_blockread_all(conn, sock, (char *)socksreq, 2, &actualread);
  399. if((result != CURLE_OK) || (actualread != 2)) {
  400. failf(data, "Unable to receive initial SOCKS5 response.");
  401. return CURLE_COULDNT_CONNECT;
  402. }
  403. if(socksreq[0] != 5) {
  404. failf(data, "Received invalid version in initial SOCKS5 response.");
  405. return CURLE_COULDNT_CONNECT;
  406. }
  407. if(socksreq[1] == 0) {
  408. /* Nothing to do, no authentication needed */
  409. ;
  410. }
  411. #if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)
  412. else if(socksreq[1] == 1) {
  413. code = Curl_SOCKS5_gssapi_negotiate(sockindex, conn);
  414. if(code != CURLE_OK) {
  415. failf(data, "Unable to negotiate SOCKS5 gssapi context.");
  416. return CURLE_COULDNT_CONNECT;
  417. }
  418. }
  419. #endif
  420. else if(socksreq[1] == 2) {
  421. /* Needs user name and password */
  422. size_t userlen, pwlen;
  423. int len;
  424. if(proxy_name && proxy_password) {
  425. userlen = strlen(proxy_name);
  426. pwlen = strlen(proxy_password);
  427. }
  428. else {
  429. userlen = 0;
  430. pwlen = 0;
  431. }
  432. /* username/password request looks like
  433. * +----+------+----------+------+----------+
  434. * |VER | ULEN | UNAME | PLEN | PASSWD |
  435. * +----+------+----------+------+----------+
  436. * | 1 | 1 | 1 to 255 | 1 | 1 to 255 |
  437. * +----+------+----------+------+----------+
  438. */
  439. len = 0;
  440. socksreq[len++] = 1; /* username/pw subnegotiation version */
  441. socksreq[len++] = (unsigned char) userlen;
  442. if(proxy_name && userlen)
  443. memcpy(socksreq + len, proxy_name, userlen);
  444. len += (int)userlen;
  445. socksreq[len++] = (unsigned char) pwlen;
  446. if(proxy_password && pwlen)
  447. memcpy(socksreq + len, proxy_password, pwlen);
  448. len += (int)pwlen;
  449. code = Curl_write_plain(conn, sock, (char *)socksreq, len, &written);
  450. if((code != CURLE_OK) || (len != written)) {
  451. failf(data, "Failed to send SOCKS5 sub-negotiation request.");
  452. return CURLE_COULDNT_CONNECT;
  453. }
  454. result=Curl_blockread_all(conn, sock, (char *)socksreq, 2, &actualread);
  455. if((result != CURLE_OK) || (actualread != 2)) {
  456. failf(data, "Unable to receive SOCKS5 sub-negotiation response.");
  457. return CURLE_COULDNT_CONNECT;
  458. }
  459. /* ignore the first (VER) byte */
  460. if(socksreq[1] != 0) { /* status */
  461. failf(data, "User was rejected by the SOCKS5 server (%d %d).",
  462. socksreq[0], socksreq[1]);
  463. return CURLE_COULDNT_CONNECT;
  464. }
  465. /* Everything is good so far, user was authenticated! */
  466. }
  467. else {
  468. /* error */
  469. #if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)
  470. if(socksreq[1] == 255) {
  471. #else
  472. if(socksreq[1] == 1) {
  473. failf(data,
  474. "SOCKS5 GSSAPI per-message authentication is not supported.");
  475. return CURLE_COULDNT_CONNECT;
  476. }
  477. else if(socksreq[1] == 255) {
  478. #endif
  479. if(!proxy_name || !*proxy_name) {
  480. failf(data,
  481. "No authentication method was acceptable. (It is quite likely"
  482. " that the SOCKS5 server wanted a username/password, since none"
  483. " was supplied to the server on this connection.)");
  484. }
  485. else {
  486. failf(data, "No authentication method was acceptable.");
  487. }
  488. return CURLE_COULDNT_CONNECT;
  489. }
  490. else {
  491. failf(data,
  492. "Undocumented SOCKS5 mode attempted to be used by server.");
  493. return CURLE_COULDNT_CONNECT;
  494. }
  495. }
  496. /* Authentication is complete, now specify destination to the proxy */
  497. socksreq[0] = 5; /* version (SOCKS5) */
  498. socksreq[1] = 1; /* connect */
  499. socksreq[2] = 0; /* must be zero */
  500. if(!socks5_resolve_local) {
  501. packetsize = (ssize_t)(5 + hostname_len + 2);
  502. socksreq[3] = 3; /* ATYP: domain name = 3 */
  503. socksreq[4] = (char) hostname_len; /* address length */
  504. memcpy(&socksreq[5], hostname, hostname_len); /* address bytes w/o NULL */
  505. /* PORT MSB */
  506. socksreq[hostname_len+5] = (unsigned char)((remote_port >> 8) & 0xff);
  507. /* PORT LSB */
  508. socksreq[hostname_len+6] = (unsigned char)(remote_port & 0xff);
  509. }
  510. else {
  511. struct Curl_dns_entry *dns;
  512. Curl_addrinfo *hp=NULL;
  513. int rc = Curl_resolv(conn, hostname, remote_port, &dns);
  514. packetsize = 10;
  515. socksreq[3] = 1; /* IPv4 = 1 */
  516. if(rc == CURLRESOLV_ERROR)
  517. return CURLE_COULDNT_RESOLVE_HOST;
  518. if(rc == CURLRESOLV_PENDING) {
  519. /* this requires that we're in "wait for resolve" state */
  520. code = Curl_resolver_wait_resolv(conn, &dns);
  521. if(code != CURLE_OK)
  522. return code;
  523. }
  524. /*
  525. * We cannot use 'hostent' as a struct that Curl_resolv() returns. It
  526. * returns a Curl_addrinfo pointer that may not always look the same.
  527. */
  528. if(dns)
  529. hp=dns->addr;
  530. if(hp) {
  531. char buf[64];
  532. unsigned short ip[4];
  533. Curl_printable_address(hp, buf, sizeof(buf));
  534. if(4 == sscanf( buf, "%hu.%hu.%hu.%hu",
  535. &ip[0], &ip[1], &ip[2], &ip[3])) {
  536. socksreq[4] = (unsigned char)ip[0];
  537. socksreq[5] = (unsigned char)ip[1];
  538. socksreq[6] = (unsigned char)ip[2];
  539. socksreq[7] = (unsigned char)ip[3];
  540. }
  541. else
  542. hp = NULL; /* fail! */
  543. Curl_resolv_unlock(data, dns); /* not used anymore from now on */
  544. }
  545. if(!hp) {
  546. failf(data, "Failed to resolve \"%s\" for SOCKS5 connect.",
  547. hostname);
  548. return CURLE_COULDNT_RESOLVE_HOST;
  549. }
  550. socksreq[8] = (unsigned char)((remote_port >> 8) & 0xff); /* PORT MSB */
  551. socksreq[9] = (unsigned char)(remote_port & 0xff); /* PORT LSB */
  552. }
  553. #if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)
  554. if(conn->socks5_gssapi_enctype) {
  555. failf(data, "SOCKS5 gssapi protection not yet implemented.");
  556. }
  557. else
  558. #endif
  559. code = Curl_write_plain(conn, sock, (char *)socksreq, packetsize,
  560. &written);
  561. if((code != CURLE_OK) || (written != packetsize)) {
  562. failf(data, "Failed to send SOCKS5 connect request.");
  563. return CURLE_COULDNT_CONNECT;
  564. }
  565. packetsize = 10; /* minimum packet size is 10 */
  566. #if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)
  567. if(conn->socks5_gssapi_enctype) {
  568. failf(data, "SOCKS5 gssapi protection not yet implemented.");
  569. }
  570. else
  571. #endif
  572. result = Curl_blockread_all(conn, sock, (char *)socksreq, packetsize,
  573. &actualread);
  574. if((result != CURLE_OK) || (actualread != packetsize)) {
  575. failf(data, "Failed to receive SOCKS5 connect request ack.");
  576. return CURLE_COULDNT_CONNECT;
  577. }
  578. if(socksreq[0] != 5) { /* version */
  579. failf(data,
  580. "SOCKS5 reply has wrong version, version should be 5.");
  581. return CURLE_COULDNT_CONNECT;
  582. }
  583. if(socksreq[1] != 0) { /* Anything besides 0 is an error */
  584. failf(data,
  585. "Can't complete SOCKS5 connection to %d.%d.%d.%d:%d. (%d)",
  586. (unsigned char)socksreq[4], (unsigned char)socksreq[5],
  587. (unsigned char)socksreq[6], (unsigned char)socksreq[7],
  588. ((socksreq[8] << 8) | socksreq[9]),
  589. socksreq[1]);
  590. return CURLE_COULDNT_CONNECT;
  591. }
  592. /* Fix: in general, returned BND.ADDR is variable length parameter by RFC
  593. 1928, so the reply packet should be read until the end to avoid errors at
  594. subsequent protocol level.
  595. +----+-----+-------+------+----------+----------+
  596. |VER | REP | RSV | ATYP | BND.ADDR | BND.PORT |
  597. +----+-----+-------+------+----------+----------+
  598. | 1 | 1 | X'00' | 1 | Variable | 2 |
  599. +----+-----+-------+------+----------+----------+
  600. ATYP:
  601. o IP v4 address: X'01', BND.ADDR = 4 byte
  602. o domain name: X'03', BND.ADDR = [ 1 byte length, string ]
  603. o IP v6 address: X'04', BND.ADDR = 16 byte
  604. */
  605. /* Calculate real packet size */
  606. if(socksreq[3] == 3) {
  607. /* domain name */
  608. int addrlen = (int) socksreq[4];
  609. packetsize = 5 + addrlen + 2;
  610. }
  611. else if(socksreq[3] == 4) {
  612. /* IPv6 */
  613. packetsize = 4 + 16 + 2;
  614. }
  615. /* At this point we already read first 10 bytes */
  616. #if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)
  617. if(!conn->socks5_gssapi_enctype) {
  618. /* decrypt_gssapi_blockread already read the whole packet */
  619. #endif
  620. if(packetsize > 10) {
  621. packetsize -= 10;
  622. result = Curl_blockread_all(conn, sock, (char *)&socksreq[10],
  623. packetsize, &actualread);
  624. if((result != CURLE_OK) || (actualread != packetsize)) {
  625. failf(data, "Failed to receive SOCKS5 connect request ack.");
  626. return CURLE_COULDNT_CONNECT;
  627. }
  628. }
  629. #if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)
  630. }
  631. #endif
  632. curlx_nonblock(sock, TRUE);
  633. return CURLE_OK; /* Proxy was successful! */
  634. }
  635. #endif /* CURL_DISABLE_PROXY */