2
0

http_proxy.c 13 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480
  1. /***************************************************************************
  2. * _ _ ____ _
  3. * Project ___| | | | _ \| |
  4. * / __| | | | |_) | |
  5. * | (__| |_| | _ <| |___
  6. * \___|\___/|_| \_\_____|
  7. *
  8. * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  9. *
  10. * This software is licensed as described in the file COPYING, which
  11. * you should have received as part of this distribution. The terms
  12. * are also available at https://curl.se/docs/copyright.html.
  13. *
  14. * You may opt to use, copy, modify, merge, publish, distribute and/or sell
  15. * copies of the Software, and permit persons to whom the Software is
  16. * furnished to do so, under the terms of the COPYING file.
  17. *
  18. * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  19. * KIND, either express or implied.
  20. *
  21. * SPDX-License-Identifier: curl
  22. *
  23. ***************************************************************************/
  24. #include "curl_setup.h"
  25. #include "http_proxy.h"
  26. #if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_PROXY)
  27. #include <curl/curl.h>
  28. #ifdef USE_HYPER
  29. #include <hyper.h>
  30. #endif
  31. #include "sendf.h"
  32. #include "http.h"
  33. #include "url.h"
  34. #include "select.h"
  35. #include "progress.h"
  36. #include "cfilters.h"
  37. #include "cf-h1-proxy.h"
  38. #include "cf-h2-proxy.h"
  39. #include "connect.h"
  40. #include "curlx.h"
  41. #include "vtls/vtls.h"
  42. #include "transfer.h"
  43. #include "multiif.h"
  44. #include "vauth/vauth.h"
  45. /* The last 3 #include files should be in this order */
  46. #include "curl_printf.h"
  47. #include "curl_memory.h"
  48. #include "memdebug.h"
  49. static bool hd_name_eq(const char *n1, size_t n1len,
  50. const char *n2, size_t n2len)
  51. {
  52. return (n1len == n2len) ? strncasecompare(n1, n2, n1len) : FALSE;
  53. }
  54. static CURLcode dynhds_add_custom(struct Curl_easy *data,
  55. bool is_connect,
  56. struct dynhds *hds)
  57. {
  58. struct connectdata *conn = data->conn;
  59. char *ptr;
  60. struct curl_slist *h[2];
  61. struct curl_slist *headers;
  62. int numlists = 1; /* by default */
  63. int i;
  64. enum Curl_proxy_use proxy;
  65. if(is_connect)
  66. proxy = HEADER_CONNECT;
  67. else
  68. proxy = conn->bits.httpproxy && !conn->bits.tunnel_proxy ?
  69. HEADER_PROXY : HEADER_SERVER;
  70. switch(proxy) {
  71. case HEADER_SERVER:
  72. h[0] = data->set.headers;
  73. break;
  74. case HEADER_PROXY:
  75. h[0] = data->set.headers;
  76. if(data->set.sep_headers) {
  77. h[1] = data->set.proxyheaders;
  78. numlists++;
  79. }
  80. break;
  81. case HEADER_CONNECT:
  82. if(data->set.sep_headers)
  83. h[0] = data->set.proxyheaders;
  84. else
  85. h[0] = data->set.headers;
  86. break;
  87. }
  88. /* loop through one or two lists */
  89. for(i = 0; i < numlists; i++) {
  90. for(headers = h[i]; headers; headers = headers->next) {
  91. const char *name, *value;
  92. size_t namelen, valuelen;
  93. /* There are 2 quirks in place for custom headers:
  94. * 1. setting only 'name:' to suppress a header from being sent
  95. * 2. setting only 'name;' to send an empty (illegal) header
  96. */
  97. ptr = strchr(headers->data, ':');
  98. if(ptr) {
  99. name = headers->data;
  100. namelen = ptr - headers->data;
  101. ptr++; /* pass the colon */
  102. while(*ptr && ISSPACE(*ptr))
  103. ptr++;
  104. if(*ptr) {
  105. value = ptr;
  106. valuelen = strlen(value);
  107. }
  108. else {
  109. /* quirk #1, suppress this header */
  110. continue;
  111. }
  112. }
  113. else {
  114. ptr = strchr(headers->data, ';');
  115. if(!ptr) {
  116. /* neither : nor ; in provided header value. We seem
  117. * to ignore this silently */
  118. continue;
  119. }
  120. name = headers->data;
  121. namelen = ptr - headers->data;
  122. ptr++; /* pass the semicolon */
  123. while(*ptr && ISSPACE(*ptr))
  124. ptr++;
  125. if(!*ptr) {
  126. /* quirk #2, send an empty header */
  127. value = "";
  128. valuelen = 0;
  129. }
  130. else {
  131. /* this may be used for something else in the future,
  132. * ignore this for now */
  133. continue;
  134. }
  135. }
  136. DEBUGASSERT(name && value);
  137. if(data->state.aptr.host &&
  138. /* a Host: header was sent already, do not pass on any custom Host:
  139. header as that will produce *two* in the same request! */
  140. hd_name_eq(name, namelen, STRCONST("Host:")))
  141. ;
  142. else if(data->state.httpreq == HTTPREQ_POST_FORM &&
  143. /* this header (extended by formdata.c) is sent later */
  144. hd_name_eq(name, namelen, STRCONST("Content-Type:")))
  145. ;
  146. else if(data->state.httpreq == HTTPREQ_POST_MIME &&
  147. /* this header is sent later */
  148. hd_name_eq(name, namelen, STRCONST("Content-Type:")))
  149. ;
  150. else if(data->req.authneg &&
  151. /* while doing auth neg, do not allow the custom length since
  152. we will force length zero then */
  153. hd_name_eq(name, namelen, STRCONST("Content-Length:")))
  154. ;
  155. else if(data->state.aptr.te &&
  156. /* when asking for Transfer-Encoding, do not pass on a custom
  157. Connection: */
  158. hd_name_eq(name, namelen, STRCONST("Connection:")))
  159. ;
  160. else if((conn->httpversion >= 20) &&
  161. hd_name_eq(name, namelen, STRCONST("Transfer-Encoding:")))
  162. /* HTTP/2 does not support chunked requests */
  163. ;
  164. else if((hd_name_eq(name, namelen, STRCONST("Authorization:")) ||
  165. hd_name_eq(name, namelen, STRCONST("Cookie:"))) &&
  166. /* be careful of sending this potentially sensitive header to
  167. other hosts */
  168. !Curl_auth_allowed_to_host(data))
  169. ;
  170. else {
  171. CURLcode result;
  172. result = Curl_dynhds_add(hds, name, namelen, value, valuelen);
  173. if(result)
  174. return result;
  175. }
  176. }
  177. }
  178. return CURLE_OK;
  179. }
  180. CURLcode Curl_http_proxy_get_destination(struct Curl_cfilter *cf,
  181. const char **phostname,
  182. int *pport, bool *pipv6_ip)
  183. {
  184. DEBUGASSERT(cf);
  185. DEBUGASSERT(cf->conn);
  186. if(cf->conn->bits.conn_to_host)
  187. *phostname = cf->conn->conn_to_host.name;
  188. else if(cf->sockindex == SECONDARYSOCKET)
  189. *phostname = cf->conn->secondaryhostname;
  190. else
  191. *phostname = cf->conn->host.name;
  192. if(cf->sockindex == SECONDARYSOCKET)
  193. *pport = cf->conn->secondary_port;
  194. else if(cf->conn->bits.conn_to_port)
  195. *pport = cf->conn->conn_to_port;
  196. else
  197. *pport = cf->conn->remote_port;
  198. if(*phostname != cf->conn->host.name)
  199. *pipv6_ip = (strchr(*phostname, ':') != NULL);
  200. else
  201. *pipv6_ip = cf->conn->bits.ipv6_ip;
  202. return CURLE_OK;
  203. }
  204. CURLcode Curl_http_proxy_create_CONNECT(struct httpreq **preq,
  205. struct Curl_cfilter *cf,
  206. struct Curl_easy *data,
  207. int http_version_major)
  208. {
  209. const char *hostname = NULL;
  210. char *authority = NULL;
  211. int port;
  212. bool ipv6_ip;
  213. CURLcode result;
  214. struct httpreq *req = NULL;
  215. result = Curl_http_proxy_get_destination(cf, &hostname, &port, &ipv6_ip);
  216. if(result)
  217. goto out;
  218. authority = aprintf("%s%s%s:%d", ipv6_ip ? "[" : "", hostname,
  219. ipv6_ip ?"]" : "", port);
  220. if(!authority) {
  221. result = CURLE_OUT_OF_MEMORY;
  222. goto out;
  223. }
  224. result = Curl_http_req_make(&req, "CONNECT", sizeof("CONNECT")-1,
  225. NULL, 0, authority, strlen(authority),
  226. NULL, 0);
  227. if(result)
  228. goto out;
  229. /* Setup the proxy-authorization header, if any */
  230. result = Curl_http_output_auth(data, cf->conn, req->method, HTTPREQ_GET,
  231. req->authority, TRUE);
  232. if(result)
  233. goto out;
  234. /* If user is not overriding Host: header, we add for HTTP/1.x */
  235. if(http_version_major == 1 &&
  236. !Curl_checkProxyheaders(data, cf->conn, STRCONST("Host"))) {
  237. result = Curl_dynhds_cadd(&req->headers, "Host", authority);
  238. if(result)
  239. goto out;
  240. }
  241. if(data->state.aptr.proxyuserpwd) {
  242. result = Curl_dynhds_h1_cadd_line(&req->headers,
  243. data->state.aptr.proxyuserpwd);
  244. if(result)
  245. goto out;
  246. }
  247. if(!Curl_checkProxyheaders(data, cf->conn, STRCONST("User-Agent")) &&
  248. data->set.str[STRING_USERAGENT] && *data->set.str[STRING_USERAGENT]) {
  249. result = Curl_dynhds_cadd(&req->headers, "User-Agent",
  250. data->set.str[STRING_USERAGENT]);
  251. if(result)
  252. goto out;
  253. }
  254. if(http_version_major == 1 &&
  255. !Curl_checkProxyheaders(data, cf->conn, STRCONST("Proxy-Connection"))) {
  256. result = Curl_dynhds_cadd(&req->headers, "Proxy-Connection", "Keep-Alive");
  257. if(result)
  258. goto out;
  259. }
  260. result = dynhds_add_custom(data, TRUE, &req->headers);
  261. out:
  262. if(result && req) {
  263. Curl_http_req_free(req);
  264. req = NULL;
  265. }
  266. free(authority);
  267. *preq = req;
  268. return result;
  269. }
  270. struct cf_proxy_ctx {
  271. /* the protocol specific sub-filter we install during connect */
  272. struct Curl_cfilter *cf_protocol;
  273. };
  274. static CURLcode http_proxy_cf_connect(struct Curl_cfilter *cf,
  275. struct Curl_easy *data,
  276. bool blocking, bool *done)
  277. {
  278. struct cf_proxy_ctx *ctx = cf->ctx;
  279. CURLcode result;
  280. if(cf->connected) {
  281. *done = TRUE;
  282. return CURLE_OK;
  283. }
  284. CURL_TRC_CF(data, cf, "connect");
  285. connect_sub:
  286. result = cf->next->cft->do_connect(cf->next, data, blocking, done);
  287. if(result || !*done)
  288. return result;
  289. *done = FALSE;
  290. if(!ctx->cf_protocol) {
  291. struct Curl_cfilter *cf_protocol = NULL;
  292. int alpn = Curl_conn_cf_is_ssl(cf->next) ?
  293. cf->conn->proxy_alpn : CURL_HTTP_VERSION_1_1;
  294. /* First time call after the subchain connected */
  295. switch(alpn) {
  296. case CURL_HTTP_VERSION_NONE:
  297. case CURL_HTTP_VERSION_1_0:
  298. case CURL_HTTP_VERSION_1_1:
  299. CURL_TRC_CF(data, cf, "installing subfilter for HTTP/1.1");
  300. infof(data, "CONNECT tunnel: HTTP/1.%d negotiated",
  301. (alpn == CURL_HTTP_VERSION_1_0) ? 0 : 1);
  302. result = Curl_cf_h1_proxy_insert_after(cf, data);
  303. if(result)
  304. goto out;
  305. cf_protocol = cf->next;
  306. break;
  307. #ifdef USE_NGHTTP2
  308. case CURL_HTTP_VERSION_2:
  309. CURL_TRC_CF(data, cf, "installing subfilter for HTTP/2");
  310. infof(data, "CONNECT tunnel: HTTP/2 negotiated");
  311. result = Curl_cf_h2_proxy_insert_after(cf, data);
  312. if(result)
  313. goto out;
  314. cf_protocol = cf->next;
  315. break;
  316. #endif
  317. default:
  318. infof(data, "CONNECT tunnel: unsupported ALPN(%d) negotiated", alpn);
  319. result = CURLE_COULDNT_CONNECT;
  320. goto out;
  321. }
  322. ctx->cf_protocol = cf_protocol;
  323. /* after we installed the filter "below" us, we call connect
  324. * on out sub-chain again.
  325. */
  326. goto connect_sub;
  327. }
  328. else {
  329. /* subchain connected and we had already installed the protocol filter.
  330. * This means the protocol tunnel is established, we are done.
  331. */
  332. DEBUGASSERT(ctx->cf_protocol);
  333. result = CURLE_OK;
  334. }
  335. out:
  336. if(!result) {
  337. cf->connected = TRUE;
  338. *done = TRUE;
  339. }
  340. return result;
  341. }
  342. void Curl_cf_http_proxy_get_host(struct Curl_cfilter *cf,
  343. struct Curl_easy *data,
  344. const char **phost,
  345. const char **pdisplay_host,
  346. int *pport)
  347. {
  348. (void)data;
  349. if(!cf->connected) {
  350. *phost = cf->conn->http_proxy.host.name;
  351. *pdisplay_host = cf->conn->http_proxy.host.dispname;
  352. *pport = (int)cf->conn->http_proxy.port;
  353. }
  354. else {
  355. cf->next->cft->get_host(cf->next, data, phost, pdisplay_host, pport);
  356. }
  357. }
  358. static void http_proxy_cf_destroy(struct Curl_cfilter *cf,
  359. struct Curl_easy *data)
  360. {
  361. struct cf_proxy_ctx *ctx = cf->ctx;
  362. (void)data;
  363. CURL_TRC_CF(data, cf, "destroy");
  364. free(ctx);
  365. }
  366. static void http_proxy_cf_close(struct Curl_cfilter *cf,
  367. struct Curl_easy *data)
  368. {
  369. struct cf_proxy_ctx *ctx = cf->ctx;
  370. CURL_TRC_CF(data, cf, "close");
  371. cf->connected = FALSE;
  372. if(ctx->cf_protocol) {
  373. struct Curl_cfilter *f;
  374. /* if someone already removed it, we assume he also
  375. * took care of destroying it. */
  376. for(f = cf->next; f; f = f->next) {
  377. if(f == ctx->cf_protocol) {
  378. /* still in our sub-chain */
  379. Curl_conn_cf_discard_sub(cf, ctx->cf_protocol, data, FALSE);
  380. break;
  381. }
  382. }
  383. ctx->cf_protocol = NULL;
  384. }
  385. if(cf->next)
  386. cf->next->cft->do_close(cf->next, data);
  387. }
  388. struct Curl_cftype Curl_cft_http_proxy = {
  389. "HTTP-PROXY",
  390. CF_TYPE_IP_CONNECT|CF_TYPE_PROXY,
  391. 0,
  392. http_proxy_cf_destroy,
  393. http_proxy_cf_connect,
  394. http_proxy_cf_close,
  395. Curl_cf_def_shutdown,
  396. Curl_cf_http_proxy_get_host,
  397. Curl_cf_def_adjust_pollset,
  398. Curl_cf_def_data_pending,
  399. Curl_cf_def_send,
  400. Curl_cf_def_recv,
  401. Curl_cf_def_cntrl,
  402. Curl_cf_def_conn_is_alive,
  403. Curl_cf_def_conn_keep_alive,
  404. Curl_cf_def_query,
  405. };
  406. CURLcode Curl_cf_http_proxy_insert_after(struct Curl_cfilter *cf_at,
  407. struct Curl_easy *data)
  408. {
  409. struct Curl_cfilter *cf;
  410. struct cf_proxy_ctx *ctx = NULL;
  411. CURLcode result;
  412. (void)data;
  413. ctx = calloc(1, sizeof(*ctx));
  414. if(!ctx) {
  415. result = CURLE_OUT_OF_MEMORY;
  416. goto out;
  417. }
  418. result = Curl_cf_create(&cf, &Curl_cft_http_proxy, ctx);
  419. if(result)
  420. goto out;
  421. ctx = NULL;
  422. Curl_conn_cf_insert_after(cf_at, cf);
  423. out:
  424. free(ctx);
  425. return result;
  426. }
  427. #endif /* ! CURL_DISABLE_HTTP && !CURL_DISABLE_PROXY */