Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Use ssl_{read,write,gets} methods for unencrypted ("proxy") access too
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
  • Loading branch information
David Woodhouse authored and David Woodhouse committed Jun 18, 2014
1 parent 3b00004 commit fb1b82a
Show file tree
Hide file tree
Showing 2 changed files with 43 additions and 29 deletions.
71 changes: 42 additions & 29 deletions http.c
Expand Up @@ -33,10 +33,8 @@

#include "openconnect-internal.h"

static int proxy_write(struct openconnect_info *vpninfo, int fd,
unsigned char *buf, size_t len);
static int proxy_read(struct openconnect_info *vpninfo, int fd,
unsigned char *buf, size_t len);
static int proxy_write(struct openconnect_info *vpninfo, char *buf, size_t len);
static int proxy_read(struct openconnect_info *vpninfo, char *buf, size_t len);

#define MAX_BUF_LEN 131072
#define BUF_CHUNK_SIZE 4096
Expand Down Expand Up @@ -1300,16 +1298,15 @@ char *openconnect_create_useragent(const char *base)
return uagent;
}

static int proxy_gets(struct openconnect_info *vpninfo, int fd,
char *buf, size_t len)
static int proxy_gets(struct openconnect_info *vpninfo, char *buf, size_t len)
{
int i = 0;
int ret;

if (len < 2)
return -EINVAL;

while ((ret = proxy_read(vpninfo, fd, (void *)(buf + i), 1)) == 1) {
while ((ret = proxy_read(vpninfo, (void *)(buf + i), 1)) == 1) {
if (buf[i] == '\n') {
buf[i] = 0;
if (i && buf[i-1] == '\r') {
Expand All @@ -1329,10 +1326,13 @@ static int proxy_gets(struct openconnect_info *vpninfo, int fd,
return i ?: ret;
}

static int proxy_write(struct openconnect_info *vpninfo, int fd,
unsigned char *buf, size_t len)
static int proxy_write(struct openconnect_info *vpninfo, char *buf, size_t len)
{
size_t count;
int fd = vpninfo->proxy_fd;

if (fd == -1)
return -EINVAL;

for (count = 0; count < len; ) {
fd_set rd_set, wr_set;
Expand Down Expand Up @@ -1361,10 +1361,13 @@ static int proxy_write(struct openconnect_info *vpninfo, int fd,
return count;
}

static int proxy_read(struct openconnect_info *vpninfo, int fd,
unsigned char *buf, size_t len)
static int proxy_read(struct openconnect_info *vpninfo, char *buf, size_t len)
{
size_t count;
int fd = vpninfo->proxy_fd;

if (fd == -1)
return -EINVAL;

for (count = 0; count < len; ) {
fd_set rd_set;
Expand Down Expand Up @@ -1404,23 +1407,23 @@ static const char *socks_errors[] = {
N_("address type not supported")
};

static int process_socks_proxy(struct openconnect_info *vpninfo, int ssl_sock)
static int process_socks_proxy(struct openconnect_info *vpninfo)
{
unsigned char buf[1024];
char buf[1024];
int i;

buf[0] = 5; /* SOCKS version */
buf[1] = 1; /* # auth methods */
buf[2] = 0; /* No auth supported */

if ((i = proxy_write(vpninfo, ssl_sock, buf, 3)) < 0) {
if ((i = proxy_write(vpninfo, buf, 3)) < 0) {
vpn_progress(vpninfo, PRG_ERR,
_("Error writing auth request to SOCKS proxy: %s\n"),
strerror(-i));
return i;
}

if ((i = proxy_read(vpninfo, ssl_sock, buf, 2)) < 0) {
if ((i = proxy_read(vpninfo, buf, 2)) < 0) {
vpn_progress(vpninfo, PRG_ERR,
_("Error reading auth response from SOCKS proxy: %s\n"),
strerror(-i));
Expand All @@ -1437,7 +1440,7 @@ static int process_socks_proxy(struct openconnect_info *vpninfo, int ssl_sock)
if (buf[1] < sizeof(socks_errors) / sizeof(socks_errors[0]))
vpn_progress(vpninfo, PRG_ERR,
_("SOCKS proxy error %02x: %s\n"),
buf[1], _(socks_errors[buf[1]]));
buf[1], _(socks_errors[(unsigned char)buf[1]]));
else
vpn_progress(vpninfo, PRG_ERR,
_("SOCKS proxy error %02x\n"),
Expand All @@ -1459,15 +1462,15 @@ static int process_socks_proxy(struct openconnect_info *vpninfo, int ssl_sock)
buf[i++] = vpninfo->port >> 8;
buf[i++] = vpninfo->port & 0xff;

if ((i = proxy_write(vpninfo, ssl_sock, buf, i)) < 0) {
if ((i = proxy_write(vpninfo, buf, i)) < 0) {
vpn_progress(vpninfo, PRG_ERR,
_("Error writing connect request to SOCKS proxy: %s\n"),
strerror(-i));
return i;
}
/* Read 5 bytes -- up to and including the first byte of the returned
address (which might be the length byte of a domain name) */
if ((i = proxy_read(vpninfo, ssl_sock, buf, 5)) < 0) {
if ((i = proxy_read(vpninfo, buf, 5)) < 0) {
vpn_progress(vpninfo, PRG_ERR,
_("Error reading connect response from SOCKS proxy: %s\n"),
strerror(-i));
Expand Down Expand Up @@ -1500,7 +1503,7 @@ static int process_socks_proxy(struct openconnect_info *vpninfo, int ssl_sock)
return -EIO;
}

if ((i = proxy_read(vpninfo, ssl_sock, buf, i)) < 0) {
if ((i = proxy_read(vpninfo, buf, i)) < 0) {
vpn_progress(vpninfo, PRG_ERR,
_("Error reading connect response from SOCKS proxy: %s\n"),
strerror(-i));
Expand All @@ -1509,7 +1512,7 @@ static int process_socks_proxy(struct openconnect_info *vpninfo, int ssl_sock)
return 0;
}

static int process_http_proxy(struct openconnect_info *vpninfo, int ssl_sock)
static int process_http_proxy(struct openconnect_info *vpninfo)
{
char buf[MAX_BUF_LEN];
struct oc_text_buf *reqbuf;
Expand All @@ -1531,7 +1534,7 @@ static int process_http_proxy(struct openconnect_info *vpninfo, int ssl_sock)
_("Requesting HTTP proxy connection to %s:%d\n"),
vpninfo->hostname, vpninfo->port);

result = proxy_write(vpninfo, ssl_sock, (unsigned char *)reqbuf->data, reqbuf->pos);
result = proxy_write(vpninfo, reqbuf->data, reqbuf->pos);
buf_free(reqbuf);

if (result < 0) {
Expand All @@ -1541,7 +1544,7 @@ static int process_http_proxy(struct openconnect_info *vpninfo, int ssl_sock)
return result;
}

if (proxy_gets(vpninfo, ssl_sock, buf, sizeof(buf)) < 0) {
if (proxy_gets(vpninfo, buf, sizeof(buf)) < 0) {
vpn_progress(vpninfo, PRG_ERR,
_("Error fetching proxy response\n"));
return -EIO;
Expand All @@ -1560,7 +1563,7 @@ static int process_http_proxy(struct openconnect_info *vpninfo, int ssl_sock)
return -EIO;
}

while ((buflen = proxy_gets(vpninfo, ssl_sock, buf, sizeof(buf)))) {
while ((buflen = proxy_gets(vpninfo, buf, sizeof(buf)))) {
if (buflen < 0) {
vpn_progress(vpninfo, PRG_ERR,
_("Failed to read proxy response\n"));
Expand All @@ -1576,16 +1579,26 @@ static int process_http_proxy(struct openconnect_info *vpninfo, int ssl_sock)

int process_proxy(struct openconnect_info *vpninfo, int ssl_sock)
{
if (!vpninfo->proxy_type || !strcmp(vpninfo->proxy_type, "http"))
return process_http_proxy(vpninfo, ssl_sock);
int ret;

if (!strcmp(vpninfo->proxy_type, "socks") ||
!strcmp(vpninfo->proxy_type, "socks5"))
return process_socks_proxy(vpninfo, ssl_sock);
vpninfo->proxy_fd = ssl_sock;
vpninfo->ssl_read = proxy_read;
vpninfo->ssl_write = proxy_write;
vpninfo->ssl_gets = proxy_gets;

if (!vpninfo->proxy_type || !strcmp(vpninfo->proxy_type, "http"))
ret = process_http_proxy(vpninfo);
else if (!strcmp(vpninfo->proxy_type, "socks") ||
!strcmp(vpninfo->proxy_type, "socks5"))
ret = process_socks_proxy(vpninfo);
else {
vpn_progress(vpninfo, PRG_ERR, _("Unknown proxy type '%s'\n"),
vpninfo->proxy_type);
return -EIO;
ret = -EIO;
}

vpninfo->proxy_fd = -1;
return ret;
}

int openconnect_set_http_proxy(struct openconnect_info *vpninfo, char *proxy)
Expand Down
1 change: 1 addition & 0 deletions openconnect-internal.h
Expand Up @@ -167,6 +167,7 @@ struct openconnect_info {
char *proxy_type;
char *proxy;
int proxy_port;
int proxy_fd;

char *localname;
char *hostname;
Expand Down

0 comments on commit fb1b82a

Please sign in to comment.