1 /* GIO - GLib Input, Output and Streaming Library
3 * Copyright (C) 2008, 2010 Collabora, Ltd.
4 * Copyright (C) 2008 Nokia Corporation. All rights reserved.
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General
17 * Public License along with this library; if not, see <http://www.gnu.org/licenses/>.
19 * Author: Youness Alaoui <youness.alaoui@collabora.co.uk
22 * Nicolas Dufresne <nicolas.dufresne@collabora.co.uk>
27 #include "gsocks5proxy.h"
31 #include "giomodule.h"
32 #include "giomodule-priv.h"
33 #include "giostream.h"
34 #include "ginetaddress.h"
35 #include "ginputstream.h"
37 #include "goutputstream.h"
39 #include "gproxyaddress.h"
42 #define SOCKS5_VERSION 0x05
44 #define SOCKS5_CMD_CONNECT 0x01
45 #define SOCKS5_CMD_BIND 0x02
46 #define SOCKS5_CMD_UDP_ASSOCIATE 0x03
48 #define SOCKS5_ATYP_IPV4 0x01
49 #define SOCKS5_ATYP_DOMAINNAME 0x03
50 #define SOCKS5_ATYP_IPV6 0x04
52 #define SOCKS5_AUTH_VERSION 0x01
54 #define SOCKS5_AUTH_NONE 0x00
55 #define SOCKS5_AUTH_GSSAPI 0x01
56 #define SOCKS5_AUTH_USR_PASS 0x02
57 #define SOCKS5_AUTH_NO_ACCEPT 0xff
59 #define SOCKS5_MAX_LEN 255
60 #define SOCKS5_RESERVED 0x00
62 #define SOCKS5_REP_SUCCEEDED 0x00
63 #define SOCKS5_REP_SRV_FAILURE 0x01
64 #define SOCKS5_REP_NOT_ALLOWED 0x02
65 #define SOCKS5_REP_NET_UNREACH 0x03
66 #define SOCKS5_REP_HOST_UNREACH 0x04
67 #define SOCKS5_REP_REFUSED 0x05
68 #define SOCKS5_REP_TTL_EXPIRED 0x06
69 #define SOCKS5_REP_CMD_NOT_SUP 0x07
70 #define SOCKS5_REP_ATYPE_NOT_SUP 0x08
78 struct _GSocks5ProxyClass
80 GObjectClass parent_class;
83 static void g_socks5_proxy_iface_init (GProxyInterface *proxy_iface);
85 #define g_socks5_proxy_get_type _g_socks5_proxy_get_type
86 G_DEFINE_TYPE_WITH_CODE (GSocks5Proxy, g_socks5_proxy, G_TYPE_OBJECT,
87 G_IMPLEMENT_INTERFACE (G_TYPE_PROXY,
88 g_socks5_proxy_iface_init)
89 _g_io_modules_ensure_extension_points_registered ();
90 g_io_extension_point_implement (G_PROXY_EXTENSION_POINT_NAME,
96 g_socks5_proxy_finalize (GObject *object)
99 G_OBJECT_CLASS (g_socks5_proxy_parent_class)->finalize (object);
103 g_socks5_proxy_init (GSocks5Proxy *proxy)
108 * +----+----------+----------+
109 * |VER | NMETHODS | METHODS |
110 * +----+----------+----------+
111 * | 1 | 1 | 1 to 255 |
112 * +----+----------+----------+
114 #define SOCKS5_NEGO_MSG_LEN 4
116 set_nego_msg (guint8 *msg, gboolean has_auth)
120 msg[0] = SOCKS5_VERSION;
121 msg[1] = 0x01; /* number of methods supported */
122 msg[2] = SOCKS5_AUTH_NONE;
124 /* add support for authentication method */
127 msg[1] = 0x02; /* number of methods supported */
128 msg[3] = SOCKS5_AUTH_USR_PASS;
143 #define SOCKS5_NEGO_REP_LEN 2
145 parse_nego_reply (const guint8 *data,
150 if (data[0] != SOCKS5_VERSION)
152 g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_PROXY_FAILED,
153 _("The server is not a SOCKSv5 proxy server."));
159 case SOCKS5_AUTH_NONE:
163 case SOCKS5_AUTH_USR_PASS:
166 g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_PROXY_NEED_AUTH,
167 _("The SOCKSv5 proxy requires authentication."));
173 case SOCKS5_AUTH_NO_ACCEPT:
176 /* The server has said it accepts none of our authentication methods,
177 * but given the slightly odd implementation of set_nego_msg(), we
178 * actually only gave it the choice of %SOCKS5_AUTH_NONE, since the
179 * caller specified no username or password.
180 * Return %G_IO_ERROR_PROXY_NEED_AUTH so the caller knows that if
181 * they specify a username and password and try again, authentication
182 * might succeed (since we’ll send %SOCKS5_AUTH_USR_PASS next time). */
183 g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_PROXY_NEED_AUTH,
184 _("The SOCKSv5 proxy requires authentication."));
188 case SOCKS5_AUTH_GSSAPI:
190 g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_PROXY_AUTH_FAILED,
191 _("The SOCKSv5 proxy requires an authentication "
192 "method that is not supported by GLib."));
200 #define SOCKS5_AUTH_MSG_LEN 515
202 set_auth_msg (guint8 *msg,
203 const gchar *username,
204 const gchar *password,
208 gint ulen = 0; /* username length */
209 gint plen = 0; /* Password length */
212 ulen = strlen (username);
215 plen = strlen (password);
217 if (ulen > SOCKS5_MAX_LEN || plen > SOCKS5_MAX_LEN)
219 g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_PROXY_FAILED,
220 _("Username or password is too long for SOCKSv5 "
225 msg[len++] = SOCKS5_AUTH_VERSION;
229 memcpy (msg + len, username, ulen);
235 memcpy (msg + len, password, plen);
244 check_auth_status (const guint8 *data, GError **error)
246 if (data[0] != SOCKS5_AUTH_VERSION
247 || data[1] != SOCKS5_REP_SUCCEEDED)
249 g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_PROXY_AUTH_FAILED,
250 _("SOCKSv5 authentication failed due to wrong "
251 "username or password."));
258 * +----+-----+-------+------+----------+----------+
259 * |VER | CMD | RSV | ATYP | DST.ADDR | DST.PORT |
260 * +----+-----+-------+------+----------+----------+
261 * | 1 | 1 | X'00' | 1 | Variable | 2 |
262 * +----+-----+-------+------+----------+----------+
263 * DST.ADDR is a string with first byte being the size. So DST.ADDR may not be
264 * longer then 256 bytes.
266 #define SOCKS5_CONN_MSG_LEN 262
268 set_connect_msg (guint8 *msg,
269 const gchar *hostname,
275 msg[len++] = SOCKS5_VERSION;
276 msg[len++] = SOCKS5_CMD_CONNECT;
277 msg[len++] = SOCKS5_RESERVED;
279 if (g_hostname_is_ip_address (hostname))
281 GInetAddress *addr = g_inet_address_new_from_string (hostname);
282 gsize addr_len = g_inet_address_get_native_size (addr);
284 /* We are cheating for simplicity, here's the logic:
285 * 1 = IPV4 = 4 bytes / 4
286 * 4 = IPV6 = 16 bytes / 4 */
287 msg[len++] = addr_len / 4;
288 memcpy (msg + len, g_inet_address_to_bytes (addr), addr_len);
291 g_object_unref (addr);
295 gsize host_len = strlen (hostname);
297 if (host_len > SOCKS5_MAX_LEN)
299 g_set_error (error, G_IO_ERROR, G_IO_ERROR_PROXY_FAILED,
300 _("Hostname “%s” is too long for SOCKSv5 protocol"),
305 msg[len++] = SOCKS5_ATYP_DOMAINNAME;
306 msg[len++] = (guint8) host_len;
307 memcpy (msg + len, hostname, host_len);
312 guint16 hp = g_htons (port);
313 memcpy (msg + len, &hp, 2);
321 * +----+-----+-------+------+----------+----------+
322 * |VER | REP | RSV | ATYP | BND.ADDR | BND.PORT |
323 * +----+-----+-------+------+----------+----------+
324 * | 1 | 1 | X'00' | 1 | Variable | 2 |
325 * +----+-----+-------+------+----------+----------+
326 * This reply need to be read by small part to determine size. Buffer
327 * size is determined in function of the biggest part to read.
329 * The parser only requires 4 bytes.
331 #define SOCKS5_CONN_REP_LEN 255
333 parse_connect_reply (const guint8 *data, gint *atype, GError **error)
335 if (data[0] != SOCKS5_VERSION)
337 g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_PROXY_FAILED,
338 _("The server is not a SOCKSv5 proxy server."));
344 case SOCKS5_REP_SUCCEEDED:
345 if (data[2] != SOCKS5_RESERVED)
347 g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_PROXY_FAILED,
348 _("The server is not a SOCKSv5 proxy server."));
354 case SOCKS5_ATYP_IPV4:
355 case SOCKS5_ATYP_IPV6:
356 case SOCKS5_ATYP_DOMAINNAME:
361 g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_PROXY_FAILED,
362 _("The SOCKSv5 proxy server uses unknown address type."));
367 case SOCKS5_REP_SRV_FAILURE:
368 g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_PROXY_FAILED,
369 _("Internal SOCKSv5 proxy server error."));
373 case SOCKS5_REP_NOT_ALLOWED:
374 g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_PROXY_NOT_ALLOWED,
375 _("SOCKSv5 connection not allowed by ruleset."));
379 case SOCKS5_REP_TTL_EXPIRED:
380 case SOCKS5_REP_HOST_UNREACH:
381 g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_HOST_UNREACHABLE,
382 _("Host unreachable through SOCKSv5 server."));
386 case SOCKS5_REP_NET_UNREACH:
387 g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_NETWORK_UNREACHABLE,
388 _("Network unreachable through SOCKSv5 proxy."));
392 case SOCKS5_REP_REFUSED:
393 g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_CONNECTION_REFUSED,
394 _("Connection refused through SOCKSv5 proxy."));
398 case SOCKS5_REP_CMD_NOT_SUP:
399 g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_PROXY_FAILED,
400 _("SOCKSv5 proxy does not support “connect” command."));
404 case SOCKS5_REP_ATYPE_NOT_SUP:
405 g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_PROXY_FAILED,
406 _("SOCKSv5 proxy does not support provided address type."));
410 default: /* Unknown error */
411 g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_PROXY_FAILED,
412 _("Unknown SOCKSv5 proxy error."));
421 g_socks5_proxy_connect (GProxy *proxy,
422 GIOStream *io_stream,
423 GProxyAddress *proxy_address,
424 GCancellable *cancellable,
430 const gchar *hostname;
432 const gchar *username;
433 const gchar *password;
435 hostname = g_proxy_address_get_destination_hostname (proxy_address);
436 port = g_proxy_address_get_destination_port (proxy_address);
437 username = g_proxy_address_get_username (proxy_address);
438 password = g_proxy_address_get_password (proxy_address);
440 has_auth = username || password;
442 in = g_io_stream_get_input_stream (io_stream);
443 out = g_io_stream_get_output_stream (io_stream);
445 /* Send SOCKS5 handshake */
447 guint8 msg[SOCKS5_NEGO_MSG_LEN];
450 len = set_nego_msg (msg, has_auth);
452 if (!g_output_stream_write_all (out, msg, len, NULL,
457 /* Receive SOCKS5 response and reply with authentication if required */
459 guint8 data[SOCKS5_NEGO_REP_LEN];
460 gboolean must_auth = FALSE;
462 if (!g_input_stream_read_all (in, data, sizeof (data), NULL,
466 if (!parse_nego_reply (data, has_auth, &must_auth, error))
471 guint8 msg[SOCKS5_AUTH_MSG_LEN];
474 len = set_auth_msg (msg, username, password, error);
479 if (!g_output_stream_write_all (out, msg, len, NULL,
483 if (!g_input_stream_read_all (in, data, sizeof (data), NULL,
487 if (!check_auth_status (data, error))
492 /* Send SOCKS5 connection request */
494 guint8 msg[SOCKS5_CONN_MSG_LEN];
497 len = set_connect_msg (msg, hostname, port, error);
502 if (!g_output_stream_write_all (out, msg, len, NULL,
507 /* Read SOCKS5 response */
509 guint8 data[SOCKS5_CONN_REP_LEN];
512 if (!g_input_stream_read_all (in, data, 4, NULL,
516 if (!parse_connect_reply (data, &atype, error))
521 case SOCKS5_ATYP_IPV4:
522 if (!g_input_stream_read_all (in, data, 6, NULL,
527 case SOCKS5_ATYP_IPV6:
528 if (!g_input_stream_read_all (in, data, 18, NULL,
533 case SOCKS5_ATYP_DOMAINNAME:
534 if (!g_input_stream_read_all (in, data, 1, NULL,
537 if (!g_input_stream_read_all (in, data, data[0] + 2, NULL,
544 return g_object_ref (io_stream);
553 GIOStream *io_stream;
563 static void nego_msg_write_cb (GObject *source,
566 static void nego_reply_read_cb (GObject *source,
569 static void auth_msg_write_cb (GObject *source,
572 static void auth_reply_read_cb (GObject *source,
573 GAsyncResult *result,
575 static void send_connect_msg (GTask *task);
576 static void connect_msg_write_cb (GObject *source,
577 GAsyncResult *result,
579 static void connect_reply_read_cb (GObject *source,
580 GAsyncResult *result,
582 static void connect_addr_len_read_cb (GObject *source,
583 GAsyncResult *result,
585 static void connect_addr_read_cb (GObject *source,
586 GAsyncResult *result,
590 free_connect_data (ConnectAsyncData *data)
592 g_object_unref (data->io_stream);
594 g_free (data->hostname);
595 g_free (data->username);
596 g_free (data->password);
597 g_free (data->buffer);
599 g_slice_free (ConnectAsyncData, data);
603 do_read (GAsyncReadyCallback callback, GTask *task, ConnectAsyncData *data)
606 in = g_io_stream_get_input_stream (data->io_stream);
607 g_input_stream_read_async (in,
608 data->buffer + data->offset,
609 data->length - data->offset,
610 g_task_get_priority (task),
611 g_task_get_cancellable (task),
616 do_write (GAsyncReadyCallback callback, GTask *task, ConnectAsyncData *data)
619 out = g_io_stream_get_output_stream (data->io_stream);
620 g_output_stream_write_async (out,
621 data->buffer + data->offset,
622 data->length - data->offset,
623 g_task_get_priority (task),
624 g_task_get_cancellable (task),
629 g_socks5_proxy_connect_async (GProxy *proxy,
630 GIOStream *io_stream,
631 GProxyAddress *proxy_address,
632 GCancellable *cancellable,
633 GAsyncReadyCallback callback,
637 ConnectAsyncData *data;
639 data = g_slice_new0 (ConnectAsyncData);
640 data->io_stream = g_object_ref (io_stream);
642 task = g_task_new (proxy, cancellable, callback, user_data);
643 g_task_set_source_tag (task, g_socks5_proxy_connect_async);
644 g_task_set_task_data (task, data, (GDestroyNotify) free_connect_data);
646 g_object_get (G_OBJECT (proxy_address),
647 "destination-hostname", &data->hostname,
648 "destination-port", &data->port,
649 "username", &data->username,
650 "password", &data->password,
653 data->buffer = g_malloc0 (SOCKS5_NEGO_MSG_LEN);
654 data->length = set_nego_msg (data->buffer,
655 data->username || data->password);
658 do_write (nego_msg_write_cb, task, data);
663 nego_msg_write_cb (GObject *source,
667 GTask *task = user_data;
668 ConnectAsyncData *data = g_task_get_task_data (task);
669 GError *error = NULL;
672 written = g_output_stream_write_finish (G_OUTPUT_STREAM (source),
677 g_task_return_error (task, error);
678 g_object_unref (task);
682 data->offset += written;
684 if (data->offset == data->length)
686 g_free (data->buffer);
688 data->buffer = g_malloc0 (SOCKS5_NEGO_REP_LEN);
689 data->length = SOCKS5_NEGO_REP_LEN;
692 do_read (nego_reply_read_cb, task, data);
696 do_write (nego_msg_write_cb, task, data);
701 nego_reply_read_cb (GObject *source,
705 GTask *task = user_data;
706 ConnectAsyncData *data = g_task_get_task_data (task);
707 GError *error = NULL;
710 read = g_input_stream_read_finish (G_INPUT_STREAM (source),
715 g_task_return_error (task, error);
716 g_object_unref (task);
720 data->offset += read;
722 if (data->offset == data->length)
724 GError *error = NULL;
725 gboolean must_auth = FALSE;
726 gboolean has_auth = data->username || data->password;
728 if (!parse_nego_reply (data->buffer, has_auth, &must_auth, &error))
730 g_task_return_error (task, error);
731 g_object_unref (task);
737 g_free (data->buffer);
739 data->buffer = g_malloc0 (SOCKS5_AUTH_MSG_LEN);
740 data->length = set_auth_msg (data->buffer,
746 if (data->length < 0)
748 g_task_return_error (task, error);
749 g_object_unref (task);
753 do_write (auth_msg_write_cb, task, data);
757 send_connect_msg (task);
762 do_read (nego_reply_read_cb, task, data);
767 auth_msg_write_cb (GObject *source,
768 GAsyncResult *result,
771 GTask *task = user_data;
772 ConnectAsyncData *data = g_task_get_task_data (task);
773 GError *error = NULL;
776 written = g_output_stream_write_finish (G_OUTPUT_STREAM (source),
781 g_task_return_error (task, error);
782 g_object_unref (task);
786 data->offset += written;
788 if (data->offset == data->length)
790 g_free (data->buffer);
792 data->buffer = g_malloc0 (SOCKS5_NEGO_REP_LEN);
793 data->length = SOCKS5_NEGO_REP_LEN;
796 do_read (auth_reply_read_cb, task, data);
800 do_write (auth_msg_write_cb, task, data);
805 auth_reply_read_cb (GObject *source,
806 GAsyncResult *result,
809 GTask *task = user_data;
810 ConnectAsyncData *data = g_task_get_task_data (task);
811 GError *error = NULL;
814 read = g_input_stream_read_finish (G_INPUT_STREAM (source),
819 g_task_return_error (task, error);
820 g_object_unref (task);
824 data->offset += read;
826 if (data->offset == data->length)
828 if (!check_auth_status (data->buffer, &error))
830 g_task_return_error (task, error);
831 g_object_unref (task);
835 send_connect_msg (task);
839 do_read (auth_reply_read_cb, task, data);
844 send_connect_msg (GTask *task)
846 ConnectAsyncData *data = g_task_get_task_data (task);
847 GError *error = NULL;
849 g_free (data->buffer);
851 data->buffer = g_malloc0 (SOCKS5_CONN_MSG_LEN);
852 data->length = set_connect_msg (data->buffer,
858 if (data->length < 0)
860 g_task_return_error (task, error);
861 g_object_unref (task);
865 do_write (connect_msg_write_cb, task, data);
869 connect_msg_write_cb (GObject *source,
870 GAsyncResult *result,
873 GTask *task = user_data;
874 ConnectAsyncData *data = g_task_get_task_data (task);
875 GError *error = NULL;
878 written = g_output_stream_write_finish (G_OUTPUT_STREAM (source),
883 g_task_return_error (task, error);
884 g_object_unref (task);
888 data->offset += written;
890 if (data->offset == data->length)
892 g_free (data->buffer);
894 data->buffer = g_malloc0 (SOCKS5_CONN_REP_LEN);
898 do_read (connect_reply_read_cb, task, data);
902 do_write (connect_msg_write_cb, task, data);
907 connect_reply_read_cb (GObject *source,
908 GAsyncResult *result,
911 GTask *task = user_data;
912 ConnectAsyncData *data = g_task_get_task_data (task);
913 GError *error = NULL;
916 read = g_input_stream_read_finish (G_INPUT_STREAM (source),
921 g_task_return_error (task, error);
922 g_object_unref (task);
926 data->offset += read;
928 if (data->offset == data->length)
932 if (!parse_connect_reply (data->buffer, &atype, &error))
934 g_task_return_error (task, error);
935 g_object_unref (task);
941 case SOCKS5_ATYP_IPV4:
944 do_read (connect_addr_read_cb, task, data);
947 case SOCKS5_ATYP_IPV6:
950 do_read (connect_addr_read_cb, task, data);
953 case SOCKS5_ATYP_DOMAINNAME:
956 do_read (connect_addr_len_read_cb, task, data);
962 do_read (connect_reply_read_cb, task, data);
967 connect_addr_len_read_cb (GObject *source,
968 GAsyncResult *result,
971 GTask *task = user_data;
972 ConnectAsyncData *data = g_task_get_task_data (task);
973 GError *error = NULL;
976 read = g_input_stream_read_finish (G_INPUT_STREAM (source),
981 g_task_return_error (task, error);
982 g_object_unref (task);
986 data->length = data->buffer[0] + 2;
989 do_read (connect_addr_read_cb, task, data);
993 connect_addr_read_cb (GObject *source,
994 GAsyncResult *result,
997 GTask *task = user_data;
998 ConnectAsyncData *data = g_task_get_task_data (task);
999 GError *error = NULL;
1002 read = g_input_stream_read_finish (G_INPUT_STREAM (source),
1007 g_task_return_error (task, error);
1008 g_object_unref (task);
1012 data->offset += read;
1014 if (data->offset == data->length)
1016 g_task_return_pointer (task, g_object_ref (data->io_stream), g_object_unref);
1017 g_object_unref (task);
1022 do_read (connect_reply_read_cb, task, data);
1027 g_socks5_proxy_connect_finish (GProxy *proxy,
1028 GAsyncResult *result,
1031 return g_task_propagate_pointer (G_TASK (result), error);
1035 g_socks5_proxy_supports_hostname (GProxy *proxy)
1041 g_socks5_proxy_class_init (GSocks5ProxyClass *class)
1043 GObjectClass *object_class;
1045 object_class = (GObjectClass *) class;
1046 object_class->finalize = g_socks5_proxy_finalize;
1050 g_socks5_proxy_iface_init (GProxyInterface *proxy_iface)
1052 proxy_iface->connect = g_socks5_proxy_connect;
1053 proxy_iface->connect_async = g_socks5_proxy_connect_async;
1054 proxy_iface->connect_finish = g_socks5_proxy_connect_finish;
1055 proxy_iface->supports_hostname = g_socks5_proxy_supports_hostname;