1 /* GIO - GLib Input, Output and Streaming Library
3 * Copyright (C) 2008, 2010 Collabora, Ltd.
4 * Copyright (C) 2008 Nokia Corporation. All rights reserved.
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General
17 * Public License along with this library; if not, write to the
18 * Free Software Foundation, Inc., 59 Temple Place, Suite 330,
19 * Boston, MA 02111-1307, USA.
21 * Author: Youness Alaoui <youness.alaoui@collabora.co.uk
24 * Nicolas Dufresne <nicolas.dufresne@collabora.co.uk>
29 #include "gsocks5proxy.h"
33 #include "giomodule.h"
34 #include "giomodule-priv.h"
35 #include "giostream.h"
36 #include "ginetaddress.h"
37 #include "ginputstream.h"
39 #include "goutputstream.h"
41 #include "gproxyaddress.h"
44 #define SOCKS5_VERSION 0x05
46 #define SOCKS5_CMD_CONNECT 0x01
47 #define SOCKS5_CMD_BIND 0x02
48 #define SOCKS5_CMD_UDP_ASSOCIATE 0x03
50 #define SOCKS5_ATYP_IPV4 0x01
51 #define SOCKS5_ATYP_DOMAINNAME 0x03
52 #define SOCKS5_ATYP_IPV6 0x04
54 #define SOCKS5_AUTH_VERSION 0x01
56 #define SOCKS5_AUTH_NONE 0x00
57 #define SOCKS5_AUTH_GSSAPI 0x01
58 #define SOCKS5_AUTH_USR_PASS 0x02
59 #define SOCKS5_AUTH_NO_ACCEPT 0xff
61 #define SOCKS5_MAX_LEN 255
62 #define SOCKS5_RESERVED 0x00
64 #define SOCKS5_REP_SUCCEEDED 0x00
65 #define SOCKS5_REP_SRV_FAILURE 0x01
66 #define SOCKS5_REP_NOT_ALLOWED 0x02
67 #define SOCKS5_REP_NET_UNREACH 0x03
68 #define SOCKS5_REP_HOST_UNREACH 0x04
69 #define SOCKS5_REP_REFUSED 0x05
70 #define SOCKS5_REP_TTL_EXPIRED 0x06
71 #define SOCKS5_REP_CMD_NOT_SUP 0x07
72 #define SOCKS5_REP_ATYPE_NOT_SUP 0x08
80 struct _GSocks5ProxyClass
82 GObjectClass parent_class;
85 static void g_socks5_proxy_iface_init (GProxyInterface *proxy_iface);
87 #define g_socks5_proxy_get_type _g_socks5_proxy_get_type
88 G_DEFINE_TYPE_WITH_CODE (GSocks5Proxy, g_socks5_proxy, G_TYPE_OBJECT,
89 G_IMPLEMENT_INTERFACE (G_TYPE_PROXY,
90 g_socks5_proxy_iface_init)
91 _g_io_modules_ensure_extension_points_registered ();
92 g_io_extension_point_implement (G_PROXY_EXTENSION_POINT_NAME,
98 g_socks5_proxy_finalize (GObject *object)
101 G_OBJECT_CLASS (g_socks5_proxy_parent_class)->finalize (object);
105 g_socks5_proxy_init (GSocks5Proxy *proxy)
110 * +----+----------+----------+
111 * |VER | NMETHODS | METHODS |
112 * +----+----------+----------+
113 * | 1 | 1 | 1 to 255 |
114 * +----+----------+----------+
116 #define SOCKS5_NEGO_MSG_LEN 4
118 set_nego_msg (guint8 *msg, gboolean has_auth)
122 msg[0] = SOCKS5_VERSION;
123 msg[1] = 0x01; /* number of methods supported */
124 msg[2] = SOCKS5_AUTH_NONE;
126 /* add support for authentication method */
129 msg[1] = 0x02; /* number of methods supported */
130 msg[3] = SOCKS5_AUTH_USR_PASS;
145 #define SOCKS5_NEGO_REP_LEN 2
147 parse_nego_reply (const guint8 *data,
152 if (data[0] != SOCKS5_VERSION)
154 g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_PROXY_FAILED,
155 _("The server is not a SOCKSv5 proxy server."));
161 case SOCKS5_AUTH_NONE:
165 case SOCKS5_AUTH_USR_PASS:
168 g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_PROXY_NEED_AUTH,
169 _("The SOCKSv5 proxy requires authentication."));
175 case SOCKS5_AUTH_GSSAPI:
176 case SOCKS5_AUTH_NO_ACCEPT:
178 g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_PROXY_AUTH_FAILED,
179 _("The SOCKSv5 proxy requires an authentication "
180 "method that is not supported by GLib."));
188 #define SOCKS5_AUTH_MSG_LEN 515
190 set_auth_msg (guint8 *msg,
191 const gchar *username,
192 const gchar *password,
196 gint ulen = 0; /* username length */
197 gint plen = 0; /* Password length */
200 ulen = strlen (username);
203 plen = strlen (password);
205 if (ulen > SOCKS5_MAX_LEN || plen > SOCKS5_MAX_LEN)
207 g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_PROXY_FAILED,
208 _("Username or password is too long for SOCKSv5 "
213 msg[len++] = SOCKS5_AUTH_VERSION;
217 memcpy (msg + len, username, ulen);
223 memcpy (msg + len, password, plen);
232 check_auth_status (const guint8 *data, GError **error)
234 if (data[0] != SOCKS5_VERSION
235 || data[1] != SOCKS5_REP_SUCCEEDED)
237 g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_PROXY_AUTH_FAILED,
238 _("SOCKSv5 authentication failed due to wrong "
239 "username or password."));
246 * +----+-----+-------+------+----------+----------+
247 * |VER | CMD | RSV | ATYP | DST.ADDR | DST.PORT |
248 * +----+-----+-------+------+----------+----------+
249 * | 1 | 1 | X'00' | 1 | Variable | 2 |
250 * +----+-----+-------+------+----------+----------+
251 * DST.ADDR is a string with first byte being the size. So DST.ADDR may not be
252 * longer then 256 bytes.
254 #define SOCKS5_CONN_MSG_LEN 262
256 set_connect_msg (guint8 *msg,
257 const gchar *hostname,
263 msg[len++] = SOCKS5_VERSION;
264 msg[len++] = SOCKS5_CMD_CONNECT;
265 msg[len++] = SOCKS5_RESERVED;
267 if (g_hostname_is_ip_address (hostname))
269 GInetAddress *addr = g_inet_address_new_from_string (hostname);
270 gsize addr_len = g_inet_address_get_native_size (addr);
272 /* We are cheating for simplicity, here's the logic:
273 * 1 = IPV4 = 4 bytes / 4
274 * 4 = IPV6 = 16 bytes / 4 */
275 msg[len++] = addr_len / 4;
276 memcpy (msg + len, g_inet_address_to_bytes (addr), addr_len);
279 g_object_unref (addr);
283 gsize host_len = strlen (hostname);
285 if (host_len > SOCKS5_MAX_LEN)
287 g_set_error (error, G_IO_ERROR, G_IO_ERROR_PROXY_FAILED,
288 _("Hostname '%s' is too long for SOCKSv5 protocol"),
293 msg[len++] = SOCKS5_ATYP_DOMAINNAME;
294 msg[len++] = (guint8) host_len;
295 memcpy (msg + len, hostname, host_len);
300 guint16 hp = g_htons (port);
301 memcpy (msg + len, &hp, 2);
309 * +----+-----+-------+------+----------+----------+
310 * |VER | REP | RSV | ATYP | BND.ADDR | BND.PORT |
311 * +----+-----+-------+------+----------+----------+
312 * | 1 | 1 | X'00' | 1 | Variable | 2 |
313 * +----+-----+-------+------+----------+----------+
314 * This reply need to be read by small part to determin size. Buffer
315 * size is determined in function of the biggest part to read.
317 * The parser only requires 4 bytes.
319 #define SOCKS5_CONN_REP_LEN 255
321 parse_connect_reply (const guint8 *data, gint *atype, GError **error)
323 if (data[0] != SOCKS5_VERSION)
325 g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_PROXY_FAILED,
326 _("The server is not a SOCKSv5 proxy server."));
332 case SOCKS5_REP_SUCCEEDED:
333 if (data[2] != SOCKS5_RESERVED)
335 g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_PROXY_FAILED,
336 _("The server is not a SOCKSv5 proxy server."));
342 case SOCKS5_ATYP_IPV4:
343 case SOCKS5_ATYP_IPV6:
344 case SOCKS5_ATYP_DOMAINNAME:
349 g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_PROXY_FAILED,
350 _("The SOCKSv5 proxy server uses unknown address type."));
355 case SOCKS5_REP_SRV_FAILURE:
356 g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_PROXY_FAILED,
357 _("Internal SOCKSv5 proxy server error."));
361 case SOCKS5_REP_NOT_ALLOWED:
362 g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_PROXY_NOT_ALLOWED,
363 _("SOCKSv5 connection not allowed by ruleset."));
367 case SOCKS5_REP_TTL_EXPIRED:
368 case SOCKS5_REP_HOST_UNREACH:
369 g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_HOST_UNREACHABLE,
370 _("Host unreachable through SOCKSv5 server."));
374 case SOCKS5_REP_NET_UNREACH:
375 g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_NETWORK_UNREACHABLE,
376 _("Network unreachable through SOCKSv5 proxy."));
380 case SOCKS5_REP_REFUSED:
381 g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_CONNECTION_REFUSED,
382 _("Connection refused through SOCKSv5 proxy."));
386 case SOCKS5_REP_CMD_NOT_SUP:
387 g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_PROXY_FAILED,
388 _("SOCKSv5 proxy does not support 'connect' command."));
392 case SOCKS5_REP_ATYPE_NOT_SUP:
393 g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_PROXY_FAILED,
394 _("SOCKSv5 proxy does not support provided address type."));
398 default: /* Unknown error */
399 g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_PROXY_FAILED,
400 _("Unknown SOCKSv5 proxy error."));
409 g_socks5_proxy_connect (GProxy *proxy,
410 GIOStream *io_stream,
411 GProxyAddress *proxy_address,
412 GCancellable *cancellable,
418 const gchar *hostname;
420 const gchar *username;
421 const gchar *password;
423 hostname = g_proxy_address_get_destination_hostname (proxy_address);
424 port = g_proxy_address_get_destination_port (proxy_address);
425 username = g_proxy_address_get_username (proxy_address);
426 password = g_proxy_address_get_password (proxy_address);
428 has_auth = username || password;
430 in = g_io_stream_get_input_stream (io_stream);
431 out = g_io_stream_get_output_stream (io_stream);
433 /* Send SOCKS5 handshake */
435 guint8 msg[SOCKS5_NEGO_MSG_LEN];
438 len = set_nego_msg (msg, has_auth);
440 if (!g_output_stream_write_all (out, msg, len, NULL,
445 /* Receive SOCKS5 response and reply with authentication if required */
447 guint8 data[SOCKS5_NEGO_REP_LEN];
448 gboolean must_auth = FALSE;
450 if (!g_input_stream_read_all (in, data, sizeof (data), NULL,
454 if (!parse_nego_reply (data, has_auth, &must_auth, error))
459 guint8 msg[SOCKS5_AUTH_MSG_LEN];
462 len = set_auth_msg (msg, username, password, error);
467 if (!g_output_stream_write_all (out, msg, len, NULL,
471 if (!g_input_stream_read_all (in, data, sizeof (data), NULL,
475 if (!check_auth_status (data, error))
480 /* Send SOCKS5 connection request */
482 guint8 msg[SOCKS5_CONN_MSG_LEN];
485 len = set_connect_msg (msg, hostname, port, error);
490 if (!g_output_stream_write_all (out, msg, len, NULL,
495 /* Read SOCKS5 response */
497 guint8 data[SOCKS5_CONN_REP_LEN];
500 if (!g_input_stream_read_all (in, data, 4, NULL,
504 if (!parse_connect_reply (data, &atype, error))
509 case SOCKS5_ATYP_IPV4:
510 if (!g_input_stream_read_all (in, data, 6, NULL,
515 case SOCKS5_ATYP_IPV6:
516 if (!g_input_stream_read_all (in, data, 18, NULL,
521 case SOCKS5_ATYP_DOMAINNAME:
522 if (!g_input_stream_read_all (in, data, 1, NULL,
525 if (!g_input_stream_read_all (in, data, data[0] + 2, NULL,
532 return g_object_ref (io_stream);
541 GIOStream *io_stream;
551 static void nego_msg_write_cb (GObject *source,
554 static void nego_reply_read_cb (GObject *source,
557 static void auth_msg_write_cb (GObject *source,
560 static void auth_reply_read_cb (GObject *source,
561 GAsyncResult *result,
563 static void send_connect_msg (GTask *task);
564 static void connect_msg_write_cb (GObject *source,
565 GAsyncResult *result,
567 static void connect_reply_read_cb (GObject *source,
568 GAsyncResult *result,
570 static void connect_addr_len_read_cb (GObject *source,
571 GAsyncResult *result,
573 static void connect_addr_read_cb (GObject *source,
574 GAsyncResult *result,
578 free_connect_data (ConnectAsyncData *data)
580 g_object_unref (data->io_stream);
582 g_free (data->hostname);
583 g_free (data->username);
584 g_free (data->password);
585 g_free (data->buffer);
587 g_slice_free (ConnectAsyncData, data);
591 do_read (GAsyncReadyCallback callback, GTask *task, ConnectAsyncData *data)
594 in = g_io_stream_get_input_stream (data->io_stream);
595 g_input_stream_read_async (in,
596 data->buffer + data->offset,
597 data->length - data->offset,
598 g_task_get_priority (task),
599 g_task_get_cancellable (task),
604 do_write (GAsyncReadyCallback callback, GTask *task, ConnectAsyncData *data)
607 out = g_io_stream_get_output_stream (data->io_stream);
608 g_output_stream_write_async (out,
609 data->buffer + data->offset,
610 data->length - data->offset,
611 g_task_get_priority (task),
612 g_task_get_cancellable (task),
617 g_socks5_proxy_connect_async (GProxy *proxy,
618 GIOStream *io_stream,
619 GProxyAddress *proxy_address,
620 GCancellable *cancellable,
621 GAsyncReadyCallback callback,
625 ConnectAsyncData *data;
627 data = g_slice_new0 (ConnectAsyncData);
628 data->io_stream = g_object_ref (io_stream);
630 task = g_task_new (proxy, cancellable, callback, user_data);
631 g_task_set_task_data (task, data, (GDestroyNotify) free_connect_data);
633 g_object_get (G_OBJECT (proxy_address),
634 "destination-hostname", &data->hostname,
635 "destination-port", &data->port,
636 "username", &data->username,
637 "password", &data->password,
640 data->buffer = g_malloc0 (SOCKS5_NEGO_MSG_LEN);
641 data->length = set_nego_msg (data->buffer,
642 data->username || data->password);
645 do_write (nego_msg_write_cb, task, data);
650 nego_msg_write_cb (GObject *source,
654 GTask *task = user_data;
655 ConnectAsyncData *data = g_task_get_task_data (task);
656 GError *error = NULL;
659 written = g_output_stream_write_finish (G_OUTPUT_STREAM (source),
664 g_task_return_error (task, error);
665 g_object_unref (task);
669 data->offset += written;
671 if (data->offset == data->length)
673 g_free (data->buffer);
675 data->buffer = g_malloc0 (SOCKS5_NEGO_REP_LEN);
676 data->length = SOCKS5_NEGO_REP_LEN;
679 do_read (nego_reply_read_cb, task, data);
683 do_write (nego_msg_write_cb, task, data);
688 nego_reply_read_cb (GObject *source,
692 GTask *task = user_data;
693 ConnectAsyncData *data = g_task_get_task_data (task);
694 GError *error = NULL;
697 read = g_input_stream_read_finish (G_INPUT_STREAM (source),
702 g_task_return_error (task, error);
703 g_object_unref (task);
707 data->offset += read;
709 if (data->offset == data->length)
711 GError *error = NULL;
712 gboolean must_auth = FALSE;
713 gboolean has_auth = data->username || data->password;
715 if (!parse_nego_reply (data->buffer, has_auth, &must_auth, &error))
717 g_task_return_error (task, error);
718 g_object_unref (task);
724 g_free (data->buffer);
726 data->buffer = g_malloc0 (SOCKS5_AUTH_MSG_LEN);
727 data->length = set_auth_msg (data->buffer,
733 if (data->length < 0)
735 g_task_return_error (task, error);
736 g_object_unref (task);
740 do_write (auth_msg_write_cb, task, data);
744 send_connect_msg (task);
749 do_read (nego_reply_read_cb, task, data);
754 auth_msg_write_cb (GObject *source,
755 GAsyncResult *result,
758 GTask *task = user_data;
759 ConnectAsyncData *data = g_task_get_task_data (task);
760 GError *error = NULL;
763 written = g_output_stream_write_finish (G_OUTPUT_STREAM (source),
768 g_task_return_error (task, error);
769 g_object_unref (task);
773 data->offset += written;
775 if (data->offset == data->length)
777 g_free (data->buffer);
779 data->buffer = g_malloc0 (SOCKS5_NEGO_REP_LEN);
780 data->length = SOCKS5_NEGO_REP_LEN;
783 do_read (auth_reply_read_cb, task, data);
787 do_write (auth_msg_write_cb, task, data);
792 auth_reply_read_cb (GObject *source,
793 GAsyncResult *result,
796 GTask *task = user_data;
797 ConnectAsyncData *data = g_task_get_task_data (task);
798 GError *error = NULL;
801 read = g_input_stream_read_finish (G_INPUT_STREAM (source),
806 g_task_return_error (task, error);
807 g_object_unref (task);
811 data->offset += read;
813 if (data->offset == data->length)
815 if (!check_auth_status (data->buffer, &error))
817 g_task_return_error (task, error);
818 g_object_unref (task);
822 send_connect_msg (task);
826 do_read (auth_reply_read_cb, task, data);
831 send_connect_msg (GTask *task)
833 ConnectAsyncData *data = g_task_get_task_data (task);
834 GError *error = NULL;
836 g_free (data->buffer);
838 data->buffer = g_malloc0 (SOCKS5_CONN_MSG_LEN);
839 data->length = set_connect_msg (data->buffer,
845 if (data->length < 0)
847 g_task_return_error (task, error);
848 g_object_unref (task);
852 do_write (connect_msg_write_cb, task, data);
856 connect_msg_write_cb (GObject *source,
857 GAsyncResult *result,
860 GTask *task = user_data;
861 ConnectAsyncData *data = g_task_get_task_data (task);
862 GError *error = NULL;
865 written = g_output_stream_write_finish (G_OUTPUT_STREAM (source),
870 g_task_return_error (task, error);
871 g_object_unref (task);
875 data->offset += written;
877 if (data->offset == data->length)
879 g_free (data->buffer);
881 data->buffer = g_malloc0 (SOCKS5_CONN_REP_LEN);
885 do_read (connect_reply_read_cb, task, data);
889 do_write (connect_msg_write_cb, task, data);
894 connect_reply_read_cb (GObject *source,
895 GAsyncResult *result,
898 GTask *task = user_data;
899 ConnectAsyncData *data = g_task_get_task_data (task);
900 GError *error = NULL;
903 read = g_input_stream_read_finish (G_INPUT_STREAM (source),
908 g_task_return_error (task, error);
909 g_object_unref (task);
913 data->offset += read;
915 if (data->offset == data->length)
919 if (!parse_connect_reply (data->buffer, &atype, &error))
921 g_task_return_error (task, error);
922 g_object_unref (task);
928 case SOCKS5_ATYP_IPV4:
931 do_read (connect_addr_read_cb, task, data);
934 case SOCKS5_ATYP_IPV6:
937 do_read (connect_addr_read_cb, task, data);
940 case SOCKS5_ATYP_DOMAINNAME:
943 do_read (connect_addr_len_read_cb, task, data);
949 do_read (connect_reply_read_cb, task, data);
954 connect_addr_len_read_cb (GObject *source,
955 GAsyncResult *result,
958 GTask *task = user_data;
959 ConnectAsyncData *data = g_task_get_task_data (task);
960 GError *error = NULL;
963 read = g_input_stream_read_finish (G_INPUT_STREAM (source),
968 g_task_return_error (task, error);
969 g_object_unref (task);
973 data->length = data->buffer[0] + 2;
976 do_read (connect_addr_read_cb, task, data);
980 connect_addr_read_cb (GObject *source,
981 GAsyncResult *result,
984 GTask *task = user_data;
985 ConnectAsyncData *data = g_task_get_task_data (task);
986 GError *error = NULL;
989 read = g_input_stream_read_finish (G_INPUT_STREAM (source),
994 g_task_return_error (task, error);
995 g_object_unref (task);
999 data->offset += read;
1001 if (data->offset == data->length)
1003 g_task_return_pointer (task, g_object_ref (data->io_stream), g_object_unref);
1004 g_object_unref (task);
1009 do_read (connect_reply_read_cb, task, data);
1014 g_socks5_proxy_connect_finish (GProxy *proxy,
1015 GAsyncResult *result,
1018 return g_task_propagate_pointer (G_TASK (result), error);
1022 g_socks5_proxy_supports_hostname (GProxy *proxy)
1028 g_socks5_proxy_class_init (GSocks5ProxyClass *class)
1030 GObjectClass *object_class;
1032 object_class = (GObjectClass *) class;
1033 object_class->finalize = g_socks5_proxy_finalize;
1037 g_socks5_proxy_iface_init (GProxyInterface *proxy_iface)
1039 proxy_iface->connect = g_socks5_proxy_connect;
1040 proxy_iface->connect_async = g_socks5_proxy_connect_async;
1041 proxy_iface->connect_finish = g_socks5_proxy_connect_finish;
1042 proxy_iface->supports_hostname = g_socks5_proxy_supports_hostname;