1 /* GIO - GLib Input, Output and Streaming Library
3 * Copyright (C) 2008, 2010 Collabora, Ltd.
4 * Copyright (C) 2008 Nokia Corporation. All rights reserved.
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General
17 * Public License along with this library; if not, see <http://www.gnu.org/licenses/>.
19 * Author: Youness Alaoui <youness.alaoui@collabora.co.uk
22 * Nicolas Dufresne <nicolas.dufresne@collabora.co.uk>
27 #include "gsocks5proxy.h"
31 #include "giomodule.h"
32 #include "giomodule-priv.h"
33 #include "giostream.h"
34 #include "ginetaddress.h"
35 #include "ginputstream.h"
37 #include "goutputstream.h"
39 #include "gproxyaddress.h"
42 #define SOCKS5_VERSION 0x05
44 #define SOCKS5_CMD_CONNECT 0x01
45 #define SOCKS5_CMD_BIND 0x02
46 #define SOCKS5_CMD_UDP_ASSOCIATE 0x03
48 #define SOCKS5_ATYP_IPV4 0x01
49 #define SOCKS5_ATYP_DOMAINNAME 0x03
50 #define SOCKS5_ATYP_IPV6 0x04
52 #define SOCKS5_AUTH_VERSION 0x01
54 #define SOCKS5_AUTH_NONE 0x00
55 #define SOCKS5_AUTH_GSSAPI 0x01
56 #define SOCKS5_AUTH_USR_PASS 0x02
57 #define SOCKS5_AUTH_NO_ACCEPT 0xff
59 #define SOCKS5_MAX_LEN 255
60 #define SOCKS5_RESERVED 0x00
62 #define SOCKS5_REP_SUCCEEDED 0x00
63 #define SOCKS5_REP_SRV_FAILURE 0x01
64 #define SOCKS5_REP_NOT_ALLOWED 0x02
65 #define SOCKS5_REP_NET_UNREACH 0x03
66 #define SOCKS5_REP_HOST_UNREACH 0x04
67 #define SOCKS5_REP_REFUSED 0x05
68 #define SOCKS5_REP_TTL_EXPIRED 0x06
69 #define SOCKS5_REP_CMD_NOT_SUP 0x07
70 #define SOCKS5_REP_ATYPE_NOT_SUP 0x08
78 struct _GSocks5ProxyClass
80 GObjectClass parent_class;
83 static void g_socks5_proxy_iface_init (GProxyInterface *proxy_iface);
85 #define g_socks5_proxy_get_type _g_socks5_proxy_get_type
86 G_DEFINE_TYPE_WITH_CODE (GSocks5Proxy, g_socks5_proxy, G_TYPE_OBJECT,
87 G_IMPLEMENT_INTERFACE (G_TYPE_PROXY,
88 g_socks5_proxy_iface_init)
89 _g_io_modules_ensure_extension_points_registered ();
90 g_io_extension_point_implement (G_PROXY_EXTENSION_POINT_NAME,
96 g_socks5_proxy_finalize (GObject *object)
99 G_OBJECT_CLASS (g_socks5_proxy_parent_class)->finalize (object);
103 g_socks5_proxy_init (GSocks5Proxy *proxy)
108 * +----+----------+----------+
109 * |VER | NMETHODS | METHODS |
110 * +----+----------+----------+
111 * | 1 | 1 | 1 to 255 |
112 * +----+----------+----------+
114 #define SOCKS5_NEGO_MSG_LEN 4
116 set_nego_msg (guint8 *msg, gboolean has_auth)
120 msg[0] = SOCKS5_VERSION;
121 msg[1] = 0x01; /* number of methods supported */
122 msg[2] = SOCKS5_AUTH_NONE;
124 /* add support for authentication method */
127 msg[1] = 0x02; /* number of methods supported */
128 msg[3] = SOCKS5_AUTH_USR_PASS;
143 #define SOCKS5_NEGO_REP_LEN 2
145 parse_nego_reply (const guint8 *data,
150 if (data[0] != SOCKS5_VERSION)
152 g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_PROXY_FAILED,
153 _("The server is not a SOCKSv5 proxy server."));
159 case SOCKS5_AUTH_NONE:
163 case SOCKS5_AUTH_USR_PASS:
166 g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_PROXY_NEED_AUTH,
167 _("The SOCKSv5 proxy requires authentication."));
173 case SOCKS5_AUTH_GSSAPI:
174 case SOCKS5_AUTH_NO_ACCEPT:
176 g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_PROXY_AUTH_FAILED,
177 _("The SOCKSv5 proxy requires an authentication "
178 "method that is not supported by GLib."));
186 #define SOCKS5_AUTH_MSG_LEN 515
188 set_auth_msg (guint8 *msg,
189 const gchar *username,
190 const gchar *password,
194 gint ulen = 0; /* username length */
195 gint plen = 0; /* Password length */
198 ulen = strlen (username);
201 plen = strlen (password);
203 if (ulen > SOCKS5_MAX_LEN || plen > SOCKS5_MAX_LEN)
205 g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_PROXY_FAILED,
206 _("Username or password is too long for SOCKSv5 "
211 msg[len++] = SOCKS5_AUTH_VERSION;
215 memcpy (msg + len, username, ulen);
221 memcpy (msg + len, password, plen);
230 check_auth_status (const guint8 *data, GError **error)
232 if (data[0] != SOCKS5_VERSION
233 || data[1] != SOCKS5_REP_SUCCEEDED)
235 g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_PROXY_AUTH_FAILED,
236 _("SOCKSv5 authentication failed due to wrong "
237 "username or password."));
244 * +----+-----+-------+------+----------+----------+
245 * |VER | CMD | RSV | ATYP | DST.ADDR | DST.PORT |
246 * +----+-----+-------+------+----------+----------+
247 * | 1 | 1 | X'00' | 1 | Variable | 2 |
248 * +----+-----+-------+------+----------+----------+
249 * DST.ADDR is a string with first byte being the size. So DST.ADDR may not be
250 * longer then 256 bytes.
252 #define SOCKS5_CONN_MSG_LEN 262
254 set_connect_msg (guint8 *msg,
255 const gchar *hostname,
261 msg[len++] = SOCKS5_VERSION;
262 msg[len++] = SOCKS5_CMD_CONNECT;
263 msg[len++] = SOCKS5_RESERVED;
265 if (g_hostname_is_ip_address (hostname))
267 GInetAddress *addr = g_inet_address_new_from_string (hostname);
268 gsize addr_len = g_inet_address_get_native_size (addr);
270 /* We are cheating for simplicity, here's the logic:
271 * 1 = IPV4 = 4 bytes / 4
272 * 4 = IPV6 = 16 bytes / 4 */
273 msg[len++] = addr_len / 4;
274 memcpy (msg + len, g_inet_address_to_bytes (addr), addr_len);
277 g_object_unref (addr);
281 gsize host_len = strlen (hostname);
283 if (host_len > SOCKS5_MAX_LEN)
285 g_set_error (error, G_IO_ERROR, G_IO_ERROR_PROXY_FAILED,
286 _("Hostname '%s' is too long for SOCKSv5 protocol"),
291 msg[len++] = SOCKS5_ATYP_DOMAINNAME;
292 msg[len++] = (guint8) host_len;
293 memcpy (msg + len, hostname, host_len);
298 guint16 hp = g_htons (port);
299 memcpy (msg + len, &hp, 2);
307 * +----+-----+-------+------+----------+----------+
308 * |VER | REP | RSV | ATYP | BND.ADDR | BND.PORT |
309 * +----+-----+-------+------+----------+----------+
310 * | 1 | 1 | X'00' | 1 | Variable | 2 |
311 * +----+-----+-------+------+----------+----------+
312 * This reply need to be read by small part to determin size. Buffer
313 * size is determined in function of the biggest part to read.
315 * The parser only requires 4 bytes.
317 #define SOCKS5_CONN_REP_LEN 255
319 parse_connect_reply (const guint8 *data, gint *atype, GError **error)
321 if (data[0] != SOCKS5_VERSION)
323 g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_PROXY_FAILED,
324 _("The server is not a SOCKSv5 proxy server."));
330 case SOCKS5_REP_SUCCEEDED:
331 if (data[2] != SOCKS5_RESERVED)
333 g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_PROXY_FAILED,
334 _("The server is not a SOCKSv5 proxy server."));
340 case SOCKS5_ATYP_IPV4:
341 case SOCKS5_ATYP_IPV6:
342 case SOCKS5_ATYP_DOMAINNAME:
347 g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_PROXY_FAILED,
348 _("The SOCKSv5 proxy server uses unknown address type."));
353 case SOCKS5_REP_SRV_FAILURE:
354 g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_PROXY_FAILED,
355 _("Internal SOCKSv5 proxy server error."));
359 case SOCKS5_REP_NOT_ALLOWED:
360 g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_PROXY_NOT_ALLOWED,
361 _("SOCKSv5 connection not allowed by ruleset."));
365 case SOCKS5_REP_TTL_EXPIRED:
366 case SOCKS5_REP_HOST_UNREACH:
367 g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_HOST_UNREACHABLE,
368 _("Host unreachable through SOCKSv5 server."));
372 case SOCKS5_REP_NET_UNREACH:
373 g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_NETWORK_UNREACHABLE,
374 _("Network unreachable through SOCKSv5 proxy."));
378 case SOCKS5_REP_REFUSED:
379 g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_CONNECTION_REFUSED,
380 _("Connection refused through SOCKSv5 proxy."));
384 case SOCKS5_REP_CMD_NOT_SUP:
385 g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_PROXY_FAILED,
386 _("SOCKSv5 proxy does not support 'connect' command."));
390 case SOCKS5_REP_ATYPE_NOT_SUP:
391 g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_PROXY_FAILED,
392 _("SOCKSv5 proxy does not support provided address type."));
396 default: /* Unknown error */
397 g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_PROXY_FAILED,
398 _("Unknown SOCKSv5 proxy error."));
407 g_socks5_proxy_connect (GProxy *proxy,
408 GIOStream *io_stream,
409 GProxyAddress *proxy_address,
410 GCancellable *cancellable,
416 const gchar *hostname;
418 const gchar *username;
419 const gchar *password;
421 hostname = g_proxy_address_get_destination_hostname (proxy_address);
422 port = g_proxy_address_get_destination_port (proxy_address);
423 username = g_proxy_address_get_username (proxy_address);
424 password = g_proxy_address_get_password (proxy_address);
426 has_auth = username || password;
428 in = g_io_stream_get_input_stream (io_stream);
429 out = g_io_stream_get_output_stream (io_stream);
431 /* Send SOCKS5 handshake */
433 guint8 msg[SOCKS5_NEGO_MSG_LEN];
436 len = set_nego_msg (msg, has_auth);
438 if (!g_output_stream_write_all (out, msg, len, NULL,
443 /* Receive SOCKS5 response and reply with authentication if required */
445 guint8 data[SOCKS5_NEGO_REP_LEN];
446 gboolean must_auth = FALSE;
448 if (!g_input_stream_read_all (in, data, sizeof (data), NULL,
452 if (!parse_nego_reply (data, has_auth, &must_auth, error))
457 guint8 msg[SOCKS5_AUTH_MSG_LEN];
460 len = set_auth_msg (msg, username, password, error);
465 if (!g_output_stream_write_all (out, msg, len, NULL,
469 if (!g_input_stream_read_all (in, data, sizeof (data), NULL,
473 if (!check_auth_status (data, error))
478 /* Send SOCKS5 connection request */
480 guint8 msg[SOCKS5_CONN_MSG_LEN];
483 len = set_connect_msg (msg, hostname, port, error);
488 if (!g_output_stream_write_all (out, msg, len, NULL,
493 /* Read SOCKS5 response */
495 guint8 data[SOCKS5_CONN_REP_LEN];
498 if (!g_input_stream_read_all (in, data, 4, NULL,
502 if (!parse_connect_reply (data, &atype, error))
507 case SOCKS5_ATYP_IPV4:
508 if (!g_input_stream_read_all (in, data, 6, NULL,
513 case SOCKS5_ATYP_IPV6:
514 if (!g_input_stream_read_all (in, data, 18, NULL,
519 case SOCKS5_ATYP_DOMAINNAME:
520 if (!g_input_stream_read_all (in, data, 1, NULL,
523 if (!g_input_stream_read_all (in, data, data[0] + 2, NULL,
530 return g_object_ref (io_stream);
539 GIOStream *io_stream;
549 static void nego_msg_write_cb (GObject *source,
552 static void nego_reply_read_cb (GObject *source,
555 static void auth_msg_write_cb (GObject *source,
558 static void auth_reply_read_cb (GObject *source,
559 GAsyncResult *result,
561 static void send_connect_msg (GTask *task);
562 static void connect_msg_write_cb (GObject *source,
563 GAsyncResult *result,
565 static void connect_reply_read_cb (GObject *source,
566 GAsyncResult *result,
568 static void connect_addr_len_read_cb (GObject *source,
569 GAsyncResult *result,
571 static void connect_addr_read_cb (GObject *source,
572 GAsyncResult *result,
576 free_connect_data (ConnectAsyncData *data)
578 g_object_unref (data->io_stream);
580 g_free (data->hostname);
581 g_free (data->username);
582 g_free (data->password);
583 g_free (data->buffer);
585 g_slice_free (ConnectAsyncData, data);
589 do_read (GAsyncReadyCallback callback, GTask *task, ConnectAsyncData *data)
592 in = g_io_stream_get_input_stream (data->io_stream);
593 g_input_stream_read_async (in,
594 data->buffer + data->offset,
595 data->length - data->offset,
596 g_task_get_priority (task),
597 g_task_get_cancellable (task),
602 do_write (GAsyncReadyCallback callback, GTask *task, ConnectAsyncData *data)
605 out = g_io_stream_get_output_stream (data->io_stream);
606 g_output_stream_write_async (out,
607 data->buffer + data->offset,
608 data->length - data->offset,
609 g_task_get_priority (task),
610 g_task_get_cancellable (task),
615 g_socks5_proxy_connect_async (GProxy *proxy,
616 GIOStream *io_stream,
617 GProxyAddress *proxy_address,
618 GCancellable *cancellable,
619 GAsyncReadyCallback callback,
623 ConnectAsyncData *data;
625 data = g_slice_new0 (ConnectAsyncData);
626 data->io_stream = g_object_ref (io_stream);
628 task = g_task_new (proxy, cancellable, callback, user_data);
629 g_task_set_task_data (task, data, (GDestroyNotify) free_connect_data);
631 g_object_get (G_OBJECT (proxy_address),
632 "destination-hostname", &data->hostname,
633 "destination-port", &data->port,
634 "username", &data->username,
635 "password", &data->password,
638 data->buffer = g_malloc0 (SOCKS5_NEGO_MSG_LEN);
639 data->length = set_nego_msg (data->buffer,
640 data->username || data->password);
643 do_write (nego_msg_write_cb, task, data);
648 nego_msg_write_cb (GObject *source,
652 GTask *task = user_data;
653 ConnectAsyncData *data = g_task_get_task_data (task);
654 GError *error = NULL;
657 written = g_output_stream_write_finish (G_OUTPUT_STREAM (source),
662 g_task_return_error (task, error);
663 g_object_unref (task);
667 data->offset += written;
669 if (data->offset == data->length)
671 g_free (data->buffer);
673 data->buffer = g_malloc0 (SOCKS5_NEGO_REP_LEN);
674 data->length = SOCKS5_NEGO_REP_LEN;
677 do_read (nego_reply_read_cb, task, data);
681 do_write (nego_msg_write_cb, task, data);
686 nego_reply_read_cb (GObject *source,
690 GTask *task = user_data;
691 ConnectAsyncData *data = g_task_get_task_data (task);
692 GError *error = NULL;
695 read = g_input_stream_read_finish (G_INPUT_STREAM (source),
700 g_task_return_error (task, error);
701 g_object_unref (task);
705 data->offset += read;
707 if (data->offset == data->length)
709 GError *error = NULL;
710 gboolean must_auth = FALSE;
711 gboolean has_auth = data->username || data->password;
713 if (!parse_nego_reply (data->buffer, has_auth, &must_auth, &error))
715 g_task_return_error (task, error);
716 g_object_unref (task);
722 g_free (data->buffer);
724 data->buffer = g_malloc0 (SOCKS5_AUTH_MSG_LEN);
725 data->length = set_auth_msg (data->buffer,
731 if (data->length < 0)
733 g_task_return_error (task, error);
734 g_object_unref (task);
738 do_write (auth_msg_write_cb, task, data);
742 send_connect_msg (task);
747 do_read (nego_reply_read_cb, task, data);
752 auth_msg_write_cb (GObject *source,
753 GAsyncResult *result,
756 GTask *task = user_data;
757 ConnectAsyncData *data = g_task_get_task_data (task);
758 GError *error = NULL;
761 written = g_output_stream_write_finish (G_OUTPUT_STREAM (source),
766 g_task_return_error (task, error);
767 g_object_unref (task);
771 data->offset += written;
773 if (data->offset == data->length)
775 g_free (data->buffer);
777 data->buffer = g_malloc0 (SOCKS5_NEGO_REP_LEN);
778 data->length = SOCKS5_NEGO_REP_LEN;
781 do_read (auth_reply_read_cb, task, data);
785 do_write (auth_msg_write_cb, task, data);
790 auth_reply_read_cb (GObject *source,
791 GAsyncResult *result,
794 GTask *task = user_data;
795 ConnectAsyncData *data = g_task_get_task_data (task);
796 GError *error = NULL;
799 read = g_input_stream_read_finish (G_INPUT_STREAM (source),
804 g_task_return_error (task, error);
805 g_object_unref (task);
809 data->offset += read;
811 if (data->offset == data->length)
813 if (!check_auth_status (data->buffer, &error))
815 g_task_return_error (task, error);
816 g_object_unref (task);
820 send_connect_msg (task);
824 do_read (auth_reply_read_cb, task, data);
829 send_connect_msg (GTask *task)
831 ConnectAsyncData *data = g_task_get_task_data (task);
832 GError *error = NULL;
834 g_free (data->buffer);
836 data->buffer = g_malloc0 (SOCKS5_CONN_MSG_LEN);
837 data->length = set_connect_msg (data->buffer,
843 if (data->length < 0)
845 g_task_return_error (task, error);
846 g_object_unref (task);
850 do_write (connect_msg_write_cb, task, data);
854 connect_msg_write_cb (GObject *source,
855 GAsyncResult *result,
858 GTask *task = user_data;
859 ConnectAsyncData *data = g_task_get_task_data (task);
860 GError *error = NULL;
863 written = g_output_stream_write_finish (G_OUTPUT_STREAM (source),
868 g_task_return_error (task, error);
869 g_object_unref (task);
873 data->offset += written;
875 if (data->offset == data->length)
877 g_free (data->buffer);
879 data->buffer = g_malloc0 (SOCKS5_CONN_REP_LEN);
883 do_read (connect_reply_read_cb, task, data);
887 do_write (connect_msg_write_cb, task, data);
892 connect_reply_read_cb (GObject *source,
893 GAsyncResult *result,
896 GTask *task = user_data;
897 ConnectAsyncData *data = g_task_get_task_data (task);
898 GError *error = NULL;
901 read = g_input_stream_read_finish (G_INPUT_STREAM (source),
906 g_task_return_error (task, error);
907 g_object_unref (task);
911 data->offset += read;
913 if (data->offset == data->length)
917 if (!parse_connect_reply (data->buffer, &atype, &error))
919 g_task_return_error (task, error);
920 g_object_unref (task);
926 case SOCKS5_ATYP_IPV4:
929 do_read (connect_addr_read_cb, task, data);
932 case SOCKS5_ATYP_IPV6:
935 do_read (connect_addr_read_cb, task, data);
938 case SOCKS5_ATYP_DOMAINNAME:
941 do_read (connect_addr_len_read_cb, task, data);
947 do_read (connect_reply_read_cb, task, data);
952 connect_addr_len_read_cb (GObject *source,
953 GAsyncResult *result,
956 GTask *task = user_data;
957 ConnectAsyncData *data = g_task_get_task_data (task);
958 GError *error = NULL;
961 read = g_input_stream_read_finish (G_INPUT_STREAM (source),
966 g_task_return_error (task, error);
967 g_object_unref (task);
971 data->length = data->buffer[0] + 2;
974 do_read (connect_addr_read_cb, task, data);
978 connect_addr_read_cb (GObject *source,
979 GAsyncResult *result,
982 GTask *task = user_data;
983 ConnectAsyncData *data = g_task_get_task_data (task);
984 GError *error = NULL;
987 read = g_input_stream_read_finish (G_INPUT_STREAM (source),
992 g_task_return_error (task, error);
993 g_object_unref (task);
997 data->offset += read;
999 if (data->offset == data->length)
1001 g_task_return_pointer (task, g_object_ref (data->io_stream), g_object_unref);
1002 g_object_unref (task);
1007 do_read (connect_reply_read_cb, task, data);
1012 g_socks5_proxy_connect_finish (GProxy *proxy,
1013 GAsyncResult *result,
1016 return g_task_propagate_pointer (G_TASK (result), error);
1020 g_socks5_proxy_supports_hostname (GProxy *proxy)
1026 g_socks5_proxy_class_init (GSocks5ProxyClass *class)
1028 GObjectClass *object_class;
1030 object_class = (GObjectClass *) class;
1031 object_class->finalize = g_socks5_proxy_finalize;
1035 g_socks5_proxy_iface_init (GProxyInterface *proxy_iface)
1037 proxy_iface->connect = g_socks5_proxy_connect;
1038 proxy_iface->connect_async = g_socks5_proxy_connect_async;
1039 proxy_iface->connect_finish = g_socks5_proxy_connect_finish;
1040 proxy_iface->supports_hostname = g_socks5_proxy_supports_hostname;
projects / platform / upstream / glib.git / blob