1 /* GIO - GLib Input, Output and Streaming Library
3 * Copyright (C) 2008, 2010 Collabora, Ltd.
4 * Copyright (C) 2008 Nokia Corporation. All rights reserved.
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General
17 * Public License along with this library; if not, write to the
18 * Free Software Foundation, Inc., 59 Temple Place, Suite 330,
19 * Boston, MA 02111-1307, USA.
21 * Author: Youness Alaoui <youness.alaoui@collabora.co.uk
24 * Nicolas Dufresne <nicolas.dufresne@collabora.co.uk>
29 #include "gsocks5proxy.h"
33 #include "giomodule.h"
34 #include "giomodule-priv.h"
35 #include "giostream.h"
36 #include "ginetaddress.h"
37 #include "ginputstream.h"
39 #include "goutputstream.h"
41 #include "gproxyaddress.h"
42 #include "gsimpleasyncresult.h"
44 #define SOCKS5_VERSION 0x05
46 #define SOCKS5_CMD_CONNECT 0x01
47 #define SOCKS5_CMD_BIND 0x02
48 #define SOCKS5_CMD_UDP_ASSOCIATE 0x03
50 #define SOCKS5_ATYP_IPV4 0x01
51 #define SOCKS5_ATYP_DOMAINNAME 0x03
52 #define SOCKS5_ATYP_IPV6 0x04
54 #define SOCKS5_AUTH_VERSION 0x01
56 #define SOCKS5_AUTH_NONE 0x00
57 #define SOCKS5_AUTH_GSSAPI 0x01
58 #define SOCKS5_AUTH_USR_PASS 0x02
59 #define SOCKS5_AUTH_NO_ACCEPT 0xff
61 #define SOCKS5_MAX_LEN 255
62 #define SOCKS5_RESERVED 0x00
64 #define SOCKS5_REP_SUCCEEDED 0x00
65 #define SOCKS5_REP_SRV_FAILURE 0x01
66 #define SOCKS5_REP_NOT_ALLOWED 0x02
67 #define SOCKS5_REP_NET_UNREACH 0x03
68 #define SOCKS5_REP_HOST_UNREACH 0x04
69 #define SOCKS5_REP_REFUSED 0x05
70 #define SOCKS5_REP_TTL_EXPIRED 0x06
71 #define SOCKS5_REP_CMD_NOT_SUP 0x07
72 #define SOCKS5_REP_ATYPE_NOT_SUP 0x08
80 struct _GSocks5ProxyClass
82 GObjectClass parent_class;
85 static void g_socks5_proxy_iface_init (GProxyInterface *proxy_iface);
87 #define g_socks5_proxy_get_type _g_socks5_proxy_get_type
88 G_DEFINE_TYPE_WITH_CODE (GSocks5Proxy, g_socks5_proxy, G_TYPE_OBJECT,
89 G_IMPLEMENT_INTERFACE (G_TYPE_PROXY,
90 g_socks5_proxy_iface_init)
91 _g_io_modules_ensure_extension_points_registered ();
92 g_io_extension_point_implement (G_PROXY_EXTENSION_POINT_NAME,
98 g_socks5_proxy_finalize (GObject *object)
101 G_OBJECT_CLASS (g_socks5_proxy_parent_class)->finalize (object);
105 g_socks5_proxy_init (GSocks5Proxy *proxy)
110 * +----+----------+----------+
111 * |VER | NMETHODS | METHODS |
112 * +----+----------+----------+
113 * | 1 | 1 | 1 to 255 |
114 * +----+----------+----------+
116 #define SOCKS5_NEGO_MSG_LEN 4
118 set_nego_msg (guint8 *msg, gboolean has_auth)
122 msg[0] = SOCKS5_VERSION;
123 msg[1] = 0x01; /* number of methods supported */
124 msg[2] = SOCKS5_AUTH_NONE;
126 /* add support for authentication method */
129 msg[1] = 0x02; /* number of methods supported */
130 msg[3] = SOCKS5_AUTH_USR_PASS;
145 #define SOCKS5_NEGO_REP_LEN 2
147 parse_nego_reply (const guint8 *data,
152 if (data[0] != SOCKS5_VERSION)
154 g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_PROXY_FAILED,
155 _("The server is not a SOCKSv5 proxy server."));
161 case SOCKS5_AUTH_NONE:
165 case SOCKS5_AUTH_USR_PASS:
168 g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_PROXY_NEED_AUTH,
169 _("The SOCKSv5 proxy requires authentication."));
175 case SOCKS5_AUTH_GSSAPI:
176 case SOCKS5_AUTH_NO_ACCEPT:
178 g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_PROXY_AUTH_FAILED,
179 _("The SOCKSv5 require an authentication method that is not "
180 "supported by GLib."));
188 #define SOCKS5_AUTH_MSG_LEN 515
190 set_auth_msg (guint8 *msg,
191 const gchar *username,
192 const gchar *password,
196 gint ulen = 0; /* username length */
197 gint plen = 0; /* Password length */
200 ulen = strlen (username);
203 plen = strlen (password);
205 if (ulen > SOCKS5_MAX_LEN || plen > SOCKS5_MAX_LEN)
207 g_set_error (error, G_IO_ERROR, G_IO_ERROR_PROXY_FAILED,
208 _("Username or password is too long for SOCKSv5 "
209 "protocol (max. is %i)."),
214 msg[len++] = SOCKS5_AUTH_VERSION;
218 memcpy (msg + len, username, ulen);
224 memcpy (msg + len, password, plen);
233 check_auth_status (const guint8 *data, GError **error)
235 if (data[0] != SOCKS5_VERSION
236 || data[1] != SOCKS5_REP_SUCCEEDED)
238 g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_PROXY_AUTH_FAILED,
239 _("SOCKSv5 authentication failed due to wrong "
240 "username or password."));
247 * +----+-----+-------+------+----------+----------+
248 * |VER | CMD | RSV | ATYP | DST.ADDR | DST.PORT |
249 * +----+-----+-------+------+----------+----------+
250 * | 1 | 1 | X'00' | 1 | Variable | 2 |
251 * +----+-----+-------+------+----------+----------+
252 * DST.ADDR is a string with first byte being the size. So DST.ADDR may not be
253 * longer then 256 bytes.
255 #define SOCKS5_CONN_MSG_LEN 262
257 set_connect_msg (guint8 *msg,
258 const gchar *hostname,
264 msg[len++] = SOCKS5_VERSION;
265 msg[len++] = SOCKS5_CMD_CONNECT;
266 msg[len++] = SOCKS5_RESERVED;
268 if (g_hostname_is_ip_address (hostname))
270 GInetAddress *addr = g_inet_address_new_from_string (hostname);
271 gsize addr_len = g_inet_address_get_native_size (addr);
273 /* We are cheating for simplicity, here's the logic:
274 * 1 = IPV4 = 4 bytes / 4
275 * 4 = IPV6 = 16 bytes / 4 */
276 msg[len++] = addr_len / 4;
277 memcpy (msg + len, g_inet_address_to_bytes (addr), addr_len);
280 g_object_unref (addr);
284 gsize host_len = strlen (hostname);
286 if (host_len > SOCKS5_MAX_LEN)
288 g_set_error (error, G_IO_ERROR, G_IO_ERROR_PROXY_FAILED,
289 _("Hostname '%s' too long for SOCKSv5 protocol "
290 "(maximum is %i bytes)"),
291 hostname, SOCKS5_MAX_LEN);
295 msg[len++] = SOCKS5_ATYP_DOMAINNAME;
296 msg[len++] = (guint8) host_len;
297 memcpy (msg + len, hostname, host_len);
302 guint16 hp = g_htons (port);
303 memcpy (msg + len, &hp, 2);
311 * +----+-----+-------+------+----------+----------+
312 * |VER | REP | RSV | ATYP | BND.ADDR | BND.PORT |
313 * +----+-----+-------+------+----------+----------+
314 * | 1 | 1 | X'00' | 1 | Variable | 2 |
315 * +----+-----+-------+------+----------+----------+
316 * This reply need to be read by small part to determin size. Buffer
317 * size is determined in function of the biggest part to read.
319 * The parser only requires 4 bytes.
321 #define SOCKS5_CONN_REP_LEN 255
323 parse_connect_reply (const guint8 *data, gint *atype, GError **error)
325 if (data[0] != SOCKS5_VERSION)
327 g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_PROXY_FAILED,
328 _("The server is not a SOCKSv5 proxy server."));
334 case SOCKS5_REP_SUCCEEDED:
335 if (data[2] != SOCKS5_RESERVED)
337 g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_PROXY_FAILED,
338 _("The server is not a SOCKSv5 proxy server."));
344 case SOCKS5_ATYP_IPV4:
345 case SOCKS5_ATYP_IPV6:
346 case SOCKS5_ATYP_DOMAINNAME:
351 g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_PROXY_FAILED,
352 _("The SOCKSv5 proxy server uses unkown address type."));
357 case SOCKS5_REP_SRV_FAILURE:
358 g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_PROXY_FAILED,
359 _("Internal SOCKSv5 proxy server error."));
363 case SOCKS5_REP_NOT_ALLOWED:
364 g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_PROXY_NOT_ALLOWED,
365 _("SOCKSv5 connection not allowed by ruleset."));
369 case SOCKS5_REP_TTL_EXPIRED:
370 case SOCKS5_REP_HOST_UNREACH:
371 g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_HOST_UNREACHABLE,
372 _("Host unreachable through SOCKSv5 server."));
376 case SOCKS5_REP_NET_UNREACH:
377 g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_NETWORK_UNREACHABLE,
378 _("Network unreachable through SOCKSv5 proxy."));
382 case SOCKS5_REP_REFUSED:
383 g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_CONNECTION_REFUSED,
384 _("Connection refused through SOCKSv5 proxy."));
388 case SOCKS5_REP_CMD_NOT_SUP:
389 g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_PROXY_FAILED,
390 _("SOCKSv5 proxy does not support 'connect' command."));
394 case SOCKS5_REP_ATYPE_NOT_SUP:
395 g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_PROXY_FAILED,
396 _("SOCKSv5 proxy does not support provided address type."));
400 default: /* Unknown error */
401 g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_PROXY_FAILED,
402 _("Unkown SOCKSv5 proxy error."));
411 g_socks5_proxy_connect (GProxy *proxy,
412 GIOStream *io_stream,
413 GProxyAddress *proxy_address,
414 GCancellable *cancellable,
420 const gchar *hostname;
422 const gchar *username;
423 const gchar *password;
425 hostname = g_proxy_address_get_destination_hostname (proxy_address);
426 port = g_proxy_address_get_destination_port (proxy_address);
427 username = g_proxy_address_get_username (proxy_address);
428 password = g_proxy_address_get_password (proxy_address);
430 has_auth = username || password;
432 in = g_io_stream_get_input_stream (io_stream);
433 out = g_io_stream_get_output_stream (io_stream);
435 /* Send SOCKS5 handshake */
437 guint8 msg[SOCKS5_NEGO_MSG_LEN];
440 len = set_nego_msg (msg, has_auth);
442 if (!g_output_stream_write_all (out, msg, len, NULL,
447 /* Recieve SOCKS5 response and reply with authentication if required */
449 guint8 data[SOCKS5_NEGO_REP_LEN];
450 gboolean must_auth = FALSE;
452 if (!g_input_stream_read_all (in, data, sizeof (data), NULL,
456 if (!parse_nego_reply (data, has_auth, &must_auth, error))
461 guint8 msg[SOCKS5_AUTH_MSG_LEN];
464 len = set_auth_msg (msg, username, password, error);
469 if (!g_output_stream_write_all (out, msg, len, NULL,
473 if (!g_input_stream_read_all (in, data, sizeof (data), NULL,
477 if (!check_auth_status (data, error))
482 /* Send SOCKS5 connection request */
484 guint8 msg[SOCKS5_CONN_MSG_LEN];
487 len = set_connect_msg (msg, hostname, port, error);
492 if (!g_output_stream_write_all (out, msg, len, NULL,
497 /* Read SOCKS5 response */
499 guint8 data[SOCKS5_CONN_REP_LEN];
502 if (!g_input_stream_read_all (in, data, 4, NULL,
506 if (!parse_connect_reply (data, &atype, error))
511 case SOCKS5_ATYP_IPV4:
512 if (!g_input_stream_read_all (in, data, 6, NULL,
517 case SOCKS5_ATYP_IPV6:
518 if (!g_input_stream_read_all (in, data, 18, NULL,
523 case SOCKS5_ATYP_DOMAINNAME:
524 if (!g_input_stream_read_all (in, data, 1, NULL,
527 if (!g_input_stream_read_all (in, data, data[0] + 2, NULL,
534 return g_object_ref (io_stream);
543 GSimpleAsyncResult *simple;
544 GIOStream *io_stream;
552 GCancellable *cancellable;
555 static void nego_msg_write_cb (GObject *source,
558 static void nego_reply_read_cb (GObject *source,
561 static void auth_msg_write_cb (GObject *source,
564 static void auth_reply_read_cb (GObject *source,
565 GAsyncResult *result,
567 static void send_connect_msg (ConnectAsyncData *data);
568 static void connect_msg_write_cb (GObject *source,
569 GAsyncResult *result,
571 static void connect_reply_read_cb (GObject *source,
572 GAsyncResult *result,
574 static void connect_addr_len_read_cb (GObject *source,
575 GAsyncResult *result,
577 static void connect_addr_read_cb (GObject *source,
578 GAsyncResult *result,
582 free_connect_data (ConnectAsyncData *data)
585 g_object_unref (data->io_stream);
587 g_free (data->hostname);
588 g_free (data->username);
589 g_free (data->password);
590 g_free (data->buffer);
592 if (data->cancellable)
593 g_object_unref (data->cancellable);
595 g_slice_free (ConnectAsyncData, data);
599 complete_async_from_error (ConnectAsyncData *data, GError *error)
601 GSimpleAsyncResult *simple = data->simple;
602 g_simple_async_result_set_from_error (data->simple,
604 g_error_free (error);
605 g_simple_async_result_set_op_res_gpointer (simple, NULL, NULL);
606 g_simple_async_result_complete (simple);
607 g_object_unref (simple);
611 do_read (GAsyncReadyCallback callback, ConnectAsyncData *data)
614 in = g_io_stream_get_input_stream (data->io_stream);
615 g_input_stream_read_async (in,
616 data->buffer + data->offset,
617 data->length - data->offset,
618 G_PRIORITY_DEFAULT, data->cancellable,
623 do_write (GAsyncReadyCallback callback, ConnectAsyncData *data)
626 out = g_io_stream_get_output_stream (data->io_stream);
627 g_output_stream_write_async (out,
628 data->buffer + data->offset,
629 data->length - data->offset,
630 G_PRIORITY_DEFAULT, data->cancellable,
635 g_socks5_proxy_connect_async (GProxy *proxy,
636 GIOStream *io_stream,
637 GProxyAddress *proxy_address,
638 GCancellable *cancellable,
639 GAsyncReadyCallback callback,
642 GSimpleAsyncResult *simple;
643 ConnectAsyncData *data;
645 simple = g_simple_async_result_new (G_OBJECT (proxy),
647 g_socks5_proxy_connect_async);
649 data = g_slice_new0 (ConnectAsyncData);
651 data->simple = simple;
652 data->io_stream = g_object_ref (io_stream);
655 data->cancellable = g_object_ref (cancellable);
657 g_object_get (G_OBJECT (proxy_address),
658 "destination-hostname", &data->hostname,
659 "destination-port", &data->port,
660 "username", &data->username,
661 "password", &data->password,
664 g_simple_async_result_set_op_res_gpointer (simple, data,
665 (GDestroyNotify) free_connect_data);
667 data->buffer = g_malloc0 (SOCKS5_NEGO_MSG_LEN);
668 data->length = set_nego_msg (data->buffer,
669 data->username || data->password);
672 do_write (nego_msg_write_cb, data);
677 nego_msg_write_cb (GObject *source,
681 GError *error = NULL;
682 ConnectAsyncData *data = user_data;
685 written = g_output_stream_write_finish (G_OUTPUT_STREAM (source),
690 complete_async_from_error (data, error);
694 data->offset += written;
696 if (data->offset == data->length)
698 g_free (data->buffer);
700 data->buffer = g_malloc0 (SOCKS5_NEGO_REP_LEN);
701 data->length = SOCKS5_NEGO_REP_LEN;
704 do_read (nego_reply_read_cb, data);
708 do_write (nego_msg_write_cb, data);
713 nego_reply_read_cb (GObject *source,
717 GError *error = NULL;
718 ConnectAsyncData *data = user_data;
721 read = g_input_stream_read_finish (G_INPUT_STREAM (source),
726 complete_async_from_error (data, error);
730 data->offset += read;
732 if (data->offset == data->length)
735 gboolean must_auth = FALSE;
736 gboolean has_auth = data->username || data->password;
738 if (!parse_nego_reply (data->buffer, has_auth, &must_auth, &error))
740 complete_async_from_error (data, error);
746 g_free (data->buffer);
748 data->buffer = g_malloc0 (SOCKS5_AUTH_MSG_LEN);
749 data->length = set_auth_msg (data->buffer,
755 if (data->length < 0)
757 complete_async_from_error (data, error);
761 do_write (auth_msg_write_cb, data);
765 send_connect_msg (data);
770 do_read (nego_reply_read_cb, data);
775 auth_msg_write_cb (GObject *source,
776 GAsyncResult *result,
779 GError *error = NULL;
780 ConnectAsyncData *data = user_data;
783 written = g_output_stream_write_finish (G_OUTPUT_STREAM (source),
788 complete_async_from_error (data, error);
792 data->offset += written;
794 if (data->offset == data->length)
796 g_free (data->buffer);
798 data->buffer = g_malloc0 (SOCKS5_NEGO_REP_LEN);
799 data->length = SOCKS5_NEGO_REP_LEN;
802 do_read (auth_reply_read_cb, data);
806 do_write (auth_msg_write_cb, data);
811 auth_reply_read_cb (GObject *source,
812 GAsyncResult *result,
815 GError *error = NULL;
816 ConnectAsyncData *data = user_data;
819 read = g_input_stream_read_finish (G_INPUT_STREAM (source),
824 complete_async_from_error (data, error);
828 data->offset += read;
830 if (data->offset == data->length)
832 if (!check_auth_status (data->buffer, &error))
834 complete_async_from_error (data, error);
838 send_connect_msg (data);
842 do_read (auth_reply_read_cb, data);
847 send_connect_msg (ConnectAsyncData *data)
849 GError *error = NULL;
851 g_free (data->buffer);
853 data->buffer = g_malloc0 (SOCKS5_CONN_MSG_LEN);
854 data->length = set_connect_msg (data->buffer,
860 if (data->length < 0)
862 complete_async_from_error (data, error);
866 do_write (connect_msg_write_cb, data);
870 connect_msg_write_cb (GObject *source,
871 GAsyncResult *result,
874 GError *error = NULL;
875 ConnectAsyncData *data = user_data;
878 written = g_output_stream_write_finish (G_OUTPUT_STREAM (source),
883 complete_async_from_error (data, error);
887 data->offset += written;
889 if (data->offset == data->length)
891 g_free (data->buffer);
893 data->buffer = g_malloc0 (SOCKS5_CONN_REP_LEN);
897 do_read (connect_reply_read_cb, data);
901 do_write (connect_msg_write_cb, data);
906 connect_reply_read_cb (GObject *source,
907 GAsyncResult *result,
910 GError *error = NULL;
911 ConnectAsyncData *data = user_data;
914 read = g_input_stream_read_finish (G_INPUT_STREAM (source),
919 complete_async_from_error (data, error);
923 data->offset += read;
925 if (data->offset == data->length)
929 if (!parse_connect_reply (data->buffer, &atype, &error))
931 complete_async_from_error (data, error);
937 case SOCKS5_ATYP_IPV4:
940 do_read (connect_addr_read_cb, data);
943 case SOCKS5_ATYP_IPV6:
946 do_read (connect_addr_read_cb, data);
949 case SOCKS5_ATYP_DOMAINNAME:
952 do_read (connect_addr_len_read_cb, data);
958 do_read (connect_reply_read_cb, data);
963 connect_addr_len_read_cb (GObject *source,
964 GAsyncResult *result,
967 GError *error = NULL;
968 ConnectAsyncData *data = user_data;
971 read = g_input_stream_read_finish (G_INPUT_STREAM (source),
976 complete_async_from_error (data, error);
980 data->length = data->buffer[0] + 2;
983 do_read (connect_addr_read_cb, data);
987 connect_addr_read_cb (GObject *source,
988 GAsyncResult *result,
991 GError *error = NULL;
992 ConnectAsyncData *data = user_data;
995 read = g_input_stream_read_finish (G_INPUT_STREAM (source),
1000 complete_async_from_error (data, error);
1004 data->offset += read;
1006 if (data->offset == data->length)
1008 GSimpleAsyncResult *simple = data->simple;
1009 g_simple_async_result_complete (simple);
1010 g_object_unref (simple);
1014 do_read (connect_reply_read_cb, data);
1019 g_socks5_proxy_connect_finish (GProxy *proxy,
1020 GAsyncResult *result,
1023 GSimpleAsyncResult *simple = G_SIMPLE_ASYNC_RESULT (result);
1024 ConnectAsyncData *data = g_simple_async_result_get_op_res_gpointer (simple);
1026 if (g_simple_async_result_propagate_error (simple, error))
1029 return g_object_ref (data->io_stream);
1033 g_socks5_proxy_supports_hostname (GProxy *proxy)
1039 g_socks5_proxy_class_init (GSocks5ProxyClass *class)
1041 GObjectClass *object_class;
1043 object_class = (GObjectClass *) class;
1044 object_class->finalize = g_socks5_proxy_finalize;
1048 g_socks5_proxy_iface_init (GProxyInterface *proxy_iface)
1050 proxy_iface->connect = g_socks5_proxy_connect;
1051 proxy_iface->connect_async = g_socks5_proxy_connect_async;
1052 proxy_iface->connect_finish = g_socks5_proxy_connect_finish;
1053 proxy_iface->supports_hostname = g_socks5_proxy_supports_hostname;
projects / platform / upstream / glib.git / blob