diff options
| author | Joshua Judson Rosen | 2015-02-17 00:37:08 -0500 |
|---|---|---|
| committer | Joshua Judson Rosen | 2015-02-17 00:37:08 -0500 |
| commit | 714aebccbd7a4ab6ec0964d4580efd49171ba140 (patch) | |
| tree | e71ac66a95848b1c0e8f47ea7d3df0e54c052d48 | |
| parent | Nix mysleep(). (diff) | |
| download | apf-714aebccbd7a4ab6ec0964d4580efd49171ba140.tar.gz | |
Remove HTTP proxy support.
There are plenty of popular, readily-available external tools
that, frankly, provide better options for going through proxies--
both of the HTTP variety and others (corkscrew, httptunnel, socat...);
and dropping our internal implementation results in a significant
reduction in code complexity--including the complete elimination
of multithreading and all of the worries that go along with it.
38 files changed, 54 insertions, 2708 deletions
@@ -36,14 +36,13 @@ INTRO 3.3.1 Users 3.3.2 Clients 3.4 Relay mode -4. HTTP PROXY TUNNELS -5. LOGGING -6. MODULES -7. MULTI TUNNELS -8. EXAMPLES - 8.1 tcp mode - 8.2 reverse udp mode -9. BUGS/PROBLEMS +4. LOGGING +5. MODULES +6. MULTI TUNNELS +7. EXAMPLES + 7.1 tcp mode + 7.2 reverse udp mode +8. BUGS/PROBLEMS NOTES @@ -177,10 +176,6 @@ Multiple clients allow to create more sophisticated tunneling scheme. -4, --ipv4 - use ipv4 only -6, --ipv6 - use ipv6 only - HTTP PROXY: - - -P, --enableproxy - enable http proxy mode - 2.2 afclient ------------ @@ -261,15 +256,6 @@ Multiple clients allow to create more sophisticated tunneling scheme. -l, --load - load a module for user's packets filtering -L, --Load - load a module for service's packets filtering - HTTP/HTTPS PROXY: - - -S, --use-https - use https proxy instead of http proxy - -P, --proxyname - the name of the machine with proxy server - -X, --proxyport - the port used by proxy server (default: 8080) - -C, --pa-cred U:P - the user (U) and password (P) used in proxy - authorization - -B, --pa-t-basic - the Basic type of proxy authorization (default) - ================================================================================ @@ -397,22 +383,8 @@ When user quits (close the connection or send 'quit' command), afclient exits. ================================================================================ -===================== -4. HTTP PROXY TUNNELS -===================== - -Afclient can communicate with afserver via HTTP proxy. In order to use this -feature, afserver must be started with '-P, --enableproxy' option. Afclient must -specify the proxy host ('-P, --proxyname' option) and port ('-X, --proxyport' -option). - -Afclient with HTTP proxy mode enabled can still accept connections from -afclients, which don't use HTTP proxy mode. - -================================================================================ - ========== -5. LOGGING +4. LOGGING ========== Logging can be enabled by '-o, --log' option. The argument to this option must @@ -448,7 +420,7 @@ Where ================================================================================ ========== -6. MODULES +5. MODULES ========== Afclient can use external modules for user's packets filtering ('-l, --load') @@ -525,7 +497,7 @@ Modules have to be compiled with '-fPIC -shared' options. ================================================================================ ================ -7. MULTI TUNNELS +6. MULTI TUNNELS ================ Since version 0.8 it's possible to transfer multiple tunnels in the one @@ -542,10 +514,10 @@ transferred to the destination pointed by the second '-p' option. ================================================================================ =========== -8. EXAMPLES +7. EXAMPLES =========== - 8.1 tcp mode + 7.1 tcp mode ------------ local network |FireWall| Internet @@ -594,7 +566,7 @@ on our computer and we are behind a masquerade or a firewall: 6) We can now enter with a web-browser to: <name of the server>:50127 and we will enter to our computer in the fact. - 8.2 reverse udp mode + 7.2 reverse udp mode -------------------- local network |FireWall| Internet @@ -633,7 +605,7 @@ server on our computer (udp port 27960 on our machine): ================================================================================ ================ -9. BUGS/PROBLEMS +8. BUGS/PROBLEMS ================ There are no known/open bugs at the moment. @@ -27,14 +27,13 @@ INTRO * 3.3.1 Users * 3.3.2 Clients * 3.4 Relay mode -4. HTTP PROXY TUNNELS -5. LOGGING -6. MODULES -7. MULTI TUNNELS -8. EXAMPLES - * 8.1 tcp mode - * 8.2 reverse udp mode -9. BUGS/PROBLEMS +4. LOGGING +5. MODULES +6. MULTI TUNNELS +7. EXAMPLES + * 7.1 tcp mode + * 7.2 reverse udp mode +8. BUGS/PROBLEMS NOTES @@ -156,10 +155,6 @@ Multiple clients allow to create more sophisticated tunneling scheme. -4, --ipv4 - use ipv4 only -6, --ipv6 - use ipv6 only - HTTP PROXY: - - -P, --enableproxy - enable http proxy mode - 2.2 afclient ------------ @@ -240,15 +235,6 @@ Multiple clients allow to create more sophisticated tunneling scheme. -l, --load - load a module for user's packets filtering -L, --Load - load a module for service's packets filtering - HTTP/HTTPS PROXY: - - -S, --use-https - use https proxy instead of http proxy - -P, --proxyname - the name of the machine with proxy server - -X, --proxyport - the port used by proxy server (default: 8080) - -C, --pa-cred U:P - the user (U) and password (P) used in proxy - authorization - -B, --pa-t-basic - the Basic type of proxy authorization (default) - ================================================================================ @@ -376,22 +362,8 @@ When user quits (close the connection or send 'quit' command), afclient exits. ================================================================================ -===================== -4. HTTP PROXY TUNNELS -===================== - -Afclient can communicate with afserver via HTTP proxy. In order to use this -feature, afserver must be started with '-P, --enableproxy' option. Afclient must -specify the proxy host ('-P, --proxyname' option) and port ('-X, --proxyport' -option). - -Afclient with HTTP proxy mode enabled can still accept connections from -afclients, which don't use HTTP proxy mode. - -================================================================================ - ========== -5. LOGGING +4. LOGGING ========== Logging can be enabled by '-o, --log' option. The argument to this option must @@ -427,7 +399,7 @@ Where ================================================================================ ========== -6. MODULES +5. MODULES ========== Afclient can use external modules for user's packets filtering ('-l, --load') @@ -504,7 +476,7 @@ Modules have to be compiled with '-fPIC -shared' options. ================================================================================ ================ -7. MULTI TUNNELS +6. MULTI TUNNELS ================ Since version 0.8 it's possible to transfer multiple tunnels in the one @@ -521,10 +493,10 @@ transferred to the destination pointed by the second '-p' option. ================================================================================ =========== -8. EXAMPLES +7. EXAMPLES =========== - 8.1 tcp mode + 7.1 tcp mode ------------ local network |FireWall| Internet @@ -573,7 +545,7 @@ on our computer and we are behind a masquerade or a firewall: 6) We can now enter with a web-browser to: <name of the server>:50127 and we will enter to our computer in the fact. - 8.2 reverse udp mode + 7.2 reverse udp mode -------------------- local network |FireWall| Internet @@ -612,7 +584,7 @@ server on our computer (udp port 27960 on our machine): ================================================================================ ================ -9. BUGS/PROBLEMS +8. BUGS/PROBLEMS ================ There are no known/open bugs at the moment. diff --git a/config.h.in b/config.h.in index c337350..69181e2 100644 --- a/config.h.in +++ b/config.h.in @@ -63,9 +63,6 @@ /* Define to 1 if you have the `nsl' library (-lnsl). */ #undef HAVE_LIBNSL -/* Define to 1 if you have the `pthread' library (-lpthread). */ -#undef HAVE_LIBPTHREAD - /* Define to 1 if you have the `socket' library (-lsocket). */ #undef HAVE_LIBSOCKET diff --git a/configure.ac b/configure.ac index 4d029fa..db59cae 100644 --- a/configure.ac +++ b/configure.ac @@ -66,7 +66,6 @@ AC_CHECK_LIB([dl], [dlopen], USE_RDYNAMIC="" ]) AC_SUBST(USE_RDYNAMIC) -AC_CHECK_LIB([pthread], [pthread_create], [], []) AC_CHECK_LIB([socket], [socket], [], []) AC_CHECK_LIB([nsl], [gethostbyaddr], [], []) AC_CHECK_LIB([crypto], [X509_sign], [], []) diff --git a/doc/afclient.1 b/doc/afclient.1 index 677ec7a..fc3fa7d 100644 --- a/doc/afclient.1 +++ b/doc/afclient.1 @@ -140,23 +140,6 @@ is running (required) .B -L, --Load load a module for service's packets filtering -.I HTTP/HTTPS PROXY - -.B -S, --use-https - use https proxy instead of http proxy - -.B -P, --proxyname - the name of the machine with proxy server - -.B -X, --proxyport - the port used by proxy server (default: 8080) - -.B -C, --pa-cred U:P - the user (U) and password (P) used in proxy authorization - -.B -B, --pa-t-basic - the Basic type of proxy authorization (default) - .SH "REMOTE ADMINISTRATION" Remote administration mode is enabled by diff --git a/doc/afclient.conf.5 b/doc/afclient.conf.5 index 4f8a5c6..903be32 100644 --- a/doc/afclient.conf.5 +++ b/doc/afclient.conf.5 @@ -20,7 +20,7 @@ are ignored. Options from configuration file are taken before values from comman .IR --storefile , .IR --dateformat , .IR --ignorepkeys -and the options connected with http proxy and auto-reconnect support). When something is not declared, hard-coded values are used. +and the options connected with auto-reconnect support). When something is not declared, hard-coded values are used. .SH DESCRIPTION .B Afclient @@ -118,21 +118,6 @@ is running .B Load FILE load a module for service's packets filtering -.B use-https - use https proxy instead of http proxy - -.B proxyname NAME - the name of the machine with proxy server - -.B proxyport PORT - the port used by proxy server (default: 8080) - -.B pa-cred U:P - the user (U) and password (P) used in proxy authorization - -.B pa-t-basic - the Basic type of proxy authorization (default) - .SH "SEE ALSO" .BR afserver.conf (5), diff --git a/doc/afclient_example.conf b/doc/afclient_example.conf index d336ce3..aef4078 100644 --- a/doc/afclient_example.conf +++ b/doc/afclient_example.conf @@ -46,9 +46,3 @@ #load usermodule #load a module for user's packets filtering #Load servicemodule #load a module for service's packets filtering - -#use-https #use https proxy instead of http proxy -#proxyname httpproxy #the name of the machine with proxy server -#proxyport 8080 #the port used by proxy server (default: 8080) -#pa-cred user:password #the user (U) and password (P) used in proxy authorization -#pa-t-basic #the Basic type of proxy authorization (default) diff --git a/doc/afserver.1 b/doc/afserver.1 index 887d79b..a4fa66e 100644 --- a/doc/afserver.1 +++ b/doc/afserver.1 @@ -129,11 +129,6 @@ connects to it (default: 50126) .B -6, --ipv6 use ipv6 only -.I HTTP PROXY - -.B -P, --enableproxy - enable http proxy mode - .SH "REMOTE ADMINISTRATION" Currently available commands are: diff --git a/doc/afserver.conf.5 b/doc/afserver.conf.5 index c62e105..51090c1 100644 --- a/doc/afserver.conf.5 +++ b/doc/afserver.conf.5 @@ -116,9 +116,6 @@ commands. .B ipv6 use ipv6 only -.B enableproxy - enable http proxy mode - .SH "SEE ALSO" .BR afclient.conf (5), diff --git a/doc/afserver_example.conf b/doc/afserver_example.conf index 8bdafa6..02f920d 100644 --- a/doc/afserver_example.conf +++ b/doc/afserver_example.conf @@ -46,7 +46,6 @@ manageport 50126 #portnumber on which server is listening for afclient #dnslookups #try to obtain dns names of the computers #ipv4 #use ipv4 only #ipv6 #use ipv6 only -#enableproxy #enable http proxy mode #cacerfile filename #the name of the file with CA certificates # (if used, require clients to have valid certificates) #cerdepth #the maximum depth of valid certificate-chains diff --git a/doc/en/README b/doc/en/README index e9f5b20..a1952f4 100644 --- a/doc/en/README +++ b/doc/en/README @@ -36,14 +36,13 @@ INTRO 3.3.1 Users 3.3.2 Clients 3.4 Relay mode -4. HTTP PROXY TUNNELS -5. LOGGING -6. MODULES -7. MULTI TUNNELS -8. EXAMPLES - 8.1 tcp mode - 8.2 reverse udp mode -9. BUGS/PROBLEMS +4. LOGGING +5. MODULES +6. MULTI TUNNELS +7. EXAMPLES + 7.1 tcp mode + 7.2 reverse udp mode +8. BUGS/PROBLEMS NOTES @@ -177,10 +176,6 @@ Multiple clients allow to create more sophisticated tunneling scheme. -4, --ipv4 - use ipv4 only -6, --ipv6 - use ipv6 only - HTTP PROXY: - - -P, --enableproxy - enable http proxy mode - 2.2 afclient ------------ @@ -261,15 +256,6 @@ Multiple clients allow to create more sophisticated tunneling scheme. -l, --load - load a module for user's packets filtering -L, --Load - load a module for service's packets filtering - HTTP/HTTPS PROXY: - - -S, --use-https - use https proxy instead of http proxy - -P, --proxyname - the name of the machine with proxy server - -X, --proxyport - the port used by proxy server (default: 8080) - -C, --pa-cred U:P - the user (U) and password (P) used in proxy - authorization - -B, --pa-t-basic - the Basic type of proxy authorization (default) - ================================================================================ @@ -397,22 +383,8 @@ When user quits (close the connection or send 'quit' command), afclient exits. ================================================================================ -===================== -4. HTTP PROXY TUNNELS -===================== - -Afclient can communicate with afserver via HTTP proxy. In order to use this -feature, afserver must be started with '-P, --enableproxy' option. Afclient must -specify the proxy host ('-P, --proxyname' option) and port ('-X, --proxyport' -option). - -Afclient with HTTP proxy mode enabled can still accept connections from -afclients, which don't use HTTP proxy mode. - -================================================================================ - ========== -5. LOGGING +4. LOGGING ========== Logging can be enabled by '-o, --log' option. The argument to this option must @@ -448,7 +420,7 @@ Where ================================================================================ ========== -6. MODULES +5. MODULES ========== Afclient can use external modules for user's packets filtering ('-l, --load') @@ -525,7 +497,7 @@ Modules have to be compiled with '-fPIC -shared' options. ================================================================================ ================ -7. MULTI TUNNELS +6. MULTI TUNNELS ================ Since version 0.8 it's possible to transfer multiple tunnels in the one @@ -542,10 +514,10 @@ transferred to the destination pointed by the second '-p' option. ================================================================================ =========== -8. EXAMPLES +7. EXAMPLES =========== - 8.1 tcp mode + 7.1 tcp mode ------------ local network |FireWall| Internet @@ -594,7 +566,7 @@ on our computer and we are behind a masquerade or a firewall: 6) We can now enter with a web-browser to: <name of the server>:50127 and we will enter to our computer in the fact. - 8.2 reverse udp mode + 7.2 reverse udp mode -------------------- local network |FireWall| Internet @@ -633,7 +605,7 @@ server on our computer (udp port 27960 on our machine): ================================================================================ ================ -9. BUGS/PROBLEMS +8. BUGS/PROBLEMS ================ There are no known/open bugs at the moment. diff --git a/src/Makefile.am b/src/Makefile.am index b385b15..48c6934 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -2,8 +2,8 @@ bin_PROGRAMS = afserver afclient afserver_SOURCES = afserver.c network.c file.c stats.c buf_list_node_struct.c buf_list_struct.c \ server_remoteadmin.c server_check.c server_set.c server_eval.c server_find.c \ server_remove.c make_ssl_handshake.c first_run.c inet_ntop.c realmnames.c \ - clientnames.c usernames.c http_proxy_functions.c http_proxy_server.c server_get.c \ - thread_management.c server_signals.c usage.c logging.c daemon.c ssl_fd_struct.c \ + clientnames.c usernames.c server_get.c \ + server_signals.c usage.c logging.c daemon.c ssl_fd_struct.c \ user_stats_struct.c usr_cli_struct.c connect_user_struct.c string_functions.c \ audit_list_node_struct.c audit_list_struct.c connect_client_struct.c timeval_functions.c \ header_buffer_struct.c server_realm_struct.c server_configuration_struct.c file_server.c \ @@ -11,8 +11,7 @@ afserver_SOURCES = afserver.c network.c file.c stats.c buf_list_node_struct.c bu afclient_LDFLAGS = ${USE_RDYNAMIC} afclient_SOURCES = afclient.c network.c file.c stats.c buf_list_node_struct.c buf_list_struct.c \ module_struct.c client_remoteadmin.c make_ssl_handshake.c first_run.c inet_ntop.c \ - http_proxy_functions.c http_proxy_client.c http_proxy_options_struct.c \ - thread_management.c client_reverse_udp.c server_check.c client_initialization.c \ + client_reverse_udp.c server_check.c client_initialization.c \ client_shutdown.c client_signals.c usage.c logging.c daemon.c base64.c ssl_routines.c \ connect_user_struct.c user_stats_struct.c string_functions.c ar_options_struct.c \ audit_list_node_struct.c audit_list_struct.c ssl_fd_struct.c timeval_functions.c \ diff --git a/src/afclient.c b/src/afclient.c index e99598d..3364529 100644 --- a/src/afclient.c +++ b/src/afclient.c @@ -19,6 +19,7 @@ */ #include <config.h> +#include <unistd.h> #include "afclient.h" @@ -51,13 +52,6 @@ static struct option long_options[] = { {"id", 1, 0, 'i'}, {"dateformat", 1, 0, 'D'}, {"remoteadmin", 0, 0, 'r'}, -#ifdef HAVE_LIBPTHREAD - {"use-https", 0, 0, 'S'}, - {"proxyname", 1, 0, 'P'}, - {"proxyport", 1, 0, 'X'}, - {"pa-t-basic", 0, 0, 'B'}, - {"pa-cred", 1, 0, 'C'}, -#endif {"version", 0, 0, 'V'}, {"keep-alive", 1, 0, 'K'}, {"ar-tries", 1, 0, 'A'}, @@ -95,8 +89,6 @@ main(int argc, char **argv) fd_set rset, allset, wset, tmpset; struct timeval keepAlive; char verbose = 0; - HttpProxyOptions* hpo = HttpProxyOptions_new(); - char hpoUsed = 0; ArOptions* ao = ArOptions_new(); ClientRealm* pointer; char aoUsed = 0; @@ -133,13 +125,6 @@ main(int argc, char **argv) * initialization */ -#ifdef HAVE_LIBPTHREAD - if (hpo == NULL) { - printf("Problems with memory allocation... exiting\n"); - exit(1); - } -#endif - if (ao == NULL) { printf("Problems with memory allocation... exiting\n"); exit(1); @@ -162,20 +147,11 @@ main(int argc, char **argv) act.sa_handler = client_sig_alrm; sigaction(SIGALRM, &act, NULL); -#ifdef HAVE_LIBPTHREAD - remember_mainthread(); -#endif - #ifdef AF_INET6 #define GETOPT_LONG_AF_INET6(x) "46"x #else #define GETOPT_LONG_AF_INET6(x) x #endif -#ifdef HAVE_LIBPTHREAD -#define GETOPT_LONG_LIBPTHREAD(x) "SP:X:BC:"x -#else -#define GETOPT_LONG_LIBPTHREAD(x) x -#endif #ifdef HAVE_LIBDL #define GETOPT_LONG_LIBDL(x) "l:L:"x #else @@ -183,8 +159,8 @@ main(int argc, char **argv) #endif while ((n = getopt_long(argc, argv, - GETOPT_LONG_LIBDL(GETOPT_LONG_LIBPTHREAD( - GETOPT_LONG_AF_INET6("huUn:m:d:p:vk:c:s:o:i:D:rP:X:VK:A:T:f:"))) + GETOPT_LONG_LIBDL( + GETOPT_LONG_AF_INET6("huUn:m:d:p:vk:c:s:o:i:D:rP:X:VK:A:T:f:")) , long_options, 0)) != -1) { switch (n) { case 'h': { @@ -195,33 +171,6 @@ main(int argc, char **argv) serverName = optarg; break; } -#ifdef HAVE_LIBPTHREAD - case 'S': { - HttpProxyOptions_use_https(hpo); - hpoUsed = 1; - break; - } - case 'P': { - HttpProxyOptions_set_proxyname(hpo, optarg); - hpoUsed = 1; - break; - } - case 'X': { - HttpProxyOptions_set_proxyport(hpo, optarg); - hpoUsed = 1; - break; - } - case 'B': { - HttpProxyOptions_set_proxyauth_type(hpo, PROXYAUTH_TYPE_BASIC); - hpoUsed = 1; - break; - } - case 'C': { - HttpProxyOptions_set_proxyauth_cred(hpo, optarg); - hpoUsed = 1; - break; - } -#endif case 'i': { realmId = optarg; break; @@ -422,12 +371,6 @@ main(int argc, char **argv) "Working without sense is really without sense..."); exit(1); } - if (hpoUsed) { - ClientRealm_set_httpProxyOptions(pointer, hpo); - } - else { - HttpProxyOptions_free(&hpo); - } if (aoUsed) { ClientRealm_set_arOptions(pointer, ao); } @@ -531,7 +474,6 @@ main(int argc, char **argv) ClientRealm_set_hostName(pointer, hostName); ClientRealm_set_destinationPorts(pointer, destinationPorts); ClientRealm_set_realmId(pointer, realmId); - ClientRealm_set_httpProxyOptions(pointer, hpo); ClientRealm_set_arOptions(pointer, ao); ClientRealm_set_password(pointer, password); ClientRealm_set_localName(pointer, localName); @@ -587,22 +529,6 @@ main(int argc, char **argv) if (ClientRealm_get_clientMode(pointer) == CLIENTREALM_MODE_REVERSE) client_short_usage("Port on the server is required in reverse mode"); } -#ifdef HAVE_LIBPTHREAD - if ((HttpProxyOptions_get_proxyname(ClientRealm_get_httpProxyOptions(pointer))) || - (HttpProxyOptions_get_proxyport(ClientRealm_get_httpProxyOptions(pointer)))) { - if (ClientRealm_get_tunnelType(pointer) == CLIENTREALM_TUNNELTYPE_DIRECT) { - ClientRealm_set_tunnelType(pointer, CLIENTREALM_TUNNELTYPE_HTTPPROXY); - } - else { - ClientRealm_set_tunnelType(pointer, CLIENTREALM_TUNNELTYPE_UNKNOWN); - } - } - if (ClientRealm_get_tunnelType(pointer) == CLIENTREALM_TUNNELTYPE_HTTPPROXY) { - if (HttpProxyOptions_get_proxyport(ClientRealm_get_httpProxyOptions(pointer)) == NULL) { - HttpProxyOptions_set_proxyport(ClientRealm_get_httpProxyOptions(pointer), "8080"); - } - } -#endif if ((ClientRealm_get_clientMode(pointer) != CLIENTREALM_MODE_REVERSE) && (ClientRealm_get_clientMode(pointer) != CLIENTREALM_MODE_REMOTE) && (ClientRealm_get_hostName(pointer) == NULL)) { diff --git a/src/afclient.h b/src/afclient.h index 1be222d..c5888b3 100644 --- a/src/afclient.h +++ b/src/afclient.h @@ -26,13 +26,9 @@ #include "client_remoteadmin.h" #include "make_ssl_handshake.h" #include "first_run.h" -#include "http_proxy_client.h" -#include "thread_management.h" #include "client_reverse_udp.h" #include "server_check.h" #include "client_initialization.h" -#include "http_proxy_functions.h" -#include "http_proxy_options_struct.h" #include "client_shutdown.h" #include "client_signals.h" #include "usage.h" diff --git a/src/afserver.c b/src/afserver.c index 461f476..0da7e45 100644 --- a/src/afserver.c +++ b/src/afserver.c @@ -54,12 +54,6 @@ static struct option long_options[] = { {"baseport", 0, 0, 'b'}, {"dnslookups", 0, 0, 311}, {"dateformat", 1, 0, 'D'}, -#ifdef HAVE_LIBPTHREAD - {"enableproxy", 0, 0, 'P'}, - /* FIXME: don't need it now - {"use-https", 0, 0, 'S'}, - */ -#endif {"version", 0, 0, 'V'}, {0, 0, 0, 0} }; @@ -93,9 +87,6 @@ main(int argc, char **argv) unsigned char pass[4] = {1, 2, 3, 4}; char verbose = 0; char mode = 0; -#ifdef HAVE_LIBPTHREAD - char tunneltype = 0; -#endif char ipfam = 0; char baseport = 0; char audit = 0; @@ -133,27 +124,15 @@ main(int argc, char **argv) TYPE_SET_SSL(mode); TYPE_SET_ZLIB(mode); TYPE_SET_SUPPORTED_MULTI(mode); - -#ifdef HAVE_LIBPTHREAD - remember_mainthread(); -#endif #ifdef AF_INET6 #define GETOPT_LONG_AF_INET6(x) "46"x #else #define GETOPT_LONG_AF_INET6(x) x #endif -#ifdef HAVE_LIBPTHREAD -/* FIXME: 'S' option is not needed now -#define GETOPT_LONG_LIBPTHREAD(x) "PS"x -*/ -#define GETOPT_LONG_LIBPTHREAD(x) "P"x -#else -#define GETOPT_LONG_LIBPTHREAD(x) x -#endif - + while ((n = getopt_long(argc, argv, - GETOPT_LONG_LIBPTHREAD(GETOPT_LONG_AF_INET6("hn:l:m:vu:c:A:d:k:f:p:o:t:C:U:M:abD:R:r:V")) + GETOPT_LONG_AF_INET6("hn:l:m:vu:c:A:d:k:f:p:o:t:C:U:M:abD:R:r:V") , long_options, 0)) != -1) { switch (n) { case 'h': { @@ -293,30 +272,6 @@ main(int argc, char **argv) dateformat = optarg; break; } -#ifdef HAVE_LIBPTHREAD - case 'P': { - if ((tunneltype < 0) || (tunneltype > 2)) { - tunneltype = -1; - } - else { - if (tunneltype != 2) { - tunneltype = 1; - } - } - break; - } - /* FIXME: don't need it now - case 'S': { - if ((tunneltype < 0) || (tunneltype > 2)) { - tunneltype = -1; - } - else { - tunneltype = 2; - } - break; - } - */ -#endif case 'V': { printf("%s\n", (AF_VER("Active port forwarder (server)"))); exit(0); @@ -460,9 +415,6 @@ main(int argc, char **argv) ServerRealm_set_sClientMode(pointer, clim); ServerRealm_set_basePortOn(pointer, baseport); ServerRealm_set_auditOn(pointer, audit); -#ifdef HAVE_LIBPTHREAD - ServerRealm_set_tunnelType(pointer, tunneltype); -#endif ServerRealm_set_dnsLookupsOn(pointer, dnslookups); ServerRealm_set_realmName(pointer, realmname); ServerRealm_set_password(pointer, pass); @@ -699,17 +651,6 @@ main(int argc, char **argv) if (ServerRealm_get_auditOn(scRealmsTable[i]) == 0) { ServerRealm_set_auditOn(scRealmsTable[i], audit); } -#ifdef HAVE_LIBPTHREAD - /* using user's tunneltype value*/ - if (ServerRealm_get_tunnelType(scRealmsTable[i]) == 0) { - if (tunneltype == -1) { - aflog(LOG_T_INIT, LOG_I_CRIT, - "Conflicting types of tunnel type... exiting"); - exit(1); - } - ServerRealm_set_tunnelType(scRealmsTable[i], tunneltype); - } -#endif /* using user's dnslookups value*/ if (ServerRealm_get_dnsLookupsOn(scRealmsTable[i]) == 0) { ServerRealm_set_dnsLookupsOn(scRealmsTable[i], dnslookups); @@ -878,49 +819,6 @@ main(int argc, char **argv) UsrCli_get_managePortName(srUsersClientsTable[j]))); break; } -#ifdef HAVE_LIBPTHREAD - case 1: - case 2: { - temp = find_previousFd(srUsersClientsTable, j, - UsrCli_get_manageHostName(srUsersClientsTable[j]), - UsrCli_get_managePortName(srUsersClientsTable[j])); - if (temp == -1) { - if (initialize_http_proxy_server(&temp, - UsrCli_get_manageHostName(srUsersClientsTable[j]) ? - UsrCli_get_manageHostName(srUsersClientsTable[j]) : - ServerRealm_get_hostName(scRealmsTable[i]), - UsrCli_get_managePortName(srUsersClientsTable[j]), - (&len), ipfam, - ServerRealm_get_clientsLimit(scRealmsTable[i]) + - ServerRealm_get_raClientsLimit(scRealmsTable[i]), - (ServerRealm_get_tunnelType(scRealmsTable[i]) - 1), - ServerRealm_get_SslCtx(scRealmsTable[i]))) { - aflog(LOG_T_INIT, LOG_I_CRIT, -#ifdef AF_INET6 - "http%s_proxy_listen_%s error for %s, %s", - (ServerRealm_get_tunnelType(scRealmsTable[i]) == 2) ? "s" : "", - (ipfam & 0x02)?"ipv4":(ipfam & 0x04)?"ipv6":"unspec", -#else - "http%s_proxy_listen error for %s, %s", - (ServerRealm_get_tunnelType(scRealmsTable[i]) == 2) ? "s" : "", -#endif - UsrCli_get_manageHostName(srUsersClientsTable[j]) ? - UsrCli_get_manageHostName(srUsersClientsTable[j]) : - ServerRealm_get_hostName(scRealmsTable[i]), - UsrCli_get_managePortName(srUsersClientsTable[j])); - exit(1); - } - } - ServerRealm_set_addressLength(scRealmsTable[i], len); - UsrCli_set_manageFd(srUsersClientsTable[j], temp); - flags = fcntl(UsrCli_get_manageFd(srUsersClientsTable[j]), F_GETFL, 0); - fcntl(UsrCli_get_manageFd(srUsersClientsTable[j]), F_SETFL, flags | O_NONBLOCK); - UsrCli_set_number(srUsersClientsTable[j], eval_UsrCliPair(srUsersClientsTable, j, - UsrCli_get_manageHostName(srUsersClientsTable[j]), - UsrCli_get_managePortName(srUsersClientsTable[j]))); - break; - } -#endif default: { aflog(LOG_T_INIT, LOG_I_CRIT, "Unknown tunnel type"); @@ -2048,11 +1946,6 @@ main(int argc, char **argv) ConnectClient_set_lastActivity( srRaClientsTable[l], ConnectClient_get_lastActivity(srClientsTable[k])); -#ifdef HAVE_LIBPTHREAD - ConnectClient_set_tunnelType( - srRaClientsTable[l], - ConnectClient_get_tunnelType(srClientsTable[k])); -#endif ConnectClient_set_clientId( srRaClientsTable[l], ConnectClient_get_clientId(srClientsTable[k])); @@ -2259,11 +2152,6 @@ main(int argc, char **argv) ConnectClient_set_lastActivity( srClientsTable[l], ConnectClient_get_lastActivity(srRaClientsTable[k])); -#ifdef HAVE_LIBPTHREAD - ConnectClient_set_tunnelType( - srClientsTable[l], - ConnectClient_get_tunnelType(srRaClientsTable[k])); -#endif ConnectClient_set_clientId( srClientsTable[l], ConnectClient_get_clientId(srRaClientsTable[k])); @@ -2536,12 +2424,7 @@ main(int argc, char **argv) aflog(LOG_T_CLIENT, LOG_I_DDEBUG, "realm[%s]: managefd: FD_ISSET", get_realmname(config, j)); len = ServerRealm_get_addressLength(pointer); -#ifdef HAVE_LIBPTHREAD - sent = get_new_socket(UsrCli_get_manageFd(srUsersClientsTable[l]), - ServerRealm_get_tunnelType(pointer),ServerRealm_get_clientAddress(pointer), &len, &tunneltype); -#else sent = accept(UsrCli_get_manageFd(srUsersClientsTable[l]), ServerRealm_get_clientAddress(pointer), &len); -#endif if (sent == -1) { if (errno == EAGAIN) { aflog(LOG_T_USER, LOG_I_DDEBUG, @@ -2567,9 +2450,6 @@ main(int argc, char **argv) time(&now); ConnectClient_set_connectTime(srClientsTable[k], now); ConnectClient_set_lastActivity(srClientsTable[k], now); -#ifdef HAVE_LIBPTHREAD - ConnectClient_set_tunnelType(srClientsTable[k], tunneltype); -#endif aflog(LOG_T_CLIENT, LOG_I_INFO, "realm[%s]: new Client[%s] IP:%s", get_realmname(config, j), get_clientname(pointer, k), sock_ntop(ServerRealm_get_clientAddress(pointer), len, ConnectClient_get_nameBuf(srClientsTable[k]), @@ -2603,9 +2483,6 @@ main(int argc, char **argv) time(&now); ConnectClient_set_connectTime(srRaClientsTable[k], now); ConnectClient_set_lastActivity(srRaClientsTable[k], now); -#ifdef HAVE_LIBPTHREAD - ConnectClient_set_tunnelType(srRaClientsTable[k], tunneltype); -#endif aflog(LOG_T_MANAGE, LOG_I_INFO, "realm[%s]: new Client[%s] (ra) IP:%s", get_realmname(config, j), get_raclientname(pointer, k), diff --git a/src/afserver.h b/src/afserver.h index bc23e75..85bd03f 100644 --- a/src/afserver.h +++ b/src/afserver.h @@ -34,8 +34,6 @@ #include "clientnames.h" #include "usernames.h" #include "server_get.h" -#include "http_proxy_server.h" -#include "thread_management.h" #include "server_signals.h" #include "usage.h" #include "logging.h" diff --git a/src/client_initialization.c b/src/client_initialization.c index efde9a9..9cc8c9a 100644 --- a/src/client_initialization.c +++ b/src/client_initialization.c @@ -70,36 +70,6 @@ initialize_client_stage1(ClientRealm* cr, SSL_CTX* ctx, unsigned char* buff, cha SslFd_set_fd(ClientRealm_get_masterSslFd(cr), tmp); break; } -#ifdef HAVE_LIBPTHREAD - case 1: { - if (initialize_http_proxy_client(&tmp, cr, ctx)) { -#ifdef AF_INET6 - aflog(LOG_T_INIT, LOG_I_CRIT, - "http_proxy_connect_%s error for %s, %s (proxy: %s, %s)", - (ClientRealm_get_ipFamily(cr) & 0x02) ? - "ipv4":(ClientRealm_get_ipFamily(cr) & 0x04) ? - "ipv6":"unspec", ClientRealm_get_serverName(cr), - ClientRealm_get_managePort(cr), - HttpProxyOptions_get_proxyname(ClientRealm_get_httpProxyOptions(cr)), - HttpProxyOptions_get_proxyport(ClientRealm_get_httpProxyOptions(cr))); -#else - aflog(LOG_T_INIT, LOG_I_CRIT, - "http_proxy_connect error for %s, %s (proxy: %s, %s)", ClientRealm_get_serverName(cr), - ClientRealm_get_managePort(cr), - HttpProxyOptions_get_proxyname(ClientRealm_get_httpProxyOptions(cr)), - HttpProxyOptions_get_proxyport(ClientRealm_get_httpProxyOptions(cr))); -#endif - if (wanttoexit) { - exit(1); - } - else { - return 1; - } - } - SslFd_set_fd(ClientRealm_get_masterSslFd(cr), tmp); - break; - } -#endif default: { aflog(LOG_T_INIT, LOG_I_CRIT, "Unknown tunnel type"); diff --git a/src/client_initialization.h b/src/client_initialization.h index 390568f..4f981a3 100644 --- a/src/client_initialization.h +++ b/src/client_initialization.h @@ -23,8 +23,6 @@ #include "activefor.h" #include "stats.h" #include "logging.h" -#include "http_proxy_client.h" -#include "http_proxy_options_struct.h" #include "ssl_fd_struct.h" #include "client_realm_struct.h" diff --git a/src/client_realm_struct.c b/src/client_realm_struct.c index 5b4477e..4963671 100644 --- a/src/client_realm_struct.c +++ b/src/client_realm_struct.c @@ -59,12 +59,6 @@ ClientRealm_new() ClientRealm_free(&tmp); return NULL; } - tmp->httpProxyOptions = HttpProxyOptions_new(); - assert(tmp->httpProxyOptions != NULL); - if (tmp->httpProxyOptions == NULL) { - ClientRealm_free(&tmp); - return NULL; - } #ifdef HAVE_LIBDL tmp->userModule = Module_new(); assert(tmp->userModule != NULL); @@ -110,7 +104,6 @@ ClientRealm_free(ClientRealm** cr) ClientRealm_set_localDestinationName((*cr), NULL); ClientRealm_set_clientAddress((*cr), NULL); ClientRealm_set_masterSslFd((*cr), NULL); - ClientRealm_set_httpProxyOptions((*cr), NULL); ClientRealm_set_arOptions((*cr), NULL); ClientRealm_set_destinationPorts((*cr), NULL); ClientRealm_set_usersTable((*cr), NULL); @@ -507,26 +500,6 @@ ClientRealm_set_masterSslFd(ClientRealm* cr, SslFd* masterSslFd) } /* - * Function name: ClientRealm_set_httpProxyOptions - * Description: Set client realm's http proxy options. - * Arguments: cr - pointer to ClientRealm structure - * httpProxyOptions - client realm's http proxy options - */ - -void -ClientRealm_set_httpProxyOptions(ClientRealm* cr, HttpProxyOptions* httpProxyOptions) -{ - assert(cr != NULL); - if (cr == NULL) { - return; - } - if (cr->httpProxyOptions) { - HttpProxyOptions_free(&(cr->httpProxyOptions)); - } - cr->httpProxyOptions = httpProxyOptions; -} - -/* * Function name: ClientRealm_set_arOptions * Description: Set client realm's auto-reconnect options. * Arguments: cr - pointer to ClientRealm structure @@ -994,23 +967,6 @@ ClientRealm_get_masterSslFd(ClientRealm* cr) } /* - * Function name: ClientRealm_get_httpProxyOptions - * Description: Get client realm's http proxy options. - * Arguments: cr - pointer to ClientRealm structure - * Returns: Client realm's http proxy options. - */ - -HttpProxyOptions* -ClientRealm_get_httpProxyOptions(ClientRealm* cr) -{ - assert(cr != NULL); - if (cr == NULL) { - return NULL; - } - return cr->httpProxyOptions; -} - -/* * Function name: ClientRealm_get_arOptions * Description: Get client realm's auto-reconnect options. * Arguments: cr - pointer to ClientRealm structure diff --git a/src/client_realm_struct.h b/src/client_realm_struct.h index 0fd1789..51790ef 100644 --- a/src/client_realm_struct.h +++ b/src/client_realm_struct.h @@ -20,7 +20,6 @@ #include "activefor.h" #include "ssl_fd_struct.h" -#include "http_proxy_options_struct.h" #include "ar_options_struct.h" #include "module_struct.h" #include "port_list_struct.h" @@ -36,8 +35,6 @@ #define CLIENTREALM_TUNNELTYPE_UNKNOWN -1 #define CLIENTREALM_TUNNELTYPE_DIRECT 0 -#define CLIENTREALM_TUNNELTYPE_HTTPPROXY 1 -#define CLIENTREALM_TUNNELTYPE_HTTPSPROXY 2 typedef struct { char* serverName; @@ -61,7 +58,6 @@ typedef struct { socklen_t addressLength; struct sockaddr* clientAddress; SslFd* masterSslFd; - HttpProxyOptions* httpProxyOptions; ArOptions* arOptions; PortList* destinationPorts; ConnectUser** usersTable; @@ -97,7 +93,6 @@ void ClientRealm_set_keepAlive(ClientRealm* cr, struct timeval keepAlive); void ClientRealm_set_addressLength(ClientRealm* cr, socklen_t addressLength); void ClientRealm_set_clientAddress(ClientRealm* cr, struct sockaddr* clientAddress); void ClientRealm_set_masterSslFd(ClientRealm* cr, SslFd* masterSslFd); -void ClientRealm_set_httpProxyOptions(ClientRealm* cr, HttpProxyOptions* httpProxyOptions); void ClientRealm_set_arOptions(ClientRealm* cr, ArOptions* arOptions); void ClientRealm_set_destinationPorts(ClientRealm* cr, PortList* destinationPorts); void ClientRealm_set_usersTable(ClientRealm* cr, ConnectUser** usersTable); @@ -127,7 +122,6 @@ struct timeval ClientRealm_get_keepAlive(ClientRealm* cr); socklen_t ClientRealm_get_addressLength(ClientRealm* cr); struct sockaddr* ClientRealm_get_clientAddress(ClientRealm* cr); SslFd* ClientRealm_get_masterSslFd(ClientRealm* cr); -HttpProxyOptions* ClientRealm_get_httpProxyOptions(ClientRealm* cr); ArOptions* ClientRealm_get_arOptions(ClientRealm* cr); PortList* ClientRealm_get_destinationPorts(ClientRealm* cr); ConnectUser** ClientRealm_get_usersTable(ClientRealm* cr); diff --git a/src/client_signals.c b/src/client_signals.c index 04c344e..e8c7269 100644 --- a/src/client_signals.c +++ b/src/client_signals.c @@ -21,7 +21,6 @@ #include <config.h> #include "client_signals.h" -#include "thread_management.h" #include "stats.h" #include "logging.h" @@ -36,11 +35,6 @@ void client_sig_int(int signo) { -#ifdef HAVE_LIBPTHREAD - if (!is_this_a_mainthread()) { - return; - } -#endif aflog(LOG_T_MAIN, LOG_I_NOTICE, "CLIENT CLOSED cg: %ld bytes", getcg()); exit(0); diff --git a/src/connect_client_struct.h b/src/connect_client_struct.h index 9cf2e6d..9f598be 100644 --- a/src/connect_client_struct.h +++ b/src/connect_client_struct.h @@ -37,8 +37,6 @@ #define CONNECTCLIENT_TUNNELTYPE_UNKNOWN -1 #define CONNECTCLIENT_TUNNELTYPE_DIRECT 0 -#define CONNECTCLIENT_TUNNELTYPE_HTTPPROXY 1 -#define CONNECTCLIENT_TUNNELTYPE_HTTPSPROXY 2 #define CONNECTCLIENT_MULTI_ENABLED 1 #define CONNECTCLIENT_MULTI_DISABLED 0 diff --git a/src/file_client.c b/src/file_client.c index 672eeaf..5ba1d97 100644 --- a/src/file_client.c +++ b/src/file_client.c @@ -144,27 +144,6 @@ cparsefile(char* name, int* status) ClientRealm_set_clientMode(ClientConfiguration_get_realmsTable(cfg)[0], CLIENTREALM_MODE_UNKNOWN); } } - else if ((strcmp(helpbuf1, "S") == 0) || (strcmp(helpbuf1, "use-https") == 0)) { - HttpProxyOptions_use_https(ClientRealm_get_httpProxyOptions( - ClientConfiguration_get_realmsTable(cfg)[0])); - } - else if ((strcmp(helpbuf1, "B") == 0) || (strcmp(helpbuf1, "pa-t-basic") == 0)) { - HttpProxyOptions_set_proxyauth_type(ClientRealm_get_httpProxyOptions( - ClientConfiguration_get_realmsTable(cfg)[0]), PROXYAUTH_TYPE_BASIC); - } -#ifdef HAVE_LIBPTHREAD - else if (strcmp(helpbuf1, "enableproxy")==0) { - if (ClientRealm_get_tunnelType( - ClientConfiguration_get_realmsTable(cfg)[0]) == 0) { - ClientRealm_set_tunnelType( - ClientConfiguration_get_realmsTable(cfg)[0], - 1); - } - else { - return cfg; - } - } -#endif #ifdef AF_INET6 else if (strcmp(helpbuf1, "ipv4")==0) { if (TYPE_IS_UNSPEC(ClientRealm_get_realmType( @@ -255,18 +234,6 @@ cparsefile(char* name, int* status) ArOptions_set_s_arDelay(ClientRealm_get_arOptions(ClientConfiguration_get_realmsTable(cfg)[0]), helpbuf2); } - else if ((strcmp(helpbuf1, "P") == 0) || (strcmp(helpbuf1, "proxyname") == 0)) { - HttpProxyOptions_set_proxyname(ClientRealm_get_httpProxyOptions( - ClientConfiguration_get_realmsTable(cfg)[0]), helpbuf2); - } - else if ((strcmp(helpbuf1, "X") == 0) || (strcmp(helpbuf1, "proxyport") == 0)) { - HttpProxyOptions_set_proxyport(ClientRealm_get_httpProxyOptions( - ClientConfiguration_get_realmsTable(cfg)[0]), helpbuf2); - } - else if ((strcmp(helpbuf1, "C") == 0) || (strcmp(helpbuf1, "pa-cred") == 0)) { - HttpProxyOptions_set_proxyauth_cred(ClientRealm_get_httpProxyOptions( - ClientConfiguration_get_realmsTable(cfg)[0]), helpbuf2); - } else { return cfg; } diff --git a/src/file_server.c b/src/file_server.c index 35ed235..d027f02 100644 --- a/src/file_server.c +++ b/src/file_server.c @@ -206,19 +206,6 @@ parsefile(char* name, int* status) ServerConfiguration_get_realmsTable(cfg)[ServerConfiguration_get_realmsNumber(cfg) - 1], 1); } -#ifdef HAVE_LIBPTHREAD - else if (strcmp(helpbuf1, "enableproxy")==0) { - if (ServerRealm_get_tunnelType( - ServerConfiguration_get_realmsTable(cfg)[ServerConfiguration_get_realmsNumber(cfg) - 1]) == 0) { - ServerRealm_set_tunnelType( - ServerConfiguration_get_realmsTable(cfg)[ServerConfiguration_get_realmsNumber(cfg) - 1], - 1); - } - else { - return cfg; - } - } -#endif #ifdef AF_INET6 else if (strcmp(helpbuf1, "ipv4")==0) { if (TYPE_IS_UNSPEC(ServerRealm_get_realmType( diff --git a/src/http_proxy_client.c b/src/http_proxy_client.c deleted file mode 100644 index 157d009..0000000 --- a/src/http_proxy_client.c +++ /dev/null @@ -1,565 +0,0 @@ -/* - * active port forwarder - software for secure forwarding - * Copyright (C) 2003-2007 jeremian <jeremian [at] poczta.fm> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - * - */ - -#include <config.h> - -#include "http_proxy_functions.h" -#include "http_proxy_client.h" -#include "thread_management.h" -#include "network.h" -#include "stats.h" -#include "logging.h" -#include "base64.h" - -#ifdef HAVE_LIBPTHREAD -typedef struct { - int sockfd; - char *host; - char *serv; - HttpProxyOptions* hpo; - char type; - SSL_CTX* ctx; -} proxy_argT; - -/* - * Function name: clean_return - * Description: Closes the connection and exits the thread. - * Arguments: sockfd - the descriptor of the connection - */ - -static void -clean_return(int sockfd) -{ - aflog(LOG_T_MAIN, LOG_I_DEBUG, - "http proxy: clean_return"); - close(sockfd); - pthread_exit(NULL); -} - -/* - * Function name: http_proxy_client - * Description: Function responsible for the client part of the http proxy connection. - * Arguments: vptr - the structure with all the information needed for http proxy tunnel - */ - -void* -http_proxy_client(void *vptr) -{ - char tab[9000]; - connection conn; - header hdr; - int j, n, maxfdp1; - fd_set rset, allset; - struct timeval tv; - int timeout = 5; - int tmp; - char *host, *serv, *proxyname, *proxyport, *credentials, *name = ""; - char b64cred[100]; - char type, authtype, https; - SSL_CTX* ctx; - proxy_argT *proxy_argptr; - - start_critical_section(); - proxy_argptr = (proxy_argT *) vptr; - - host = proxy_argptr->host; - serv = proxy_argptr->serv; - proxyname = HttpProxyOptions_get_proxyname(proxy_argptr->hpo); - proxyport = HttpProxyOptions_get_proxyport(proxy_argptr->hpo); - credentials = HttpProxyOptions_get_proxyauth_cred(proxy_argptr->hpo); - type = proxy_argptr->type; - authtype = HttpProxyOptions_get_proxyauth_type(proxy_argptr->hpo); - conn.sockfd = proxy_argptr->sockfd; - https = HttpProxyOptions_is_https(proxy_argptr->hpo); - ctx = proxy_argptr->ctx; - - broadcast_condition(); - end_critical_section(); - - conn.postFd = SslFd_new(); - conn.getFd = SslFd_new(); - conn.tmpFd = SslFd_new(); - if ((conn.postFd == NULL) || (conn.getFd == NULL) || (conn.tmpFd == NULL)) { - aflog(LOG_T_INIT, LOG_I_CRIT, - "http%s proxy: Can't allocate memory... exiting.", name); - exit(1); - } - - if (https) { - name = "s"; - SslFd_set_ssl(conn.postFd, SSL_new(ctx)); - SslFd_set_ssl(conn.getFd, SSL_new(ctx)); - SslFd_set_ssl(conn.tmpFd, SSL_new(ctx)); - if ((SslFd_get_ssl(conn.postFd) == NULL) || - (SslFd_get_ssl(conn.getFd) == NULL) || - (SslFd_get_ssl(conn.tmpFd) == NULL)) { - aflog(LOG_T_INIT, LOG_I_CRIT, - "http%s proxy: Can't allocate memory... exiting.", name); - exit(1); - } - } - - if (authtype == PROXYAUTH_TYPE_WRONG) { - aflog(LOG_T_MAIN, LOG_I_WARNING, - "Wrong type of proxy authorizaton --> switching to no authorization"); - credentials = NULL; - } - - if (credentials) { - if (b64_ntop((unsigned char*)credentials, strlen(credentials), b64cred, 100) == -1) { - aflog(LOG_T_MAIN, LOG_I_ERR, - "Cannot encode credentials for proxy authorization"); - b64cred[0] = 0; - } - else { - if (authtype == PROXYAUTH_TYPE_NOTSET) { - authtype = PROXYAUTH_TYPE_BASIC; - } - } - } - - FD_ZERO(&allset); - tv.tv_usec = 0; - tv.tv_sec = timeout; - - memset(conn.id, 0, 10); - for (j = 0; j < 9; ++j) { - conn.id[j] = myrand(65, 90); - } - conn.id[9] = 0; - - /* postfd */ - aflog(LOG_T_MAIN, LOG_I_DEBUG, - "http%s proxy: connecting (postfd)...", name); - if (ip_connect(&tmp, proxyname, proxyport, type, NULL, NULL)) { - clean_return(conn.sockfd); - } - SslFd_set_fd(conn.postFd, tmp); - if (https) { - if (SSL_set_fd(SslFd_get_ssl(conn.postFd), SslFd_get_fd(conn.postFd)) != 1) { - aflog(LOG_T_INIT, LOG_I_CRIT, - "https proxy: Problem with initializing ssl"); - clean_return(conn.sockfd); - } - if (SSL_connect(SslFd_get_ssl(conn.postFd)) != 1) { - aflog(LOG_T_INIT, LOG_I_CRIT, - "https proxy: SSL_connect has failed"); - clean_return(conn.sockfd); - } - } - - memset(tab, 0, 9000); - switch (authtype) { - case PROXYAUTH_TYPE_BASIC: - sprintf(tab, - "POST http://%s:%s/yahpt.html?id=%s HTTP/1.1\r\n" - "Host: %s:%s\r\n" - "Content-Length: 90000\r\n" - "Connection: close\r\n" - "Proxy-Authorization: Basic %s\r\n\r\n", host, serv, conn.id, host, serv, b64cred); - break; - default: - sprintf(tab, - "POST http://%s:%s/yahpt.html?id=%s HTTP/1.1\r\n" - "Host: %s:%s\r\n" - "Content-Length: 90000\r\n" - "Connection: close\r\n\r\n", host, serv, conn.id, host, serv); - } - j = strlen (tab); - aflog(LOG_T_MAIN, LOG_I_DEBUG, - "http%s proxy: writing POST request...", name); - if (http_write(https, conn.postFd, (unsigned char*) tab, j) <= 0) { - clean_return(conn.sockfd); - } - - /* getfd */ - aflog(LOG_T_MAIN, LOG_I_DEBUG, - "http%s proxy: connecting (getfd)...", name); - if (ip_connect(&tmp, proxyname, proxyport, type, NULL, NULL)) { - clean_return(conn.sockfd); - } - SslFd_set_fd(conn.getFd, tmp); - if (https) { - if (SSL_set_fd(SslFd_get_ssl(conn.getFd), SslFd_get_fd(conn.getFd)) != 1) { - aflog(LOG_T_INIT, LOG_I_CRIT, - "https proxy: Problem with initializing ssl"); - clean_return(conn.sockfd); - } - if (SSL_connect(SslFd_get_ssl(conn.getFd)) != 1) { - aflog(LOG_T_INIT, LOG_I_CRIT, - "https proxy: SSL_connect has failed"); - clean_return(conn.sockfd); - } - } - - memset(tab, 0, 9000); - switch (authtype) { - case PROXYAUTH_TYPE_BASIC: - sprintf(tab, - "GET http://%s:%s/yahpt.html?id=%s HTTP/1.1\r\n" - "Host: %s:%s\r\n" - "Connection: close\r\n" - "Proxy-Authorization: Basic %s\r\n\r\n", host, serv, conn.id, host, serv, b64cred); - break; - default: - sprintf(tab, - "GET http://%s:%s/yahpt.html?id=%s HTTP/1.1\r\n" - "Host: %s:%s\r\n" - "Connection: close\r\n\r\n", host, serv, conn.id, host, serv); - } - j = strlen (tab); - aflog(LOG_T_MAIN, LOG_I_DEBUG, - "http%s proxy: writing GET request...", name); - if (http_write(https, conn.getFd, (unsigned char*) tab, j) <= 0) { - clean_return(conn.sockfd); - } - - set_fd(conn.sockfd, &maxfdp1, &allset); - set_fd(SslFd_get_fd(conn.postFd), &maxfdp1, &allset); - set_fd(SslFd_get_fd(conn.getFd), &maxfdp1, &allset); - conn.state = C_OPEN; - - memset(tab, 0, 9000); - - aflog(LOG_T_MAIN, LOG_I_DEBUG, - "http%s proxy: parsing header from getfd", name); - if (parse_header(conn.getFd, tab, &hdr, https)) { - clean_return(conn.sockfd); - } - aflog(LOG_T_MAIN, LOG_I_DEBUG, - "http%s proxy: checking hdr.type", name); - if (hdr.type != H_TYPE_OK) { - clean_return(conn.sockfd); - } - if (hdr.length) { - conn.received += hdr.length; - aflog(LOG_T_MAIN, LOG_I_DEBUG, - "http%s proxy: reading message...", name); - if (read_message(conn.sockfd, hdr.length, &conn, tab, hdr.ptr)) { - clean_return(conn.sockfd); - } - } - - while (1) { - if ((conn.state == C_OPEN) && (!(FD_ISSET(conn.sockfd, &allset)))) { - FD_SET(conn.sockfd, &allset); - } - rset = allset; - - if (select(maxfdp1, &rset, NULL, NULL, &tv) == 0) { - aflog(LOG_T_MAIN, LOG_I_DDEBUG, - "http%s proxy: timeout", name); - tv.tv_sec = timeout; - if (conn.sent_ptr+1 >= 90000) { - if (conn.state == C_CLOSED) { - continue; - } - aflog(LOG_T_MAIN, LOG_I_DDEBUG, - "http%s proxy: send T", name); - http_write(https, conn.postFd, (unsigned char*) "T", 1); - conn.sent_ptr = 0; - clear_sslFd(conn.postFd, &allset); - /* postfd */ - aflog(LOG_T_MAIN, LOG_I_DEBUG, - "http%s proxy: connecting (postfd)...", name); - if (ip_connect(&tmp, proxyname, proxyport, type, NULL, NULL)) { - clean_return(conn.sockfd); - } - SslFd_set_fd(conn.postFd, tmp); - if (https) { - if (SSL_set_fd(SslFd_get_ssl(conn.postFd), SslFd_get_fd(conn.postFd)) != 1) { - aflog(LOG_T_INIT, LOG_I_CRIT, - "https proxy: Problem with initializing ssl"); - clean_return(conn.sockfd); - } - if (SSL_connect(SslFd_get_ssl(conn.postFd)) != 1) { - aflog(LOG_T_INIT, LOG_I_CRIT, - "https proxy: SSL_connect has failed"); - clean_return(conn.sockfd); - } - } - - memset(tab, 0, 9000); - switch (authtype) { - case PROXYAUTH_TYPE_BASIC: - sprintf(tab, - "POST http://%s:%s/yahpt.html?id=%s HTTP/1.1\r\n" - "Host: %s:%s\r\n" - "Content-Length: 90000\r\n" - "Connection: close\r\n" - "Proxy-Authorization: Basic %s\r\n\r\n", host, serv, conn.id, host, serv, b64cred); - break; - default: - sprintf(tab, - "POST http://%s:%s/yahpt.html?id=%s HTTP/1.1\r\n" - "Host: %s:%s\r\n" - "Content-Length: 90000\r\n" - "Connection: close\r\n\r\n", host, serv, conn.id, host, serv); - } - j = strlen (tab); - aflog(LOG_T_MAIN, LOG_I_DEBUG, - "http%s proxy: writing POST request...", name); - if (http_write(https, conn.postFd, (unsigned char *) tab, j) <= 0) { - clean_return(conn.sockfd); - } - conn.sent_ptr = 0; - conn.ptr = 0; - conn.length = 0; - conn.state = C_CLOSED; - - set_fd(SslFd_get_fd(conn.postFd), &maxfdp1, &allset); - } - else { - aflog(LOG_T_MAIN, LOG_I_DDEBUG, - "http%s proxy: send T", name); - http_write(https, conn.postFd, (unsigned char *) "T", 1); - conn.sent_ptr += 1; - } - continue; - } - - /* sockfd */ - if (FD_ISSET(conn.sockfd, &rset)) { - aflog(LOG_T_MAIN, LOG_I_DDEBUG, - "http%s proxy: FD_ISSET(conn.sockfd)", name); - n = read(conn.sockfd, conn.buf+5, 8995); - if (n <= 0) { - aflog(LOG_T_MAIN, LOG_I_DEBUG, - "http%s proxy: send Q", name); - http_write(https, conn.postFd, (unsigned char *) "Q", 1); - clean_return(conn.sockfd); - } - if ((conn.state == C_CLOSED) && (conn.sent_ptr > 70000)) { - FD_CLR(conn.sockfd, &allset); - } - conn.buf[0] = 'M'; - tmp = htonl(n); - memcpy(&conn.buf[1], &tmp, 4); - if (conn.sent_ptr+5 + n >= 90000) { - aflog(LOG_T_MAIN, LOG_I_DEBUG, - "http%s proxy: send message", name); - http_write(https, conn.postFd, (unsigned char *) conn.buf, 90000 - conn.sent_ptr); - conn.ptr = 90000 - conn.sent_ptr; - conn.length = 5+n - conn.ptr; - conn.sent_ptr = 0; - clear_sslFd(conn.postFd, &allset); - - /* postfd */ - aflog(LOG_T_MAIN, LOG_I_DEBUG, - "http%s proxy: connecting (postfd)...", name); - if (ip_connect(&tmp, proxyname, proxyport, type, NULL, NULL)) { - clean_return(conn.sockfd); - } - SslFd_set_fd(conn.postFd, tmp); - if (https) { - if (SSL_set_fd(SslFd_get_ssl(conn.postFd), SslFd_get_fd(conn.postFd)) != 1) { - aflog(LOG_T_INIT, LOG_I_CRIT, - "https proxy: Problem with initializing ssl"); - clean_return(conn.sockfd); - } - if (SSL_connect(SslFd_get_ssl(conn.postFd)) != 1) { - aflog(LOG_T_INIT, LOG_I_CRIT, - "https proxy: SSL_connect has failed"); - clean_return(conn.sockfd); - } - } - - memset(tab, 0, 9000); - switch (authtype) { - case PROXYAUTH_TYPE_BASIC: - sprintf(tab, - "POST http://%s:%s/yahpt.html?id=%s HTTP/1.1\r\n" - "Host: %s:%s\r\n" - "Content-Length: 90000\r\n" - "Connection: close\r\n" - "Proxy-Authorization: Basic %s\r\n\r\n", host, serv, conn.id, host, serv, b64cred); - break; - default: - sprintf(tab, - "POST http://%s:%s/yahpt.html?id=%s HTTP/1.1\r\n" - "Host: %s:%s\r\n" - "Content-Length: 90000\r\n" - "Connection: close\r\n\r\n", host, serv, conn.id, host, serv); - } - j = strlen (tab); - aflog(LOG_T_MAIN, LOG_I_DEBUG, - "http%s proxy: writing POST request...", name); - if (http_write(https, conn.postFd, (unsigned char *) tab, j) <= 0) { - clean_return(conn.sockfd); - } - if (conn.length > 0) { - aflog(LOG_T_MAIN, LOG_I_DEBUG, - "http%s proxy: writing old data...", name); - if (http_write(https, conn.postFd, (unsigned char *) (conn.buf+conn.ptr), conn.length) <= 0) { - clean_return(conn.sockfd); - } - } - conn.sent_ptr = conn.length; - conn.ptr = 0; - conn.length = 0; - conn.state = C_CLOSED; - - set_fd(SslFd_get_fd(conn.postFd), &maxfdp1, &allset); - } - else { - aflog(LOG_T_MAIN, LOG_I_DEBUG, - "http%s proxy: send message", name); - http_write(https, conn.postFd, (unsigned char *) conn.buf, 5+n); - conn.sent_ptr += 5+n; - } - } - - /* getfd */ - if (FD_ISSET(SslFd_get_fd(conn.getFd), &rset)) { - aflog(LOG_T_MAIN, LOG_I_DDEBUG, - "http%s proxy: FD_ISSET(conn.getfd)", name); - n = http_read(https, conn.getFd, (unsigned char*) tab, 9000); - conn.received += n; - if (n == 0) { - conn.received = 0; - clear_sslFd(conn.getFd, &allset); - - /* getfd */ - aflog(LOG_T_MAIN, LOG_I_DEBUG, - "http%s proxy: connecting (getfd)...", name); - if (ip_connect(&tmp, proxyname, proxyport, type, NULL, NULL)) { - clean_return(conn.sockfd); - } - SslFd_set_fd(conn.getFd, tmp); - if (https) { - if (SSL_set_fd(SslFd_get_ssl(conn.getFd), SslFd_get_fd(conn.getFd)) != 1) { - aflog(LOG_T_INIT, LOG_I_CRIT, - "https proxy: Problem with initializing ssl"); - clean_return(conn.sockfd); - } - if (SSL_connect(SslFd_get_ssl(conn.getFd)) != 1) { - aflog(LOG_T_INIT, LOG_I_CRIT, - "https proxy: SSL_connect has failed"); - clean_return(conn.sockfd); - } - } - - memset(tab, 0, 9000); - switch (authtype) { - case PROXYAUTH_TYPE_BASIC: - sprintf(tab, - "GET http://%s:%s/yahpt.html?id=%s HTTP/1.1\r\n" - "Host: %s:%s\r\n" - "Connection: close\r\n" - "Proxy-Authorization: Basic %s\r\n\r\n", host, serv, conn.id, host, serv, b64cred); - break; - default: - sprintf(tab, - "GET http://%s:%s/yahpt.html?id=%s HTTP/1.1\r\n" - "Host: %s:%s\r\n" - "Connection: close\r\n\r\n", host, serv, conn.id, host, serv); - } - j = strlen (tab); - aflog(LOG_T_MAIN, LOG_I_DEBUG, - "http%s proxy: writing GET request...", name); - if (http_write(https, conn.getFd, (unsigned char *) tab, j) <= 0) { - clean_return(conn.sockfd); - } - memset(tab, 0, 9000); - aflog(LOG_T_MAIN, LOG_I_DEBUG, - "http%s proxy: parsing header from getfd", name); - if (parse_header(conn.getFd, tab, &hdr, https)) { - clean_return(conn.sockfd); - } - aflog(LOG_T_MAIN, LOG_I_DEBUG, - "http%s proxy: checking hdr.type", name); - if (hdr.type != H_TYPE_OK) { - clean_return(conn.sockfd); - } - - set_fd(SslFd_get_fd(conn.getFd), &maxfdp1, &allset); - if (hdr.length) { - conn.received += hdr.length; - aflog(LOG_T_MAIN, LOG_I_DEBUG, - "http%s proxy: reading message...", name); - if (read_message(conn.sockfd, hdr.length, &conn, tab, hdr.ptr)) { - clean_return(conn.sockfd); - } - } - } - else { - if (read_message(conn.sockfd, n, &conn, tab, 0)) { - clean_return(conn.sockfd); - } - } - } - - /* postfd */ - if (FD_ISSET(SslFd_get_fd(conn.postFd), &rset)) { - aflog(LOG_T_MAIN, LOG_I_DDEBUG, - "http%s proxy: FD_ISSET(conn.postfd) --> clean_return", name); - clear_sslFd(conn.postFd, &allset); - clean_return(conn.sockfd); - } - } - clean_return(conn.sockfd); -} - -/* - * Function name: initialize_http_proxy_client - * Description: Initializes the thread responsible for http proxy connection. - * Arguments: sockfd - the new connection descriptor will be stored here - * cr - the pointer to ClientRealm structure - * ctx - the pointer to SSL_CTX structure - * Returns: 0 - success, - * !0 - failure. - */ - -int -initialize_http_proxy_client(int* sockfd, ClientRealm* cr, SSL_CTX* ctx) -{ - int retval; - int sockets[2]; - pthread_t proxy_thread; - static proxy_argT arg; - - if (socketpair(AF_UNIX, SOCK_STREAM, 0, sockets)) { - return 1; - } - (*sockfd) = sockets[0]; - - if (HttpProxyOptions_get_proxyname(ClientRealm_get_httpProxyOptions(cr)) == NULL) { - return 1; - } - - start_critical_section(); - - arg.host = ClientRealm_get_serverName(cr); - arg.serv = ClientRealm_get_managePort(cr); - arg.hpo = ClientRealm_get_httpProxyOptions(cr); - arg.type = ClientRealm_get_ipFamily(cr); - arg.sockfd = sockets[1]; - arg.ctx = ctx; - - retval = pthread_create(&proxy_thread, NULL, &http_proxy_client, &arg); - - wait_for_condition(); - - end_critical_section(); - - return retval; -} - -#endif diff --git a/src/http_proxy_client.h b/src/http_proxy_client.h deleted file mode 100644 index 15506c7..0000000 --- a/src/http_proxy_client.h +++ /dev/null @@ -1,29 +0,0 @@ -/* - * active port forwarder - software for secure forwarding - * Copyright (C) 2003-2007 jeremian <jeremian [at] poczta.fm> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - * - */ - -#include "http_proxy_options_struct.h" -#include "client_realm_struct.h" - -#ifndef _JS_HTTP_PROXY_CLIENT_H -#define _JS_HTTP_PROXY_CLIENT_H - -int initialize_http_proxy_client(int* sockfd, ClientRealm* cr, SSL_CTX* ctx); - -#endif diff --git a/src/http_proxy_functions.c b/src/http_proxy_functions.c deleted file mode 100644 index 3e53365..0000000 --- a/src/http_proxy_functions.c +++ /dev/null @@ -1,395 +0,0 @@ -/* - * active port forwarder - software for secure forwarding - * Copyright (C) 2003-2007 jeremian <jeremian [at] poczta.fm> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - * - */ - -#include <config.h> - -#include "http_proxy_functions.h" -#include "network.h" -#include "stats.h" -#include "logging.h" - -static char isseed; - -/* - * Function name: myrand - * Description: Returns the pseudo-random number from the given range. - * If the lower and upper bounds are the same, the pseudo-random - * number is returned from the range (-RAND_MAX, -RAND_MAX+down) - * or (down, RAND_MAX). - * Arguments: down - the lower bound of the range - * up - the upper bound of the range - * Returns: The pseudo-random number from the given range. - */ - -int -myrand(int down, int up) -{ - struct timeval tv; - if (!isseed) { - gettimeofday(&tv, 0); - srand(tv.tv_sec); - isseed = 1; - } - return ( down + ( rand() % (up - down + 1) ) ); -} - -/* - * Function name: delete_user - * Description: Deletes the user's connection from the http proxy connections. - * Arguments: cnts - the connection to remove - * i - the user's number - * allset - the set of file descriptors - */ - -void -delete_user(connection* cnts, int i, fd_set* allset) -{ - aflog(LOG_T_MAIN, LOG_I_DEBUG, - "http proxy: delete_user(%d)", i); - clear_fd(&(cnts[i].sockfd), allset); - if (!(cnts[i].state & C_POST_WAIT)) { - clear_sslFd(cnts[i].postFd, allset); - } - if ((cnts[i].type == 0) && (!(cnts[i].state & C_GET_WAIT))) { - clear_sslFd(cnts[i].getFd, allset); - } - cnts[i].state = C_CLOSED; - cnts[i].sent_ptr = cnts[i].ptr = cnts[i].length = 0; - cnts[i].type = 0; -} - -/* - * Function name: parse_header - * Description: Reads and parses the http header. - * Arguments: sf - the pointer to SslFd structure - * tab - the buffer used for reading the data - * hdr - the pointer to header structure - * https - the flag indicating if the connection is http/https - * Returns: 0 - success, - * 1 - failure. - */ - -int -parse_header(SslFd* sf, char* tab, header* hdr, char https) -{ - int n, i, j, state = 0; - char tmpt[100]; - if (https) { - n = SSL_read(SslFd_get_ssl(sf), tab, 9000); - } - else { - n = read(SslFd_get_fd(sf), tab, 9000); - } - hdr->allreaded = n; - i = j = 0; - memset(tmpt, 0, 100); - hdr->ptr = 0; - hdr->length = 0; - while (i < n) { - if (j == 99) - return 1; - switch (state) { - case 0: - if ((tab[i] != ' ') && (tab[i] != '\t')) { - tmpt[j] = tab[i]; - ++j; - } - else { - tmpt[j] = 0; - if (strcmp(tmpt, "GET") == 0) { - hdr->type = H_TYPE_GET; - state = 1; - break; - } - if (strcmp(tmpt, "POST") == 0) { - hdr->type = H_TYPE_POST; - state = 1; - break; - } - if ((strcmp(tmpt, "HTTP/1.0") == 0) || (strcmp(tmpt, "HTTP/1.1") == 0)) { - hdr->type = H_TYPE_OK; - state = 6; - break; - } - return 1; - } - break; - case 1: - if ((tab[i] != ' ') && (tab[i] != '\t')) { - tmpt[0] = tab[i]; - j = 1; - state = 2; - } - break; - case 2: - if (tab[i] != '=') { - tmpt[j] = tab[i]; - ++j; - } - else { - tmpt[j] = 0; - if (strcmp(tmpt, "/yahpt.html?id")) { - return 1; - } - j = 0; - state = 3; - } - break; - case 3: - if ((tab[i] != ' ') && (tab[i] != '\t')) { - if (j == 9) { - return 1; - } - hdr->id[j] = tab[i]; - ++j; - } - else { - if (j != 9) { - return 1; - } - hdr->id[j] = 0; - state = 4; - } - break; - case 4: - if (tab[i] == '\n') - state = 5; - break; - case 5: - if (tab[i] == '\n') { - hdr->ptr = i+1; - hdr->length = n - hdr->ptr; - return 0; - } - if (tab[i] != '\r') { - state = 4; - } - break; - case 6: - if ((tab[i] != ' ') && (tab[i] != '\t')) { - tmpt[0] = tab[i]; - j = 1; - state = 7; - } - break; - case 7: - if ((tab[i] == ' ') || (tab[i] == '\t')) { - tmpt[j] = 0; - if (strcmp(tmpt, "200")) { - return 1; - } - state = 4; - } - else { - tmpt[j] = tab[i]; - ++j; - } - break; - } - ++i; - } - return 1; -} - -/* - * Function name: set_fd - * Description: Starts watching the file descriptor. - * Arguments: fd - the file descriptor - * maxfdp1 - the upper limit of the file descriptor numbers - * allset - the set of file descriptors - */ - -void -set_fd(int fd, int* maxfdp1, fd_set* allset) -{ - FD_SET(fd, allset); - (*maxfdp1) = ((*maxfdp1) > fd) ? (*maxfdp1) : (fd + 1); -} - -/* - * Function name: close_fd - * Description: Closes the file descriptor. - * Arguments: fd - the file descriptor to close - */ - -void -close_fd(int* fd) -{ - close(*fd); -} - -/* - * Function name: clear_fd - * Description: Removes the file descriptor from the set and closes it. - * Arguments: fd - the file descriptor to remove and close - * set - the set of file descriptors - */ - -void -clear_fd(int* fd, fd_set* set) -{ - FD_CLR(*fd, set); - close_fd(fd); -} - -/* - * Function name: read_message - * Description: Reads the message from the http proxy connection and writes it - * to the file descriptor. - * Arguments: fd - the file descriptor - * length - the length of the buffer - * client - the http proxy connection - * tab - the buffer with the readed data - * ptr - the offset from which the data reading will start - * Returns: 0 - success, - * 1 - failure. - */ - -int -read_message(int fd, int length, connection* client, char* tab, int ptr) -{ - int j = 0; - int tmp = 0; - while (j < length) { - if (client->curreceived + length-j > client->toreceive) { - if (client->toreceive - client->curreceived > 0) { - writen(fd, (unsigned char*) (tab+ptr+j), client->toreceive - client->curreceived); - j += client->toreceive - client->curreceived; - client->curreceived += client->toreceive - client->curreceived; - } - if (client->read_state == 0) { - switch (tab[ptr + j]) { - case 'M': { - if (j + 5 <= length) { - memcpy(&tmp, &tab[ptr + j + 1], 4); - client->toreceive = ntohl(tmp); - client->curreceived = 0; - j += 5; - } - else if (j + 1 < length) { - memcpy(client->readed_length, &tab[ptr + j + 1], length - j - 1); - client->read_state = length - j; - j += length - j; - } - else { - ++j; - client->read_state = 1; - } - break; - } - case 'T': { - ++j; - break; - } - case 'A': { - ++j; - if (client->state == C_CLOSED) { - client->state = C_OPEN; - } - break; - } - default: { - return 1; - } - } - } - else { - if (j + 5 - client->read_state <= length) { - memcpy(&client->readed_length[client->read_state-1], &tab[ptr + j], 5 - client->read_state); - memcpy(&tmp, client->readed_length, 4); - client->toreceive = ntohl(tmp); - client->curreceived = 0; - j += 5 - client->read_state; - client->read_state = 0; - } - else { - memcpy(&client->readed_length[client->read_state-1], &tab[ptr + j], length - j); - client->read_state += length - j; - j += length -j; - } - } - } - else if (length-j > 0) { - client->curreceived += length-j; - writen(fd, (unsigned char*) (tab+ptr+j), length-j); - j += length-j; - } - } - return 0; -} - -/* - * Function name: clear_sslFd - * Description: Close the socket encapsulated in SslFd structure, remove this file descriptor - * from fd_set and clear ssl structure. - * Arguments: sf - pointer to SslFd structure - * set - pointer to fd_set structure - */ - -void -clear_sslFd(SslFd* sf, fd_set* set) -{ - clear_fd((&(sf->fd)), set); - if (SslFd_get_ssl(sf)) { - SSL_clear(SslFd_get_ssl(sf)); - } -} - -/* - * Function name: http_write - * Description: Write the message via http/https proxy. - * Arguments: https - if the https proxy will be used instead of http proxy - * sf - pointer to SslFd structure - * buf - buffer containing the data to send - * amount - how much butes will be send - * Returns: The result of writen or SSL_writen function, depending on 'https' value. - */ - -int -http_write(char https, SslFd* sf, unsigned char* buf, int amount) -{ - if (https) { - return SSL_writen(SslFd_get_ssl(sf), buf, amount); - } - else { - return writen(SslFd_get_fd(sf), buf, amount); - } -} - -/* - * Function name: http_read - * Description: Read the message via http/https proxy. - * Arguments: https - if the https proxy will be used instead of http proxy - * sf - pointer to SslFd structure - * buf - buffer for the received data - * amount - how much bytes will be received - * Returns: The result of read or SSL_read function, depending on 'https' value. - */ - -int -http_read(char https, SslFd* sf, unsigned char* buf, int amount) -{ - if (https) { - return SSL_read(SslFd_get_ssl(sf), buf, amount); - } - else { - return read(SslFd_get_fd(sf), buf, amount); - } -} diff --git a/src/http_proxy_functions.h b/src/http_proxy_functions.h deleted file mode 100644 index 1b10f9a..0000000 --- a/src/http_proxy_functions.h +++ /dev/null @@ -1,85 +0,0 @@ -/* - * active port forwarder - software for secure forwarding - * Copyright (C) 2003-2007 jeremian <jeremian [at] poczta.fm> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - * - */ - -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <sys/time.h> -#include <sys/select.h> -#include <unistd.h> - -#include "ssl_fd_struct.h" - -#ifndef _JS_HTTP_PROXY_FUNCTIONS_H -#define _JS_HTTP_PROXY_FUNCTIONS_H - -#define C_CLOSED 0 -#define C_POST_WAIT 1 -#define C_GET_WAIT 2 -#define C_OPEN 4 -#define C_DELAYED_A 8 - -#define H_TYPE_GET 0 -#define H_TYPE_POST 1 -#define H_TYPE_OK 2 -#define H_TYPE_ERROR 3 - -typedef struct { - char type; - char id[10]; - int ptr; - int length; - int allreaded; -} header; - -typedef struct { - char read_state; - char readed_length[4]; - char state; - char id[10]; - SslFd* postFd; - SslFd* getFd; - int sent_ptr; - int sockfd; - char buf[9000]; - char tmpbuf[9000]; - char tmpstate; - SslFd* tmpFd; - char type; - header tmpheader; - int ptr; - int length; - int curreceived; - int toreceive; - int received; -} connection; - -int myrand(int, int); -int parse_header(SslFd*, char*, header*, char); -int read_message(int, int, connection*, char*, int); -void delete_user(connection*, int, fd_set*); -void set_fd(int, int*, fd_set*); -void close_fd(int*); -void clear_fd(int*, fd_set*); -void clear_sslFd(SslFd*, fd_set*); -int http_write(char, SslFd*, unsigned char*, int); -int http_read(char, SslFd*, unsigned char*, int); - -#endif diff --git a/src/http_proxy_options_struct.c b/src/http_proxy_options_struct.c deleted file mode 100644 index e1dcc4d..0000000 --- a/src/http_proxy_options_struct.c +++ /dev/null @@ -1,254 +0,0 @@ -/* - * active port forwarder - software for secure forwarding - * Copyright (C) 2003-2007 jeremian <jeremian [at] poczta.fm> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - * - */ - -#include <config.h> - -#include <stdlib.h> -#include <string.h> -#include <assert.h> - -#include "http_proxy_options_struct.h" -#include "string_functions.h" - -/* - * Function name: HttpProxyOptions_new - * Description: Create and initialize new HttpProxyOptions structure. - * Returns: Pointer to newly created HttpProxyOptions structure. - */ - -HttpProxyOptions* -HttpProxyOptions_new() -{ - HttpProxyOptions* tmp = calloc(1, sizeof(HttpProxyOptions)); - assert(tmp != NULL); - if (tmp == NULL) { - return NULL; - } - tmp->proxyauth_type = PROXYAUTH_TYPE_NOTSET; - return tmp; -} - -/* - * Function name: HttpProxyOptions_free - * Description: Free the memory allocated for HttpProxyOptions structure. - * Arguments: hpo - pointer to pointer to HttpProxyOptions structure - */ - -void -HttpProxyOptions_free(HttpProxyOptions** hpo) -{ - assert(hpo != NULL); - if (hpo == NULL) { - return; - } - assert((*hpo) != NULL); - if ((*hpo) == NULL) { - return; - } - if ((*hpo)->proxyname) { - free((*hpo)->proxyname); - (*hpo)->proxyname = NULL; - } - if ((*hpo)->proxyport) { - free((*hpo)->proxyport); - (*hpo)->proxyport = NULL; - } - if ((*hpo)->proxyauth_cred) { - free((*hpo)->proxyauth_cred); - (*hpo)->proxyauth_cred = NULL; - } - free((*hpo)); - (*hpo) = NULL; -} - -/* - * Function name: HttpProxyOptions_set_proxyname - * Description: Set name of the http proxy server. - * Arguments: hpo - pointer to HttpProxyOptions structure - * proxyname - name of the http proxy server - */ - -void -HttpProxyOptions_set_proxyname(HttpProxyOptions* hpo, char* proxyname) -{ - assert(hpo != NULL); - if (hpo == NULL) { - return; - } - string_cp(&(hpo->proxyname), proxyname); -} - -/* - * Function name: HttpProxyOptions_set_proxyport - * Description: Set port on which http proxy server is listening. - * Arguments: hpo - pointer to HttpProxyOptions structure - * proxyport - port on which http proxy server is listening - */ - -void -HttpProxyOptions_set_proxyport(HttpProxyOptions* hpo, char* proxyport) -{ - assert(hpo != NULL); - if (hpo == NULL) { - return; - } - string_cp(&(hpo->proxyport), proxyport); -} - -/* - * Function name: HttpProxyOptions_set_proxyauth_cred - * Description: Set credentials for http proxy server. - * Arguments: hpo - pointer to HttpProxyOptions structure - * proxyauth_cred - credentials for http proxy server - */ - -void -HttpProxyOptions_set_proxyauth_cred(HttpProxyOptions* hpo, char* proxyauth_cred) -{ - assert(hpo != NULL); - if (hpo == NULL) { - return; - } - string_cp(&(hpo->proxyauth_cred), proxyauth_cred); -} - -/* - * Function name: HttpProxyOptions_set_proxyauth_type - * Description: Set type of the proxy authorization. - * Arguments: hpo - pointer to HttpProxyOptions structure - * proxyauth_type - type of the proxy authorization - */ - -void -HttpProxyOptions_set_proxyauth_type(HttpProxyOptions* hpo, char proxyauth_type) -{ - assert(hpo != NULL); - if (hpo == NULL) { - return; - } - assert(hpo->proxyauth_type == PROXYAUTH_TYPE_NOTSET); - if (hpo->proxyauth_type != PROXYAUTH_TYPE_NOTSET) { - hpo->proxyauth_type = PROXYAUTH_TYPE_WRONG; - return; - } - hpo->proxyauth_type = proxyauth_type; -} - -/* - * Function name: HttpProxyOptions_get_proxyname - * Description: Get name of the http proxy server - * Arguments: hpo - pointer to HttpProxyOptions structure - * Returns: Name of the http proxy server or NULL, if name not set. - */ - -char* -HttpProxyOptions_get_proxyname(HttpProxyOptions* hpo) -{ - assert(hpo != NULL); - if (hpo == NULL) { - return NULL; - } - return hpo->proxyname; -} - -/* - * Function name: HttpProxyOptions_get_proxyport - * Description: Get port on which http proxy server is listening. - * Arguments: hpo - pointer to HttpProxyOptions structure - * Returns: Port on which http proxy server is listening or NULL, if port not set. - */ - -char* -HttpProxyOptions_get_proxyport(HttpProxyOptions* hpo) -{ - assert(hpo != NULL); - if (hpo == NULL) { - return NULL; - } - return hpo->proxyport; -} - -/* - * Function name: HttpProxyOptions_get_proxyauth_cred - * Description: Get credentials for http proxy server. - * Arguments: hpo - pointer to HttpProxyOptions structure - * Returns: Credentials for http proxy server or NULL, if not set. - */ - -char* -HttpProxyOptions_get_proxyauth_cred(HttpProxyOptions* hpo) -{ - assert(hpo != NULL); - if (hpo == NULL) { - return NULL; - } - return hpo->proxyauth_cred; -} - -/* - * Function name: HttpProxyOptions_get_proxyauth_type - * Description: Get type of the proxy authorization. - * Arguments: hpo - pointer to HttpProxyOptions structure - * Returns: Type of the proxy authorization. - */ - -char -HttpProxyOptions_get_proxyauth_type(HttpProxyOptions* hpo) -{ - assert(hpo != NULL); - if (hpo == NULL) { - return PROXYAUTH_TYPE_WRONG; - } - return hpo->proxyauth_type; -} - -/* - * Function name: HttpProxyOptions_use_https - * Description: Enable use of https proxy instead of http proxy. - * Arguments: hpo - pointer to HttpProxyOptions structure - */ - -void -HttpProxyOptions_use_https(HttpProxyOptions* hpo) -{ - assert(hpo != NULL); - if (hpo == NULL) { - return; - } - hpo->useHttps = USEHTTPS_ON; -} - -/* - * Function name: HttpProxyOptions_is_https - * Description: Check if the use of https proxy is enabled. - * Arguments: hpo - pointer to HttpProxyOptions structure - * Returns: USEHTTPS_OFF - http proxy will be used - * USEHTTPS_ON - https proxy will be used - */ - -char -HttpProxyOptions_is_https(HttpProxyOptions* hpo) -{ - assert(hpo != NULL); - if (hpo == NULL) { - return USEHTTPS_OFF; - } - return hpo->useHttps; -} diff --git a/src/http_proxy_options_struct.h b/src/http_proxy_options_struct.h deleted file mode 100644 index db0208c..0000000 --- a/src/http_proxy_options_struct.h +++ /dev/null @@ -1,58 +0,0 @@ -/* - * active port forwarder - software for secure forwarding - * Copyright (C) 2003-2007 jeremian <jeremian [at] poczta.fm> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - * - */ - -#ifndef _JS_HTTP_PROXY_OPTIONS_STRUCT_H -#define _JS_HTTP_PROXY_OPTIONS_STRUCT_H - -#define PROXYAUTH_TYPE_NOTSET 0 -#define PROXYAUTH_TYPE_WRONG -1 -#define PROXYAUTH_TYPE_BASIC 1 - -#define USEHTTPS_OFF 0 -#define USEHTTPS_ON 1 - -typedef struct { - char* proxyname; - char* proxyport; - char* proxyauth_cred; - char proxyauth_type; - char useHttps; -} HttpProxyOptions; - -/* 'constructor' */ -HttpProxyOptions* HttpProxyOptions_new(); -/* 'destructor' */ -void HttpProxyOptions_free(HttpProxyOptions** hpo); -/* setters */ -void HttpProxyOptions_set_proxyname(HttpProxyOptions* hpo, char* proxyname); -void HttpProxyOptions_set_proxyport(HttpProxyOptions* hpo, char* proxyport); -void HttpProxyOptions_set_proxyauth_cred(HttpProxyOptions* hpo, char* proxyauth_cred); -void HttpProxyOptions_set_proxyauth_type(HttpProxyOptions* hpo, char proxyauth_type); -/* getters */ -char* HttpProxyOptions_get_proxyname(HttpProxyOptions* hpo); -char* HttpProxyOptions_get_proxyport(HttpProxyOptions* hpo); -char* HttpProxyOptions_get_proxyauth_cred(HttpProxyOptions* hpo); -char HttpProxyOptions_get_proxyauth_type(HttpProxyOptions* hpo); -/* other */ -void HttpProxyOptions_use_https(HttpProxyOptions* hpo); -char HttpProxyOptions_is_https(HttpProxyOptions* hpo); - -#endif - diff --git a/src/http_proxy_server.c b/src/http_proxy_server.c deleted file mode 100644 index 17baf5a..0000000 --- a/src/http_proxy_server.c +++ /dev/null @@ -1,585 +0,0 @@ -/* - * active port forwarder - software for secure forwarding - * Copyright (C) 2003-2007 jeremian <jeremian [at] poczta.fm> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - * - */ - -#include <config.h> - -#include "make_ssl_handshake.h" -#include "http_proxy_server.h" -#include "thread_management.h" -#include "stats.h" -#include "logging.h" -#include "network.h" - -#ifdef HAVE_LIBPTHREAD - -typedef struct { - int sockfd; - char *host; - char *serv; - socklen_t *addrlenp; - char type; - int limit; - char https; - SSL_CTX* ctx; -} sproxy_argT; - -/* - * Function name: afserver_connect - * Description: Connects new http proxy connection to the afserver. - * Arguments: sockfd - the file descriptor which will be used for communication with afserver - * afserverfd - the afserver's file descriptor - * cliaddr - pointer to sockaddr structure - * addrlenp - pointer to the length of the sockaddr structure - * type - the type of the connection - */ - -int -afserver_connect(int* sockfd, int afserverfd, struct sockaddr* cliaddr, socklen_t* addrlenp, char type) -{ - int sockets[2]; - if (socketpair(AF_UNIX, SOCK_STREAM, 0, sockets)) { - return 1; - } - if (write(afserverfd, &sockets[0], 4) != 4) { - return 2; - } - if (write(afserverfd, &type, 1) != 1) { - return 3; - } - if (write(afserverfd, addrlenp, 4) != 4) { - return 4; - } - if (write(afserverfd, cliaddr, *addrlenp) != *addrlenp) { - return 5; - } - (*sockfd) = sockets[1]; - return 0; -} - -/* - * Function name: http_proxy_server - * Description: Function responsible for the server part of the http proxy connection. - * Arguments: vptr - the structure with all the information needed for http proxy tunnel. - */ - -void* -http_proxy_server(void *vptr) -{ - int listenfd, afserverfd; - SslFd* connFd; - struct sockaddr* cliaddr; - char tab[9000]; - connection* table; - header hdr; - int i, n, maxfdp1; - fd_set rset, allset; - struct timeval tv; - int maxclients, tmp; - int timeout = 5; - socklen_t *addrlenp; - socklen_t addrlen; - char type, nothttp, https; - char *host, *serv, *name = ""; - SSL_CTX* ctx; - sproxy_argT *proxy_argptr; - - start_critical_section(); - proxy_argptr = (sproxy_argT *) vptr; - - afserverfd = proxy_argptr->sockfd; - host = proxy_argptr->host; - serv = proxy_argptr->serv; - addrlenp = proxy_argptr->addrlenp; - type = proxy_argptr->type; - maxclients = proxy_argptr->limit+1; - https = proxy_argptr->https; - ctx = proxy_argptr->ctx; - - if (https) { - name = "s"; - } - - table = calloc(maxclients, sizeof(connection)); - if (table == NULL) { - aflog(LOG_T_INIT, LOG_I_CRIT, - "http%s proxy: Can't allocate memory... exiting.", name); - exit(1); - } - for (i = 0; i < maxclients; ++i) { - table[i].postFd = SslFd_new(); - table[i].getFd = SslFd_new(); - table[i].tmpFd = SslFd_new(); - if ((table[i].postFd == NULL) || (table[i].getFd == NULL) || (table[i].tmpFd == NULL)) { - aflog(LOG_T_INIT, LOG_I_CRIT, - "http%s proxy: Can't allocate memory... exiting.", name); - exit(1); - } - if (https) { - SslFd_set_ssl(table[i].postFd, SSL_new(ctx)); - SslFd_set_ssl(table[i].getFd, SSL_new(ctx)); - SslFd_set_ssl(table[i].tmpFd, SSL_new(ctx)); - if ((SslFd_get_ssl(table[i].postFd) == NULL) || - (SslFd_get_ssl(table[i].getFd) == NULL) || - (SslFd_get_ssl(table[i].tmpFd) == NULL)) { - aflog(LOG_T_INIT, LOG_I_CRIT, - "http%s proxy: Can't allocate memory... exiting.", name); - exit(1); - } - } - } - connFd = SslFd_new(); - if (connFd == NULL) { - aflog(LOG_T_INIT, LOG_I_CRIT, - "http%s proxy: Can't allocate memory... exiting.", name); - exit(1); - } - if (https) { - SslFd_set_ssl(connFd, SSL_new(ctx)); - if (SslFd_get_ssl(connFd) == NULL) { - aflog(LOG_T_INIT, LOG_I_CRIT, - "http%s proxy: Can't allocate memory... exiting.", name); - exit(1); - } - } - - if (ip_listen(&listenfd, host, serv, addrlenp, type)) { - aflog(LOG_T_INIT, LOG_I_CRIT, - "http%s proxy: Can't listen on %s:%s", name, host, serv); - exit(1); - } - cliaddr = malloc(*addrlenp); - addrlen = (*addrlenp); - addrlenp = &addrlen; - - broadcast_condition(); - end_critical_section(); - - FD_ZERO(&allset); - FD_SET(listenfd, &allset); - maxfdp1 = listenfd + 1; - tv.tv_usec = 0; - tv.tv_sec = timeout; - - while (1) { - rset = allset; - - if (select(maxfdp1, &rset, NULL, NULL, &tv) == 0) { - aflog(LOG_T_MAIN, LOG_I_DDEBUG, - "http%s proxy: timeout", name); - tv.tv_sec = timeout; - for (i = 0; i < maxclients; ++i) { - if ((table[i].state == C_CLOSED) || (table[i].state & C_GET_WAIT) || (table[i].type == 1)) { - continue; - } - aflog(LOG_T_MAIN, LOG_I_DDEBUG, - "http%s proxy: send T to table[%d].getfd", name, i); - if (table[i].sent_ptr+1 >= 90000) { - http_write(https, table[i].getFd, (unsigned char*) "T", 1); - table[i].sent_ptr = 0; - clear_sslFd(table[i].getFd, &allset); - FD_CLR(table[i].sockfd, &allset); - table[i].state |= C_GET_WAIT; - } - else { - http_write(https, table[i].getFd, (unsigned char*) "T", 1); - table[i].sent_ptr += 1; - } - } - continue; - } - - /* http proxy tunnels */ - for (i = 0; i < maxclients; ++i) { - if ((table[i].state == C_CLOSED) || (table[i].type == 1)) { - continue; - } - - /* sockfd */ - if ((!(table[i].state & C_GET_WAIT)) && (FD_ISSET(table[i].sockfd, &rset))) { - aflog(LOG_T_MAIN, LOG_I_DDEBUG, - "http%s proxy: FD_ISSET(table[%d].sockfd)", name, i); - n = read(table[i].sockfd, table[i].buf+5, 8995); - if (n <= 0) { - http_write(https, table[i].getFd, (unsigned char*) "Q", 1); - delete_user(table, i, &allset); - continue; - } - table[i].buf[0] = 'M'; - tmp = htonl(n); - memcpy(&table[i].buf[1], &tmp, 4); - if (table[i].sent_ptr+5 + n >= 90000) { - http_write(https, table[i].getFd, (unsigned char*) table[i].buf, 90000 - table[i].sent_ptr); - table[i].ptr = 90000 - table[i].sent_ptr; - table[i].length = 5+n - table[i].ptr; - table[i].sent_ptr = 0; - clear_sslFd(table[i].getFd, &allset); - FD_CLR(table[i].sockfd, &allset); - table[i].state |= C_GET_WAIT; - continue; - } - else { - http_write(https, table[i].getFd, (unsigned char*) table[i].buf, n+5); - table[i].sent_ptr += n+5; - } - } - - /* getfd */ - if (FD_ISSET(SslFd_get_fd(table[i].getFd), &rset)) { - aflog(LOG_T_MAIN, LOG_I_DDEBUG, - "http%s proxy: FD_ISSET(table[%d].getfd)", name, i); - delete_user(table, i, &allset); - continue; - } - - /* postfd */ - if (FD_ISSET(SslFd_get_fd(table[i].postFd), &rset)) { - aflog(LOG_T_MAIN, LOG_I_DDEBUG, - "http%s proxy: FD_ISSET(table[%d].postfd)", name, i); - n = http_read(https, table[i].postFd, (unsigned char*) tab, 9000); - if (n != 0) { - table[i].received += n; - if (read_message(table[i].sockfd, n, &table[i], tab, 0)) { - delete_user(table, i, &allset); - } - } - if ((n == 0) || (table[i].received == 90000)) { - table[i].received = 0; - clear_sslFd(table[i].postFd, &allset); - table[i].state |= C_POST_WAIT; - - if (!(table[i].state & C_GET_WAIT)) { - aflog(LOG_T_MAIN, LOG_I_DDEBUG, - "http%s proxy: send A to table[%d].getfd", name, i); - if (table[i].sent_ptr+1 >= 90000) { - http_write(https, table[i].getFd, (unsigned char*) "A", 1); - table[i].sent_ptr = 0; - clear_sslFd(table[i].getFd, &allset); - FD_CLR(table[i].sockfd, &allset); - table[i].state |= C_GET_WAIT; - } - else { - http_write(https, table[i].getFd, (unsigned char*) "A", 1); - table[i].sent_ptr += 1; - } - } - else { - table[i].state |= C_DELAYED_A; - } - - if (table[i].tmpstate == 1) { - aflog(LOG_T_MAIN, LOG_I_DEBUG, - "http%s proxy: get old POST request...", name); - table[i].state &= ~C_POST_WAIT; - SslFd_swap_content(table[i].postFd, table[i].tmpFd); - set_fd(SslFd_get_fd(table[i].postFd), &maxfdp1, &allset); - table[i].tmpstate = 0; - if (table[i].tmpheader.length) { - table[i].received += table[i].tmpheader.length; - if (read_message(table[i].sockfd, table[i].tmpheader.length, &table[i], - table[i].tmpbuf, table[i].tmpheader.ptr)) { - delete_user(table, i, &allset); - } - } - } - continue; - } - } - } - - /* direct tunnels */ - for (i = 0; i < maxclients; ++i) { - if ((table[i].state == C_OPEN) && (table[i].type == 1)) { - - if (FD_ISSET(table[i].sockfd, &rset)) { - n = read(table[i].sockfd, table[i].buf, 9000); - if (n > 0) { - writen(SslFd_get_fd(table[i].postFd), (unsigned char*) table[i].buf, n); - } - else { - delete_user(table, i, &allset); - continue; - } - } - - if (FD_ISSET(SslFd_get_fd(table[i].postFd), &rset)) { - n = read(SslFd_get_fd(table[i].postFd), tab, 9000); - if (n > 0) { - writen(table[i].sockfd, (unsigned char*) tab, n); - } - else { - delete_user(table, i, &allset); - continue; - } - } - - } - } - - /* listen */ - if (FD_ISSET(listenfd, &rset)) { - aflog(LOG_T_MAIN, LOG_I_DDEBUG, - "http%s proxy: FD_ISSET(listenfd)", name); - tmp = accept(listenfd, cliaddr, addrlenp); - if (tmp != -1) { - aflog(LOG_T_MAIN, LOG_I_DEBUG, - "http%s proxy: New connection...", name); - SslFd_set_fd(connFd, tmp); - if (https) { - make_ssl_initialize(connFd); - if (make_ssl_accept(connFd)) { - aflog(LOG_T_MAIN, LOG_I_DEBUG, - "https proxy: DENIED by SSL_accept"); - close(SslFd_get_fd(connFd)); - SSL_clear(SslFd_get_ssl(connFd)); - continue; - } - } - } - else { - aflog(LOG_T_MAIN, LOG_I_DEBUG, - "http%s proxy: New connection --> EAGAIN", name); - continue; - } - memset(tab, 0, 9000); - nothttp = 0; - if (parse_header(connFd, tab, &hdr, https)) { - nothttp = 1; - aflog(LOG_T_MAIN, LOG_I_DEBUG, - "http%s proxy: no http header...", name); - } - n = -1; - for (i = 0; i < maxclients; ++i) { - if (table[i].state == C_CLOSED) { - if (n == -1) - n = i; - } - else { - if ((!nothttp) && (strcmp(table[i].id, hdr.id) == 0)) { - break; - } - } - } - if (i < maxclients) { /* the client exists */ - aflog(LOG_T_MAIN, LOG_I_DEBUG, - "http%s proxy: the client exist...", name); - if (hdr.type == H_TYPE_GET) { - aflog(LOG_T_MAIN, LOG_I_DEBUG, - "http%s proxy: type GET...", name); - if (!(table[i].state & C_GET_WAIT)) { - aflog(LOG_T_MAIN, LOG_I_DEBUG, - "http%s proxy: not waiting for GET...", name); - table[i].sent_ptr = 0; - FD_CLR(table[i].sockfd, &allset); - clear_sslFd(table[i].getFd, &allset); - table[i].state |= C_GET_WAIT; - } - if (!(table[i].state & C_OPEN)) { - aflog(LOG_T_MAIN, LOG_I_DEBUG, - "http%s proxy: not opened...", name); - if (afserver_connect(&table[i].sockfd, afserverfd, cliaddr, addrlenp, 1)) { - memset(tab, 0, 9000); - sprintf(tab,"HTTP/1.1 400 Bad Request\r\n\r\n"); - n = strlen (tab); - http_write(https, connFd, (unsigned char*) tab, n); - close_fd((&(connFd->fd))); - SSL_clear(SslFd_get_ssl(connFd)); - clear_sslFd(table[i].postFd, &allset); - table[i].state = C_CLOSED; - continue; - } - table[i].state |= C_OPEN; - aflog(LOG_T_MAIN, LOG_I_DEBUG, - "http%s proxy: OPEN...", name); - } - table[i].state &= ~C_GET_WAIT; - table[i].sent_ptr = 0; - SslFd_swap_content(table[i].getFd, connFd); - set_fd(table[i].sockfd, &maxfdp1, &allset); - set_fd(SslFd_get_fd(table[i].getFd), &maxfdp1, &allset); - memset(tab, 0, 9000); - sprintf(tab, - "HTTP/1.1 200 OK\r\n" - "Content-Length: 90000\r\n" - "Connection: close\r\n" - "Pragma: no-cache\r\n" - "Cache-Control: no-cache, no-store, must-revalidate\r\n" - "Expires: 0\r\n" - "Content-Type: text/html\r\n\r\n"); - n = strlen(tab); - if (writen(SslFd_get_fd(table[i].getFd), (unsigned char*) tab, n) <= 0) { - delete_user(table, i, &allset); - continue; - } - if (table[i].length) { - if (writen(SslFd_get_fd(table[i].getFd), - (unsigned char*) (table[i].buf+table[i].ptr), table[i].length) <= 0) { - delete_user(table, i, &allset); - continue; - } - } - table[i].sent_ptr = table[i].length; - table[i].ptr = 0; - table[i].length = 0; - if (table[i].state & C_DELAYED_A) { - aflog(LOG_T_MAIN, LOG_I_DDEBUG, - "http%s proxy: send A to table[%d].getfd", name, i); - http_write(https, table[i].getFd, (unsigned char*) "A", 1); - table[i].sent_ptr += 1; - table[i].state &= ~C_DELAYED_A; - } - } - else if (hdr.type == H_TYPE_POST) { - aflog(LOG_T_MAIN, LOG_I_DEBUG, - "http%s proxy: type POST...", name); - if (!(table[i].state & C_POST_WAIT)) { - aflog(LOG_T_MAIN, LOG_I_DEBUG, - "http%s proxy: unexpected POST request...", name); - if (table[i].tmpstate == 0) { - aflog(LOG_T_MAIN, LOG_I_DEBUG, - "http%s proxy: buffering POST request...", name); - table[i].tmpstate = 1; - SslFd_swap_content(table[i].tmpFd, connFd); - memcpy(table[i].tmpbuf, tab, 9000); - table[i].tmpheader = hdr; - } - else { - aflog(LOG_T_MAIN, LOG_I_DEBUG, - "http%s proxy: no space to buffer POST request (received from first postfd: %d)", name, - table[i].received); - delete_user(table, i, &allset); - } - } - else { - if (hdr.length) { - table[i].received += hdr.length; - if (read_message(table[i].sockfd, hdr.length, &table[i], tab, hdr.ptr)) { - delete_user(table, i, &allset); - } - } - table[i].state &= ~C_POST_WAIT; - SslFd_swap_content(table[i].postFd, connFd); - set_fd(SslFd_get_fd(table[i].postFd), &maxfdp1, &allset); - } - } - else { - aflog(LOG_T_MAIN, LOG_I_DEBUG, - "http%s proxy: unrecognized type...", name); - delete_user(table, i, &allset); - } - } - else if (n != -1) { /* there are free slots */ - aflog(LOG_T_MAIN, LOG_I_DEBUG, - "http%s proxy: there are free slots...", name); - if (!nothttp) { - aflog(LOG_T_MAIN, LOG_I_DEBUG, - "http%s proxy: http header...", name); - if (hdr.type == H_TYPE_POST) { /* POST request must be first */ - aflog(LOG_T_MAIN, LOG_I_DEBUG, - "http%s proxy: type POST...", name); - table[n].state = C_GET_WAIT; - memcpy(table[n].id,hdr.id, 9); - SslFd_swap_content(table[n].postFd, connFd); - set_fd(SslFd_get_fd(table[n].postFd), &maxfdp1, &allset); - } - else { - aflog(LOG_T_MAIN, LOG_I_DEBUG, - "http%s proxy: closing this connection... (not POST type)", name); - close_fd((&(connFd->fd))); - if (https) { - SSL_clear(SslFd_get_ssl(connFd)); - } - continue; - } - } - else { - table[n].state = C_OPEN; - SslFd_set_fd(table[n].postFd, SslFd_get_fd(connFd)); - table[n].type = 1; - set_fd(SslFd_get_fd(table[n].postFd), &maxfdp1, &allset); - if (afserver_connect(&table[n].sockfd, afserverfd, cliaddr, addrlenp, 0)) { - clear_sslFd(table[n].postFd, &allset); - table[n].state = C_CLOSED; - continue; - } - set_fd(table[n].sockfd, &maxfdp1, &allset); - write(table[n].sockfd, tab, hdr.allreaded); - } - } - else { - aflog(LOG_T_MAIN, LOG_I_DEBUG, - "http%s proxy: closing this connection... (no free slots)", name); - close_fd((&(connFd->fd))); - continue; - } - } - } - - return 0; -} - -/* - * Function name: initialize_http_proxy_server - * Description: Initializes the thread responsible for http proxy connection. - * Arguments: sockfd - the new connection descriptor will be stored here - * host - the name of the host on which we will be listening on - * serv - the port on which we will be listening on - * addrlenp - pointer to the length of the sockaddr structure - * type - the type of the connection - * limit - the limit for user's connections - * https - if the connection should be https instead of http - * ctx - the pointer to SSL_CTX structure - * Returns: 0 - success, - * !0 - failure. - */ - -int -initialize_http_proxy_server(int* sockfd, const char *host, const char *serv, socklen_t *addrlenp, const char type, int limit, char https, SSL_CTX* ctx) -{ - int retval; - int sockets[2]; - pthread_t proxy_thread; - static sproxy_argT arg; - - if (socketpair(AF_UNIX, SOCK_STREAM, 0, sockets)) { - return 1; - } - (*sockfd) = sockets[0]; - - start_critical_section(); - - arg.host = (char*) host; - arg.serv = (char*) serv; - arg.addrlenp = addrlenp; - arg.limit = limit; - arg.type = (char) type; - arg.sockfd = sockets[1]; - arg.https = https; - arg.ctx = ctx; - - retval = pthread_create(&proxy_thread, NULL, &http_proxy_server, &arg); - - wait_for_condition(); - - end_critical_section(); - - return retval; -} - -#endif diff --git a/src/http_proxy_server.h b/src/http_proxy_server.h deleted file mode 100644 index 22c121c..0000000 --- a/src/http_proxy_server.h +++ /dev/null @@ -1,29 +0,0 @@ -/* - * active port forwarder - software for secure forwarding - * Copyright (C) 2003-2007 jeremian <jeremian [at] poczta.fm> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - * - */ - -#ifndef _JS_HTTP_PROXY_SERVER_H -#define _JS_HTTP_PROXY_SERVER_H - -#include "http_proxy_functions.h" -#include "network.h" - -int initialize_http_proxy_server(int* sockfd, const char *host, const char *serv, socklen_t *addrlenp, const char type, int limit, char https, SSL_CTX* ctx); - -#endif diff --git a/src/network.h b/src/network.h index b8c0273..132b780 100644 --- a/src/network.h +++ b/src/network.h @@ -30,9 +30,6 @@ #include <arpa/inet.h> #include <netinet/in.h> #include <unistd.h> -#ifdef HAVE_LIBPTHREAD -#include <pthread.h> -#endif #include <netdb.h> #include <openssl/ssl.h> diff --git a/src/server_remoteadmin.c b/src/server_remoteadmin.c index 1d10520..de778f6 100644 --- a/src/server_remoteadmin.c +++ b/src/server_remoteadmin.c @@ -388,14 +388,6 @@ serve_admin(ServerConfiguration* config, int realm, int client, unsigned char* b add_to_message(buff, "tunneltype: direct"); break; } - case CONNECTCLIENT_TUNNELTYPE_HTTPPROXY: { - add_to_message(buff, "tunneltype: http proxy"); - break; - } - case CONNECTCLIENT_TUNNELTYPE_HTTPSPROXY: { - add_to_message(buff, "tunneltype: https proxy"); - break; - } default: { add_to_message(buff, "tunneltype: UNKNOWN"); } @@ -452,14 +444,6 @@ serve_admin(ServerConfiguration* config, int realm, int client, unsigned char* b add_to_message(buff, "tunneltype: direct"); break; } - case CONNECTCLIENT_TUNNELTYPE_HTTPPROXY: { - add_to_message(buff, "tunneltype: http proxy"); - break; - } - case CONNECTCLIENT_TUNNELTYPE_HTTPSPROXY: { - add_to_message(buff, "tunneltype: https proxy"); - break; - } default: { add_to_message(buff, "tunneltype: UNKNOWN"); } diff --git a/src/server_signals.c b/src/server_signals.c index 84cf5ec..b21d467 100644 --- a/src/server_signals.c +++ b/src/server_signals.c @@ -19,11 +19,10 @@ */ #include <config.h> +#include <unistd.h> #include "server_signals.h" #include "activefor.h" -#include "thread_management.h" -#include "http_proxy_functions.h" #include "stats.h" #include "logging.h" #include "server_configuration_struct.h" @@ -44,12 +43,6 @@ server_sig_int(int signo) int i, j; unsigned char buff[5]; ServerRealm** scRealmsTable; - -#ifdef HAVE_LIBPTHREAD - if (!is_this_a_mainthread()) { - return; - } -#endif for (j = 0; j < ServerConfiguration_get_realmsNumber(config); ++j) { scRealmsTable = ServerConfiguration_get_realmsTable(config); diff --git a/src/thread_management.c b/src/thread_management.c deleted file mode 100644 index d423ca6..0000000 --- a/src/thread_management.c +++ /dev/null @@ -1,102 +0,0 @@ -/* - * active port forwarder - software for secure forwarding - * Copyright (C) 2003-2007 jeremian <jeremian [at] poczta.fm> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - * - */ - -#include <config.h> - -#include "thread_management.h" - -#ifdef HAVE_LIBPTHREAD - -static pthread_t mainthread; -static pthread_mutex_t mainmutex = PTHREAD_MUTEX_INITIALIZER; -static pthread_cond_t maincond = PTHREAD_COND_INITIALIZER; - -/* - * Function name: remember_mainthread - * Description: Remembers the current thread as a main thread. - */ - -void -remember_mainthread(void) -{ - mainthread = pthread_self(); -} - -/* - * Function name: is_this_a_mainthread - * Description: Checks, if the current thread is a main thread. - * Returns: 0 - this is not a main thread, - * 1 - this is a main thread. - */ - -int -is_this_a_mainthread(void) -{ - if (pthread_self() == mainthread) { - return 1; - } - return 0; -} - -/* - * Function name: start_critical_section - * Description: Starts the critical section of the code by locking the mutex. - */ - -void -start_critical_section(void) -{ - pthread_mutex_lock( &mainmutex); -} - -/* - * Function name: end_critical_section - * Description: Ends the critical section of the code by unlocking the mutex. - */ - -void -end_critical_section(void) -{ - pthread_mutex_unlock( &mainmutex); -} - -/* - * Function name: wait_for_condition - * Description: Starts waiting for the condition. - */ - -void -wait_for_condition(void) -{ - pthread_cond_wait(&maincond, &mainmutex); -} - -/* - * Function name: broadcast_condition - * Description: Broadcast the met of the condition. - */ - -void -broadcast_condition(void) -{ - pthread_cond_broadcast(&maincond); -} - -#endif diff --git a/src/thread_management.h b/src/thread_management.h deleted file mode 100644 index 9ea87fb..0000000 --- a/src/thread_management.h +++ /dev/null @@ -1,34 +0,0 @@ -/* - * active port forwarder - software for secure forwarding - * Copyright (C) 2003-2007 jeremian <jeremian [at] poczta.fm> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - * - */ - -#ifndef _JS_THREAD_MANAGEMENT_H -#define _JS_THREAD_MANAGEMENT_H - -#include <pthread.h> - -void remember_mainthread(void); -int is_this_a_mainthread(void); -void start_critical_section(void); -void end_critical_section(void); -void wait_for_condition(void); -void broadcast_condition(void); - -#endif - diff --git a/src/usage.c b/src/usage.c index 08a85b8..e32f6f8 100644 --- a/src/usage.c +++ b/src/usage.c @@ -110,15 +110,7 @@ server_long_usage(char* info) printf(" -4, --ipv4 - use ipv4 only\n"); printf(" -6, --ipv6 - use ipv6 only\n\n"); #endif -#ifdef HAVE_LIBPTHREAD - printf(" HTTP PROXY:\n\n"); - printf(" -P, --enableproxy - enable http proxy mode\n\n"); - /* FIXME: afclient is always trying to get http page, so this option is not needed now - printf(" -S, --use-https - use https proxy instead of http proxy. '-P' option\n"); - printf(" will be set implicitly\n\n"); - */ -#endif - + exit(0); } @@ -213,15 +205,6 @@ client_long_usage(char* info) printf(" -l, --load - load a module for user's packets filtering\n"); printf(" -L, --Load - load a module for service's packets filtering\n\n"); #endif -#ifdef HAVE_LIBPTHREAD - printf(" HTTP/HTTPS PROXY:\n\n"); - printf(" -S, --use-https - use https proxy instead of http proxy\n"); - printf(" -P, --proxyname - the name of the machine with proxy server\n"); - printf(" -X, --proxyport - the port used by proxy server (default: 8080)\n"); - printf(" -C, --pa-cred U:P - the user (U) and password (P) used in proxy\n"); - printf(" authorization\n"); - printf(" -B, --pa-t-basic - the Basic type of proxy authorization (default)\n\n"); -#endif - + exit(0); } |