2002-03-23 17:47:21 +00:00
|
|
|
/*
|
|
|
|
* Network proxy abstraction in PuTTY
|
|
|
|
*
|
|
|
|
* A proxy layer, if necessary, wedges itself between the network
|
|
|
|
* code and the higher level backend.
|
|
|
|
*/
|
|
|
|
|
2002-09-21 16:52:21 +00:00
|
|
|
#include <assert.h>
|
2002-10-23 14:24:40 +00:00
|
|
|
#include <ctype.h>
|
|
|
|
#include <string.h>
|
2002-09-21 16:52:21 +00:00
|
|
|
|
2002-03-23 17:47:21 +00:00
|
|
|
#include "putty.h"
|
|
|
|
#include "network.h"
|
|
|
|
#include "proxy.h"
|
|
|
|
|
Post-release destabilisation! Completely remove the struct type
'Config' in putty.h, which stores all PuTTY's settings and includes an
arbitrary length limit on every single one of those settings which is
stored in string form. In place of it is 'Conf', an opaque data type
everywhere outside the new file conf.c, which stores a list of (key,
value) pairs in which every key contains an integer identifying a
configuration setting, and for some of those integers the key also
contains extra parts (so that, for instance, CONF_environmt is a
string-to-string mapping). Everywhere that a Config was previously
used, a Conf is now; everywhere there was a Config structure copy,
conf_copy() is called; every lookup, adjustment, load and save
operation on a Config has been rewritten; and there's a mechanism for
serialising a Conf into a binary blob and back for use with Duplicate
Session.
User-visible effects of this change _should_ be minimal, though I
don't doubt I've introduced one or two bugs here and there which will
eventually be found. The _intended_ visible effects of this change are
that all arbitrary limits on configuration strings and lists (e.g.
limit on number of port forwardings) should now disappear; that list
boxes in the configuration will now be displayed in a sorted order
rather than the arbitrary order in which they were added to the list
(since the underlying data structure is now a sorted tree234 rather
than an ad-hoc comma-separated string); and one more specific change,
which is that local and dynamic port forwardings on the same port
number are now mutually exclusive in the configuration (putting 'D' in
the key rather than the value was a mistake in the first place).
One other reorganisation as a result of this is that I've moved all
the dialog.c standard handlers (dlg_stdeditbox_handler and friends)
out into config.c, because I can't really justify calling them generic
any more. When they took a pointer to an arbitrary structure type and
the offset of a field within that structure, they were independent of
whether that structure was a Config or something completely different,
but now they really do expect to talk to a Conf, which can _only_ be
used for PuTTY configuration, so I've renamed them all things like
conf_editbox_handler and moved them out of the nominally independent
dialog-box management module into the PuTTY-specific config.c.
[originally from svn r9214]
2011-07-14 18:52:21 +00:00
|
|
|
#define do_proxy_dns(conf) \
|
|
|
|
(conf_get_int(conf, CONF_proxy_dns) == FORCE_ON || \
|
2019-09-08 19:29:00 +00:00
|
|
|
(conf_get_int(conf, CONF_proxy_dns) == AUTO && \
|
|
|
|
conf_get_int(conf, CONF_proxy_type) != PROXY_SOCKS4))
|
2002-12-18 16:23:11 +00:00
|
|
|
|
2002-03-23 17:47:21 +00:00
|
|
|
/*
|
|
|
|
* Call this when proxy negotiation is complete, so that this
|
|
|
|
* socket can begin working normally.
|
|
|
|
*/
|
2018-05-27 08:29:33 +00:00
|
|
|
void proxy_activate (ProxySocket *p)
|
2002-03-23 17:47:21 +00:00
|
|
|
{
|
2019-02-06 20:46:45 +00:00
|
|
|
size_t output_before, output_after;
|
2019-09-08 19:29:00 +00:00
|
|
|
|
2002-03-23 17:47:21 +00:00
|
|
|
p->state = PROXY_STATE_ACTIVE;
|
|
|
|
|
2021-09-13 13:28:47 +00:00
|
|
|
plug_log(p->plug, PLUGLOG_CONNECT_SUCCESS, NULL, 0, NULL, 0);
|
|
|
|
|
2002-10-22 09:40:38 +00:00
|
|
|
/* we want to ignore new receive events until we have sent
|
|
|
|
* all of our buffered receive data.
|
|
|
|
*/
|
Convert a lot of 'int' variables to 'bool'.
My normal habit these days, in new code, is to treat int and bool as
_almost_ completely separate types. I'm still willing to use C's
implicit test for zero on an integer (e.g. 'if (!blob.len)' is fine,
no need to spell it out as blob.len != 0), but generally, if a
variable is going to be conceptually a boolean, I like to declare it
bool and assign to it using 'true' or 'false' rather than 0 or 1.
PuTTY is an exception, because it predates the C99 bool, and I've
stuck to its existing coding style even when adding new code to it.
But it's been annoying me more and more, so now that I've decided C99
bool is an acceptable thing to require from our toolchain in the first
place, here's a quite thorough trawl through the source doing
'boolification'. Many variables and function parameters are now typed
as bool rather than int; many assignments of 0 or 1 to those variables
are now spelled 'true' or 'false'.
I managed this thorough conversion with the help of a custom clang
plugin that I wrote to trawl the AST and apply heuristics to point out
where things might want changing. So I've even managed to do a decent
job on parts of the code I haven't looked at in years!
To make the plugin's work easier, I pushed platform front ends
generally in the direction of using standard 'bool' in preference to
platform-specific boolean types like Windows BOOL or GTK's gboolean;
I've left the platform booleans in places they _have_ to be for the
platform APIs to work right, but variables only used by my own code
have been converted wherever I found them.
In a few places there are int values that look very like booleans in
_most_ of the places they're used, but have a rarely-used third value,
or a distinction between different nonzero values that most users
don't care about. In these cases, I've _removed_ uses of 'true' and
'false' for the return values, to emphasise that there's something
more subtle going on than a simple boolean answer:
- the 'multisel' field in dialog.h's list box structure, for which
the GTK front end in particular recognises a difference between 1
and 2 but nearly everything else treats as boolean
- the 'urgent' parameter to plug_receive, where 1 vs 2 tells you
something about the specific location of the urgent pointer, but
most clients only care about 0 vs 'something nonzero'
- the return value of wc_match, where -1 indicates a syntax error in
the wildcard.
- the return values from SSH-1 RSA-key loading functions, which use
-1 for 'wrong passphrase' and 0 for all other failures (so any
caller which already knows it's not loading an _encrypted private_
key can treat them as boolean)
- term->esc_query, and the 'query' parameter in toggle_mode in
terminal.c, which _usually_ hold 0 for ESC[123h or 1 for ESC[?123h,
but can also hold -1 for some other intervening character that we
don't support.
In a few places there's an integer that I haven't turned into a bool
even though it really _can_ only take values 0 or 1 (and, as above,
tried to make the call sites consistent in not calling those values
true and false), on the grounds that I thought it would make it more
confusing to imply that the 0 value was in some sense 'negative' or
bad and the 1 positive or good:
- the return value of plug_accepting uses the POSIXish convention of
0=success and nonzero=error; I think if I made it bool then I'd
also want to reverse its sense, and that's a job for a separate
piece of work.
- the 'screen' parameter to lineptr() in terminal.c, where 0 and 1
represent the default and alternate screens. There's no obvious
reason why one of those should be considered 'true' or 'positive'
or 'success' - they're just indices - so I've left it as int.
ssh_scp_recv had particularly confusing semantics for its previous int
return value: its call sites used '<= 0' to check for error, but it
never actually returned a negative number, just 0 or 1. Now the
function and its call sites agree that it's a bool.
In a couple of places I've renamed variables called 'ret', because I
don't like that name any more - it's unclear whether it means the
return value (in preparation) for the _containing_ function or the
return value received from a subroutine call, and occasionally I've
accidentally used the same variable for both and introduced a bug. So
where one of those got in my way, I've renamed it to 'toret' or 'retd'
(the latter short for 'returned') in line with my usual modern
practice, but I haven't done a thorough job of finding all of them.
Finally, one amusing side effect of doing this is that I've had to
separate quite a few chained assignments. It used to be perfectly fine
to write 'a = b = c = TRUE' when a,b,c were int and TRUE was just a
the 'true' defined by stdbool.h, that idiom provokes a warning from
gcc: 'suggest parentheses around assignment used as truth value'!
2018-11-02 19:23:19 +00:00
|
|
|
sk_set_frozen(p->sub_socket, true);
|
2002-03-23 17:47:21 +00:00
|
|
|
|
2002-10-22 09:40:38 +00:00
|
|
|
/* how many bytes of output have we buffered? */
|
|
|
|
output_before = bufchain_size(&p->pending_oob_output_data) +
|
2019-09-08 19:29:00 +00:00
|
|
|
bufchain_size(&p->pending_output_data);
|
2002-10-22 09:40:38 +00:00
|
|
|
/* and keep track of how many bytes do not get sent. */
|
|
|
|
output_after = 0;
|
2019-09-08 19:29:00 +00:00
|
|
|
|
2002-03-27 21:09:16 +00:00
|
|
|
/* send buffered OOB writes */
|
2002-03-23 17:47:21 +00:00
|
|
|
while (bufchain_size(&p->pending_oob_output_data) > 0) {
|
2019-02-06 20:46:45 +00:00
|
|
|
ptrlen data = bufchain_prefix(&p->pending_oob_output_data);
|
2019-09-08 19:29:00 +00:00
|
|
|
output_after += sk_write_oob(p->sub_socket, data.ptr, data.len);
|
|
|
|
bufchain_consume(&p->pending_oob_output_data, data.len);
|
2002-03-23 17:47:21 +00:00
|
|
|
}
|
|
|
|
|
2002-03-27 21:09:16 +00:00
|
|
|
/* send buffered normal writes */
|
2002-03-23 17:47:21 +00:00
|
|
|
while (bufchain_size(&p->pending_output_data) > 0) {
|
2019-09-08 19:29:00 +00:00
|
|
|
ptrlen data = bufchain_prefix(&p->pending_output_data);
|
|
|
|
output_after += sk_write(p->sub_socket, data.ptr, data.len);
|
|
|
|
bufchain_consume(&p->pending_output_data, data.len);
|
2002-03-23 17:47:21 +00:00
|
|
|
}
|
2002-10-22 09:40:38 +00:00
|
|
|
|
|
|
|
/* if we managed to send any data, let the higher levels know. */
|
|
|
|
if (output_after < output_before)
|
2019-02-06 20:42:44 +00:00
|
|
|
plug_sent(p->plug, output_after);
|
2002-03-23 17:47:21 +00:00
|
|
|
|
2011-09-13 11:44:03 +00:00
|
|
|
/* if we have a pending EOF to send, send it */
|
|
|
|
if (p->pending_eof) sk_write_eof(p->sub_socket);
|
|
|
|
|
2002-10-22 09:40:38 +00:00
|
|
|
/* if the backend wanted the socket unfrozen, try to unfreeze.
|
|
|
|
* our set_frozen handler will flush buffered receive data before
|
|
|
|
* unfreezing the actual underlying socket.
|
|
|
|
*/
|
|
|
|
if (!p->freeze)
|
2020-02-12 21:35:04 +00:00
|
|
|
sk_set_frozen(&p->sock, false);
|
2002-03-23 17:47:21 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/* basic proxy socket functions */
|
|
|
|
|
Get rid of lots of implicit pointer types.
All the main backend structures - Ssh, Telnet, Pty, Serial etc - now
describe structure types themselves rather than pointers to them. The
same goes for the codebase-wide trait types Socket and Plug, and the
supporting types SockAddr and Pinger.
All those things that were typedefed as pointers are older types; the
newer ones have the explicit * at the point of use, because that's
what I now seem to be preferring. But whichever one of those is
better, inconsistently using a mixture of the two styles is worse, so
let's make everything consistent.
A few types are still implicitly pointers, such as Bignum and some of
the GSSAPI types; generally this is either because they have to be
void *, or because they're typedefed differently on different
platforms and aren't always pointers at all. Can't be helped. But I've
got rid of the main ones, at least.
2018-10-04 18:10:23 +00:00
|
|
|
static Plug *sk_proxy_plug (Socket *s, Plug *p)
|
2002-03-23 17:47:21 +00:00
|
|
|
{
|
2018-10-05 22:49:08 +00:00
|
|
|
ProxySocket *ps = container_of(s, ProxySocket, sock);
|
Get rid of lots of implicit pointer types.
All the main backend structures - Ssh, Telnet, Pty, Serial etc - now
describe structure types themselves rather than pointers to them. The
same goes for the codebase-wide trait types Socket and Plug, and the
supporting types SockAddr and Pinger.
All those things that were typedefed as pointers are older types; the
newer ones have the explicit * at the point of use, because that's
what I now seem to be preferring. But whichever one of those is
better, inconsistently using a mixture of the two styles is worse, so
let's make everything consistent.
A few types are still implicitly pointers, such as Bignum and some of
the GSSAPI types; generally this is either because they have to be
void *, or because they're typedefed differently on different
platforms and aren't always pointers at all. Can't be helped. But I've
got rid of the main ones, at least.
2018-10-04 18:10:23 +00:00
|
|
|
Plug *ret = ps->plug;
|
2002-03-23 17:47:21 +00:00
|
|
|
if (p)
|
2019-09-08 19:29:00 +00:00
|
|
|
ps->plug = p;
|
2002-03-23 17:47:21 +00:00
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
Get rid of lots of implicit pointer types.
All the main backend structures - Ssh, Telnet, Pty, Serial etc - now
describe structure types themselves rather than pointers to them. The
same goes for the codebase-wide trait types Socket and Plug, and the
supporting types SockAddr and Pinger.
All those things that were typedefed as pointers are older types; the
newer ones have the explicit * at the point of use, because that's
what I now seem to be preferring. But whichever one of those is
better, inconsistently using a mixture of the two styles is worse, so
let's make everything consistent.
A few types are still implicitly pointers, such as Bignum and some of
the GSSAPI types; generally this is either because they have to be
void *, or because they're typedefed differently on different
platforms and aren't always pointers at all. Can't be helped. But I've
got rid of the main ones, at least.
2018-10-04 18:10:23 +00:00
|
|
|
static void sk_proxy_close (Socket *s)
|
2002-03-23 17:47:21 +00:00
|
|
|
{
|
2018-10-05 22:49:08 +00:00
|
|
|
ProxySocket *ps = container_of(s, ProxySocket, sock);
|
2002-03-23 17:47:21 +00:00
|
|
|
|
|
|
|
sk_close(ps->sub_socket);
|
2003-08-07 16:04:33 +00:00
|
|
|
sk_addr_free(ps->remote_addr);
|
2002-03-23 17:47:21 +00:00
|
|
|
sfree(ps);
|
|
|
|
}
|
|
|
|
|
2019-02-06 20:42:44 +00:00
|
|
|
static size_t sk_proxy_write (Socket *s, const void *data, size_t len)
|
2002-03-23 17:47:21 +00:00
|
|
|
{
|
2018-10-05 22:49:08 +00:00
|
|
|
ProxySocket *ps = container_of(s, ProxySocket, sock);
|
2002-03-23 17:47:21 +00:00
|
|
|
|
|
|
|
if (ps->state != PROXY_STATE_ACTIVE) {
|
2019-09-08 19:29:00 +00:00
|
|
|
bufchain_add(&ps->pending_output_data, data, len);
|
|
|
|
return bufchain_size(&ps->pending_output_data);
|
2002-03-23 17:47:21 +00:00
|
|
|
}
|
|
|
|
return sk_write(ps->sub_socket, data, len);
|
|
|
|
}
|
|
|
|
|
2019-02-06 20:42:44 +00:00
|
|
|
static size_t sk_proxy_write_oob (Socket *s, const void *data, size_t len)
|
2002-03-23 17:47:21 +00:00
|
|
|
{
|
2018-10-05 22:49:08 +00:00
|
|
|
ProxySocket *ps = container_of(s, ProxySocket, sock);
|
2002-03-23 17:47:21 +00:00
|
|
|
|
|
|
|
if (ps->state != PROXY_STATE_ACTIVE) {
|
2019-09-08 19:29:00 +00:00
|
|
|
bufchain_clear(&ps->pending_output_data);
|
|
|
|
bufchain_clear(&ps->pending_oob_output_data);
|
|
|
|
bufchain_add(&ps->pending_oob_output_data, data, len);
|
|
|
|
return len;
|
2002-03-23 17:47:21 +00:00
|
|
|
}
|
|
|
|
return sk_write_oob(ps->sub_socket, data, len);
|
|
|
|
}
|
|
|
|
|
Get rid of lots of implicit pointer types.
All the main backend structures - Ssh, Telnet, Pty, Serial etc - now
describe structure types themselves rather than pointers to them. The
same goes for the codebase-wide trait types Socket and Plug, and the
supporting types SockAddr and Pinger.
All those things that were typedefed as pointers are older types; the
newer ones have the explicit * at the point of use, because that's
what I now seem to be preferring. But whichever one of those is
better, inconsistently using a mixture of the two styles is worse, so
let's make everything consistent.
A few types are still implicitly pointers, such as Bignum and some of
the GSSAPI types; generally this is either because they have to be
void *, or because they're typedefed differently on different
platforms and aren't always pointers at all. Can't be helped. But I've
got rid of the main ones, at least.
2018-10-04 18:10:23 +00:00
|
|
|
static void sk_proxy_write_eof (Socket *s)
|
2011-09-13 11:44:03 +00:00
|
|
|
{
|
2018-10-05 22:49:08 +00:00
|
|
|
ProxySocket *ps = container_of(s, ProxySocket, sock);
|
2011-09-13 11:44:03 +00:00
|
|
|
|
|
|
|
if (ps->state != PROXY_STATE_ACTIVE) {
|
Convert a lot of 'int' variables to 'bool'.
My normal habit these days, in new code, is to treat int and bool as
_almost_ completely separate types. I'm still willing to use C's
implicit test for zero on an integer (e.g. 'if (!blob.len)' is fine,
no need to spell it out as blob.len != 0), but generally, if a
variable is going to be conceptually a boolean, I like to declare it
bool and assign to it using 'true' or 'false' rather than 0 or 1.
PuTTY is an exception, because it predates the C99 bool, and I've
stuck to its existing coding style even when adding new code to it.
But it's been annoying me more and more, so now that I've decided C99
bool is an acceptable thing to require from our toolchain in the first
place, here's a quite thorough trawl through the source doing
'boolification'. Many variables and function parameters are now typed
as bool rather than int; many assignments of 0 or 1 to those variables
are now spelled 'true' or 'false'.
I managed this thorough conversion with the help of a custom clang
plugin that I wrote to trawl the AST and apply heuristics to point out
where things might want changing. So I've even managed to do a decent
job on parts of the code I haven't looked at in years!
To make the plugin's work easier, I pushed platform front ends
generally in the direction of using standard 'bool' in preference to
platform-specific boolean types like Windows BOOL or GTK's gboolean;
I've left the platform booleans in places they _have_ to be for the
platform APIs to work right, but variables only used by my own code
have been converted wherever I found them.
In a few places there are int values that look very like booleans in
_most_ of the places they're used, but have a rarely-used third value,
or a distinction between different nonzero values that most users
don't care about. In these cases, I've _removed_ uses of 'true' and
'false' for the return values, to emphasise that there's something
more subtle going on than a simple boolean answer:
- the 'multisel' field in dialog.h's list box structure, for which
the GTK front end in particular recognises a difference between 1
and 2 but nearly everything else treats as boolean
- the 'urgent' parameter to plug_receive, where 1 vs 2 tells you
something about the specific location of the urgent pointer, but
most clients only care about 0 vs 'something nonzero'
- the return value of wc_match, where -1 indicates a syntax error in
the wildcard.
- the return values from SSH-1 RSA-key loading functions, which use
-1 for 'wrong passphrase' and 0 for all other failures (so any
caller which already knows it's not loading an _encrypted private_
key can treat them as boolean)
- term->esc_query, and the 'query' parameter in toggle_mode in
terminal.c, which _usually_ hold 0 for ESC[123h or 1 for ESC[?123h,
but can also hold -1 for some other intervening character that we
don't support.
In a few places there's an integer that I haven't turned into a bool
even though it really _can_ only take values 0 or 1 (and, as above,
tried to make the call sites consistent in not calling those values
true and false), on the grounds that I thought it would make it more
confusing to imply that the 0 value was in some sense 'negative' or
bad and the 1 positive or good:
- the return value of plug_accepting uses the POSIXish convention of
0=success and nonzero=error; I think if I made it bool then I'd
also want to reverse its sense, and that's a job for a separate
piece of work.
- the 'screen' parameter to lineptr() in terminal.c, where 0 and 1
represent the default and alternate screens. There's no obvious
reason why one of those should be considered 'true' or 'positive'
or 'success' - they're just indices - so I've left it as int.
ssh_scp_recv had particularly confusing semantics for its previous int
return value: its call sites used '<= 0' to check for error, but it
never actually returned a negative number, just 0 or 1. Now the
function and its call sites agree that it's a bool.
In a couple of places I've renamed variables called 'ret', because I
don't like that name any more - it's unclear whether it means the
return value (in preparation) for the _containing_ function or the
return value received from a subroutine call, and occasionally I've
accidentally used the same variable for both and introduced a bug. So
where one of those got in my way, I've renamed it to 'toret' or 'retd'
(the latter short for 'returned') in line with my usual modern
practice, but I haven't done a thorough job of finding all of them.
Finally, one amusing side effect of doing this is that I've had to
separate quite a few chained assignments. It used to be perfectly fine
to write 'a = b = c = TRUE' when a,b,c were int and TRUE was just a
the 'true' defined by stdbool.h, that idiom provokes a warning from
gcc: 'suggest parentheses around assignment used as truth value'!
2018-11-02 19:23:19 +00:00
|
|
|
ps->pending_eof = true;
|
2019-09-08 19:29:00 +00:00
|
|
|
return;
|
2011-09-13 11:44:03 +00:00
|
|
|
}
|
|
|
|
sk_write_eof(ps->sub_socket);
|
|
|
|
}
|
|
|
|
|
Convert a lot of 'int' variables to 'bool'.
My normal habit these days, in new code, is to treat int and bool as
_almost_ completely separate types. I'm still willing to use C's
implicit test for zero on an integer (e.g. 'if (!blob.len)' is fine,
no need to spell it out as blob.len != 0), but generally, if a
variable is going to be conceptually a boolean, I like to declare it
bool and assign to it using 'true' or 'false' rather than 0 or 1.
PuTTY is an exception, because it predates the C99 bool, and I've
stuck to its existing coding style even when adding new code to it.
But it's been annoying me more and more, so now that I've decided C99
bool is an acceptable thing to require from our toolchain in the first
place, here's a quite thorough trawl through the source doing
'boolification'. Many variables and function parameters are now typed
as bool rather than int; many assignments of 0 or 1 to those variables
are now spelled 'true' or 'false'.
I managed this thorough conversion with the help of a custom clang
plugin that I wrote to trawl the AST and apply heuristics to point out
where things might want changing. So I've even managed to do a decent
job on parts of the code I haven't looked at in years!
To make the plugin's work easier, I pushed platform front ends
generally in the direction of using standard 'bool' in preference to
platform-specific boolean types like Windows BOOL or GTK's gboolean;
I've left the platform booleans in places they _have_ to be for the
platform APIs to work right, but variables only used by my own code
have been converted wherever I found them.
In a few places there are int values that look very like booleans in
_most_ of the places they're used, but have a rarely-used third value,
or a distinction between different nonzero values that most users
don't care about. In these cases, I've _removed_ uses of 'true' and
'false' for the return values, to emphasise that there's something
more subtle going on than a simple boolean answer:
- the 'multisel' field in dialog.h's list box structure, for which
the GTK front end in particular recognises a difference between 1
and 2 but nearly everything else treats as boolean
- the 'urgent' parameter to plug_receive, where 1 vs 2 tells you
something about the specific location of the urgent pointer, but
most clients only care about 0 vs 'something nonzero'
- the return value of wc_match, where -1 indicates a syntax error in
the wildcard.
- the return values from SSH-1 RSA-key loading functions, which use
-1 for 'wrong passphrase' and 0 for all other failures (so any
caller which already knows it's not loading an _encrypted private_
key can treat them as boolean)
- term->esc_query, and the 'query' parameter in toggle_mode in
terminal.c, which _usually_ hold 0 for ESC[123h or 1 for ESC[?123h,
but can also hold -1 for some other intervening character that we
don't support.
In a few places there's an integer that I haven't turned into a bool
even though it really _can_ only take values 0 or 1 (and, as above,
tried to make the call sites consistent in not calling those values
true and false), on the grounds that I thought it would make it more
confusing to imply that the 0 value was in some sense 'negative' or
bad and the 1 positive or good:
- the return value of plug_accepting uses the POSIXish convention of
0=success and nonzero=error; I think if I made it bool then I'd
also want to reverse its sense, and that's a job for a separate
piece of work.
- the 'screen' parameter to lineptr() in terminal.c, where 0 and 1
represent the default and alternate screens. There's no obvious
reason why one of those should be considered 'true' or 'positive'
or 'success' - they're just indices - so I've left it as int.
ssh_scp_recv had particularly confusing semantics for its previous int
return value: its call sites used '<= 0' to check for error, but it
never actually returned a negative number, just 0 or 1. Now the
function and its call sites agree that it's a bool.
In a couple of places I've renamed variables called 'ret', because I
don't like that name any more - it's unclear whether it means the
return value (in preparation) for the _containing_ function or the
return value received from a subroutine call, and occasionally I've
accidentally used the same variable for both and introduced a bug. So
where one of those got in my way, I've renamed it to 'toret' or 'retd'
(the latter short for 'returned') in line with my usual modern
practice, but I haven't done a thorough job of finding all of them.
Finally, one amusing side effect of doing this is that I've had to
separate quite a few chained assignments. It used to be perfectly fine
to write 'a = b = c = TRUE' when a,b,c were int and TRUE was just a
the 'true' defined by stdbool.h, that idiom provokes a warning from
gcc: 'suggest parentheses around assignment used as truth value'!
2018-11-02 19:23:19 +00:00
|
|
|
static void sk_proxy_set_frozen (Socket *s, bool is_frozen)
|
2002-03-23 17:47:21 +00:00
|
|
|
{
|
2018-10-05 22:49:08 +00:00
|
|
|
ProxySocket *ps = container_of(s, ProxySocket, sock);
|
2002-03-23 17:47:21 +00:00
|
|
|
|
|
|
|
if (ps->state != PROXY_STATE_ACTIVE) {
|
2019-09-08 19:29:00 +00:00
|
|
|
ps->freeze = is_frozen;
|
|
|
|
return;
|
2002-03-23 17:47:21 +00:00
|
|
|
}
|
2019-09-08 19:29:00 +00:00
|
|
|
|
2002-10-22 09:40:38 +00:00
|
|
|
/* handle any remaining buffered recv data first */
|
|
|
|
if (bufchain_size(&ps->pending_input_data) > 0) {
|
2019-09-08 19:29:00 +00:00
|
|
|
ps->freeze = is_frozen;
|
2002-10-22 09:40:38 +00:00
|
|
|
|
2019-09-08 19:29:00 +00:00
|
|
|
/* loop while we still have buffered data, and while we are
|
|
|
|
* unfrozen. the plug_receive call in the loop could result
|
|
|
|
* in a call back into this function refreezing the socket,
|
|
|
|
* so we have to check each time.
|
|
|
|
*/
|
2002-10-22 09:40:38 +00:00
|
|
|
while (!ps->freeze && bufchain_size(&ps->pending_input_data) > 0) {
|
2019-09-08 19:29:00 +00:00
|
|
|
char databuf[512];
|
|
|
|
ptrlen data = bufchain_prefix(&ps->pending_input_data);
|
|
|
|
if (data.len > lenof(databuf))
|
|
|
|
data.len = lenof(databuf);
|
|
|
|
memcpy(databuf, data.ptr, data.len);
|
|
|
|
bufchain_consume(&ps->pending_input_data, data.len);
|
|
|
|
plug_receive(ps->plug, 0, databuf, data.len);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* if we're still frozen, we'll have to wait for another
|
|
|
|
* call from the backend to finish unbuffering the data.
|
|
|
|
*/
|
|
|
|
if (ps->freeze) return;
|
2002-10-22 09:40:38 +00:00
|
|
|
}
|
2019-09-08 19:29:00 +00:00
|
|
|
|
2002-03-23 17:47:21 +00:00
|
|
|
sk_set_frozen(ps->sub_socket, is_frozen);
|
|
|
|
}
|
|
|
|
|
Get rid of lots of implicit pointer types.
All the main backend structures - Ssh, Telnet, Pty, Serial etc - now
describe structure types themselves rather than pointers to them. The
same goes for the codebase-wide trait types Socket and Plug, and the
supporting types SockAddr and Pinger.
All those things that were typedefed as pointers are older types; the
newer ones have the explicit * at the point of use, because that's
what I now seem to be preferring. But whichever one of those is
better, inconsistently using a mixture of the two styles is worse, so
let's make everything consistent.
A few types are still implicitly pointers, such as Bignum and some of
the GSSAPI types; generally this is either because they have to be
void *, or because they're typedefed differently on different
platforms and aren't always pointers at all. Can't be helped. But I've
got rid of the main ones, at least.
2018-10-04 18:10:23 +00:00
|
|
|
static const char * sk_proxy_socket_error (Socket *s)
|
2002-03-23 17:47:21 +00:00
|
|
|
{
|
2018-10-05 22:49:08 +00:00
|
|
|
ProxySocket *ps = container_of(s, ProxySocket, sock);
|
2002-03-23 17:47:21 +00:00
|
|
|
if (ps->error != NULL || ps->sub_socket == NULL) {
|
2019-09-08 19:29:00 +00:00
|
|
|
return ps->error;
|
2002-03-23 17:47:21 +00:00
|
|
|
}
|
|
|
|
return sk_socket_error(ps->sub_socket);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* basic proxy plug functions */
|
|
|
|
|
2020-02-07 19:17:45 +00:00
|
|
|
static void plug_proxy_log(Plug *plug, PlugLogType type, SockAddr *addr,
|
|
|
|
int port, const char *error_msg, int error_code)
|
2005-01-16 14:29:34 +00:00
|
|
|
{
|
2018-10-05 22:49:08 +00:00
|
|
|
ProxySocket *ps = container_of(plug, ProxySocket, plugimpl);
|
2005-01-16 14:29:34 +00:00
|
|
|
|
|
|
|
plug_log(ps->plug, type, addr, port, error_msg, error_code);
|
|
|
|
}
|
|
|
|
|
2021-10-23 16:54:21 +00:00
|
|
|
static void plug_proxy_closing(Plug *p, const char *error_msg, int error_code)
|
2002-03-23 17:47:21 +00:00
|
|
|
{
|
2018-10-05 22:49:08 +00:00
|
|
|
ProxySocket *ps = container_of(p, ProxySocket, plugimpl);
|
2002-03-23 17:47:21 +00:00
|
|
|
|
|
|
|
if (ps->state != PROXY_STATE_ACTIVE) {
|
2019-09-08 19:29:00 +00:00
|
|
|
ps->closing_error_msg = error_msg;
|
|
|
|
ps->closing_error_code = error_code;
|
|
|
|
ps->negotiate(ps, PROXY_CHANGE_CLOSING);
|
2016-06-02 22:03:24 +00:00
|
|
|
} else {
|
2021-10-23 16:54:21 +00:00
|
|
|
plug_closing(ps->plug, error_msg, error_code);
|
2002-03-23 17:47:21 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-02-06 20:42:44 +00:00
|
|
|
static void plug_proxy_receive(
|
|
|
|
Plug *p, int urgent, const char *data, size_t len)
|
2002-03-23 17:47:21 +00:00
|
|
|
{
|
2018-10-05 22:49:08 +00:00
|
|
|
ProxySocket *ps = container_of(p, ProxySocket, plugimpl);
|
2002-03-23 17:47:21 +00:00
|
|
|
|
|
|
|
if (ps->state != PROXY_STATE_ACTIVE) {
|
2019-09-08 19:29:00 +00:00
|
|
|
/* we will lose the urgentness of this data, but since most,
|
|
|
|
* if not all, of this data will be consumed by the negotiation
|
|
|
|
* process, hopefully it won't affect the protocol above us
|
|
|
|
*/
|
|
|
|
bufchain_add(&ps->pending_input_data, data, len);
|
|
|
|
ps->receive_urgent = (urgent != 0);
|
|
|
|
ps->receive_data = data;
|
|
|
|
ps->receive_len = len;
|
|
|
|
ps->negotiate(ps, PROXY_CHANGE_RECEIVE);
|
2016-06-02 22:03:24 +00:00
|
|
|
} else {
|
|
|
|
plug_receive(ps->plug, urgent, data, len);
|
2002-03-23 17:47:21 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-02-06 20:42:44 +00:00
|
|
|
static void plug_proxy_sent (Plug *p, size_t bufsize)
|
2002-03-23 17:47:21 +00:00
|
|
|
{
|
2018-10-05 22:49:08 +00:00
|
|
|
ProxySocket *ps = container_of(p, ProxySocket, plugimpl);
|
2002-03-23 17:47:21 +00:00
|
|
|
|
|
|
|
if (ps->state != PROXY_STATE_ACTIVE) {
|
2019-09-08 19:29:00 +00:00
|
|
|
ps->negotiate(ps, PROXY_CHANGE_SENT);
|
|
|
|
return;
|
2002-03-23 17:47:21 +00:00
|
|
|
}
|
|
|
|
plug_sent(ps->plug, bufsize);
|
|
|
|
}
|
|
|
|
|
Get rid of lots of implicit pointer types.
All the main backend structures - Ssh, Telnet, Pty, Serial etc - now
describe structure types themselves rather than pointers to them. The
same goes for the codebase-wide trait types Socket and Plug, and the
supporting types SockAddr and Pinger.
All those things that were typedefed as pointers are older types; the
newer ones have the explicit * at the point of use, because that's
what I now seem to be preferring. But whichever one of those is
better, inconsistently using a mixture of the two styles is worse, so
let's make everything consistent.
A few types are still implicitly pointers, such as Bignum and some of
the GSSAPI types; generally this is either because they have to be
void *, or because they're typedefed differently on different
platforms and aren't always pointers at all. Can't be helped. But I've
got rid of the main ones, at least.
2018-10-04 18:10:23 +00:00
|
|
|
static int plug_proxy_accepting(Plug *p,
|
2013-11-17 14:03:55 +00:00
|
|
|
accept_fn_t constructor, accept_ctx_t ctx)
|
2002-03-23 17:47:21 +00:00
|
|
|
{
|
2018-10-05 22:49:08 +00:00
|
|
|
ProxySocket *ps = container_of(p, ProxySocket, plugimpl);
|
2002-03-23 17:47:21 +00:00
|
|
|
|
|
|
|
if (ps->state != PROXY_STATE_ACTIVE) {
|
2019-09-08 19:29:00 +00:00
|
|
|
ps->accepting_constructor = constructor;
|
|
|
|
ps->accepting_ctx = ctx;
|
|
|
|
return ps->negotiate(ps, PROXY_CHANGE_ACCEPTING);
|
2002-03-23 17:47:21 +00:00
|
|
|
}
|
2013-11-17 14:03:55 +00:00
|
|
|
return plug_accepting(ps->plug, constructor, ctx);
|
2002-03-23 17:47:21 +00:00
|
|
|
}
|
|
|
|
|
2002-12-18 16:23:11 +00:00
|
|
|
/*
|
|
|
|
* This function can accept a NULL pointer as `addr', in which case
|
|
|
|
* it will only check the host name.
|
|
|
|
*/
|
2019-07-28 10:38:40 +00:00
|
|
|
static bool proxy_for_destination(SockAddr *addr, const char *hostname,
|
|
|
|
int port, Conf *conf)
|
2002-03-23 17:47:21 +00:00
|
|
|
{
|
|
|
|
int s = 0, e = 0;
|
|
|
|
char hostip[64];
|
|
|
|
int hostip_len, hostname_len;
|
2003-01-12 15:26:10 +00:00
|
|
|
const char *exclude_list;
|
2002-03-23 17:47:21 +00:00
|
|
|
|
2012-10-16 20:15:51 +00:00
|
|
|
/*
|
|
|
|
* Special local connections such as Unix-domain sockets
|
|
|
|
* unconditionally cannot be proxied, even in proxy-localhost
|
|
|
|
* mode. There just isn't any way to ask any known proxy type for
|
|
|
|
* them.
|
|
|
|
*/
|
|
|
|
if (addr && sk_address_is_special_local(addr))
|
Convert a lot of 'int' variables to 'bool'.
My normal habit these days, in new code, is to treat int and bool as
_almost_ completely separate types. I'm still willing to use C's
implicit test for zero on an integer (e.g. 'if (!blob.len)' is fine,
no need to spell it out as blob.len != 0), but generally, if a
variable is going to be conceptually a boolean, I like to declare it
bool and assign to it using 'true' or 'false' rather than 0 or 1.
PuTTY is an exception, because it predates the C99 bool, and I've
stuck to its existing coding style even when adding new code to it.
But it's been annoying me more and more, so now that I've decided C99
bool is an acceptable thing to require from our toolchain in the first
place, here's a quite thorough trawl through the source doing
'boolification'. Many variables and function parameters are now typed
as bool rather than int; many assignments of 0 or 1 to those variables
are now spelled 'true' or 'false'.
I managed this thorough conversion with the help of a custom clang
plugin that I wrote to trawl the AST and apply heuristics to point out
where things might want changing. So I've even managed to do a decent
job on parts of the code I haven't looked at in years!
To make the plugin's work easier, I pushed platform front ends
generally in the direction of using standard 'bool' in preference to
platform-specific boolean types like Windows BOOL or GTK's gboolean;
I've left the platform booleans in places they _have_ to be for the
platform APIs to work right, but variables only used by my own code
have been converted wherever I found them.
In a few places there are int values that look very like booleans in
_most_ of the places they're used, but have a rarely-used third value,
or a distinction between different nonzero values that most users
don't care about. In these cases, I've _removed_ uses of 'true' and
'false' for the return values, to emphasise that there's something
more subtle going on than a simple boolean answer:
- the 'multisel' field in dialog.h's list box structure, for which
the GTK front end in particular recognises a difference between 1
and 2 but nearly everything else treats as boolean
- the 'urgent' parameter to plug_receive, where 1 vs 2 tells you
something about the specific location of the urgent pointer, but
most clients only care about 0 vs 'something nonzero'
- the return value of wc_match, where -1 indicates a syntax error in
the wildcard.
- the return values from SSH-1 RSA-key loading functions, which use
-1 for 'wrong passphrase' and 0 for all other failures (so any
caller which already knows it's not loading an _encrypted private_
key can treat them as boolean)
- term->esc_query, and the 'query' parameter in toggle_mode in
terminal.c, which _usually_ hold 0 for ESC[123h or 1 for ESC[?123h,
but can also hold -1 for some other intervening character that we
don't support.
In a few places there's an integer that I haven't turned into a bool
even though it really _can_ only take values 0 or 1 (and, as above,
tried to make the call sites consistent in not calling those values
true and false), on the grounds that I thought it would make it more
confusing to imply that the 0 value was in some sense 'negative' or
bad and the 1 positive or good:
- the return value of plug_accepting uses the POSIXish convention of
0=success and nonzero=error; I think if I made it bool then I'd
also want to reverse its sense, and that's a job for a separate
piece of work.
- the 'screen' parameter to lineptr() in terminal.c, where 0 and 1
represent the default and alternate screens. There's no obvious
reason why one of those should be considered 'true' or 'positive'
or 'success' - they're just indices - so I've left it as int.
ssh_scp_recv had particularly confusing semantics for its previous int
return value: its call sites used '<= 0' to check for error, but it
never actually returned a negative number, just 0 or 1. Now the
function and its call sites agree that it's a bool.
In a couple of places I've renamed variables called 'ret', because I
don't like that name any more - it's unclear whether it means the
return value (in preparation) for the _containing_ function or the
return value received from a subroutine call, and occasionally I've
accidentally used the same variable for both and introduced a bug. So
where one of those got in my way, I've renamed it to 'toret' or 'retd'
(the latter short for 'returned') in line with my usual modern
practice, but I haven't done a thorough job of finding all of them.
Finally, one amusing side effect of doing this is that I've had to
separate quite a few chained assignments. It used to be perfectly fine
to write 'a = b = c = TRUE' when a,b,c were int and TRUE was just a
the 'true' defined by stdbool.h, that idiom provokes a warning from
gcc: 'suggest parentheses around assignment used as truth value'!
2018-11-02 19:23:19 +00:00
|
|
|
return false; /* do not proxy */
|
2012-10-16 20:15:51 +00:00
|
|
|
|
2002-12-18 12:18:54 +00:00
|
|
|
/*
|
|
|
|
* Check the host name and IP against the hard-coded
|
|
|
|
* representations of `localhost'.
|
|
|
|
*/
|
2018-10-29 19:57:31 +00:00
|
|
|
if (!conf_get_bool(conf, CONF_even_proxy_localhost) &&
|
2019-09-08 19:29:00 +00:00
|
|
|
(sk_hostname_is_local(hostname) ||
|
|
|
|
(addr && sk_address_is_local(addr))))
|
|
|
|
return false; /* do not proxy */
|
2002-12-18 12:18:54 +00:00
|
|
|
|
2002-03-23 17:47:21 +00:00
|
|
|
/* we want a string representation of the IP address for comparisons */
|
2002-12-18 16:23:11 +00:00
|
|
|
if (addr) {
|
2019-09-08 19:29:00 +00:00
|
|
|
sk_getaddr(addr, hostip, 64);
|
|
|
|
hostip_len = strlen(hostip);
|
2003-04-23 13:48:09 +00:00
|
|
|
} else
|
2019-09-08 19:29:00 +00:00
|
|
|
hostip_len = 0; /* placate gcc; shouldn't be required */
|
2002-03-23 17:47:21 +00:00
|
|
|
|
|
|
|
hostname_len = strlen(hostname);
|
|
|
|
|
Post-release destabilisation! Completely remove the struct type
'Config' in putty.h, which stores all PuTTY's settings and includes an
arbitrary length limit on every single one of those settings which is
stored in string form. In place of it is 'Conf', an opaque data type
everywhere outside the new file conf.c, which stores a list of (key,
value) pairs in which every key contains an integer identifying a
configuration setting, and for some of those integers the key also
contains extra parts (so that, for instance, CONF_environmt is a
string-to-string mapping). Everywhere that a Config was previously
used, a Conf is now; everywhere there was a Config structure copy,
conf_copy() is called; every lookup, adjustment, load and save
operation on a Config has been rewritten; and there's a mechanism for
serialising a Conf into a binary blob and back for use with Duplicate
Session.
User-visible effects of this change _should_ be minimal, though I
don't doubt I've introduced one or two bugs here and there which will
eventually be found. The _intended_ visible effects of this change are
that all arbitrary limits on configuration strings and lists (e.g.
limit on number of port forwardings) should now disappear; that list
boxes in the configuration will now be displayed in a sorted order
rather than the arbitrary order in which they were added to the list
(since the underlying data structure is now a sorted tree234 rather
than an ad-hoc comma-separated string); and one more specific change,
which is that local and dynamic port forwardings on the same port
number are now mutually exclusive in the configuration (putting 'D' in
the key rather than the value was a mistake in the first place).
One other reorganisation as a result of this is that I've moved all
the dialog.c standard handlers (dlg_stdeditbox_handler and friends)
out into config.c, because I can't really justify calling them generic
any more. When they took a pointer to an arbitrary structure type and
the offset of a field within that structure, they were independent of
whether that structure was a Config or something completely different,
but now they really do expect to talk to a Conf, which can _only_ be
used for PuTTY configuration, so I've renamed them all things like
conf_editbox_handler and moved them out of the nominally independent
dialog-box management module into the PuTTY-specific config.c.
[originally from svn r9214]
2011-07-14 18:52:21 +00:00
|
|
|
exclude_list = conf_get_str(conf, CONF_proxy_exclude_list);
|
2002-03-23 17:47:21 +00:00
|
|
|
|
|
|
|
/* now parse the exclude list, and see if either our IP
|
|
|
|
* or hostname matches anything in it.
|
|
|
|
*/
|
|
|
|
|
|
|
|
while (exclude_list[s]) {
|
2019-09-08 19:29:00 +00:00
|
|
|
while (exclude_list[s] &&
|
|
|
|
(isspace((unsigned char)exclude_list[s]) ||
|
|
|
|
exclude_list[s] == ',')) s++;
|
2002-03-23 17:47:21 +00:00
|
|
|
|
2019-09-08 19:29:00 +00:00
|
|
|
if (!exclude_list[s]) break;
|
2002-03-23 17:47:21 +00:00
|
|
|
|
2019-09-08 19:29:00 +00:00
|
|
|
e = s;
|
2002-03-23 17:47:21 +00:00
|
|
|
|
2019-09-08 19:29:00 +00:00
|
|
|
while (exclude_list[e] &&
|
|
|
|
(isalnum((unsigned char)exclude_list[e]) ||
|
|
|
|
exclude_list[e] == '-' ||
|
|
|
|
exclude_list[e] == '.' ||
|
|
|
|
exclude_list[e] == '*')) e++;
|
2002-03-23 17:47:21 +00:00
|
|
|
|
2019-09-08 19:29:00 +00:00
|
|
|
if (exclude_list[s] == '*') {
|
|
|
|
/* wildcard at beginning of entry */
|
2002-03-23 17:47:21 +00:00
|
|
|
|
2019-09-08 19:29:00 +00:00
|
|
|
if ((addr && strnicmp(hostip + hostip_len - (e - s - 1),
|
|
|
|
exclude_list + s + 1, e - s - 1) == 0) ||
|
|
|
|
strnicmp(hostname + hostname_len - (e - s - 1),
|
Convert a lot of 'int' variables to 'bool'.
My normal habit these days, in new code, is to treat int and bool as
_almost_ completely separate types. I'm still willing to use C's
implicit test for zero on an integer (e.g. 'if (!blob.len)' is fine,
no need to spell it out as blob.len != 0), but generally, if a
variable is going to be conceptually a boolean, I like to declare it
bool and assign to it using 'true' or 'false' rather than 0 or 1.
PuTTY is an exception, because it predates the C99 bool, and I've
stuck to its existing coding style even when adding new code to it.
But it's been annoying me more and more, so now that I've decided C99
bool is an acceptable thing to require from our toolchain in the first
place, here's a quite thorough trawl through the source doing
'boolification'. Many variables and function parameters are now typed
as bool rather than int; many assignments of 0 or 1 to those variables
are now spelled 'true' or 'false'.
I managed this thorough conversion with the help of a custom clang
plugin that I wrote to trawl the AST and apply heuristics to point out
where things might want changing. So I've even managed to do a decent
job on parts of the code I haven't looked at in years!
To make the plugin's work easier, I pushed platform front ends
generally in the direction of using standard 'bool' in preference to
platform-specific boolean types like Windows BOOL or GTK's gboolean;
I've left the platform booleans in places they _have_ to be for the
platform APIs to work right, but variables only used by my own code
have been converted wherever I found them.
In a few places there are int values that look very like booleans in
_most_ of the places they're used, but have a rarely-used third value,
or a distinction between different nonzero values that most users
don't care about. In these cases, I've _removed_ uses of 'true' and
'false' for the return values, to emphasise that there's something
more subtle going on than a simple boolean answer:
- the 'multisel' field in dialog.h's list box structure, for which
the GTK front end in particular recognises a difference between 1
and 2 but nearly everything else treats as boolean
- the 'urgent' parameter to plug_receive, where 1 vs 2 tells you
something about the specific location of the urgent pointer, but
most clients only care about 0 vs 'something nonzero'
- the return value of wc_match, where -1 indicates a syntax error in
the wildcard.
- the return values from SSH-1 RSA-key loading functions, which use
-1 for 'wrong passphrase' and 0 for all other failures (so any
caller which already knows it's not loading an _encrypted private_
key can treat them as boolean)
- term->esc_query, and the 'query' parameter in toggle_mode in
terminal.c, which _usually_ hold 0 for ESC[123h or 1 for ESC[?123h,
but can also hold -1 for some other intervening character that we
don't support.
In a few places there's an integer that I haven't turned into a bool
even though it really _can_ only take values 0 or 1 (and, as above,
tried to make the call sites consistent in not calling those values
true and false), on the grounds that I thought it would make it more
confusing to imply that the 0 value was in some sense 'negative' or
bad and the 1 positive or good:
- the return value of plug_accepting uses the POSIXish convention of
0=success and nonzero=error; I think if I made it bool then I'd
also want to reverse its sense, and that's a job for a separate
piece of work.
- the 'screen' parameter to lineptr() in terminal.c, where 0 and 1
represent the default and alternate screens. There's no obvious
reason why one of those should be considered 'true' or 'positive'
or 'success' - they're just indices - so I've left it as int.
ssh_scp_recv had particularly confusing semantics for its previous int
return value: its call sites used '<= 0' to check for error, but it
never actually returned a negative number, just 0 or 1. Now the
function and its call sites agree that it's a bool.
In a couple of places I've renamed variables called 'ret', because I
don't like that name any more - it's unclear whether it means the
return value (in preparation) for the _containing_ function or the
return value received from a subroutine call, and occasionally I've
accidentally used the same variable for both and introduced a bug. So
where one of those got in my way, I've renamed it to 'toret' or 'retd'
(the latter short for 'returned') in line with my usual modern
practice, but I haven't done a thorough job of finding all of them.
Finally, one amusing side effect of doing this is that I've had to
separate quite a few chained assignments. It used to be perfectly fine
to write 'a = b = c = TRUE' when a,b,c were int and TRUE was just a
the 'true' defined by stdbool.h, that idiom provokes a warning from
gcc: 'suggest parentheses around assignment used as truth value'!
2018-11-02 19:23:19 +00:00
|
|
|
exclude_list + s + 1, e - s - 1) == 0) {
|
|
|
|
/* IP/hostname range excluded. do not use proxy. */
|
|
|
|
return false;
|
|
|
|
}
|
2019-09-08 19:29:00 +00:00
|
|
|
} else if (exclude_list[e-1] == '*') {
|
|
|
|
/* wildcard at end of entry */
|
2002-03-23 17:47:21 +00:00
|
|
|
|
2019-09-08 19:29:00 +00:00
|
|
|
if ((addr && strnicmp(hostip, exclude_list + s, e - s - 1) == 0) ||
|
Convert a lot of 'int' variables to 'bool'.
My normal habit these days, in new code, is to treat int and bool as
_almost_ completely separate types. I'm still willing to use C's
implicit test for zero on an integer (e.g. 'if (!blob.len)' is fine,
no need to spell it out as blob.len != 0), but generally, if a
variable is going to be conceptually a boolean, I like to declare it
bool and assign to it using 'true' or 'false' rather than 0 or 1.
PuTTY is an exception, because it predates the C99 bool, and I've
stuck to its existing coding style even when adding new code to it.
But it's been annoying me more and more, so now that I've decided C99
bool is an acceptable thing to require from our toolchain in the first
place, here's a quite thorough trawl through the source doing
'boolification'. Many variables and function parameters are now typed
as bool rather than int; many assignments of 0 or 1 to those variables
are now spelled 'true' or 'false'.
I managed this thorough conversion with the help of a custom clang
plugin that I wrote to trawl the AST and apply heuristics to point out
where things might want changing. So I've even managed to do a decent
job on parts of the code I haven't looked at in years!
To make the plugin's work easier, I pushed platform front ends
generally in the direction of using standard 'bool' in preference to
platform-specific boolean types like Windows BOOL or GTK's gboolean;
I've left the platform booleans in places they _have_ to be for the
platform APIs to work right, but variables only used by my own code
have been converted wherever I found them.
In a few places there are int values that look very like booleans in
_most_ of the places they're used, but have a rarely-used third value,
or a distinction between different nonzero values that most users
don't care about. In these cases, I've _removed_ uses of 'true' and
'false' for the return values, to emphasise that there's something
more subtle going on than a simple boolean answer:
- the 'multisel' field in dialog.h's list box structure, for which
the GTK front end in particular recognises a difference between 1
and 2 but nearly everything else treats as boolean
- the 'urgent' parameter to plug_receive, where 1 vs 2 tells you
something about the specific location of the urgent pointer, but
most clients only care about 0 vs 'something nonzero'
- the return value of wc_match, where -1 indicates a syntax error in
the wildcard.
- the return values from SSH-1 RSA-key loading functions, which use
-1 for 'wrong passphrase' and 0 for all other failures (so any
caller which already knows it's not loading an _encrypted private_
key can treat them as boolean)
- term->esc_query, and the 'query' parameter in toggle_mode in
terminal.c, which _usually_ hold 0 for ESC[123h or 1 for ESC[?123h,
but can also hold -1 for some other intervening character that we
don't support.
In a few places there's an integer that I haven't turned into a bool
even though it really _can_ only take values 0 or 1 (and, as above,
tried to make the call sites consistent in not calling those values
true and false), on the grounds that I thought it would make it more
confusing to imply that the 0 value was in some sense 'negative' or
bad and the 1 positive or good:
- the return value of plug_accepting uses the POSIXish convention of
0=success and nonzero=error; I think if I made it bool then I'd
also want to reverse its sense, and that's a job for a separate
piece of work.
- the 'screen' parameter to lineptr() in terminal.c, where 0 and 1
represent the default and alternate screens. There's no obvious
reason why one of those should be considered 'true' or 'positive'
or 'success' - they're just indices - so I've left it as int.
ssh_scp_recv had particularly confusing semantics for its previous int
return value: its call sites used '<= 0' to check for error, but it
never actually returned a negative number, just 0 or 1. Now the
function and its call sites agree that it's a bool.
In a couple of places I've renamed variables called 'ret', because I
don't like that name any more - it's unclear whether it means the
return value (in preparation) for the _containing_ function or the
return value received from a subroutine call, and occasionally I've
accidentally used the same variable for both and introduced a bug. So
where one of those got in my way, I've renamed it to 'toret' or 'retd'
(the latter short for 'returned') in line with my usual modern
practice, but I haven't done a thorough job of finding all of them.
Finally, one amusing side effect of doing this is that I've had to
separate quite a few chained assignments. It used to be perfectly fine
to write 'a = b = c = TRUE' when a,b,c were int and TRUE was just a
the 'true' defined by stdbool.h, that idiom provokes a warning from
gcc: 'suggest parentheses around assignment used as truth value'!
2018-11-02 19:23:19 +00:00
|
|
|
strnicmp(hostname, exclude_list + s, e - s - 1) == 0) {
|
|
|
|
/* IP/hostname range excluded. do not use proxy. */
|
|
|
|
return false;
|
|
|
|
}
|
2019-09-08 19:29:00 +00:00
|
|
|
} else {
|
|
|
|
/* no wildcard at either end, so let's try an absolute
|
|
|
|
* match (ie. a specific IP)
|
|
|
|
*/
|
|
|
|
|
|
|
|
if (addr && strnicmp(hostip, exclude_list + s, e - s) == 0)
|
|
|
|
return false; /* IP/hostname excluded. do not use proxy. */
|
|
|
|
if (strnicmp(hostname, exclude_list + s, e - s) == 0)
|
|
|
|
return false; /* IP/hostname excluded. do not use proxy. */
|
|
|
|
}
|
|
|
|
|
|
|
|
s = e;
|
|
|
|
|
|
|
|
/* Make sure we really have reached the next comma or end-of-string */
|
|
|
|
while (exclude_list[s] &&
|
|
|
|
!isspace((unsigned char)exclude_list[s]) &&
|
|
|
|
exclude_list[s] != ',') s++;
|
2002-03-23 17:47:21 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/* no matches in the exclude list, so use the proxy */
|
Convert a lot of 'int' variables to 'bool'.
My normal habit these days, in new code, is to treat int and bool as
_almost_ completely separate types. I'm still willing to use C's
implicit test for zero on an integer (e.g. 'if (!blob.len)' is fine,
no need to spell it out as blob.len != 0), but generally, if a
variable is going to be conceptually a boolean, I like to declare it
bool and assign to it using 'true' or 'false' rather than 0 or 1.
PuTTY is an exception, because it predates the C99 bool, and I've
stuck to its existing coding style even when adding new code to it.
But it's been annoying me more and more, so now that I've decided C99
bool is an acceptable thing to require from our toolchain in the first
place, here's a quite thorough trawl through the source doing
'boolification'. Many variables and function parameters are now typed
as bool rather than int; many assignments of 0 or 1 to those variables
are now spelled 'true' or 'false'.
I managed this thorough conversion with the help of a custom clang
plugin that I wrote to trawl the AST and apply heuristics to point out
where things might want changing. So I've even managed to do a decent
job on parts of the code I haven't looked at in years!
To make the plugin's work easier, I pushed platform front ends
generally in the direction of using standard 'bool' in preference to
platform-specific boolean types like Windows BOOL or GTK's gboolean;
I've left the platform booleans in places they _have_ to be for the
platform APIs to work right, but variables only used by my own code
have been converted wherever I found them.
In a few places there are int values that look very like booleans in
_most_ of the places they're used, but have a rarely-used third value,
or a distinction between different nonzero values that most users
don't care about. In these cases, I've _removed_ uses of 'true' and
'false' for the return values, to emphasise that there's something
more subtle going on than a simple boolean answer:
- the 'multisel' field in dialog.h's list box structure, for which
the GTK front end in particular recognises a difference between 1
and 2 but nearly everything else treats as boolean
- the 'urgent' parameter to plug_receive, where 1 vs 2 tells you
something about the specific location of the urgent pointer, but
most clients only care about 0 vs 'something nonzero'
- the return value of wc_match, where -1 indicates a syntax error in
the wildcard.
- the return values from SSH-1 RSA-key loading functions, which use
-1 for 'wrong passphrase' and 0 for all other failures (so any
caller which already knows it's not loading an _encrypted private_
key can treat them as boolean)
- term->esc_query, and the 'query' parameter in toggle_mode in
terminal.c, which _usually_ hold 0 for ESC[123h or 1 for ESC[?123h,
but can also hold -1 for some other intervening character that we
don't support.
In a few places there's an integer that I haven't turned into a bool
even though it really _can_ only take values 0 or 1 (and, as above,
tried to make the call sites consistent in not calling those values
true and false), on the grounds that I thought it would make it more
confusing to imply that the 0 value was in some sense 'negative' or
bad and the 1 positive or good:
- the return value of plug_accepting uses the POSIXish convention of
0=success and nonzero=error; I think if I made it bool then I'd
also want to reverse its sense, and that's a job for a separate
piece of work.
- the 'screen' parameter to lineptr() in terminal.c, where 0 and 1
represent the default and alternate screens. There's no obvious
reason why one of those should be considered 'true' or 'positive'
or 'success' - they're just indices - so I've left it as int.
ssh_scp_recv had particularly confusing semantics for its previous int
return value: its call sites used '<= 0' to check for error, but it
never actually returned a negative number, just 0 or 1. Now the
function and its call sites agree that it's a bool.
In a couple of places I've renamed variables called 'ret', because I
don't like that name any more - it's unclear whether it means the
return value (in preparation) for the _containing_ function or the
return value received from a subroutine call, and occasionally I've
accidentally used the same variable for both and introduced a bug. So
where one of those got in my way, I've renamed it to 'toret' or 'retd'
(the latter short for 'returned') in line with my usual modern
practice, but I haven't done a thorough job of finding all of them.
Finally, one amusing side effect of doing this is that I've had to
separate quite a few chained assignments. It used to be perfectly fine
to write 'a = b = c = TRUE' when a,b,c were int and TRUE was just a
the 'true' defined by stdbool.h, that idiom provokes a warning from
gcc: 'suggest parentheses around assignment used as truth value'!
2018-11-02 19:23:19 +00:00
|
|
|
return true;
|
2002-03-23 17:47:21 +00:00
|
|
|
}
|
|
|
|
|
2015-11-22 12:15:52 +00:00
|
|
|
static char *dns_log_msg(const char *host, int addressfamily,
|
|
|
|
const char *reason)
|
|
|
|
{
|
|
|
|
return dupprintf("Looking up host \"%s\"%s for %s", host,
|
|
|
|
(addressfamily == ADDRTYPE_IPV4 ? " (IPv4)" :
|
|
|
|
addressfamily == ADDRTYPE_IPV6 ? " (IPv6)" :
|
|
|
|
""), reason);
|
|
|
|
}
|
|
|
|
|
Get rid of lots of implicit pointer types.
All the main backend structures - Ssh, Telnet, Pty, Serial etc - now
describe structure types themselves rather than pointers to them. The
same goes for the codebase-wide trait types Socket and Plug, and the
supporting types SockAddr and Pinger.
All those things that were typedefed as pointers are older types; the
newer ones have the explicit * at the point of use, because that's
what I now seem to be preferring. But whichever one of those is
better, inconsistently using a mixture of the two styles is worse, so
let's make everything consistent.
A few types are still implicitly pointers, such as Bignum and some of
the GSSAPI types; generally this is either because they have to be
void *, or because they're typedefed differently on different
platforms and aren't always pointers at all. Can't be helped. But I've
got rid of the main ones, at least.
2018-10-04 18:10:23 +00:00
|
|
|
SockAddr *name_lookup(const char *host, int port, char **canonicalname,
|
Refactor the LogContext type.
LogContext is now the owner of the logevent() function that back ends
and so forth are constantly calling. Previously, logevent was owned by
the Frontend, which would store the message into its list for the GUI
Event Log dialog (or print it to standard error, or whatever) and then
pass it _back_ to LogContext to write to the currently open log file.
Now it's the other way round: LogContext gets the message from the
back end first, writes it to its log file if it feels so inclined, and
communicates it back to the front end.
This means that lots of parts of the back end system no longer need to
have a pointer to a full-on Frontend; the only thing they needed it
for was logging, so now they just have a LogContext (which many of
them had to have anyway, e.g. for logging SSH packets or session
traffic).
LogContext itself also doesn't get a full Frontend pointer any more:
it now talks back to the front end via a little vtable of its own
called LogPolicy, which contains the method that passes Event Log
entries through, the old askappend() function that decides whether to
truncate a pre-existing log file, and an emergency function for
printing an especially prominent message if the log file can't be
created. One minor nice effect of this is that console and GUI apps
can implement that last function subtly differently, so that Unix
console apps can write it with a plain \n instead of the \r\n
(harmless but inelegant) that the old centralised implementation
generated.
One other consequence of this is that the LogContext has to be
provided to backend_init() so that it's available to backends from the
instant of creation, rather than being provided via a separate API
call a couple of function calls later, because backends have typically
started doing things that need logging (like making network
connections) before the call to backend_provide_logctx. Fortunately,
there's no case in the whole code base where we don't already have
logctx by the time we make a backend (so I don't actually remember why
I ever delayed providing one). So that shortens the backend API by one
function, which is always nice.
While I'm tidying up, I've also moved the printf-style logeventf() and
the handy logevent_and_free() into logging.c, instead of having copies
of them scattered around other places. This has also let me remove
some stub functions from a couple of outlying applications like
Pageant. Finally, I've removed the pointless "_tag" at the end of
LogContext's official struct name.
2018-10-10 18:26:18 +00:00
|
|
|
Conf *conf, int addressfamily, LogContext *logctx,
|
2015-11-22 09:58:14 +00:00
|
|
|
const char *reason)
|
2002-12-18 16:23:11 +00:00
|
|
|
{
|
Post-release destabilisation! Completely remove the struct type
'Config' in putty.h, which stores all PuTTY's settings and includes an
arbitrary length limit on every single one of those settings which is
stored in string form. In place of it is 'Conf', an opaque data type
everywhere outside the new file conf.c, which stores a list of (key,
value) pairs in which every key contains an integer identifying a
configuration setting, and for some of those integers the key also
contains extra parts (so that, for instance, CONF_environmt is a
string-to-string mapping). Everywhere that a Config was previously
used, a Conf is now; everywhere there was a Config structure copy,
conf_copy() is called; every lookup, adjustment, load and save
operation on a Config has been rewritten; and there's a mechanism for
serialising a Conf into a binary blob and back for use with Duplicate
Session.
User-visible effects of this change _should_ be minimal, though I
don't doubt I've introduced one or two bugs here and there which will
eventually be found. The _intended_ visible effects of this change are
that all arbitrary limits on configuration strings and lists (e.g.
limit on number of port forwardings) should now disappear; that list
boxes in the configuration will now be displayed in a sorted order
rather than the arbitrary order in which they were added to the list
(since the underlying data structure is now a sorted tree234 rather
than an ad-hoc comma-separated string); and one more specific change,
which is that local and dynamic port forwardings on the same port
number are now mutually exclusive in the configuration (putting 'D' in
the key rather than the value was a mistake in the first place).
One other reorganisation as a result of this is that I've moved all
the dialog.c standard handlers (dlg_stdeditbox_handler and friends)
out into config.c, because I can't really justify calling them generic
any more. When they took a pointer to an arbitrary structure type and
the offset of a field within that structure, they were independent of
whether that structure was a Config or something completely different,
but now they really do expect to talk to a Conf, which can _only_ be
used for PuTTY configuration, so I've renamed them all things like
conf_editbox_handler and moved them out of the nominally independent
dialog-box management module into the PuTTY-specific config.c.
[originally from svn r9214]
2011-07-14 18:52:21 +00:00
|
|
|
if (conf_get_int(conf, CONF_proxy_type) != PROXY_NONE &&
|
2019-09-08 19:29:00 +00:00
|
|
|
do_proxy_dns(conf) &&
|
|
|
|
proxy_for_destination(NULL, host, port, conf)) {
|
2015-11-22 09:58:14 +00:00
|
|
|
|
Refactor the LogContext type.
LogContext is now the owner of the logevent() function that back ends
and so forth are constantly calling. Previously, logevent was owned by
the Frontend, which would store the message into its list for the GUI
Event Log dialog (or print it to standard error, or whatever) and then
pass it _back_ to LogContext to write to the currently open log file.
Now it's the other way round: LogContext gets the message from the
back end first, writes it to its log file if it feels so inclined, and
communicates it back to the front end.
This means that lots of parts of the back end system no longer need to
have a pointer to a full-on Frontend; the only thing they needed it
for was logging, so now they just have a LogContext (which many of
them had to have anyway, e.g. for logging SSH packets or session
traffic).
LogContext itself also doesn't get a full Frontend pointer any more:
it now talks back to the front end via a little vtable of its own
called LogPolicy, which contains the method that passes Event Log
entries through, the old askappend() function that decides whether to
truncate a pre-existing log file, and an emergency function for
printing an especially prominent message if the log file can't be
created. One minor nice effect of this is that console and GUI apps
can implement that last function subtly differently, so that Unix
console apps can write it with a plain \n instead of the \r\n
(harmless but inelegant) that the old centralised implementation
generated.
One other consequence of this is that the LogContext has to be
provided to backend_init() so that it's available to backends from the
instant of creation, rather than being provided via a separate API
call a couple of function calls later, because backends have typically
started doing things that need logging (like making network
connections) before the call to backend_provide_logctx. Fortunately,
there's no case in the whole code base where we don't already have
logctx by the time we make a backend (so I don't actually remember why
I ever delayed providing one). So that shortens the backend API by one
function, which is always nice.
While I'm tidying up, I've also moved the printf-style logeventf() and
the handy logevent_and_free() into logging.c, instead of having copies
of them scattered around other places. This has also let me remove
some stub functions from a couple of outlying applications like
Pageant. Finally, I've removed the pointless "_tag" at the end of
LogContext's official struct name.
2018-10-10 18:26:18 +00:00
|
|
|
if (logctx)
|
|
|
|
logeventf(logctx, "Leaving host lookup to proxy of \"%s\""
|
|
|
|
" (for %s)", host, reason);
|
2015-11-22 09:58:14 +00:00
|
|
|
|
2019-09-08 19:29:00 +00:00
|
|
|
*canonicalname = dupstr(host);
|
|
|
|
return sk_nonamelookup(host);
|
2015-11-22 09:58:14 +00:00
|
|
|
} else {
|
Refactor the LogContext type.
LogContext is now the owner of the logevent() function that back ends
and so forth are constantly calling. Previously, logevent was owned by
the Frontend, which would store the message into its list for the GUI
Event Log dialog (or print it to standard error, or whatever) and then
pass it _back_ to LogContext to write to the currently open log file.
Now it's the other way round: LogContext gets the message from the
back end first, writes it to its log file if it feels so inclined, and
communicates it back to the front end.
This means that lots of parts of the back end system no longer need to
have a pointer to a full-on Frontend; the only thing they needed it
for was logging, so now they just have a LogContext (which many of
them had to have anyway, e.g. for logging SSH packets or session
traffic).
LogContext itself also doesn't get a full Frontend pointer any more:
it now talks back to the front end via a little vtable of its own
called LogPolicy, which contains the method that passes Event Log
entries through, the old askappend() function that decides whether to
truncate a pre-existing log file, and an emergency function for
printing an especially prominent message if the log file can't be
created. One minor nice effect of this is that console and GUI apps
can implement that last function subtly differently, so that Unix
console apps can write it with a plain \n instead of the \r\n
(harmless but inelegant) that the old centralised implementation
generated.
One other consequence of this is that the LogContext has to be
provided to backend_init() so that it's available to backends from the
instant of creation, rather than being provided via a separate API
call a couple of function calls later, because backends have typically
started doing things that need logging (like making network
connections) before the call to backend_provide_logctx. Fortunately,
there's no case in the whole code base where we don't already have
logctx by the time we make a backend (so I don't actually remember why
I ever delayed providing one). So that shortens the backend API by one
function, which is always nice.
While I'm tidying up, I've also moved the printf-style logeventf() and
the handy logevent_and_free() into logging.c, instead of having copies
of them scattered around other places. This has also let me remove
some stub functions from a couple of outlying applications like
Pageant. Finally, I've removed the pointless "_tag" at the end of
LogContext's official struct name.
2018-10-10 18:26:18 +00:00
|
|
|
if (logctx)
|
|
|
|
logevent_and_free(
|
|
|
|
logctx, dns_log_msg(host, addressfamily, reason));
|
2015-11-22 09:58:14 +00:00
|
|
|
|
|
|
|
return sk_namelookup(host, canonicalname, addressfamily);
|
2002-12-18 16:23:11 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
Change vtable defs to use C99 designated initialisers.
This is a sweeping change applied across the whole code base by a spot
of Emacs Lisp. Now, everywhere I declare a vtable filled with function
pointers (and the occasional const data member), all the members of
the vtable structure are initialised by name using the '.fieldname =
value' syntax introduced in C99.
We were already using this syntax for a handful of things in the new
key-generation progress report system, so it's not new to the code
base as a whole.
The advantage is that now, when a vtable only declares a subset of the
available fields, I can initialise the rest to NULL or zero just by
leaving them out. This is most dramatic in a couple of the outlying
vtables in things like psocks (which has a ConnectionLayerVtable
containing only one non-NULL method), but less dramatically, it means
that the new 'flags' field in BackendVtable can be completely left out
of every backend definition except for the SUPDUP one which defines it
to a nonzero value. Similarly, the test_for_upstream method only used
by SSH doesn't have to be mentioned in the rest of the backends;
network Plugs for listening sockets don't have to explicitly null out
'receive' and 'sent', and vice versa for 'accepting', and so on.
While I'm at it, I've normalised the declarations so they don't use
the unnecessarily verbose 'struct' keyword. Also a handful of them
weren't const; now they are.
2020-03-10 21:06:29 +00:00
|
|
|
static const SocketVtable ProxySocket_sockvt = {
|
|
|
|
.plug = sk_proxy_plug,
|
|
|
|
.close = sk_proxy_close,
|
|
|
|
.write = sk_proxy_write,
|
|
|
|
.write_oob = sk_proxy_write_oob,
|
|
|
|
.write_eof = sk_proxy_write_eof,
|
|
|
|
.set_frozen = sk_proxy_set_frozen,
|
|
|
|
.socket_error = sk_proxy_socket_error,
|
|
|
|
.peer_info = NULL,
|
2018-05-27 08:29:33 +00:00
|
|
|
};
|
|
|
|
|
Change vtable defs to use C99 designated initialisers.
This is a sweeping change applied across the whole code base by a spot
of Emacs Lisp. Now, everywhere I declare a vtable filled with function
pointers (and the occasional const data member), all the members of
the vtable structure are initialised by name using the '.fieldname =
value' syntax introduced in C99.
We were already using this syntax for a handful of things in the new
key-generation progress report system, so it's not new to the code
base as a whole.
The advantage is that now, when a vtable only declares a subset of the
available fields, I can initialise the rest to NULL or zero just by
leaving them out. This is most dramatic in a couple of the outlying
vtables in things like psocks (which has a ConnectionLayerVtable
containing only one non-NULL method), but less dramatically, it means
that the new 'flags' field in BackendVtable can be completely left out
of every backend definition except for the SUPDUP one which defines it
to a nonzero value. Similarly, the test_for_upstream method only used
by SSH doesn't have to be mentioned in the rest of the backends;
network Plugs for listening sockets don't have to explicitly null out
'receive' and 'sent', and vice versa for 'accepting', and so on.
While I'm at it, I've normalised the declarations so they don't use
the unnecessarily verbose 'struct' keyword. Also a handful of them
weren't const; now they are.
2020-03-10 21:06:29 +00:00
|
|
|
static const PlugVtable ProxySocket_plugvt = {
|
|
|
|
.log = plug_proxy_log,
|
|
|
|
.closing = plug_proxy_closing,
|
|
|
|
.receive = plug_proxy_receive,
|
|
|
|
.sent = plug_proxy_sent,
|
|
|
|
.accepting = plug_proxy_accepting
|
2018-05-27 08:29:33 +00:00
|
|
|
};
|
|
|
|
|
Get rid of lots of implicit pointer types.
All the main backend structures - Ssh, Telnet, Pty, Serial etc - now
describe structure types themselves rather than pointers to them. The
same goes for the codebase-wide trait types Socket and Plug, and the
supporting types SockAddr and Pinger.
All those things that were typedefed as pointers are older types; the
newer ones have the explicit * at the point of use, because that's
what I now seem to be preferring. But whichever one of those is
better, inconsistently using a mixture of the two styles is worse, so
let's make everything consistent.
A few types are still implicitly pointers, such as Bignum and some of
the GSSAPI types; generally this is either because they have to be
void *, or because they're typedefed differently on different
platforms and aren't always pointers at all. Can't be helped. But I've
got rid of the main ones, at least.
2018-10-04 18:10:23 +00:00
|
|
|
Socket *new_connection(SockAddr *addr, const char *hostname,
|
Convert a lot of 'int' variables to 'bool'.
My normal habit these days, in new code, is to treat int and bool as
_almost_ completely separate types. I'm still willing to use C's
implicit test for zero on an integer (e.g. 'if (!blob.len)' is fine,
no need to spell it out as blob.len != 0), but generally, if a
variable is going to be conceptually a boolean, I like to declare it
bool and assign to it using 'true' or 'false' rather than 0 or 1.
PuTTY is an exception, because it predates the C99 bool, and I've
stuck to its existing coding style even when adding new code to it.
But it's been annoying me more and more, so now that I've decided C99
bool is an acceptable thing to require from our toolchain in the first
place, here's a quite thorough trawl through the source doing
'boolification'. Many variables and function parameters are now typed
as bool rather than int; many assignments of 0 or 1 to those variables
are now spelled 'true' or 'false'.
I managed this thorough conversion with the help of a custom clang
plugin that I wrote to trawl the AST and apply heuristics to point out
where things might want changing. So I've even managed to do a decent
job on parts of the code I haven't looked at in years!
To make the plugin's work easier, I pushed platform front ends
generally in the direction of using standard 'bool' in preference to
platform-specific boolean types like Windows BOOL or GTK's gboolean;
I've left the platform booleans in places they _have_ to be for the
platform APIs to work right, but variables only used by my own code
have been converted wherever I found them.
In a few places there are int values that look very like booleans in
_most_ of the places they're used, but have a rarely-used third value,
or a distinction between different nonzero values that most users
don't care about. In these cases, I've _removed_ uses of 'true' and
'false' for the return values, to emphasise that there's something
more subtle going on than a simple boolean answer:
- the 'multisel' field in dialog.h's list box structure, for which
the GTK front end in particular recognises a difference between 1
and 2 but nearly everything else treats as boolean
- the 'urgent' parameter to plug_receive, where 1 vs 2 tells you
something about the specific location of the urgent pointer, but
most clients only care about 0 vs 'something nonzero'
- the return value of wc_match, where -1 indicates a syntax error in
the wildcard.
- the return values from SSH-1 RSA-key loading functions, which use
-1 for 'wrong passphrase' and 0 for all other failures (so any
caller which already knows it's not loading an _encrypted private_
key can treat them as boolean)
- term->esc_query, and the 'query' parameter in toggle_mode in
terminal.c, which _usually_ hold 0 for ESC[123h or 1 for ESC[?123h,
but can also hold -1 for some other intervening character that we
don't support.
In a few places there's an integer that I haven't turned into a bool
even though it really _can_ only take values 0 or 1 (and, as above,
tried to make the call sites consistent in not calling those values
true and false), on the grounds that I thought it would make it more
confusing to imply that the 0 value was in some sense 'negative' or
bad and the 1 positive or good:
- the return value of plug_accepting uses the POSIXish convention of
0=success and nonzero=error; I think if I made it bool then I'd
also want to reverse its sense, and that's a job for a separate
piece of work.
- the 'screen' parameter to lineptr() in terminal.c, where 0 and 1
represent the default and alternate screens. There's no obvious
reason why one of those should be considered 'true' or 'positive'
or 'success' - they're just indices - so I've left it as int.
ssh_scp_recv had particularly confusing semantics for its previous int
return value: its call sites used '<= 0' to check for error, but it
never actually returned a negative number, just 0 or 1. Now the
function and its call sites agree that it's a bool.
In a couple of places I've renamed variables called 'ret', because I
don't like that name any more - it's unclear whether it means the
return value (in preparation) for the _containing_ function or the
return value received from a subroutine call, and occasionally I've
accidentally used the same variable for both and introduced a bug. So
where one of those got in my way, I've renamed it to 'toret' or 'retd'
(the latter short for 'returned') in line with my usual modern
practice, but I haven't done a thorough job of finding all of them.
Finally, one amusing side effect of doing this is that I've had to
separate quite a few chained assignments. It used to be perfectly fine
to write 'a = b = c = TRUE' when a,b,c were int and TRUE was just a
the 'true' defined by stdbool.h, that idiom provokes a warning from
gcc: 'suggest parentheses around assignment used as truth value'!
2018-11-02 19:23:19 +00:00
|
|
|
int port, bool privport,
|
|
|
|
bool oobinline, bool nodelay, bool keepalive,
|
2021-09-13 15:30:59 +00:00
|
|
|
Plug *plug, Conf *conf, LogPolicy *lp, Seat **seat)
|
2002-03-23 17:47:21 +00:00
|
|
|
{
|
2021-05-24 12:52:51 +00:00
|
|
|
int type = conf_get_int(conf, CONF_proxy_type);
|
|
|
|
|
|
|
|
if (type != PROXY_NONE &&
|
2019-09-08 19:29:00 +00:00
|
|
|
proxy_for_destination(addr, hostname, port, conf))
|
2002-03-23 17:47:21 +00:00
|
|
|
{
|
2019-09-08 19:29:00 +00:00
|
|
|
ProxySocket *ret;
|
|
|
|
SockAddr *proxy_addr;
|
|
|
|
char *proxy_canonical_name;
|
2015-11-22 12:15:52 +00:00
|
|
|
const char *proxy_type;
|
2019-09-08 19:29:00 +00:00
|
|
|
Socket *sret;
|
|
|
|
|
2021-05-24 12:52:51 +00:00
|
|
|
if (type == PROXY_SSH &&
|
|
|
|
(sret = sshproxy_new_connection(addr, hostname, port, privport,
|
Initial support for in-process proxy SSH connections.
This introduces a new entry to the radio-button list of proxy types,
in which the 'Proxy host' box is taken to be the name of an SSH server
or saved session. We make an entire subsidiary SSH connection to that
host, open a direct-tcpip channel through it, and use that as the
connection over which to run the primary network connection.
The result is basically the same as if you used a local proxy
subprocess, with a command along the lines of 'plink -batch %proxyhost
-nc %host:%port'. But it's all done in-process, by having an SshProxy
object implement the Socket trait to talk to the main connection, and
implement Seat and LogPolicy to talk to its subsidiary SSH backend.
All the refactoring in recent years has got us to the point where we
can do that without both SSH instances fighting over some global
variable or unique piece of infrastructure.
From an end user perspective, doing SSH proxying in-process like this
is a little bit easier to set up: it doesn't require you to bake the
full pathname of Plink into your saved session (or to have it on the
system PATH), and the SshProxy setup function automatically turns off
SSH features that would be inappropriate in this context, such as
additional port forwardings, or acting as a connection-sharing
upstream. And it has minor advantages like getting the Event Log for
the subsidiary connection interleaved in the main Event Log, as if it
were stderr output from a proxy subcommand, without having to
deliberately configure the subsidiary Plink into verbose mode.
However, this is an initial implementation only, and it doesn't yet
support the _big_ payoff for doing this in-process, which (I hope)
will be the ability to handle interactive prompts from the subsidiary
SSH connection via the same user interface as the primary one. For
example, you might need to answer two password prompts in succession,
or (the first time you use a session configured this way) confirm the
host keys for both proxy and destination SSH servers. Comments in the
new source file discuss some design thoughts on filling in this gap.
For the moment, if the proxy SSH connection encounters any situation
where an interactive prompt is needed, it will make the safe
assumption, the same way 'plink -batch' would do. So it's at least no
_worse_ than the existing technique of putting the proxy connection in
a subprocess.
2021-05-22 11:51:23 +00:00
|
|
|
oobinline, nodelay, keepalive,
|
2021-09-13 15:30:59 +00:00
|
|
|
plug, conf, lp, seat)) != NULL)
|
Initial support for in-process proxy SSH connections.
This introduces a new entry to the radio-button list of proxy types,
in which the 'Proxy host' box is taken to be the name of an SSH server
or saved session. We make an entire subsidiary SSH connection to that
host, open a direct-tcpip channel through it, and use that as the
connection over which to run the primary network connection.
The result is basically the same as if you used a local proxy
subprocess, with a command along the lines of 'plink -batch %proxyhost
-nc %host:%port'. But it's all done in-process, by having an SshProxy
object implement the Socket trait to talk to the main connection, and
implement Seat and LogPolicy to talk to its subsidiary SSH backend.
All the refactoring in recent years has got us to the point where we
can do that without both SSH instances fighting over some global
variable or unique piece of infrastructure.
From an end user perspective, doing SSH proxying in-process like this
is a little bit easier to set up: it doesn't require you to bake the
full pathname of Plink into your saved session (or to have it on the
system PATH), and the SshProxy setup function automatically turns off
SSH features that would be inappropriate in this context, such as
additional port forwardings, or acting as a connection-sharing
upstream. And it has minor advantages like getting the Event Log for
the subsidiary connection interleaved in the main Event Log, as if it
were stderr output from a proxy subcommand, without having to
deliberately configure the subsidiary Plink into verbose mode.
However, this is an initial implementation only, and it doesn't yet
support the _big_ payoff for doing this in-process, which (I hope)
will be the ability to handle interactive prompts from the subsidiary
SSH connection via the same user interface as the primary one. For
example, you might need to answer two password prompts in succession,
or (the first time you use a session configured this way) confirm the
host keys for both proxy and destination SSH servers. Comments in the
new source file discuss some design thoughts on filling in this gap.
For the moment, if the proxy SSH connection encounters any situation
where an interactive prompt is needed, it will make the safe
assumption, the same way 'plink -batch' would do. So it's at least no
_worse_ than the existing technique of putting the proxy connection in
a subprocess.
2021-05-22 11:51:23 +00:00
|
|
|
return sret;
|
|
|
|
|
2019-09-08 19:29:00 +00:00
|
|
|
if ((sret = platform_new_connection(addr, hostname, port, privport,
|
|
|
|
oobinline, nodelay, keepalive,
|
2021-02-13 10:11:30 +00:00
|
|
|
plug, conf)) != NULL)
|
2019-09-08 19:29:00 +00:00
|
|
|
return sret;
|
|
|
|
|
|
|
|
ret = snew(ProxySocket);
|
|
|
|
ret->sock.vt = &ProxySocket_sockvt;
|
|
|
|
ret->plugimpl.vt = &ProxySocket_plugvt;
|
|
|
|
ret->conf = conf_copy(conf);
|
|
|
|
ret->plug = plug;
|
|
|
|
ret->remote_addr = addr; /* will need to be freed on close */
|
|
|
|
ret->remote_port = port;
|
|
|
|
|
|
|
|
ret->error = NULL;
|
|
|
|
ret->pending_eof = false;
|
|
|
|
ret->freeze = false;
|
|
|
|
|
|
|
|
bufchain_init(&ret->pending_input_data);
|
|
|
|
bufchain_init(&ret->pending_output_data);
|
|
|
|
bufchain_init(&ret->pending_oob_output_data);
|
|
|
|
|
|
|
|
ret->sub_socket = NULL;
|
|
|
|
ret->state = PROXY_STATE_NEW;
|
|
|
|
ret->negotiate = NULL;
|
|
|
|
|
|
|
|
if (type == PROXY_HTTP) {
|
|
|
|
ret->negotiate = proxy_http_negotiate;
|
2015-11-22 12:15:52 +00:00
|
|
|
proxy_type = "HTTP";
|
2019-09-08 19:29:00 +00:00
|
|
|
} else if (type == PROXY_SOCKS4) {
|
2003-05-07 12:07:23 +00:00
|
|
|
ret->negotiate = proxy_socks4_negotiate;
|
2015-11-22 12:15:52 +00:00
|
|
|
proxy_type = "SOCKS 4";
|
2019-09-08 19:29:00 +00:00
|
|
|
} else if (type == PROXY_SOCKS5) {
|
2003-05-07 12:07:23 +00:00
|
|
|
ret->negotiate = proxy_socks5_negotiate;
|
2015-11-22 12:15:52 +00:00
|
|
|
proxy_type = "SOCKS 5";
|
2019-09-08 19:29:00 +00:00
|
|
|
} else if (type == PROXY_TELNET) {
|
|
|
|
ret->negotiate = proxy_telnet_negotiate;
|
2015-11-22 12:15:52 +00:00
|
|
|
proxy_type = "Telnet";
|
2019-09-08 19:29:00 +00:00
|
|
|
} else {
|
|
|
|
ret->error = "Proxy error: Unknown proxy method";
|
|
|
|
return &ret->sock;
|
|
|
|
}
|
2002-03-23 17:47:21 +00:00
|
|
|
|
2015-11-22 12:15:52 +00:00
|
|
|
{
|
|
|
|
char *logmsg = dupprintf("Will use %s proxy at %s:%d to connect"
|
|
|
|
" to %s:%d", proxy_type,
|
|
|
|
conf_get_str(conf, CONF_proxy_host),
|
|
|
|
conf_get_int(conf, CONF_proxy_port),
|
|
|
|
hostname, port);
|
2020-02-07 19:17:45 +00:00
|
|
|
plug_log(plug, PLUGLOG_PROXY_MSG, NULL, 0, logmsg, 0);
|
2015-11-22 12:15:52 +00:00
|
|
|
sfree(logmsg);
|
|
|
|
}
|
|
|
|
|
|
|
|
{
|
|
|
|
char *logmsg = dns_log_msg(conf_get_str(conf, CONF_proxy_host),
|
|
|
|
conf_get_int(conf, CONF_addressfamily),
|
|
|
|
"proxy");
|
2020-02-07 19:17:45 +00:00
|
|
|
plug_log(plug, PLUGLOG_PROXY_MSG, NULL, 0, logmsg, 0);
|
2015-11-22 12:15:52 +00:00
|
|
|
sfree(logmsg);
|
|
|
|
}
|
|
|
|
|
2019-09-08 19:29:00 +00:00
|
|
|
/* look-up proxy */
|
|
|
|
proxy_addr = sk_namelookup(conf_get_str(conf, CONF_proxy_host),
|
|
|
|
&proxy_canonical_name,
|
|
|
|
conf_get_int(conf, CONF_addressfamily));
|
|
|
|
if (sk_addr_error(proxy_addr) != NULL) {
|
|
|
|
ret->error = "Proxy error: Unable to resolve proxy host name";
|
2013-07-22 19:55:55 +00:00
|
|
|
sk_addr_free(proxy_addr);
|
2019-09-08 19:29:00 +00:00
|
|
|
return &ret->sock;
|
|
|
|
}
|
|
|
|
sfree(proxy_canonical_name);
|
2002-03-23 17:47:21 +00:00
|
|
|
|
2015-11-22 12:15:52 +00:00
|
|
|
{
|
|
|
|
char addrbuf[256], *logmsg;
|
2017-02-04 14:36:12 +00:00
|
|
|
sk_getaddr(proxy_addr, addrbuf, lenof(addrbuf));
|
2015-11-22 12:15:52 +00:00
|
|
|
logmsg = dupprintf("Connecting to %s proxy at %s port %d",
|
|
|
|
proxy_type, addrbuf,
|
|
|
|
conf_get_int(conf, CONF_proxy_port));
|
2020-02-07 19:17:45 +00:00
|
|
|
plug_log(plug, PLUGLOG_PROXY_MSG, NULL, 0, logmsg, 0);
|
2015-11-22 12:15:52 +00:00
|
|
|
sfree(logmsg);
|
|
|
|
}
|
|
|
|
|
2019-09-08 19:29:00 +00:00
|
|
|
/* create the actual socket we will be using,
|
|
|
|
* connected to our proxy server and port.
|
|
|
|
*/
|
|
|
|
ret->sub_socket = sk_new(proxy_addr,
|
|
|
|
conf_get_int(conf, CONF_proxy_port),
|
|
|
|
privport, oobinline,
|
|
|
|
nodelay, keepalive, &ret->plugimpl);
|
|
|
|
if (sk_socket_error(ret->sub_socket) != NULL)
|
|
|
|
return &ret->sock;
|
|
|
|
|
|
|
|
/* start the proxy negotiation process... */
|
2020-02-12 21:35:04 +00:00
|
|
|
sk_set_frozen(ret->sub_socket, false);
|
2019-09-08 19:29:00 +00:00
|
|
|
ret->negotiate(ret, PROXY_CHANGE_NEW);
|
|
|
|
|
|
|
|
return &ret->sock;
|
2002-03-23 17:47:21 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/* no proxy, so just return the direct socket */
|
2004-06-20 17:07:38 +00:00
|
|
|
return sk_new(addr, port, privport, oobinline, nodelay, keepalive, plug);
|
2002-03-23 17:47:21 +00:00
|
|
|
}
|
|
|
|
|
Get rid of lots of implicit pointer types.
All the main backend structures - Ssh, Telnet, Pty, Serial etc - now
describe structure types themselves rather than pointers to them. The
same goes for the codebase-wide trait types Socket and Plug, and the
supporting types SockAddr and Pinger.
All those things that were typedefed as pointers are older types; the
newer ones have the explicit * at the point of use, because that's
what I now seem to be preferring. But whichever one of those is
better, inconsistently using a mixture of the two styles is worse, so
let's make everything consistent.
A few types are still implicitly pointers, such as Bignum and some of
the GSSAPI types; generally this is either because they have to be
void *, or because they're typedefed differently on different
platforms and aren't always pointers at all. Can't be helped. But I've
got rid of the main ones, at least.
2018-10-04 18:10:23 +00:00
|
|
|
Socket *new_listener(const char *srcaddr, int port, Plug *plug,
|
Convert a lot of 'int' variables to 'bool'.
My normal habit these days, in new code, is to treat int and bool as
_almost_ completely separate types. I'm still willing to use C's
implicit test for zero on an integer (e.g. 'if (!blob.len)' is fine,
no need to spell it out as blob.len != 0), but generally, if a
variable is going to be conceptually a boolean, I like to declare it
bool and assign to it using 'true' or 'false' rather than 0 or 1.
PuTTY is an exception, because it predates the C99 bool, and I've
stuck to its existing coding style even when adding new code to it.
But it's been annoying me more and more, so now that I've decided C99
bool is an acceptable thing to require from our toolchain in the first
place, here's a quite thorough trawl through the source doing
'boolification'. Many variables and function parameters are now typed
as bool rather than int; many assignments of 0 or 1 to those variables
are now spelled 'true' or 'false'.
I managed this thorough conversion with the help of a custom clang
plugin that I wrote to trawl the AST and apply heuristics to point out
where things might want changing. So I've even managed to do a decent
job on parts of the code I haven't looked at in years!
To make the plugin's work easier, I pushed platform front ends
generally in the direction of using standard 'bool' in preference to
platform-specific boolean types like Windows BOOL or GTK's gboolean;
I've left the platform booleans in places they _have_ to be for the
platform APIs to work right, but variables only used by my own code
have been converted wherever I found them.
In a few places there are int values that look very like booleans in
_most_ of the places they're used, but have a rarely-used third value,
or a distinction between different nonzero values that most users
don't care about. In these cases, I've _removed_ uses of 'true' and
'false' for the return values, to emphasise that there's something
more subtle going on than a simple boolean answer:
- the 'multisel' field in dialog.h's list box structure, for which
the GTK front end in particular recognises a difference between 1
and 2 but nearly everything else treats as boolean
- the 'urgent' parameter to plug_receive, where 1 vs 2 tells you
something about the specific location of the urgent pointer, but
most clients only care about 0 vs 'something nonzero'
- the return value of wc_match, where -1 indicates a syntax error in
the wildcard.
- the return values from SSH-1 RSA-key loading functions, which use
-1 for 'wrong passphrase' and 0 for all other failures (so any
caller which already knows it's not loading an _encrypted private_
key can treat them as boolean)
- term->esc_query, and the 'query' parameter in toggle_mode in
terminal.c, which _usually_ hold 0 for ESC[123h or 1 for ESC[?123h,
but can also hold -1 for some other intervening character that we
don't support.
In a few places there's an integer that I haven't turned into a bool
even though it really _can_ only take values 0 or 1 (and, as above,
tried to make the call sites consistent in not calling those values
true and false), on the grounds that I thought it would make it more
confusing to imply that the 0 value was in some sense 'negative' or
bad and the 1 positive or good:
- the return value of plug_accepting uses the POSIXish convention of
0=success and nonzero=error; I think if I made it bool then I'd
also want to reverse its sense, and that's a job for a separate
piece of work.
- the 'screen' parameter to lineptr() in terminal.c, where 0 and 1
represent the default and alternate screens. There's no obvious
reason why one of those should be considered 'true' or 'positive'
or 'success' - they're just indices - so I've left it as int.
ssh_scp_recv had particularly confusing semantics for its previous int
return value: its call sites used '<= 0' to check for error, but it
never actually returned a negative number, just 0 or 1. Now the
function and its call sites agree that it's a bool.
In a couple of places I've renamed variables called 'ret', because I
don't like that name any more - it's unclear whether it means the
return value (in preparation) for the _containing_ function or the
return value received from a subroutine call, and occasionally I've
accidentally used the same variable for both and introduced a bug. So
where one of those got in my way, I've renamed it to 'toret' or 'retd'
(the latter short for 'returned') in line with my usual modern
practice, but I haven't done a thorough job of finding all of them.
Finally, one amusing side effect of doing this is that I've had to
separate quite a few chained assignments. It used to be perfectly fine
to write 'a = b = c = TRUE' when a,b,c were int and TRUE was just a
the 'true' defined by stdbool.h, that idiom provokes a warning from
gcc: 'suggest parentheses around assignment used as truth value'!
2018-11-02 19:23:19 +00:00
|
|
|
bool local_host_only, Conf *conf, int addressfamily)
|
2002-03-23 17:47:21 +00:00
|
|
|
{
|
|
|
|
/* TODO: SOCKS (and potentially others) support inbound
|
|
|
|
* TODO: connections via the proxy. support them.
|
|
|
|
*/
|
|
|
|
|
2004-12-30 16:45:11 +00:00
|
|
|
return sk_newlistener(srcaddr, port, plug, local_host_only, addressfamily);
|
2002-03-23 17:47:21 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/* ----------------------------------------------------------------------
|
|
|
|
* HTTP CONNECT proxy type.
|
|
|
|
*/
|
|
|
|
|
2019-02-06 20:42:44 +00:00
|
|
|
static bool get_line_end(char *data, size_t len, size_t *out)
|
2002-03-23 17:47:21 +00:00
|
|
|
{
|
2019-02-06 20:42:44 +00:00
|
|
|
size_t off = 0;
|
2002-03-23 17:47:21 +00:00
|
|
|
|
|
|
|
while (off < len)
|
|
|
|
{
|
2019-09-08 19:29:00 +00:00
|
|
|
if (data[off] == '\n') {
|
|
|
|
/* we have a newline */
|
|
|
|
off++;
|
2002-03-23 17:47:21 +00:00
|
|
|
|
2019-09-08 19:29:00 +00:00
|
|
|
/* is that the only thing on this line? */
|
2019-02-06 20:11:11 +00:00
|
|
|
if (off <= 2) {
|
|
|
|
*out = off;
|
|
|
|
return true;
|
|
|
|
}
|
2002-03-23 17:47:21 +00:00
|
|
|
|
2019-09-08 19:29:00 +00:00
|
|
|
/* if not, then there is the possibility that this header
|
|
|
|
* continues onto the next line, if it starts with a space
|
|
|
|
* or a tab.
|
|
|
|
*/
|
2002-03-23 17:47:21 +00:00
|
|
|
|
2019-02-06 20:11:11 +00:00
|
|
|
if (off + 1 < len && data[off+1] != ' ' && data[off+1] != '\t') {
|
|
|
|
*out = off;
|
|
|
|
return true;
|
|
|
|
}
|
2002-03-23 17:47:21 +00:00
|
|
|
|
2019-09-08 19:29:00 +00:00
|
|
|
/* the line does continue, so we have to keep going
|
|
|
|
* until we see an the header's "real" end of line.
|
|
|
|
*/
|
|
|
|
off++;
|
|
|
|
}
|
2002-03-23 17:47:21 +00:00
|
|
|
|
2019-09-08 19:29:00 +00:00
|
|
|
off++;
|
2002-03-23 17:47:21 +00:00
|
|
|
}
|
|
|
|
|
2019-02-06 20:11:11 +00:00
|
|
|
return false;
|
2002-03-23 17:47:21 +00:00
|
|
|
}
|
|
|
|
|
2018-05-27 08:29:33 +00:00
|
|
|
int proxy_http_negotiate (ProxySocket *p, int change)
|
2002-03-23 17:47:21 +00:00
|
|
|
{
|
|
|
|
if (p->state == PROXY_STATE_NEW) {
|
2019-09-08 19:29:00 +00:00
|
|
|
/* we are just beginning the proxy negotiate process,
|
|
|
|
* so we'll send off the initial bits of the request.
|
|
|
|
* for this proxy method, it's just a simple HTTP
|
|
|
|
* request
|
|
|
|
*/
|
|
|
|
char *buf, dest[512];
|
|
|
|
char *username, *password;
|
|
|
|
|
|
|
|
sk_getaddr(p->remote_addr, dest, lenof(dest));
|
|
|
|
|
|
|
|
buf = dupprintf("CONNECT %s:%i HTTP/1.1\r\nHost: %s:%i\r\n",
|
|
|
|
dest, p->remote_port, dest, p->remote_port);
|
|
|
|
sk_write(p->sub_socket, buf, strlen(buf));
|
|
|
|
sfree(buf);
|
|
|
|
|
|
|
|
username = conf_get_str(p->conf, CONF_proxy_username);
|
|
|
|
password = conf_get_str(p->conf, CONF_proxy_password);
|
|
|
|
if (username[0] || password[0]) {
|
|
|
|
char *buf, *buf2;
|
|
|
|
int i, j, len;
|
|
|
|
buf = dupprintf("%s:%s", username, password);
|
|
|
|
len = strlen(buf);
|
|
|
|
buf2 = snewn(len * 4 / 3 + 100, char);
|
|
|
|
sprintf(buf2, "Proxy-Authorization: Basic ");
|
|
|
|
for (i = 0, j = strlen(buf2); i < len; i += 3, j += 4)
|
|
|
|
base64_encode_atom((unsigned char *)(buf+i),
|
|
|
|
(len-i > 3 ? 3 : len-i), buf2+j);
|
|
|
|
strcpy(buf2+j, "\r\n");
|
|
|
|
sk_write(p->sub_socket, buf2, strlen(buf2));
|
|
|
|
sfree(buf);
|
|
|
|
sfree(buf2);
|
|
|
|
}
|
|
|
|
|
|
|
|
sk_write(p->sub_socket, "\r\n", 2);
|
|
|
|
|
|
|
|
p->state = 1;
|
|
|
|
return 0;
|
2002-03-23 17:47:21 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if (change == PROXY_CHANGE_CLOSING) {
|
2019-09-08 19:29:00 +00:00
|
|
|
/* if our proxy negotiation process involves closing and opening
|
|
|
|
* new sockets, then we would want to intercept this closing
|
|
|
|
* callback when we were expecting it. if we aren't anticipating
|
|
|
|
* a socket close, then some error must have occurred. we'll
|
|
|
|
* just pass those errors up to the backend.
|
|
|
|
*/
|
2021-10-23 16:54:21 +00:00
|
|
|
plug_closing(p->plug, p->closing_error_msg, p->closing_error_code);
|
2019-09-08 19:29:00 +00:00
|
|
|
return 0; /* ignored */
|
2002-03-23 17:47:21 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if (change == PROXY_CHANGE_SENT) {
|
2019-09-08 19:29:00 +00:00
|
|
|
/* some (or all) of what we wrote to the proxy was sent.
|
|
|
|
* we don't do anything new, however, until we receive the
|
|
|
|
* proxy's response. we might want to set a timer so we can
|
|
|
|
* timeout the proxy negotiation after a while...
|
|
|
|
*/
|
|
|
|
return 0;
|
2002-03-23 17:47:21 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if (change == PROXY_CHANGE_ACCEPTING) {
|
2019-09-08 19:29:00 +00:00
|
|
|
/* we should _never_ see this, as we are using our socket to
|
|
|
|
* connect to a proxy, not accepting inbound connections.
|
|
|
|
* what should we do? close the socket with an appropriate
|
|
|
|
* error message?
|
|
|
|
*/
|
|
|
|
return plug_accepting(p->plug,
|
2013-11-17 14:03:55 +00:00
|
|
|
p->accepting_constructor, p->accepting_ctx);
|
2002-03-23 17:47:21 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if (change == PROXY_CHANGE_RECEIVE) {
|
2019-09-08 19:29:00 +00:00
|
|
|
/* we have received data from the underlying socket, which
|
|
|
|
* we'll need to parse, process, and respond to appropriately.
|
|
|
|
*/
|
2002-03-23 17:47:21 +00:00
|
|
|
|
2019-09-08 19:29:00 +00:00
|
|
|
char *data, *datap;
|
|
|
|
size_t len, eol;
|
2002-03-23 17:47:21 +00:00
|
|
|
|
2019-09-08 19:29:00 +00:00
|
|
|
if (p->state == 1) {
|
2002-03-23 17:47:21 +00:00
|
|
|
|
2019-09-08 19:29:00 +00:00
|
|
|
int min_ver, maj_ver, status;
|
2002-03-23 17:47:21 +00:00
|
|
|
|
2019-09-08 19:29:00 +00:00
|
|
|
/* get the status line */
|
|
|
|
len = bufchain_size(&p->pending_input_data);
|
|
|
|
assert(len > 0); /* or we wouldn't be here */
|
|
|
|
data = snewn(len+1, char);
|
|
|
|
bufchain_fetch(&p->pending_input_data, data, len);
|
|
|
|
/*
|
|
|
|
* We must NUL-terminate this data, because Windows
|
|
|
|
* sscanf appears to require a NUL at the end of the
|
|
|
|
* string because it strlens it _first_. Sigh.
|
|
|
|
*/
|
|
|
|
data[len] = '\0';
|
2002-09-21 16:52:21 +00:00
|
|
|
|
2019-02-06 20:11:11 +00:00
|
|
|
if (!get_line_end(data, len, &eol)) {
|
2019-09-08 19:29:00 +00:00
|
|
|
sfree(data);
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
status = -1;
|
|
|
|
/* We can't rely on whether the %n incremented the sscanf return */
|
|
|
|
if (sscanf((char *)data, "HTTP/%i.%i %n",
|
|
|
|
&maj_ver, &min_ver, &status) < 2 || status == -1) {
|
|
|
|
plug_closing(p->plug, "Proxy error: HTTP response was absent",
|
2021-10-23 16:54:21 +00:00
|
|
|
PROXY_ERROR_GENERAL);
|
2019-09-08 19:29:00 +00:00
|
|
|
sfree(data);
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* remove the status line from the input buffer. */
|
|
|
|
bufchain_consume(&p->pending_input_data, eol);
|
|
|
|
if (data[status] != '2') {
|
|
|
|
/* error */
|
|
|
|
char *buf;
|
|
|
|
data[eol] = '\0';
|
|
|
|
while (eol > status &&
|
|
|
|
(data[eol-1] == '\r' || data[eol-1] == '\n'))
|
|
|
|
data[--eol] = '\0';
|
|
|
|
buf = dupprintf("Proxy error: %s", data+status);
|
2021-10-23 16:54:21 +00:00
|
|
|
plug_closing(p->plug, buf, PROXY_ERROR_GENERAL);
|
2019-09-08 19:29:00 +00:00
|
|
|
sfree(buf);
|
|
|
|
sfree(data);
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
sfree(data);
|
|
|
|
|
|
|
|
p->state = 2;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (p->state == 2) {
|
|
|
|
|
|
|
|
/* get headers. we're done when we get a
|
|
|
|
* header of length 2, (ie. just "\r\n")
|
|
|
|
*/
|
|
|
|
|
|
|
|
len = bufchain_size(&p->pending_input_data);
|
|
|
|
assert(len > 0); /* or we wouldn't be here */
|
|
|
|
data = snewn(len, char);
|
|
|
|
datap = data;
|
|
|
|
bufchain_fetch(&p->pending_input_data, data, len);
|
2002-09-21 16:52:21 +00:00
|
|
|
|
2019-02-06 20:11:11 +00:00
|
|
|
if (!get_line_end(datap, len, &eol)) {
|
2019-09-08 19:29:00 +00:00
|
|
|
sfree(data);
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
while (eol > 2) {
|
|
|
|
bufchain_consume(&p->pending_input_data, eol);
|
|
|
|
datap += eol;
|
|
|
|
len -= eol;
|
2019-02-06 20:11:11 +00:00
|
|
|
if (!get_line_end(datap, len, &eol))
|
|
|
|
eol = 0; /* terminate the loop */
|
2019-09-08 19:29:00 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if (eol == 2) {
|
|
|
|
/* we're done */
|
|
|
|
bufchain_consume(&p->pending_input_data, 2);
|
|
|
|
proxy_activate(p);
|
|
|
|
/* proxy activate will have dealt with
|
|
|
|
* whatever is left of the buffer */
|
|
|
|
sfree(data);
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
sfree(data);
|
|
|
|
return 1;
|
|
|
|
}
|
2002-03-23 17:47:21 +00:00
|
|
|
}
|
|
|
|
|
2002-09-21 16:52:21 +00:00
|
|
|
plug_closing(p->plug, "Proxy error: unexpected proxy error",
|
2021-10-23 16:54:21 +00:00
|
|
|
PROXY_ERROR_UNEXPECTED);
|
2002-04-27 15:01:18 +00:00
|
|
|
return 1;
|
2002-03-23 17:47:21 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/* ----------------------------------------------------------------------
|
2002-04-27 15:01:18 +00:00
|
|
|
* SOCKS proxy type.
|
2002-03-23 17:47:21 +00:00
|
|
|
*/
|
|
|
|
|
2002-04-27 15:01:18 +00:00
|
|
|
/* SOCKS version 4 */
|
2018-05-27 08:29:33 +00:00
|
|
|
int proxy_socks4_negotiate (ProxySocket *p, int change)
|
2002-03-23 17:47:21 +00:00
|
|
|
{
|
2002-04-27 15:01:18 +00:00
|
|
|
if (p->state == PROXY_CHANGE_NEW) {
|
|
|
|
|
2019-09-08 19:29:00 +00:00
|
|
|
/* request format:
|
|
|
|
* version number (1 byte) = 4
|
|
|
|
* command code (1 byte)
|
|
|
|
* 1 = CONNECT
|
|
|
|
* 2 = BIND
|
|
|
|
* dest. port (2 bytes) [network order]
|
|
|
|
* dest. address (4 bytes)
|
|
|
|
* user ID (variable length, null terminated string)
|
|
|
|
*/
|
2002-04-27 15:01:18 +00:00
|
|
|
|
2018-05-24 12:30:16 +00:00
|
|
|
strbuf *command = strbuf_new();
|
|
|
|
char hostname[512];
|
Convert a lot of 'int' variables to 'bool'.
My normal habit these days, in new code, is to treat int and bool as
_almost_ completely separate types. I'm still willing to use C's
implicit test for zero on an integer (e.g. 'if (!blob.len)' is fine,
no need to spell it out as blob.len != 0), but generally, if a
variable is going to be conceptually a boolean, I like to declare it
bool and assign to it using 'true' or 'false' rather than 0 or 1.
PuTTY is an exception, because it predates the C99 bool, and I've
stuck to its existing coding style even when adding new code to it.
But it's been annoying me more and more, so now that I've decided C99
bool is an acceptable thing to require from our toolchain in the first
place, here's a quite thorough trawl through the source doing
'boolification'. Many variables and function parameters are now typed
as bool rather than int; many assignments of 0 or 1 to those variables
are now spelled 'true' or 'false'.
I managed this thorough conversion with the help of a custom clang
plugin that I wrote to trawl the AST and apply heuristics to point out
where things might want changing. So I've even managed to do a decent
job on parts of the code I haven't looked at in years!
To make the plugin's work easier, I pushed platform front ends
generally in the direction of using standard 'bool' in preference to
platform-specific boolean types like Windows BOOL or GTK's gboolean;
I've left the platform booleans in places they _have_ to be for the
platform APIs to work right, but variables only used by my own code
have been converted wherever I found them.
In a few places there are int values that look very like booleans in
_most_ of the places they're used, but have a rarely-used third value,
or a distinction between different nonzero values that most users
don't care about. In these cases, I've _removed_ uses of 'true' and
'false' for the return values, to emphasise that there's something
more subtle going on than a simple boolean answer:
- the 'multisel' field in dialog.h's list box structure, for which
the GTK front end in particular recognises a difference between 1
and 2 but nearly everything else treats as boolean
- the 'urgent' parameter to plug_receive, where 1 vs 2 tells you
something about the specific location of the urgent pointer, but
most clients only care about 0 vs 'something nonzero'
- the return value of wc_match, where -1 indicates a syntax error in
the wildcard.
- the return values from SSH-1 RSA-key loading functions, which use
-1 for 'wrong passphrase' and 0 for all other failures (so any
caller which already knows it's not loading an _encrypted private_
key can treat them as boolean)
- term->esc_query, and the 'query' parameter in toggle_mode in
terminal.c, which _usually_ hold 0 for ESC[123h or 1 for ESC[?123h,
but can also hold -1 for some other intervening character that we
don't support.
In a few places there's an integer that I haven't turned into a bool
even though it really _can_ only take values 0 or 1 (and, as above,
tried to make the call sites consistent in not calling those values
true and false), on the grounds that I thought it would make it more
confusing to imply that the 0 value was in some sense 'negative' or
bad and the 1 positive or good:
- the return value of plug_accepting uses the POSIXish convention of
0=success and nonzero=error; I think if I made it bool then I'd
also want to reverse its sense, and that's a job for a separate
piece of work.
- the 'screen' parameter to lineptr() in terminal.c, where 0 and 1
represent the default and alternate screens. There's no obvious
reason why one of those should be considered 'true' or 'positive'
or 'success' - they're just indices - so I've left it as int.
ssh_scp_recv had particularly confusing semantics for its previous int
return value: its call sites used '<= 0' to check for error, but it
never actually returned a negative number, just 0 or 1. Now the
function and its call sites agree that it's a bool.
In a couple of places I've renamed variables called 'ret', because I
don't like that name any more - it's unclear whether it means the
return value (in preparation) for the _containing_ function or the
return value received from a subroutine call, and occasionally I've
accidentally used the same variable for both and introduced a bug. So
where one of those got in my way, I've renamed it to 'toret' or 'retd'
(the latter short for 'returned') in line with my usual modern
practice, but I haven't done a thorough job of finding all of them.
Finally, one amusing side effect of doing this is that I've had to
separate quite a few chained assignments. It used to be perfectly fine
to write 'a = b = c = TRUE' when a,b,c were int and TRUE was just a
the 'true' defined by stdbool.h, that idiom provokes a warning from
gcc: 'suggest parentheses around assignment used as truth value'!
2018-11-02 19:23:19 +00:00
|
|
|
bool write_hostname = false;
|
2018-05-24 12:30:16 +00:00
|
|
|
|
|
|
|
put_byte(command, 4); /* SOCKS version 4 */
|
|
|
|
put_byte(command, 1); /* CONNECT command */
|
|
|
|
put_uint16(command, p->remote_port);
|
|
|
|
|
2019-09-08 19:29:00 +00:00
|
|
|
switch (sk_addrtype(p->remote_addr)) {
|
Formatting change to braces around one case of a switch.
Sometimes, within a switch statement, you want to declare local
variables specific to the handler for one particular case. Until now
I've mostly been writing this in the form
switch (discriminant) {
case SIMPLE:
do stuff;
break;
case COMPLICATED:
{
declare variables;
do stuff;
}
break;
}
which is ugly because the two pieces of essentially similar code
appear at different indent levels, and also inconvenient because you
have less horizontal space available to write the complicated case
handler in - particuarly undesirable because _complicated_ case
handlers are the ones most likely to need all the space they can get!
After encountering a rather nicer idiom in the LLVM source code, and
after a bit of hackery this morning figuring out how to persuade
Emacs's auto-indent to do what I wanted with it, I've decided to move
to an idiom in which the open brace comes right after the case
statement, and the code within it is indented the same as it would
have been without the brace. Then the whole case handler (including
the break) lives inside those braces, and you get something that looks
more like this:
switch (discriminant) {
case SIMPLE:
do stuff;
break;
case COMPLICATED: {
declare variables;
do stuff;
break;
}
}
This commit is a big-bang change that reformats all the complicated
case handlers I could find into the new layout. This is particularly
nice in the Pageant main function, in which almost _every_ case
handler had a bundle of variables and was long and complicated. (In
fact that's what motivated me to get round to this.) Some of the
innermost parts of the terminal escape-sequence handling are also
breathing a bit easier now the horizontal pressure on them is
relieved.
(Also, in a few cases, I was able to remove the extra braces
completely, because the only variable local to the case handler was a
loop variable which our new C99 policy allows me to move into the
initialiser clause of its for statement.)
Viewed with whitespace ignored, this is not too disruptive a change.
Downstream patches that conflict with it may need to be reapplied
using --ignore-whitespace or similar.
2020-02-16 07:49:52 +00:00
|
|
|
case ADDRTYPE_IPV4: {
|
|
|
|
char addr[4];
|
|
|
|
sk_addrcopy(p->remote_addr, addr);
|
|
|
|
put_data(command, addr, 4);
|
|
|
|
break;
|
|
|
|
}
|
2018-05-24 12:30:16 +00:00
|
|
|
case ADDRTYPE_NAME:
|
|
|
|
sk_getaddr(p->remote_addr, hostname, lenof(hostname));
|
|
|
|
put_uint32(command, 1);
|
2018-10-29 19:50:29 +00:00
|
|
|
write_hostname = true;
|
2018-05-24 12:30:16 +00:00
|
|
|
break;
|
|
|
|
case ADDRTYPE_IPV6:
|
2012-10-16 20:15:52 +00:00
|
|
|
p->error = "Proxy error: SOCKS version 4 does not support IPv6";
|
2018-05-24 12:30:16 +00:00
|
|
|
strbuf_free(command);
|
|
|
|
return 1;
|
2019-09-08 19:29:00 +00:00
|
|
|
}
|
2002-04-27 15:01:18 +00:00
|
|
|
|
2018-05-24 12:30:16 +00:00
|
|
|
put_asciz(command, conf_get_str(p->conf, CONF_proxy_username));
|
|
|
|
if (write_hostname)
|
|
|
|
put_asciz(command, hostname);
|
2019-09-08 19:29:00 +00:00
|
|
|
sk_write(p->sub_socket, command->s, command->len);
|
|
|
|
strbuf_free(command);
|
2002-04-27 15:01:18 +00:00
|
|
|
|
2019-09-08 19:29:00 +00:00
|
|
|
p->state = 1;
|
|
|
|
return 0;
|
2002-04-27 15:01:18 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if (change == PROXY_CHANGE_CLOSING) {
|
2019-09-08 19:29:00 +00:00
|
|
|
/* if our proxy negotiation process involves closing and opening
|
|
|
|
* new sockets, then we would want to intercept this closing
|
|
|
|
* callback when we were expecting it. if we aren't anticipating
|
|
|
|
* a socket close, then some error must have occurred. we'll
|
|
|
|
* just pass those errors up to the backend.
|
|
|
|
*/
|
2021-10-23 16:54:21 +00:00
|
|
|
plug_closing(p->plug, p->closing_error_msg, p->closing_error_code);
|
2019-09-08 19:29:00 +00:00
|
|
|
return 0; /* ignored */
|
2002-04-27 15:01:18 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if (change == PROXY_CHANGE_SENT) {
|
2019-09-08 19:29:00 +00:00
|
|
|
/* some (or all) of what we wrote to the proxy was sent.
|
|
|
|
* we don't do anything new, however, until we receive the
|
|
|
|
* proxy's response. we might want to set a timer so we can
|
|
|
|
* timeout the proxy negotiation after a while...
|
|
|
|
*/
|
|
|
|
return 0;
|
2002-04-27 15:01:18 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if (change == PROXY_CHANGE_ACCEPTING) {
|
2019-09-08 19:29:00 +00:00
|
|
|
/* we should _never_ see this, as we are using our socket to
|
|
|
|
* connect to a proxy, not accepting inbound connections.
|
|
|
|
* what should we do? close the socket with an appropriate
|
|
|
|
* error message?
|
|
|
|
*/
|
|
|
|
return plug_accepting(p->plug,
|
2013-11-17 14:03:55 +00:00
|
|
|
p->accepting_constructor, p->accepting_ctx);
|
2002-04-27 15:01:18 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if (change == PROXY_CHANGE_RECEIVE) {
|
2019-09-08 19:29:00 +00:00
|
|
|
/* we have received data from the underlying socket, which
|
|
|
|
* we'll need to parse, process, and respond to appropriately.
|
|
|
|
*/
|
|
|
|
|
|
|
|
if (p->state == 1) {
|
|
|
|
/* response format:
|
|
|
|
* version number (1 byte) = 4
|
|
|
|
* reply code (1 byte)
|
|
|
|
* 90 = request granted
|
|
|
|
* 91 = request rejected or failed
|
|
|
|
* 92 = request rejected due to lack of IDENTD on client
|
|
|
|
* 93 = request rejected due to difference in user ID
|
|
|
|
* (what we sent vs. what IDENTD said)
|
|
|
|
* dest. port (2 bytes)
|
|
|
|
* dest. address (4 bytes)
|
|
|
|
*/
|
|
|
|
|
|
|
|
char data[8];
|
|
|
|
|
|
|
|
if (bufchain_size(&p->pending_input_data) < 8)
|
|
|
|
return 1; /* not got anything yet */
|
|
|
|
|
|
|
|
/* get the response */
|
|
|
|
bufchain_fetch(&p->pending_input_data, data, 8);
|
|
|
|
|
|
|
|
if (data[0] != 0) {
|
|
|
|
plug_closing(p->plug, "Proxy error: SOCKS proxy responded with "
|
|
|
|
"unexpected reply code version",
|
2021-10-23 16:54:21 +00:00
|
|
|
PROXY_ERROR_GENERAL);
|
2019-09-08 19:29:00 +00:00
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (data[1] != 90) {
|
|
|
|
|
|
|
|
switch (data[1]) {
|
|
|
|
case 92:
|
|
|
|
plug_closing(p->plug, "Proxy error: SOCKS server wanted IDENTD on client",
|
2021-10-23 16:54:21 +00:00
|
|
|
PROXY_ERROR_GENERAL);
|
2019-09-08 19:29:00 +00:00
|
|
|
break;
|
|
|
|
case 93:
|
|
|
|
plug_closing(p->plug, "Proxy error: Username and IDENTD on client don't agree",
|
2021-10-23 16:54:21 +00:00
|
|
|
PROXY_ERROR_GENERAL);
|
2019-09-08 19:29:00 +00:00
|
|
|
break;
|
|
|
|
case 91:
|
|
|
|
default:
|
|
|
|
plug_closing(p->plug, "Proxy error: Error while communicating with proxy",
|
2021-10-23 16:54:21 +00:00
|
|
|
PROXY_ERROR_GENERAL);
|
2019-09-08 19:29:00 +00:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
bufchain_consume(&p->pending_input_data, 8);
|
|
|
|
|
|
|
|
/* we're done */
|
|
|
|
proxy_activate(p);
|
|
|
|
/* proxy activate will have dealt with
|
|
|
|
* whatever is left of the buffer */
|
|
|
|
return 1;
|
|
|
|
}
|
2002-04-27 15:01:18 +00:00
|
|
|
}
|
|
|
|
|
2002-09-21 16:52:21 +00:00
|
|
|
plug_closing(p->plug, "Proxy error: unexpected proxy error",
|
2021-10-23 16:54:21 +00:00
|
|
|
PROXY_ERROR_UNEXPECTED);
|
2002-04-27 15:01:18 +00:00
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* SOCKS version 5 */
|
2018-05-27 08:29:33 +00:00
|
|
|
int proxy_socks5_negotiate (ProxySocket *p, int change)
|
2002-04-27 15:01:18 +00:00
|
|
|
{
|
|
|
|
if (p->state == PROXY_CHANGE_NEW) {
|
|
|
|
|
2019-09-08 19:29:00 +00:00
|
|
|
/* initial command:
|
|
|
|
* version number (1 byte) = 5
|
|
|
|
* number of available authentication methods (1 byte)
|
|
|
|
* available authentication methods (1 byte * previous value)
|
|
|
|
* authentication methods:
|
|
|
|
* 0x00 = no authentication
|
|
|
|
* 0x01 = GSSAPI
|
|
|
|
* 0x02 = username/password
|
|
|
|
* 0x03 = CHAP
|
|
|
|
*/
|
|
|
|
|
|
|
|
strbuf *command;
|
|
|
|
char *username, *password;
|
2018-05-24 12:30:16 +00:00
|
|
|
int method_count_offset, methods_start;
|
2002-04-27 15:01:18 +00:00
|
|
|
|
2018-05-24 12:30:16 +00:00
|
|
|
command = strbuf_new();
|
2019-09-08 19:29:00 +00:00
|
|
|
put_byte(command, 5); /* SOCKS version 5 */
|
|
|
|
username = conf_get_str(p->conf, CONF_proxy_username);
|
|
|
|
password = conf_get_str(p->conf, CONF_proxy_password);
|
2018-05-24 12:30:16 +00:00
|
|
|
|
|
|
|
method_count_offset = command->len;
|
|
|
|
put_byte(command, 0);
|
|
|
|
methods_start = command->len;
|
|
|
|
|
|
|
|
put_byte(command, 0x00); /* no authentication */
|
|
|
|
|
2019-09-08 19:29:00 +00:00
|
|
|
if (username[0] || password[0]) {
|
|
|
|
proxy_socks5_offerencryptedauth(BinarySink_UPCAST(command));
|
2018-05-24 12:30:16 +00:00
|
|
|
put_byte(command, 0x02); /* username/password */
|
2019-09-08 19:29:00 +00:00
|
|
|
}
|
2002-04-27 15:01:18 +00:00
|
|
|
|
2018-05-24 12:30:16 +00:00
|
|
|
command->u[method_count_offset] = command->len - methods_start;
|
|
|
|
|
2019-09-08 19:29:00 +00:00
|
|
|
sk_write(p->sub_socket, command->s, command->len);
|
2018-05-24 12:30:16 +00:00
|
|
|
strbuf_free(command);
|
2002-04-27 15:01:18 +00:00
|
|
|
|
2019-09-08 19:29:00 +00:00
|
|
|
p->state = 1;
|
|
|
|
return 0;
|
2002-04-27 15:01:18 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if (change == PROXY_CHANGE_CLOSING) {
|
2019-09-08 19:29:00 +00:00
|
|
|
/* if our proxy negotiation process involves closing and opening
|
|
|
|
* new sockets, then we would want to intercept this closing
|
|
|
|
* callback when we were expecting it. if we aren't anticipating
|
|
|
|
* a socket close, then some error must have occurred. we'll
|
|
|
|
* just pass those errors up to the backend.
|
|
|
|
*/
|
2021-10-23 16:54:21 +00:00
|
|
|
plug_closing(p->plug, p->closing_error_msg, p->closing_error_code);
|
2019-09-08 19:29:00 +00:00
|
|
|
return 0; /* ignored */
|
2002-04-27 15:01:18 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if (change == PROXY_CHANGE_SENT) {
|
2019-09-08 19:29:00 +00:00
|
|
|
/* some (or all) of what we wrote to the proxy was sent.
|
|
|
|
* we don't do anything new, however, until we receive the
|
|
|
|
* proxy's response. we might want to set a timer so we can
|
|
|
|
* timeout the proxy negotiation after a while...
|
|
|
|
*/
|
|
|
|
return 0;
|
2002-04-27 15:01:18 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if (change == PROXY_CHANGE_ACCEPTING) {
|
2019-09-08 19:29:00 +00:00
|
|
|
/* we should _never_ see this, as we are using our socket to
|
|
|
|
* connect to a proxy, not accepting inbound connections.
|
|
|
|
* what should we do? close the socket with an appropriate
|
|
|
|
* error message?
|
|
|
|
*/
|
|
|
|
return plug_accepting(p->plug,
|
2013-11-17 14:03:55 +00:00
|
|
|
p->accepting_constructor, p->accepting_ctx);
|
2002-04-27 15:01:18 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if (change == PROXY_CHANGE_RECEIVE) {
|
2019-09-08 19:29:00 +00:00
|
|
|
/* we have received data from the underlying socket, which
|
|
|
|
* we'll need to parse, process, and respond to appropriately.
|
|
|
|
*/
|
|
|
|
|
|
|
|
if (p->state == 1) {
|
|
|
|
|
|
|
|
/* initial response:
|
|
|
|
* version number (1 byte) = 5
|
|
|
|
* authentication method (1 byte)
|
|
|
|
* authentication methods:
|
|
|
|
* 0x00 = no authentication
|
|
|
|
* 0x01 = GSSAPI
|
|
|
|
* 0x02 = username/password
|
|
|
|
* 0x03 = CHAP
|
|
|
|
* 0xff = no acceptable methods
|
|
|
|
*/
|
|
|
|
char data[2];
|
|
|
|
|
|
|
|
if (bufchain_size(&p->pending_input_data) < 2)
|
|
|
|
return 1; /* not got anything yet */
|
|
|
|
|
|
|
|
/* get the response */
|
|
|
|
bufchain_fetch(&p->pending_input_data, data, 2);
|
|
|
|
|
|
|
|
if (data[0] != 5) {
|
|
|
|
plug_closing(p->plug, "Proxy error: SOCKS proxy returned unexpected version",
|
2021-10-23 16:54:21 +00:00
|
|
|
PROXY_ERROR_GENERAL);
|
2019-09-08 19:29:00 +00:00
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (data[1] == 0x00) p->state = 2; /* no authentication needed */
|
|
|
|
else if (data[1] == 0x01) p->state = 4; /* GSSAPI authentication */
|
|
|
|
else if (data[1] == 0x02) p->state = 5; /* username/password authentication */
|
|
|
|
else if (data[1] == 0x03) p->state = 6; /* CHAP authentication */
|
|
|
|
else {
|
|
|
|
plug_closing(p->plug, "Proxy error: SOCKS proxy did not accept our authentication",
|
2021-10-23 16:54:21 +00:00
|
|
|
PROXY_ERROR_GENERAL);
|
2019-09-08 19:29:00 +00:00
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
bufchain_consume(&p->pending_input_data, 2);
|
|
|
|
}
|
|
|
|
|
|
|
|
if (p->state == 7) {
|
|
|
|
|
|
|
|
/* password authentication reply format:
|
|
|
|
* version number (1 bytes) = 1
|
|
|
|
* reply code (1 byte)
|
|
|
|
* 0 = succeeded
|
|
|
|
* >0 = failed
|
|
|
|
*/
|
|
|
|
char data[2];
|
|
|
|
|
|
|
|
if (bufchain_size(&p->pending_input_data) < 2)
|
|
|
|
return 1; /* not got anything yet */
|
|
|
|
|
|
|
|
/* get the response */
|
|
|
|
bufchain_fetch(&p->pending_input_data, data, 2);
|
|
|
|
|
|
|
|
if (data[0] != 1) {
|
|
|
|
plug_closing(p->plug, "Proxy error: SOCKS password "
|
|
|
|
"subnegotiation contained wrong version number",
|
2021-10-23 16:54:21 +00:00
|
|
|
PROXY_ERROR_GENERAL);
|
2019-09-08 19:29:00 +00:00
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (data[1] != 0) {
|
|
|
|
|
|
|
|
plug_closing(p->plug, "Proxy error: SOCKS proxy refused"
|
|
|
|
" password authentication",
|
2021-10-23 16:54:21 +00:00
|
|
|
PROXY_ERROR_GENERAL);
|
2019-09-08 19:29:00 +00:00
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
bufchain_consume(&p->pending_input_data, 2);
|
|
|
|
p->state = 2; /* now proceed as authenticated */
|
|
|
|
}
|
|
|
|
|
|
|
|
if (p->state == 8) {
|
|
|
|
int ret;
|
|
|
|
ret = proxy_socks5_handlechap(p);
|
|
|
|
if (ret) return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (p->state == 2) {
|
|
|
|
|
|
|
|
/* request format:
|
|
|
|
* version number (1 byte) = 5
|
|
|
|
* command code (1 byte)
|
|
|
|
* 1 = CONNECT
|
|
|
|
* 2 = BIND
|
|
|
|
* 3 = UDP ASSOCIATE
|
|
|
|
* reserved (1 byte) = 0x00
|
|
|
|
* address type (1 byte)
|
|
|
|
* 1 = IPv4
|
|
|
|
* 3 = domainname (first byte has length, no terminating null)
|
|
|
|
* 4 = IPv6
|
|
|
|
* dest. address (variable)
|
|
|
|
* dest. port (2 bytes) [network order]
|
|
|
|
*/
|
|
|
|
|
|
|
|
strbuf *command = strbuf_new();
|
|
|
|
put_byte(command, 5); /* SOCKS version 5 */
|
|
|
|
put_byte(command, 1); /* CONNECT command */
|
|
|
|
put_byte(command, 0x00); /* reserved byte */
|
|
|
|
|
|
|
|
switch (sk_addrtype(p->remote_addr)) {
|
2018-05-24 12:30:16 +00:00
|
|
|
case ADDRTYPE_IPV4:
|
2019-09-08 19:29:00 +00:00
|
|
|
put_byte(command, 1); /* IPv4 */
|
|
|
|
sk_addrcopy(p->remote_addr, strbuf_append(command, 4));
|
2018-05-24 12:30:16 +00:00
|
|
|
break;
|
|
|
|
case ADDRTYPE_IPV6:
|
2019-09-08 19:29:00 +00:00
|
|
|
put_byte(command, 4); /* IPv6 */
|
|
|
|
sk_addrcopy(p->remote_addr, strbuf_append(command, 16));
|
2018-05-24 12:30:16 +00:00
|
|
|
break;
|
Formatting change to braces around one case of a switch.
Sometimes, within a switch statement, you want to declare local
variables specific to the handler for one particular case. Until now
I've mostly been writing this in the form
switch (discriminant) {
case SIMPLE:
do stuff;
break;
case COMPLICATED:
{
declare variables;
do stuff;
}
break;
}
which is ugly because the two pieces of essentially similar code
appear at different indent levels, and also inconvenient because you
have less horizontal space available to write the complicated case
handler in - particuarly undesirable because _complicated_ case
handlers are the ones most likely to need all the space they can get!
After encountering a rather nicer idiom in the LLVM source code, and
after a bit of hackery this morning figuring out how to persuade
Emacs's auto-indent to do what I wanted with it, I've decided to move
to an idiom in which the open brace comes right after the case
statement, and the code within it is indented the same as it would
have been without the brace. Then the whole case handler (including
the break) lives inside those braces, and you get something that looks
more like this:
switch (discriminant) {
case SIMPLE:
do stuff;
break;
case COMPLICATED: {
declare variables;
do stuff;
break;
}
}
This commit is a big-bang change that reformats all the complicated
case handlers I could find into the new layout. This is particularly
nice in the Pageant main function, in which almost _every_ case
handler had a bundle of variables and was long and complicated. (In
fact that's what motivated me to get round to this.) Some of the
innermost parts of the terminal escape-sequence handling are also
breathing a bit easier now the horizontal pressure on them is
relieved.
(Also, in a few cases, I was able to remove the extra braces
completely, because the only variable local to the case handler was a
loop variable which our new C99 policy allows me to move into the
initialiser clause of its for statement.)
Viewed with whitespace ignored, this is not too disruptive a change.
Downstream patches that conflict with it may need to be reapplied
using --ignore-whitespace or similar.
2020-02-16 07:49:52 +00:00
|
|
|
case ADDRTYPE_NAME: {
|
|
|
|
char hostname[512];
|
|
|
|
put_byte(command, 3); /* domain name */
|
|
|
|
sk_getaddr(p->remote_addr, hostname, lenof(hostname));
|
|
|
|
if (!put_pstring(command, hostname)) {
|
|
|
|
p->error = "Proxy error: SOCKS 5 cannot "
|
|
|
|
"support host names longer than 255 chars";
|
|
|
|
strbuf_free(command);
|
|
|
|
return 1;
|
2018-05-24 12:30:16 +00:00
|
|
|
}
|
|
|
|
break;
|
Formatting change to braces around one case of a switch.
Sometimes, within a switch statement, you want to declare local
variables specific to the handler for one particular case. Until now
I've mostly been writing this in the form
switch (discriminant) {
case SIMPLE:
do stuff;
break;
case COMPLICATED:
{
declare variables;
do stuff;
}
break;
}
which is ugly because the two pieces of essentially similar code
appear at different indent levels, and also inconvenient because you
have less horizontal space available to write the complicated case
handler in - particuarly undesirable because _complicated_ case
handlers are the ones most likely to need all the space they can get!
After encountering a rather nicer idiom in the LLVM source code, and
after a bit of hackery this morning figuring out how to persuade
Emacs's auto-indent to do what I wanted with it, I've decided to move
to an idiom in which the open brace comes right after the case
statement, and the code within it is indented the same as it would
have been without the brace. Then the whole case handler (including
the break) lives inside those braces, and you get something that looks
more like this:
switch (discriminant) {
case SIMPLE:
do stuff;
break;
case COMPLICATED: {
declare variables;
do stuff;
break;
}
}
This commit is a big-bang change that reformats all the complicated
case handlers I could find into the new layout. This is particularly
nice in the Pageant main function, in which almost _every_ case
handler had a bundle of variables and was long and complicated. (In
fact that's what motivated me to get round to this.) Some of the
innermost parts of the terminal escape-sequence handling are also
breathing a bit easier now the horizontal pressure on them is
relieved.
(Also, in a few cases, I was able to remove the extra braces
completely, because the only variable local to the case handler was a
loop variable which our new C99 policy allows me to move into the
initialiser clause of its for statement.)
Viewed with whitespace ignored, this is not too disruptive a change.
Downstream patches that conflict with it may need to be reapplied
using --ignore-whitespace or similar.
2020-02-16 07:49:52 +00:00
|
|
|
}
|
2019-09-08 19:29:00 +00:00
|
|
|
}
|
2002-04-27 15:01:18 +00:00
|
|
|
|
2018-05-24 12:30:16 +00:00
|
|
|
put_uint16(command, p->remote_port);
|
2002-04-27 15:01:18 +00:00
|
|
|
|
2019-09-08 19:29:00 +00:00
|
|
|
sk_write(p->sub_socket, command->s, command->len);
|
2002-04-27 15:01:18 +00:00
|
|
|
|
2018-05-24 12:30:16 +00:00
|
|
|
strbuf_free(command);
|
2002-04-27 15:01:18 +00:00
|
|
|
|
2019-09-08 19:29:00 +00:00
|
|
|
p->state = 3;
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (p->state == 3) {
|
|
|
|
|
|
|
|
/* reply format:
|
|
|
|
* version number (1 bytes) = 5
|
|
|
|
* reply code (1 byte)
|
|
|
|
* 0 = succeeded
|
|
|
|
* 1 = general SOCKS server failure
|
|
|
|
* 2 = connection not allowed by ruleset
|
|
|
|
* 3 = network unreachable
|
|
|
|
* 4 = host unreachable
|
|
|
|
* 5 = connection refused
|
|
|
|
* 6 = TTL expired
|
|
|
|
* 7 = command not supported
|
|
|
|
* 8 = address type not supported
|
|
|
|
* reserved (1 byte) = x00
|
|
|
|
* address type (1 byte)
|
|
|
|
* 1 = IPv4
|
|
|
|
* 3 = domainname (first byte has length, no terminating null)
|
|
|
|
* 4 = IPv6
|
|
|
|
* server bound address (variable)
|
|
|
|
* server bound port (2 bytes) [network order]
|
|
|
|
*/
|
|
|
|
char data[5];
|
|
|
|
int len;
|
|
|
|
|
|
|
|
/* First 5 bytes of packet are enough to tell its length. */
|
|
|
|
if (bufchain_size(&p->pending_input_data) < 5)
|
|
|
|
return 1; /* not got anything yet */
|
|
|
|
|
|
|
|
/* get the response */
|
|
|
|
bufchain_fetch(&p->pending_input_data, data, 5);
|
|
|
|
|
|
|
|
if (data[0] != 5) {
|
|
|
|
plug_closing(p->plug, "Proxy error: SOCKS proxy returned wrong version number",
|
2021-10-23 16:54:21 +00:00
|
|
|
PROXY_ERROR_GENERAL);
|
2019-09-08 19:29:00 +00:00
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (data[1] != 0) {
|
|
|
|
char buf[256];
|
|
|
|
|
|
|
|
strcpy(buf, "Proxy error: ");
|
|
|
|
|
|
|
|
switch (data[1]) {
|
|
|
|
case 1: strcat(buf, "General SOCKS server failure"); break;
|
|
|
|
case 2: strcat(buf, "Connection not allowed by ruleset"); break;
|
|
|
|
case 3: strcat(buf, "Network unreachable"); break;
|
|
|
|
case 4: strcat(buf, "Host unreachable"); break;
|
|
|
|
case 5: strcat(buf, "Connection refused"); break;
|
|
|
|
case 6: strcat(buf, "TTL expired"); break;
|
|
|
|
case 7: strcat(buf, "Command not supported"); break;
|
|
|
|
case 8: strcat(buf, "Address type not supported"); break;
|
|
|
|
default: sprintf(buf+strlen(buf),
|
|
|
|
"Unrecognised SOCKS error code %d",
|
|
|
|
data[1]);
|
|
|
|
break;
|
|
|
|
}
|
2021-10-23 16:54:21 +00:00
|
|
|
plug_closing(p->plug, buf, PROXY_ERROR_GENERAL);
|
2019-09-08 19:29:00 +00:00
|
|
|
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Eat the rest of the reply packet.
|
|
|
|
*/
|
|
|
|
len = 6; /* first 4 bytes, last 2 */
|
|
|
|
switch (data[3]) {
|
|
|
|
case 1: len += 4; break; /* IPv4 address */
|
|
|
|
case 4: len += 16; break;/* IPv6 address */
|
2019-10-01 18:31:37 +00:00
|
|
|
case 3: len += 1+(unsigned char)data[4]; break; /* domain name */
|
2019-09-08 19:29:00 +00:00
|
|
|
default:
|
|
|
|
plug_closing(p->plug, "Proxy error: SOCKS proxy returned "
|
|
|
|
"unrecognised address format",
|
2021-10-23 16:54:21 +00:00
|
|
|
PROXY_ERROR_GENERAL);
|
2019-09-08 19:29:00 +00:00
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
if (bufchain_size(&p->pending_input_data) < len)
|
|
|
|
return 1; /* not got whole reply yet */
|
|
|
|
bufchain_consume(&p->pending_input_data, len);
|
|
|
|
|
|
|
|
/* we're done */
|
|
|
|
proxy_activate(p);
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (p->state == 4) {
|
|
|
|
/* TODO: Handle GSSAPI authentication */
|
|
|
|
plug_closing(p->plug, "Proxy error: We don't support GSSAPI authentication",
|
2021-10-23 16:54:21 +00:00
|
|
|
PROXY_ERROR_GENERAL);
|
2019-09-08 19:29:00 +00:00
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (p->state == 5) {
|
2018-05-24 12:30:16 +00:00
|
|
|
const char *username = conf_get_str(p->conf, CONF_proxy_username);
|
|
|
|
const char *password = conf_get_str(p->conf, CONF_proxy_password);
|
2019-09-08 19:29:00 +00:00
|
|
|
if (username[0] || password[0]) {
|
2019-03-01 19:28:00 +00:00
|
|
|
strbuf *auth = strbuf_new_nm();
|
2019-09-08 19:29:00 +00:00
|
|
|
put_byte(auth, 1); /* version number of subnegotiation */
|
2018-05-24 12:30:16 +00:00
|
|
|
if (!put_pstring(auth, username)) {
|
|
|
|
p->error = "Proxy error: SOCKS 5 authentication cannot "
|
|
|
|
"support usernames longer than 255 chars";
|
|
|
|
strbuf_free(auth);
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
if (!put_pstring(auth, password)) {
|
|
|
|
p->error = "Proxy error: SOCKS 5 authentication cannot "
|
|
|
|
"support passwords longer than 255 chars";
|
|
|
|
strbuf_free(auth);
|
|
|
|
return 1;
|
|
|
|
}
|
2019-09-08 19:29:00 +00:00
|
|
|
sk_write(p->sub_socket, auth->s, auth->len);
|
2018-05-24 12:30:16 +00:00
|
|
|
strbuf_free(auth);
|
2019-09-08 19:29:00 +00:00
|
|
|
p->state = 7;
|
|
|
|
} else
|
|
|
|
plug_closing(p->plug, "Proxy error: Server chose "
|
|
|
|
"username/password authentication but we "
|
|
|
|
"didn't offer it!",
|
2021-10-23 16:54:21 +00:00
|
|
|
PROXY_ERROR_GENERAL);
|
2019-09-08 19:29:00 +00:00
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (p->state == 6) {
|
|
|
|
int ret;
|
|
|
|
ret = proxy_socks5_selectchap(p);
|
|
|
|
if (ret) return ret;
|
|
|
|
}
|
2002-09-21 16:07:43 +00:00
|
|
|
|
2002-04-27 15:01:18 +00:00
|
|
|
}
|
|
|
|
|
2002-09-24 19:27:58 +00:00
|
|
|
plug_closing(p->plug, "Proxy error: Unexpected proxy error",
|
2021-10-23 16:54:21 +00:00
|
|
|
PROXY_ERROR_UNEXPECTED);
|
2002-04-27 15:01:18 +00:00
|
|
|
return 1;
|
2002-03-23 17:47:21 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/* ----------------------------------------------------------------------
|
2002-03-27 21:09:16 +00:00
|
|
|
* `Telnet' proxy type.
|
2002-03-23 17:47:21 +00:00
|
|
|
*
|
|
|
|
* (This is for ad-hoc proxies where you connect to the proxy's
|
|
|
|
* telnet port and send a command such as `connect host port'. The
|
|
|
|
* command is configurable, since this proxy type is typically not
|
|
|
|
* standardised or at all well-defined.)
|
|
|
|
*/
|
|
|
|
|
Get rid of lots of implicit pointer types.
All the main backend structures - Ssh, Telnet, Pty, Serial etc - now
describe structure types themselves rather than pointers to them. The
same goes for the codebase-wide trait types Socket and Plug, and the
supporting types SockAddr and Pinger.
All those things that were typedefed as pointers are older types; the
newer ones have the explicit * at the point of use, because that's
what I now seem to be preferring. But whichever one of those is
better, inconsistently using a mixture of the two styles is worse, so
let's make everything consistent.
A few types are still implicitly pointers, such as Bignum and some of
the GSSAPI types; generally this is either because they have to be
void *, or because they're typedefed differently on different
platforms and aren't always pointers at all. Can't be helped. But I've
got rid of the main ones, at least.
2018-10-04 18:10:23 +00:00
|
|
|
char *format_telnet_command(SockAddr *addr, int port, Conf *conf)
|
2002-03-23 17:47:21 +00:00
|
|
|
{
|
Post-release destabilisation! Completely remove the struct type
'Config' in putty.h, which stores all PuTTY's settings and includes an
arbitrary length limit on every single one of those settings which is
stored in string form. In place of it is 'Conf', an opaque data type
everywhere outside the new file conf.c, which stores a list of (key,
value) pairs in which every key contains an integer identifying a
configuration setting, and for some of those integers the key also
contains extra parts (so that, for instance, CONF_environmt is a
string-to-string mapping). Everywhere that a Config was previously
used, a Conf is now; everywhere there was a Config structure copy,
conf_copy() is called; every lookup, adjustment, load and save
operation on a Config has been rewritten; and there's a mechanism for
serialising a Conf into a binary blob and back for use with Duplicate
Session.
User-visible effects of this change _should_ be minimal, though I
don't doubt I've introduced one or two bugs here and there which will
eventually be found. The _intended_ visible effects of this change are
that all arbitrary limits on configuration strings and lists (e.g.
limit on number of port forwardings) should now disappear; that list
boxes in the configuration will now be displayed in a sorted order
rather than the arbitrary order in which they were added to the list
(since the underlying data structure is now a sorted tree234 rather
than an ad-hoc comma-separated string); and one more specific change,
which is that local and dynamic port forwardings on the same port
number are now mutually exclusive in the configuration (putting 'D' in
the key rather than the value was a mistake in the first place).
One other reorganisation as a result of this is that I've moved all
the dialog.c standard handlers (dlg_stdeditbox_handler and friends)
out into config.c, because I can't really justify calling them generic
any more. When they took a pointer to an arbitrary structure type and
the offset of a field within that structure, they were independent of
whether that structure was a Config or something completely different,
but now they really do expect to talk to a Conf, which can _only_ be
used for PuTTY configuration, so I've renamed them all things like
conf_editbox_handler and moved them out of the nominally independent
dialog-box management module into the PuTTY-specific config.c.
[originally from svn r9214]
2011-07-14 18:52:21 +00:00
|
|
|
char *fmt = conf_get_str(conf, CONF_proxy_telnet_command);
|
2003-05-06 19:52:31 +00:00
|
|
|
int so = 0, eo = 0;
|
2018-12-01 09:35:52 +00:00
|
|
|
strbuf *buf = strbuf_new();
|
2003-05-06 19:52:31 +00:00
|
|
|
|
2019-09-08 19:29:00 +00:00
|
|
|
/* we need to escape \\, \%, \r, \n, \t, \x??, \0???,
|
2003-05-06 19:52:31 +00:00
|
|
|
* %%, %host, %port, %user, and %pass
|
|
|
|
*/
|
2002-03-27 21:09:16 +00:00
|
|
|
|
Post-release destabilisation! Completely remove the struct type
'Config' in putty.h, which stores all PuTTY's settings and includes an
arbitrary length limit on every single one of those settings which is
stored in string form. In place of it is 'Conf', an opaque data type
everywhere outside the new file conf.c, which stores a list of (key,
value) pairs in which every key contains an integer identifying a
configuration setting, and for some of those integers the key also
contains extra parts (so that, for instance, CONF_environmt is a
string-to-string mapping). Everywhere that a Config was previously
used, a Conf is now; everywhere there was a Config structure copy,
conf_copy() is called; every lookup, adjustment, load and save
operation on a Config has been rewritten; and there's a mechanism for
serialising a Conf into a binary blob and back for use with Duplicate
Session.
User-visible effects of this change _should_ be minimal, though I
don't doubt I've introduced one or two bugs here and there which will
eventually be found. The _intended_ visible effects of this change are
that all arbitrary limits on configuration strings and lists (e.g.
limit on number of port forwardings) should now disappear; that list
boxes in the configuration will now be displayed in a sorted order
rather than the arbitrary order in which they were added to the list
(since the underlying data structure is now a sorted tree234 rather
than an ad-hoc comma-separated string); and one more specific change,
which is that local and dynamic port forwardings on the same port
number are now mutually exclusive in the configuration (putting 'D' in
the key rather than the value was a mistake in the first place).
One other reorganisation as a result of this is that I've moved all
the dialog.c standard handlers (dlg_stdeditbox_handler and friends)
out into config.c, because I can't really justify calling them generic
any more. When they took a pointer to an arbitrary structure type and
the offset of a field within that structure, they were independent of
whether that structure was a Config or something completely different,
but now they really do expect to talk to a Conf, which can _only_ be
used for PuTTY configuration, so I've renamed them all things like
conf_editbox_handler and moved them out of the nominally independent
dialog-box management module into the PuTTY-specific config.c.
[originally from svn r9214]
2011-07-14 18:52:21 +00:00
|
|
|
while (fmt[eo] != 0) {
|
2002-03-27 21:09:16 +00:00
|
|
|
|
2019-09-08 19:29:00 +00:00
|
|
|
/* scan forward until we hit end-of-line,
|
|
|
|
* or an escape character (\ or %) */
|
|
|
|
while (fmt[eo] != 0 && fmt[eo] != '%' && fmt[eo] != '\\')
|
|
|
|
eo++;
|
2002-03-27 21:09:16 +00:00
|
|
|
|
2019-09-08 19:29:00 +00:00
|
|
|
/* if we hit eol, break out of our escaping loop */
|
|
|
|
if (fmt[eo] == 0) break;
|
2002-03-27 21:09:16 +00:00
|
|
|
|
2019-09-08 19:29:00 +00:00
|
|
|
/* if there was any unescaped text before the escape
|
|
|
|
* character, send that now */
|
|
|
|
if (eo != so)
|
2018-12-01 09:35:52 +00:00
|
|
|
put_data(buf, fmt + so, eo - so);
|
2002-03-27 21:09:16 +00:00
|
|
|
|
2019-09-08 19:29:00 +00:00
|
|
|
so = eo++;
|
2002-03-27 21:09:16 +00:00
|
|
|
|
2019-09-08 19:29:00 +00:00
|
|
|
/* if the escape character was the last character of
|
|
|
|
* the line, we'll just stop and send it. */
|
|
|
|
if (fmt[eo] == 0) break;
|
2002-03-27 21:09:16 +00:00
|
|
|
|
2019-09-08 19:29:00 +00:00
|
|
|
if (fmt[so] == '\\') {
|
2002-03-27 21:09:16 +00:00
|
|
|
|
2019-09-08 19:29:00 +00:00
|
|
|
/* we recognize \\, \%, \r, \n, \t, \x??.
|
|
|
|
* anything else, we just send unescaped (including the \).
|
|
|
|
*/
|
2002-03-27 21:09:16 +00:00
|
|
|
|
2019-09-08 19:29:00 +00:00
|
|
|
switch (fmt[eo]) {
|
2003-05-06 19:52:31 +00:00
|
|
|
|
2019-09-08 19:29:00 +00:00
|
|
|
case '\\':
|
|
|
|
put_byte(buf, '\\');
|
|
|
|
eo++;
|
|
|
|
break;
|
2003-05-06 19:52:31 +00:00
|
|
|
|
2019-09-08 19:29:00 +00:00
|
|
|
case '%':
|
2018-12-01 09:35:52 +00:00
|
|
|
put_byte(buf, '%');
|
2019-09-08 19:29:00 +00:00
|
|
|
eo++;
|
|
|
|
break;
|
2003-05-06 19:52:31 +00:00
|
|
|
|
2019-09-08 19:29:00 +00:00
|
|
|
case 'r':
|
2018-12-01 09:35:52 +00:00
|
|
|
put_byte(buf, '\r');
|
2019-09-08 19:29:00 +00:00
|
|
|
eo++;
|
|
|
|
break;
|
2003-05-06 19:52:31 +00:00
|
|
|
|
2019-09-08 19:29:00 +00:00
|
|
|
case 'n':
|
2018-12-01 09:35:52 +00:00
|
|
|
put_byte(buf, '\n');
|
2019-09-08 19:29:00 +00:00
|
|
|
eo++;
|
|
|
|
break;
|
2003-05-06 19:52:31 +00:00
|
|
|
|
2019-09-08 19:29:00 +00:00
|
|
|
case 't':
|
2018-12-01 09:35:52 +00:00
|
|
|
put_byte(buf, '\t');
|
2019-09-08 19:29:00 +00:00
|
|
|
eo++;
|
|
|
|
break;
|
|
|
|
|
|
|
|
case 'x':
|
Formatting change to braces around one case of a switch.
Sometimes, within a switch statement, you want to declare local
variables specific to the handler for one particular case. Until now
I've mostly been writing this in the form
switch (discriminant) {
case SIMPLE:
do stuff;
break;
case COMPLICATED:
{
declare variables;
do stuff;
}
break;
}
which is ugly because the two pieces of essentially similar code
appear at different indent levels, and also inconvenient because you
have less horizontal space available to write the complicated case
handler in - particuarly undesirable because _complicated_ case
handlers are the ones most likely to need all the space they can get!
After encountering a rather nicer idiom in the LLVM source code, and
after a bit of hackery this morning figuring out how to persuade
Emacs's auto-indent to do what I wanted with it, I've decided to move
to an idiom in which the open brace comes right after the case
statement, and the code within it is indented the same as it would
have been without the brace. Then the whole case handler (including
the break) lives inside those braces, and you get something that looks
more like this:
switch (discriminant) {
case SIMPLE:
do stuff;
break;
case COMPLICATED: {
declare variables;
do stuff;
break;
}
}
This commit is a big-bang change that reformats all the complicated
case handlers I could find into the new layout. This is particularly
nice in the Pageant main function, in which almost _every_ case
handler had a bundle of variables and was long and complicated. (In
fact that's what motivated me to get round to this.) Some of the
innermost parts of the terminal escape-sequence handling are also
breathing a bit easier now the horizontal pressure on them is
relieved.
(Also, in a few cases, I was able to remove the extra braces
completely, because the only variable local to the case handler was a
loop variable which our new C99 policy allows me to move into the
initialiser clause of its for statement.)
Viewed with whitespace ignored, this is not too disruptive a change.
Downstream patches that conflict with it may need to be reapplied
using --ignore-whitespace or similar.
2020-02-16 07:49:52 +00:00
|
|
|
case 'X': {
|
|
|
|
/* escaped hexadecimal value (ie. \xff) */
|
|
|
|
unsigned char v = 0;
|
|
|
|
int i = 0;
|
|
|
|
|
|
|
|
for (;;) {
|
|
|
|
eo++;
|
|
|
|
if (fmt[eo] >= '0' && fmt[eo] <= '9')
|
|
|
|
v += fmt[eo] - '0';
|
|
|
|
else if (fmt[eo] >= 'a' && fmt[eo] <= 'f')
|
|
|
|
v += fmt[eo] - 'a' + 10;
|
|
|
|
else if (fmt[eo] >= 'A' && fmt[eo] <= 'F')
|
|
|
|
v += fmt[eo] - 'A' + 10;
|
|
|
|
else {
|
|
|
|
/* non hex character, so we abort and just
|
|
|
|
* send the whole thing unescaped (including \x)
|
|
|
|
*/
|
|
|
|
put_byte(buf, '\\');
|
|
|
|
eo = so + 1;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* we only extract two hex characters */
|
|
|
|
if (i == 1) {
|
|
|
|
put_byte(buf, v);
|
|
|
|
eo++;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
i++;
|
|
|
|
v <<= 4;
|
2019-09-08 19:29:00 +00:00
|
|
|
}
|
|
|
|
break;
|
Formatting change to braces around one case of a switch.
Sometimes, within a switch statement, you want to declare local
variables specific to the handler for one particular case. Until now
I've mostly been writing this in the form
switch (discriminant) {
case SIMPLE:
do stuff;
break;
case COMPLICATED:
{
declare variables;
do stuff;
}
break;
}
which is ugly because the two pieces of essentially similar code
appear at different indent levels, and also inconvenient because you
have less horizontal space available to write the complicated case
handler in - particuarly undesirable because _complicated_ case
handlers are the ones most likely to need all the space they can get!
After encountering a rather nicer idiom in the LLVM source code, and
after a bit of hackery this morning figuring out how to persuade
Emacs's auto-indent to do what I wanted with it, I've decided to move
to an idiom in which the open brace comes right after the case
statement, and the code within it is indented the same as it would
have been without the brace. Then the whole case handler (including
the break) lives inside those braces, and you get something that looks
more like this:
switch (discriminant) {
case SIMPLE:
do stuff;
break;
case COMPLICATED: {
declare variables;
do stuff;
break;
}
}
This commit is a big-bang change that reformats all the complicated
case handlers I could find into the new layout. This is particularly
nice in the Pageant main function, in which almost _every_ case
handler had a bundle of variables and was long and complicated. (In
fact that's what motivated me to get round to this.) Some of the
innermost parts of the terminal escape-sequence handling are also
breathing a bit easier now the horizontal pressure on them is
relieved.
(Also, in a few cases, I was able to remove the extra braces
completely, because the only variable local to the case handler was a
loop variable which our new C99 policy allows me to move into the
initialiser clause of its for statement.)
Viewed with whitespace ignored, this is not too disruptive a change.
Downstream patches that conflict with it may need to be reapplied
using --ignore-whitespace or similar.
2020-02-16 07:49:52 +00:00
|
|
|
}
|
2002-03-27 21:09:16 +00:00
|
|
|
|
2019-09-08 19:29:00 +00:00
|
|
|
default:
|
2018-12-01 09:35:52 +00:00
|
|
|
put_data(buf, fmt + so, 2);
|
2019-09-08 19:29:00 +00:00
|
|
|
eo++;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
} else {
|
2002-03-27 21:09:16 +00:00
|
|
|
|
2019-09-08 19:29:00 +00:00
|
|
|
/* % escape. we recognize %%, %host, %port, %user, %pass.
|
|
|
|
* %proxyhost, %proxyport. Anything else we just send
|
|
|
|
* unescaped (including the %).
|
|
|
|
*/
|
2002-03-27 21:09:16 +00:00
|
|
|
|
2019-09-08 19:29:00 +00:00
|
|
|
if (fmt[eo] == '%') {
|
2018-12-01 09:35:52 +00:00
|
|
|
put_byte(buf, '%');
|
2019-09-08 19:29:00 +00:00
|
|
|
eo++;
|
|
|
|
}
|
|
|
|
else if (strnicmp(fmt + eo, "host", 4) == 0) {
|
|
|
|
char dest[512];
|
|
|
|
sk_getaddr(addr, dest, lenof(dest));
|
|
|
|
put_data(buf, dest, strlen(dest));
|
|
|
|
eo += 4;
|
|
|
|
}
|
|
|
|
else if (strnicmp(fmt + eo, "port", 4) == 0) {
|
2018-12-01 09:35:52 +00:00
|
|
|
strbuf_catf(buf, "%d", port);
|
2019-09-08 19:29:00 +00:00
|
|
|
eo += 4;
|
|
|
|
}
|
|
|
|
else if (strnicmp(fmt + eo, "user", 4) == 0) {
|
|
|
|
const char *username = conf_get_str(conf, CONF_proxy_username);
|
|
|
|
put_data(buf, username, strlen(username));
|
|
|
|
eo += 4;
|
|
|
|
}
|
|
|
|
else if (strnicmp(fmt + eo, "pass", 4) == 0) {
|
|
|
|
const char *password = conf_get_str(conf, CONF_proxy_password);
|
|
|
|
put_data(buf, password, strlen(password));
|
|
|
|
eo += 4;
|
|
|
|
}
|
|
|
|
else if (strnicmp(fmt + eo, "proxyhost", 9) == 0) {
|
|
|
|
const char *host = conf_get_str(conf, CONF_proxy_host);
|
|
|
|
put_data(buf, host, strlen(host));
|
|
|
|
eo += 9;
|
|
|
|
}
|
|
|
|
else if (strnicmp(fmt + eo, "proxyport", 9) == 0) {
|
|
|
|
int port = conf_get_int(conf, CONF_proxy_port);
|
2018-12-01 09:35:52 +00:00
|
|
|
strbuf_catf(buf, "%d", port);
|
2019-09-08 19:29:00 +00:00
|
|
|
eo += 9;
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
/* we don't escape this, so send the % now, and
|
|
|
|
* don't advance eo, so that we'll consider the
|
|
|
|
* text immediately following the % as unescaped.
|
|
|
|
*/
|
2018-12-01 09:35:52 +00:00
|
|
|
put_byte(buf, '%');
|
2019-09-08 19:29:00 +00:00
|
|
|
}
|
|
|
|
}
|
2002-03-27 21:09:16 +00:00
|
|
|
|
2019-09-08 19:29:00 +00:00
|
|
|
/* resume scanning for additional escapes after this one. */
|
|
|
|
so = eo;
|
2003-05-06 19:52:31 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/* if there is any unescaped text at the end of the line, send it */
|
|
|
|
if (eo != so) {
|
2019-09-08 19:29:00 +00:00
|
|
|
put_data(buf, fmt + so, eo - so);
|
2003-05-06 19:52:31 +00:00
|
|
|
}
|
|
|
|
|
2018-12-01 09:35:52 +00:00
|
|
|
return strbuf_to_str(buf);
|
2003-05-06 19:52:31 +00:00
|
|
|
}
|
|
|
|
|
2018-05-27 08:29:33 +00:00
|
|
|
int proxy_telnet_negotiate (ProxySocket *p, int change)
|
2003-05-06 19:52:31 +00:00
|
|
|
{
|
|
|
|
if (p->state == PROXY_CHANGE_NEW) {
|
2019-09-08 19:29:00 +00:00
|
|
|
char *formatted_cmd;
|
2003-05-06 19:52:31 +00:00
|
|
|
|
2019-09-08 19:29:00 +00:00
|
|
|
formatted_cmd = format_telnet_command(p->remote_addr, p->remote_port,
|
|
|
|
p->conf);
|
2003-05-06 19:52:31 +00:00
|
|
|
|
2015-11-22 12:15:52 +00:00
|
|
|
{
|
|
|
|
/*
|
|
|
|
* Re-escape control chars in the command, for logging.
|
|
|
|
*/
|
|
|
|
char *reescaped = snewn(4*strlen(formatted_cmd) + 1, char);
|
|
|
|
const char *in;
|
|
|
|
char *out;
|
|
|
|
char *logmsg;
|
|
|
|
|
|
|
|
for (in = formatted_cmd, out = reescaped; *in; in++) {
|
|
|
|
if (*in == '\n') {
|
|
|
|
*out++ = '\\'; *out++ = 'n';
|
|
|
|
} else if (*in == '\r') {
|
|
|
|
*out++ = '\\'; *out++ = 'r';
|
|
|
|
} else if (*in == '\t') {
|
|
|
|
*out++ = '\\'; *out++ = 't';
|
|
|
|
} else if (*in == '\\') {
|
|
|
|
*out++ = '\\'; *out++ = '\\';
|
|
|
|
} else if ((unsigned)(((unsigned char)*in) - 0x20) <
|
|
|
|
(0x7F-0x20)) {
|
|
|
|
*out++ = *in;
|
|
|
|
} else {
|
|
|
|
out += sprintf(out, "\\x%02X", (unsigned)*in & 0xFF);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
*out = '\0';
|
|
|
|
|
|
|
|
logmsg = dupprintf("Sending Telnet proxy command: %s", reescaped);
|
2020-02-07 19:17:45 +00:00
|
|
|
plug_log(p->plug, PLUGLOG_PROXY_MSG, NULL, 0, logmsg, 0);
|
2015-11-22 12:15:52 +00:00
|
|
|
sfree(logmsg);
|
|
|
|
sfree(reescaped);
|
|
|
|
}
|
|
|
|
|
2019-09-08 19:29:00 +00:00
|
|
|
sk_write(p->sub_socket, formatted_cmd, strlen(formatted_cmd));
|
|
|
|
sfree(formatted_cmd);
|
2003-05-06 19:52:31 +00:00
|
|
|
|
2019-09-08 19:29:00 +00:00
|
|
|
p->state = 1;
|
|
|
|
return 0;
|
2002-03-27 21:09:16 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if (change == PROXY_CHANGE_CLOSING) {
|
2019-09-08 19:29:00 +00:00
|
|
|
/* if our proxy negotiation process involves closing and opening
|
|
|
|
* new sockets, then we would want to intercept this closing
|
|
|
|
* callback when we were expecting it. if we aren't anticipating
|
|
|
|
* a socket close, then some error must have occurred. we'll
|
|
|
|
* just pass those errors up to the backend.
|
|
|
|
*/
|
2021-10-23 16:54:21 +00:00
|
|
|
plug_closing(p->plug, p->closing_error_msg, p->closing_error_code);
|
2019-09-08 19:29:00 +00:00
|
|
|
return 0; /* ignored */
|
2002-03-27 21:09:16 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if (change == PROXY_CHANGE_SENT) {
|
2019-09-08 19:29:00 +00:00
|
|
|
/* some (or all) of what we wrote to the proxy was sent.
|
|
|
|
* we don't do anything new, however, until we receive the
|
|
|
|
* proxy's response. we might want to set a timer so we can
|
|
|
|
* timeout the proxy negotiation after a while...
|
|
|
|
*/
|
|
|
|
return 0;
|
2002-03-27 21:09:16 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if (change == PROXY_CHANGE_ACCEPTING) {
|
2019-09-08 19:29:00 +00:00
|
|
|
/* we should _never_ see this, as we are using our socket to
|
|
|
|
* connect to a proxy, not accepting inbound connections.
|
|
|
|
* what should we do? close the socket with an appropriate
|
|
|
|
* error message?
|
|
|
|
*/
|
|
|
|
return plug_accepting(p->plug,
|
2013-11-17 14:03:55 +00:00
|
|
|
p->accepting_constructor, p->accepting_ctx);
|
2002-03-27 21:09:16 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if (change == PROXY_CHANGE_RECEIVE) {
|
2019-09-08 19:29:00 +00:00
|
|
|
/* we have received data from the underlying socket, which
|
|
|
|
* we'll need to parse, process, and respond to appropriately.
|
|
|
|
*/
|
|
|
|
|
|
|
|
/* we're done */
|
|
|
|
proxy_activate(p);
|
|
|
|
/* proxy activate will have dealt with
|
|
|
|
* whatever is left of the buffer */
|
|
|
|
return 1;
|
2002-03-27 21:09:16 +00:00
|
|
|
}
|
|
|
|
|
2002-09-24 19:27:58 +00:00
|
|
|
plug_closing(p->plug, "Proxy error: Unexpected proxy error",
|
2021-10-23 16:54:21 +00:00
|
|
|
PROXY_ERROR_UNEXPECTED);
|
2002-04-27 15:01:18 +00:00
|
|
|
return 1;
|
2002-03-23 17:47:21 +00:00
|
|
|
}
|