/* * Implement LocalProxyOpener, a centralised system for setting up the * command string to be run by platform-specific local-subprocess * proxy types. * * The platform-specific local proxy code is expected to use this * system by calling local_proxy_opener() from * platform_new_connection(); then using the resulting * DeferredSocketOpener to make a deferred version of whatever local * socket type is used for talking to subcommands (Unix FdSocket, * Windows HandleSocket); then passing the 'Socket *' back to us via * local_proxy_opener_set_socket(). * * The LocalProxyOpener object implemented by this code will set * itself up as an Interactor if possible, so that it can prompt for * the proxy username and/or password if they're referred to in the * command string but not given in the config (exactly as the Telnet * proxy does). Once it knows the exact command it wants to run - * whether that was done immediately or after user interaction - it * calls back to platform_setup_local_proxy() with the full command, * which is expected to actually start the subprocess and fill in the * missing details in the deferred socket, freeing the * LocalProxyOpener as a side effect. */ #include "tree234.h" #include "putty.h" #include "network.h" #include "sshcr.h" #include "proxy/proxy.h" typedef struct LocalProxyOpener { int crLine; Socket *socket; char *formatted_cmd; Plug *plug; SockAddr *addr; int port; Conf *conf; Interactor *clientitr; LogPolicy *clientlp; Seat *clientseat; prompts_t *prompts; int username_prompt_index, password_prompt_index; Interactor interactor; DeferredSocketOpener opener; } LocalProxyOpener; static void local_proxy_opener_free(DeferredSocketOpener *opener) { LocalProxyOpener *lp = container_of(opener, LocalProxyOpener, opener); burnstr(lp->formatted_cmd); if (lp->prompts) free_prompts(lp->prompts); sk_addr_free(lp->addr); conf_free(lp->conf); sfree(lp); } static const DeferredSocketOpenerVtable LocalProxyOpener_openervt = { .free = local_proxy_opener_free, }; static char *local_proxy_opener_description(Interactor *itr) { return dupstr("connection via local command"); } static LogPolicy *local_proxy_opener_logpolicy(Interactor *itr) { LocalProxyOpener *lp = container_of(itr, LocalProxyOpener, interactor); return lp->clientlp; } static Seat *local_proxy_opener_get_seat(Interactor *itr) { LocalProxyOpener *lp = container_of(itr, LocalProxyOpener, interactor); return lp->clientseat; } static void local_proxy_opener_set_seat(Interactor *itr, Seat *seat) { LocalProxyOpener *lp = container_of(itr, LocalProxyOpener, interactor); lp->clientseat = seat; } static const InteractorVtable LocalProxyOpener_interactorvt = { .description = local_proxy_opener_description, .logpolicy = local_proxy_opener_logpolicy, .get_seat = local_proxy_opener_get_seat, .set_seat = local_proxy_opener_set_seat, }; static void local_proxy_opener_cleanup_interactor(LocalProxyOpener *lp) { if (lp->clientseat) { interactor_return_seat(lp->clientitr); lp->clientitr = NULL; lp->clientseat = NULL; } } static void local_proxy_opener_coroutine(void *vctx) { LocalProxyOpener *lp = (LocalProxyOpener *)vctx; crBegin(lp->crLine); /* * Make an initial attempt to figure out the command we want, and * see if it tried to include a username or password that we don't * have. */ { unsigned flags; lp->formatted_cmd = format_telnet_command( lp->addr, lp->port, lp->conf, &flags); if (lp->clientseat && (flags & (TELNET_CMD_MISSING_USERNAME | TELNET_CMD_MISSING_PASSWORD))) { burnstr(lp->formatted_cmd); lp->formatted_cmd = NULL; /* * We're missing at least one of the two parts, and we * have an Interactor we can use to prompt for them, so * try it. */ lp->prompts = new_prompts(); lp->prompts->callback = local_proxy_opener_coroutine; lp->prompts->callback_ctx = lp; lp->prompts->to_server = true; lp->prompts->from_server = false; lp->prompts->name = dupstr("Local proxy authentication"); if (flags & TELNET_CMD_MISSING_USERNAME) { lp->username_prompt_index = lp->prompts->n_prompts; add_prompt(lp->prompts, dupstr("Proxy username: "), true); } else { lp->username_prompt_index = -1; } if (flags & TELNET_CMD_MISSING_PASSWORD) { lp->password_prompt_index = lp->prompts->n_prompts; add_prompt(lp->prompts, dupstr("Proxy password: "), false); } else { lp->password_prompt_index = -1; } while (true) { int prompt_result = seat_get_userpass_input( interactor_announce(&lp->interactor), lp->prompts); if (prompt_result > 0) { break; } else if (prompt_result == 0) { local_proxy_opener_cleanup_interactor(lp); plug_closing_user_abort(lp->plug); /* That will have freed us, so we must just return * without calling any crStop */ return; } crReturnV; } if (lp->username_prompt_index != -1) { conf_set_str( lp->conf, CONF_proxy_username, prompt_get_result_ref( lp->prompts->prompts[lp->username_prompt_index])); } if (lp->password_prompt_index != -1) { conf_set_str( lp->conf, CONF_proxy_password, prompt_get_result_ref( lp->prompts->prompts[lp->password_prompt_index])); } free_prompts(lp->prompts); lp->prompts = NULL; } /* * Now format the command a second time, with the results of * those prompts written into lp->conf. */ lp->formatted_cmd = format_telnet_command( lp->addr, lp->port, lp->conf, NULL); } /* * Log the command, with some changes. Firstly, we regenerate it * with the password masked; secondly, we escape control * characters so that the log message is printable. */ conf_set_str(lp->conf, CONF_proxy_password, "*password*"); { char *censored_cmd = format_telnet_command( lp->addr, lp->port, lp->conf, NULL); strbuf *logmsg = strbuf_new(); put_datapl(logmsg, PTRLEN_LITERAL("Starting local proxy command: ")); put_c_string_literal(logmsg, ptrlen_from_asciz(censored_cmd)); plug_log(lp->plug, PLUGLOG_PROXY_MSG, NULL, 0, logmsg->s, 0); strbuf_free(logmsg); sfree(censored_cmd); } /* * Now we're ready to actually do the platform-specific socket * setup. */ char *cmd = lp->formatted_cmd; lp->formatted_cmd = NULL; local_proxy_opener_cleanup_interactor(lp); char *error_msg = platform_setup_local_proxy(lp->socket, cmd); burnstr(cmd); if (error_msg) { plug_closing_error(lp->plug, error_msg); sfree(error_msg); } else { /* If error_msg was NULL, there was no error in setup, * which means that platform_setup_local_proxy will have * called back to free us. So return without calling any * crStop. */ return; } crFinishV; } DeferredSocketOpener *local_proxy_opener( SockAddr *addr, int port, Plug *plug, Conf *conf, Interactor *itr) { LocalProxyOpener *lp = snew(LocalProxyOpener); memset(lp, 0, sizeof(*lp)); lp->plug = plug; lp->opener.vt = &LocalProxyOpener_openervt; lp->interactor.vt = &LocalProxyOpener_interactorvt; lp->addr = sk_addr_dup(addr); lp->port = port; lp->conf = conf_copy(conf); if (itr) { lp->clientitr = itr; interactor_set_child(lp->clientitr, &lp->interactor); lp->clientlp = interactor_logpolicy(lp->clientitr); lp->clientseat = interactor_borrow_seat(lp->clientitr); } return &lp->opener; } void local_proxy_opener_set_socket(DeferredSocketOpener *opener, Socket *socket) { assert(opener->vt == &LocalProxyOpener_openervt); LocalProxyOpener *lp = container_of(opener, LocalProxyOpener, opener); lp->socket = socket; queue_toplevel_callback(local_proxy_opener_coroutine, lp); }