2014-09-22 16:58:01 +02:00
|
|
|
/**
|
|
|
|
|
* FreeRDP: A Remote Desktop Protocol Implementation
|
|
|
|
|
* HTTP Proxy support
|
|
|
|
|
*
|
2016-12-08 18:51:26 +01:00
|
|
|
* Copyright 2016 Christian Plattner <ccpp@gmx.at>
|
2014-09-22 16:58:01 +02:00
|
|
|
*
|
|
|
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
|
* you may not use this file except in compliance with the License.
|
|
|
|
|
* You may obtain a copy of the License at
|
|
|
|
|
*
|
|
|
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
*
|
|
|
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
|
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
|
* See the License for the specific language governing permissions and
|
|
|
|
|
* limitations under the License.
|
|
|
|
|
*/
|
|
|
|
|
|
2016-12-10 23:13:35 +01:00
|
|
|
#include <ctype.h>
|
2017-11-14 16:10:52 +01:00
|
|
|
#include <errno.h>
|
2024-09-30 20:18:41 +02:00
|
|
|
#include <limits.h>
|
2014-09-22 16:58:01 +02:00
|
|
|
|
2023-02-03 11:40:35 +01:00
|
|
|
#include <openssl/err.h>
|
|
|
|
|
|
2023-10-16 12:59:19 +02:00
|
|
|
#include "settings.h"
|
2015-01-20 00:47:16 +01:00
|
|
|
#include "proxy.h"
|
2022-02-07 09:07:18 +01:00
|
|
|
#include <freerdp/settings.h>
|
2022-04-04 12:59:37 +02:00
|
|
|
#include <freerdp/utils/proxy_utils.h>
|
2022-02-07 09:07:18 +01:00
|
|
|
#include <freerdp/crypto/crypto.h>
|
2014-09-22 16:58:01 +02:00
|
|
|
#include "tcp.h"
|
|
|
|
|
|
2022-02-07 09:07:18 +01:00
|
|
|
#include <winpr/assert.h>
|
2024-09-17 10:26:55 +02:00
|
|
|
#include <winpr/sysinfo.h>
|
2022-02-07 09:07:18 +01:00
|
|
|
#include <winpr/environment.h> /* For GetEnvironmentVariableA */
|
2015-01-22 13:19:25 +01:00
|
|
|
|
|
|
|
|
#define CRLF "\r\n"
|
2022-04-28 05:43:31 +02:00
|
|
|
|
|
|
|
|
#include <freerdp/log.h>
|
2016-12-10 18:59:58 +01:00
|
|
|
#define TAG FREERDP_TAG("core.proxy")
|
2014-09-22 16:58:01 +02:00
|
|
|
|
2018-04-29 21:25:28 +02:00
|
|
|
/* SOCKS Proxy auth methods by rfc1928 */
|
|
|
|
|
enum
|
|
|
|
|
{
|
|
|
|
|
AUTH_M_NO_AUTH = 0,
|
|
|
|
|
AUTH_M_GSSAPI = 1,
|
|
|
|
|
AUTH_M_USR_PASS = 2
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
enum
|
|
|
|
|
{
|
|
|
|
|
SOCKS_CMD_CONNECT = 1,
|
|
|
|
|
SOCKS_CMD_BIND = 2,
|
|
|
|
|
SOCKS_CMD_UDP_ASSOCIATE = 3
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
enum
|
|
|
|
|
{
|
|
|
|
|
SOCKS_ADDR_IPV4 = 1,
|
|
|
|
|
SOCKS_ADDR_FQDN = 3,
|
|
|
|
|
SOCKS_ADDR_IPV6 = 4,
|
|
|
|
|
};
|
|
|
|
|
|
2025-04-25 12:12:29 +02:00
|
|
|
static const char logprefix[] = "SOCKS Proxy:";
|
|
|
|
|
|
2018-04-29 21:25:28 +02:00
|
|
|
/* CONN REQ replies in enum. order */
|
2019-11-06 15:24:51 +01:00
|
|
|
static const char* rplstat[] = { "succeeded",
|
|
|
|
|
"general SOCKS server failure",
|
|
|
|
|
"connection not allowed by ruleset",
|
|
|
|
|
"Network unreachable",
|
|
|
|
|
"Host unreachable",
|
|
|
|
|
"Connection refused",
|
|
|
|
|
"TTL expired",
|
|
|
|
|
"Command not supported",
|
|
|
|
|
"Address type not supported" };
|
2018-04-29 21:25:28 +02:00
|
|
|
|
2024-09-17 10:26:55 +02:00
|
|
|
static BOOL http_proxy_connect(rdpContext* context, BIO* bufferedBio, const char* proxyUsername,
|
2022-02-06 08:04:21 +00:00
|
|
|
const char* proxyPassword, const char* hostname, UINT16 port);
|
2024-09-17 10:26:55 +02:00
|
|
|
static BOOL socks_proxy_connect(rdpContext* context, BIO* bufferedBio, const char* proxyUsername,
|
2018-05-04 12:35:51 +02:00
|
|
|
const char* proxyPassword, const char* hostname, UINT16 port);
|
2019-11-20 11:30:14 +01:00
|
|
|
static void proxy_read_environment(rdpSettings* settings, char* envname);
|
2016-12-10 23:13:35 +01:00
|
|
|
|
2016-12-13 12:10:47 +01:00
|
|
|
BOOL proxy_prepare(rdpSettings* settings, const char** lpPeerHostname, UINT16* lpPeerPort,
|
2018-05-04 12:35:51 +02:00
|
|
|
const char** lpProxyUsername, const char** lpProxyPassword)
|
2016-12-10 23:13:35 +01:00
|
|
|
{
|
2020-08-04 08:49:46 +02:00
|
|
|
if (freerdp_settings_get_uint32(settings, FreeRDP_ProxyType) == PROXY_TYPE_IGNORE)
|
2018-08-21 11:01:54 +02:00
|
|
|
return FALSE;
|
|
|
|
|
|
2016-12-10 23:13:35 +01:00
|
|
|
/* For TSGateway, find the system HTTPS proxy automatically */
|
2020-08-04 08:49:46 +02:00
|
|
|
if (freerdp_settings_get_uint32(settings, FreeRDP_ProxyType) == PROXY_TYPE_NONE)
|
2016-12-10 23:13:35 +01:00
|
|
|
proxy_read_environment(settings, "https_proxy");
|
|
|
|
|
|
2020-08-04 08:49:46 +02:00
|
|
|
if (freerdp_settings_get_uint32(settings, FreeRDP_ProxyType) == PROXY_TYPE_NONE)
|
2016-12-10 23:13:35 +01:00
|
|
|
proxy_read_environment(settings, "HTTPS_PROXY");
|
|
|
|
|
|
2020-08-04 08:49:46 +02:00
|
|
|
if (freerdp_settings_get_uint32(settings, FreeRDP_ProxyType) != PROXY_TYPE_NONE)
|
2018-08-21 10:53:33 +02:00
|
|
|
proxy_read_environment(settings, "no_proxy");
|
|
|
|
|
|
2020-08-04 08:49:46 +02:00
|
|
|
if (freerdp_settings_get_uint32(settings, FreeRDP_ProxyType) != PROXY_TYPE_NONE)
|
2018-08-21 10:53:33 +02:00
|
|
|
proxy_read_environment(settings, "NO_PROXY");
|
|
|
|
|
|
2020-08-04 08:49:46 +02:00
|
|
|
if (freerdp_settings_get_uint32(settings, FreeRDP_ProxyType) != PROXY_TYPE_NONE)
|
2016-12-13 12:10:47 +01:00
|
|
|
{
|
2020-08-04 08:49:46 +02:00
|
|
|
*lpPeerHostname = freerdp_settings_get_string(settings, FreeRDP_ProxyHostname);
|
2020-12-10 07:38:13 +01:00
|
|
|
*lpPeerPort = freerdp_settings_get_uint16(settings, FreeRDP_ProxyPort);
|
2020-08-04 08:49:46 +02:00
|
|
|
*lpProxyUsername = freerdp_settings_get_string(settings, FreeRDP_ProxyUsername);
|
|
|
|
|
*lpProxyPassword = freerdp_settings_get_string(settings, FreeRDP_ProxyPassword);
|
2016-12-10 23:13:35 +01:00
|
|
|
return TRUE;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return FALSE;
|
|
|
|
|
}
|
|
|
|
|
|
2022-04-04 16:07:19 +02:00
|
|
|
static BOOL value_to_int(const char* value, LONGLONG* result, LONGLONG min, LONGLONG max)
|
|
|
|
|
{
|
2024-01-23 16:49:54 +01:00
|
|
|
long long rc = 0;
|
2022-04-04 16:07:19 +02:00
|
|
|
|
|
|
|
|
if (!value || !result)
|
|
|
|
|
return FALSE;
|
|
|
|
|
|
|
|
|
|
errno = 0;
|
|
|
|
|
rc = _strtoi64(value, NULL, 0);
|
|
|
|
|
|
|
|
|
|
if (errno != 0)
|
|
|
|
|
return FALSE;
|
|
|
|
|
|
|
|
|
|
if ((rc < min) || (rc > max))
|
|
|
|
|
return FALSE;
|
|
|
|
|
|
|
|
|
|
*result = rc;
|
|
|
|
|
return TRUE;
|
|
|
|
|
}
|
|
|
|
|
|
2018-09-24 11:42:23 +02:00
|
|
|
static BOOL cidr4_match(const struct in_addr* addr, const struct in_addr* net, BYTE bits)
|
|
|
|
|
{
|
|
|
|
|
if (bits == 0)
|
|
|
|
|
return TRUE;
|
|
|
|
|
|
2025-04-08 12:47:18 +02:00
|
|
|
const uint32_t mask = htonl(0xFFFFFFFFu << (32 - bits));
|
|
|
|
|
const uint32_t amask = addr->s_addr & mask;
|
|
|
|
|
const uint32_t nmask = net->s_addr & mask;
|
2018-09-24 11:42:23 +02:00
|
|
|
return amask == nmask;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static BOOL cidr6_match(const struct in6_addr* address, const struct in6_addr* network,
|
|
|
|
|
uint8_t bits)
|
|
|
|
|
{
|
|
|
|
|
const uint32_t* a = (const uint32_t*)address;
|
|
|
|
|
const uint32_t* n = (const uint32_t*)network;
|
2025-04-08 12:47:18 +02:00
|
|
|
const size_t bits_whole = bits >> 5;
|
|
|
|
|
const size_t bits_incomplete = bits & 0x1F;
|
2018-09-24 11:42:23 +02:00
|
|
|
|
|
|
|
|
if (bits_whole)
|
|
|
|
|
{
|
|
|
|
|
if (memcmp(a, n, bits_whole << 2) != 0)
|
|
|
|
|
return FALSE;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (bits_incomplete)
|
|
|
|
|
{
|
|
|
|
|
uint32_t mask = htonl((0xFFFFFFFFu) << (32 - bits_incomplete));
|
|
|
|
|
|
|
|
|
|
if ((a[bits_whole] ^ n[bits_whole]) & mask)
|
|
|
|
|
return FALSE;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return TRUE;
|
|
|
|
|
}
|
|
|
|
|
|
2025-04-08 12:47:18 +02:00
|
|
|
static BOOL option_ends_with(const char* str, const char* ext)
|
|
|
|
|
{
|
|
|
|
|
WINPR_ASSERT(str);
|
|
|
|
|
WINPR_ASSERT(ext);
|
|
|
|
|
const size_t strLen = strlen(str);
|
|
|
|
|
const size_t extLen = strlen(ext);
|
|
|
|
|
|
|
|
|
|
if (strLen < extLen)
|
|
|
|
|
return FALSE;
|
|
|
|
|
|
|
|
|
|
return _strnicmp(&str[strLen - extLen], ext, extLen) == 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* no_proxy has no proper definition, so use curl as reference:
|
|
|
|
|
* https://about.gitlab.com/blog/2021/01/27/we-need-to-talk-no-proxy/
|
|
|
|
|
*/
|
|
|
|
|
static BOOL no_proxy_match_host(const char* val, const char* hostname)
|
|
|
|
|
{
|
|
|
|
|
WINPR_ASSERT(val);
|
|
|
|
|
WINPR_ASSERT(hostname);
|
|
|
|
|
|
|
|
|
|
/* match all */
|
|
|
|
|
if (_stricmp("*", val) == 0)
|
|
|
|
|
return TRUE;
|
|
|
|
|
|
|
|
|
|
/* Strip leading . */
|
|
|
|
|
if (val[0] == '.')
|
|
|
|
|
val++;
|
|
|
|
|
|
|
|
|
|
/* Match suffix */
|
|
|
|
|
return option_ends_with(hostname, val);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static BOOL starts_with(const char* val, const char* prefix)
|
|
|
|
|
{
|
|
|
|
|
const size_t plen = strlen(prefix);
|
|
|
|
|
const size_t vlen = strlen(val);
|
|
|
|
|
if (vlen < plen)
|
|
|
|
|
return FALSE;
|
|
|
|
|
return _strnicmp(val, prefix, plen) == 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static BOOL no_proxy_match_ip(const char* val, const char* hostname)
|
|
|
|
|
{
|
|
|
|
|
WINPR_ASSERT(val);
|
|
|
|
|
WINPR_ASSERT(hostname);
|
|
|
|
|
|
|
|
|
|
struct sockaddr_in sa4 = { 0 };
|
|
|
|
|
struct sockaddr_in6 sa6 = { 0 };
|
|
|
|
|
|
|
|
|
|
if (inet_pton(AF_INET, hostname, &sa4.sin_addr) == 1)
|
|
|
|
|
{
|
|
|
|
|
/* Prefix match */
|
|
|
|
|
if (starts_with(hostname, val))
|
|
|
|
|
return TRUE;
|
|
|
|
|
|
|
|
|
|
char* sub = strchr(val, '/');
|
|
|
|
|
if (sub)
|
|
|
|
|
*sub++ = '\0';
|
|
|
|
|
|
|
|
|
|
struct sockaddr_in mask = { 0 };
|
|
|
|
|
if (inet_pton(AF_INET, val, &mask.sin_addr) == 0)
|
|
|
|
|
return FALSE;
|
|
|
|
|
|
|
|
|
|
/* IP address match */
|
|
|
|
|
if (memcmp(&mask, &sa4, sizeof(mask)) == 0)
|
|
|
|
|
return TRUE;
|
|
|
|
|
|
|
|
|
|
if (sub)
|
|
|
|
|
{
|
|
|
|
|
const unsigned long usub = strtoul(sub, NULL, 0);
|
|
|
|
|
if ((errno == 0) && (usub <= UINT8_MAX))
|
|
|
|
|
return cidr4_match(&sa4.sin_addr, &mask.sin_addr, (UINT8)usub);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
else if (inet_pton(AF_INET6, hostname, &sa6.sin6_addr) == 1)
|
|
|
|
|
{
|
|
|
|
|
if (val[0] == '[')
|
|
|
|
|
val++;
|
|
|
|
|
|
|
|
|
|
char str[INET6_ADDRSTRLEN + 1] = { 0 };
|
|
|
|
|
strncpy(str, val, INET6_ADDRSTRLEN);
|
|
|
|
|
|
|
|
|
|
const size_t len = strnlen(str, INET6_ADDRSTRLEN);
|
|
|
|
|
if (len > 0)
|
|
|
|
|
{
|
|
|
|
|
if (str[len - 1] == ']')
|
|
|
|
|
str[len - 1] = '\0';
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Prefix match */
|
|
|
|
|
if (starts_with(hostname, str))
|
|
|
|
|
return TRUE;
|
|
|
|
|
|
|
|
|
|
char* sub = strchr(str, '/');
|
|
|
|
|
if (sub)
|
|
|
|
|
*sub++ = '\0';
|
|
|
|
|
|
|
|
|
|
struct sockaddr_in6 mask = { 0 };
|
|
|
|
|
if (inet_pton(AF_INET6, str, &mask.sin6_addr) == 0)
|
|
|
|
|
return FALSE;
|
|
|
|
|
|
|
|
|
|
/* Address match */
|
|
|
|
|
if (memcmp(&mask, &sa6, sizeof(mask)) == 0)
|
|
|
|
|
return TRUE;
|
|
|
|
|
|
|
|
|
|
if (sub)
|
|
|
|
|
{
|
|
|
|
|
const unsigned long usub = strtoul(sub, NULL, 0);
|
|
|
|
|
if ((errno == 0) && (usub <= UINT8_MAX))
|
|
|
|
|
return cidr6_match(&sa6.sin6_addr, &mask.sin6_addr, (UINT8)usub);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return FALSE;
|
|
|
|
|
}
|
|
|
|
|
|
2018-08-21 10:53:33 +02:00
|
|
|
static BOOL check_no_proxy(rdpSettings* settings, const char* no_proxy)
|
|
|
|
|
{
|
2025-04-08 12:47:18 +02:00
|
|
|
const char* delimiter = ", ";
|
2018-08-21 10:53:33 +02:00
|
|
|
BOOL result = FALSE;
|
2020-05-18 11:35:52 +03:00
|
|
|
char* context = NULL;
|
2018-08-21 10:53:33 +02:00
|
|
|
|
|
|
|
|
if (!no_proxy || !settings)
|
|
|
|
|
return FALSE;
|
|
|
|
|
|
2025-04-08 12:47:18 +02:00
|
|
|
char* copy = _strdup(no_proxy);
|
2018-08-21 10:53:33 +02:00
|
|
|
|
|
|
|
|
if (!copy)
|
|
|
|
|
return FALSE;
|
|
|
|
|
|
2025-04-08 12:47:18 +02:00
|
|
|
char* current = strtok_s(copy, delimiter, &context);
|
2018-08-21 10:53:33 +02:00
|
|
|
|
|
|
|
|
while (current && !result)
|
|
|
|
|
{
|
|
|
|
|
const size_t currentlen = strlen(current);
|
|
|
|
|
|
|
|
|
|
if (currentlen > 0)
|
|
|
|
|
{
|
2019-11-06 15:24:51 +01:00
|
|
|
WLog_DBG(TAG, "%s => %s (%" PRIdz ")", settings->ServerHostname, current, currentlen);
|
2018-08-21 10:53:33 +02:00
|
|
|
|
2025-04-08 12:47:18 +02:00
|
|
|
if (no_proxy_match_host(current, settings->ServerHostname))
|
|
|
|
|
result = TRUE;
|
|
|
|
|
else if (no_proxy_match_ip(current, settings->ServerHostname))
|
|
|
|
|
result = TRUE;
|
2018-08-21 10:53:33 +02:00
|
|
|
}
|
|
|
|
|
|
2020-05-18 11:35:52 +03:00
|
|
|
current = strtok_s(NULL, delimiter, &context);
|
2018-08-21 10:53:33 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
free(copy);
|
|
|
|
|
return result;
|
|
|
|
|
}
|
|
|
|
|
|
2016-12-13 12:10:47 +01:00
|
|
|
void proxy_read_environment(rdpSettings* settings, char* envname)
|
2014-09-22 16:58:01 +02:00
|
|
|
{
|
2024-03-02 09:03:19 +01:00
|
|
|
const DWORD envlen = GetEnvironmentVariableA(envname, NULL, 0);
|
2016-12-13 12:10:47 +01:00
|
|
|
|
2024-03-02 09:03:19 +01:00
|
|
|
if (!envlen || (envlen <= 1))
|
2014-09-22 16:58:01 +02:00
|
|
|
return;
|
|
|
|
|
|
2024-03-02 09:03:19 +01:00
|
|
|
char* env = calloc(1, envlen);
|
2016-12-13 12:10:47 +01:00
|
|
|
|
|
|
|
|
if (!env)
|
|
|
|
|
{
|
2016-12-12 17:16:12 +01:00
|
|
|
WLog_ERR(TAG, "Not enough memory");
|
|
|
|
|
return;
|
|
|
|
|
}
|
2016-12-10 23:13:35 +01:00
|
|
|
|
2017-03-03 12:37:27 +01:00
|
|
|
if (GetEnvironmentVariableA(envname, env, envlen) == envlen - 1)
|
2018-08-21 10:53:33 +02:00
|
|
|
{
|
2018-08-21 11:01:54 +02:00
|
|
|
if (_strnicmp("NO_PROXY", envname, 9) == 0)
|
2018-08-21 10:53:33 +02:00
|
|
|
{
|
|
|
|
|
if (check_no_proxy(settings, env))
|
|
|
|
|
{
|
2020-08-04 08:49:46 +02:00
|
|
|
WLog_INFO(TAG, "deactivating proxy: %s [%s=%s]",
|
|
|
|
|
freerdp_settings_get_string(settings, FreeRDP_ServerHostname), envname,
|
2019-11-06 15:24:51 +01:00
|
|
|
env);
|
2024-06-05 15:19:12 +02:00
|
|
|
if (!freerdp_settings_set_uint32(settings, FreeRDP_ProxyType, PROXY_TYPE_NONE))
|
|
|
|
|
WLog_WARN(TAG, "failed to set FreeRDP_ProxyType=PROXY_TYPE_NONE");
|
2018-08-21 10:53:33 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
2022-04-02 12:03:24 +02:00
|
|
|
if (!proxy_parse_uri(settings, env))
|
|
|
|
|
{
|
|
|
|
|
WLog_WARN(
|
|
|
|
|
TAG, "Error while parsing proxy URI from environment variable; ignoring proxy");
|
|
|
|
|
}
|
2018-08-21 10:53:33 +02:00
|
|
|
}
|
|
|
|
|
}
|
2017-02-20 18:31:58 +01:00
|
|
|
|
2016-12-12 17:16:12 +01:00
|
|
|
free(env);
|
2016-12-10 23:13:35 +01:00
|
|
|
}
|
2014-09-22 16:58:01 +02:00
|
|
|
|
2022-04-04 13:53:15 +02:00
|
|
|
BOOL proxy_parse_uri(rdpSettings* settings, const char* uri_in)
|
|
|
|
|
{
|
|
|
|
|
BOOL rc = FALSE;
|
|
|
|
|
const char* protocol = "";
|
2024-01-23 16:49:54 +01:00
|
|
|
UINT16 port = 0;
|
2024-09-30 20:18:41 +02:00
|
|
|
|
|
|
|
|
if (!settings || !uri_in)
|
|
|
|
|
return FALSE;
|
|
|
|
|
|
2022-04-04 13:53:15 +02:00
|
|
|
char* uri_copy = _strdup(uri_in);
|
|
|
|
|
char* uri = uri_copy;
|
|
|
|
|
if (!uri)
|
|
|
|
|
goto fail;
|
|
|
|
|
|
|
|
|
|
{
|
2026-01-08 10:32:30 +01:00
|
|
|
char* p = strstr(uri, "://");
|
|
|
|
|
if (p)
|
2022-04-04 13:53:15 +02:00
|
|
|
{
|
2026-01-08 10:32:30 +01:00
|
|
|
*p = '\0';
|
|
|
|
|
|
|
|
|
|
if (_stricmp("no_proxy", uri) == 0)
|
|
|
|
|
{
|
|
|
|
|
if (!freerdp_settings_set_uint32(settings, FreeRDP_ProxyType, PROXY_TYPE_IGNORE))
|
|
|
|
|
goto fail;
|
|
|
|
|
}
|
|
|
|
|
if (_stricmp("http", uri) == 0)
|
|
|
|
|
{
|
|
|
|
|
if (!freerdp_settings_set_uint32(settings, FreeRDP_ProxyType, PROXY_TYPE_HTTP))
|
|
|
|
|
goto fail;
|
|
|
|
|
protocol = "http";
|
|
|
|
|
}
|
|
|
|
|
else if (_stricmp("socks5", uri) == 0)
|
|
|
|
|
{
|
|
|
|
|
if (!freerdp_settings_set_uint32(settings, FreeRDP_ProxyType, PROXY_TYPE_SOCKS))
|
|
|
|
|
goto fail;
|
|
|
|
|
protocol = "socks5";
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
WLog_ERR(TAG, "Only HTTP and SOCKS5 proxies supported by now");
|
2022-04-04 13:53:15 +02:00
|
|
|
goto fail;
|
2026-01-08 10:32:30 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
uri = p + 3;
|
2022-04-04 13:53:15 +02:00
|
|
|
}
|
2026-01-08 10:32:30 +01:00
|
|
|
else
|
2022-04-04 13:53:15 +02:00
|
|
|
{
|
2026-01-08 10:32:30 +01:00
|
|
|
/* default proxy protocol is http */
|
2022-04-04 13:53:15 +02:00
|
|
|
if (!freerdp_settings_set_uint32(settings, FreeRDP_ProxyType, PROXY_TYPE_HTTP))
|
|
|
|
|
goto fail;
|
|
|
|
|
protocol = "http";
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* uri is now [user:password@]hostname:port */
|
|
|
|
|
{
|
2026-01-08 10:32:30 +01:00
|
|
|
char* atPtr = strrchr(uri, '@');
|
2022-04-04 13:53:15 +02:00
|
|
|
|
2026-01-08 10:32:30 +01:00
|
|
|
if (atPtr)
|
2022-04-04 13:53:15 +02:00
|
|
|
{
|
2026-01-08 10:32:30 +01:00
|
|
|
/* got a login / password,
|
|
|
|
|
* atPtr
|
|
|
|
|
* v
|
|
|
|
|
* [user:password@]hostname:port
|
|
|
|
|
* ^
|
|
|
|
|
* colonPtr
|
|
|
|
|
*/
|
|
|
|
|
char* colonPtr = strchr(uri, ':');
|
|
|
|
|
|
|
|
|
|
if (!colonPtr || (colonPtr > atPtr))
|
|
|
|
|
{
|
|
|
|
|
WLog_ERR(TAG, "invalid syntax for proxy (contains no password)");
|
|
|
|
|
goto fail;
|
|
|
|
|
}
|
2022-04-04 13:53:15 +02:00
|
|
|
|
2026-01-08 10:32:30 +01:00
|
|
|
*colonPtr = '\0';
|
|
|
|
|
if (!freerdp_settings_set_string(settings, FreeRDP_ProxyUsername, uri))
|
|
|
|
|
{
|
|
|
|
|
WLog_ERR(TAG, "unable to allocate proxy username");
|
|
|
|
|
goto fail;
|
|
|
|
|
}
|
2022-04-04 13:53:15 +02:00
|
|
|
|
2026-01-08 10:32:30 +01:00
|
|
|
*atPtr = '\0';
|
2022-04-04 13:53:15 +02:00
|
|
|
|
2026-01-08 10:32:30 +01:00
|
|
|
if (!freerdp_settings_set_string(settings, FreeRDP_ProxyPassword, colonPtr + 1))
|
|
|
|
|
{
|
|
|
|
|
WLog_ERR(TAG, "unable to allocate proxy password");
|
|
|
|
|
goto fail;
|
|
|
|
|
}
|
2022-04-04 13:53:15 +02:00
|
|
|
|
2026-01-08 10:32:30 +01:00
|
|
|
uri = atPtr + 1;
|
|
|
|
|
}
|
|
|
|
|
}
|
2022-04-04 13:53:15 +02:00
|
|
|
|
|
|
|
|
{
|
2026-01-08 10:32:30 +01:00
|
|
|
char* p = strchr(uri, ':');
|
2022-04-04 13:53:15 +02:00
|
|
|
|
2026-01-08 10:32:30 +01:00
|
|
|
if (p)
|
2022-04-04 13:53:15 +02:00
|
|
|
{
|
2026-01-08 10:32:30 +01:00
|
|
|
LONGLONG val = 0;
|
2022-04-04 13:53:15 +02:00
|
|
|
|
2026-01-08 10:32:30 +01:00
|
|
|
if (!value_to_int(&p[1], &val, 0, UINT16_MAX))
|
|
|
|
|
{
|
|
|
|
|
WLog_ERR(TAG, "invalid syntax for proxy (invalid port)");
|
|
|
|
|
goto fail;
|
|
|
|
|
}
|
2022-04-04 13:53:15 +02:00
|
|
|
|
2026-01-08 10:32:30 +01:00
|
|
|
if (val == 0)
|
|
|
|
|
{
|
|
|
|
|
WLog_ERR(TAG, "invalid syntax for proxy (port missing)");
|
|
|
|
|
goto fail;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
port = (UINT16)val;
|
|
|
|
|
*p = '\0';
|
2022-04-04 16:07:41 +02:00
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
2026-01-08 10:32:30 +01:00
|
|
|
if (_stricmp("http", protocol) == 0)
|
|
|
|
|
{
|
|
|
|
|
/* The default is 80. Also for Proxies. */
|
|
|
|
|
port = 80;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
port = 1080;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
WLog_DBG(TAG, "setting default proxy port: %" PRIu16, port);
|
2022-04-04 16:07:41 +02:00
|
|
|
}
|
|
|
|
|
|
2026-01-08 10:32:30 +01:00
|
|
|
if (!freerdp_settings_set_uint16(settings, FreeRDP_ProxyPort, port))
|
|
|
|
|
goto fail;
|
|
|
|
|
}
|
|
|
|
|
{
|
|
|
|
|
char* p = strchr(uri, '/');
|
|
|
|
|
if (p)
|
|
|
|
|
*p = '\0';
|
|
|
|
|
if (!freerdp_settings_set_string(settings, FreeRDP_ProxyHostname, uri))
|
|
|
|
|
goto fail;
|
2022-04-04 13:53:15 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (_stricmp("", uri) == 0)
|
|
|
|
|
{
|
|
|
|
|
WLog_ERR(TAG, "invalid syntax for proxy (hostname missing)");
|
|
|
|
|
goto fail;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (freerdp_settings_get_string(settings, FreeRDP_ProxyUsername))
|
|
|
|
|
{
|
2022-09-29 14:55:27 +02:00
|
|
|
WLog_INFO(TAG, "Parsed proxy configuration: %s://%s:%s@%s:%" PRIu16, protocol,
|
2022-04-04 13:53:15 +02:00
|
|
|
freerdp_settings_get_string(settings, FreeRDP_ProxyUsername), "******",
|
|
|
|
|
freerdp_settings_get_string(settings, FreeRDP_ProxyHostname),
|
|
|
|
|
freerdp_settings_get_uint16(settings, FreeRDP_ProxyPort));
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
2022-09-29 14:55:27 +02:00
|
|
|
WLog_INFO(TAG, "Parsed proxy configuration: %s://%s:%" PRIu16, protocol,
|
2022-04-04 13:53:15 +02:00
|
|
|
freerdp_settings_get_string(settings, FreeRDP_ProxyHostname),
|
|
|
|
|
freerdp_settings_get_uint16(settings, FreeRDP_ProxyPort));
|
|
|
|
|
}
|
|
|
|
|
rc = TRUE;
|
|
|
|
|
|
|
|
|
|
fail:
|
2024-09-30 20:18:41 +02:00
|
|
|
if (!rc)
|
|
|
|
|
WLog_WARN(TAG, "Failed to parse proxy configuration: %s://%s:%" PRIu16, protocol, uri,
|
|
|
|
|
port);
|
2022-04-04 13:53:15 +02:00
|
|
|
free(uri_copy);
|
|
|
|
|
return rc;
|
|
|
|
|
}
|
|
|
|
|
|
2024-09-17 10:26:55 +02:00
|
|
|
BOOL proxy_connect(rdpContext* context, BIO* bufferedBio, const char* proxyUsername,
|
2019-11-06 15:24:51 +01:00
|
|
|
const char* proxyPassword, const char* hostname, UINT16 port)
|
2016-12-10 23:13:35 +01:00
|
|
|
{
|
2024-09-17 10:26:55 +02:00
|
|
|
WINPR_ASSERT(context);
|
|
|
|
|
rdpSettings* settings = context->settings;
|
|
|
|
|
|
2020-08-04 08:49:46 +02:00
|
|
|
switch (freerdp_settings_get_uint32(settings, FreeRDP_ProxyType))
|
2016-12-13 12:10:47 +01:00
|
|
|
{
|
|
|
|
|
case PROXY_TYPE_NONE:
|
2018-08-21 11:01:54 +02:00
|
|
|
case PROXY_TYPE_IGNORE:
|
2016-12-13 12:10:47 +01:00
|
|
|
return TRUE;
|
|
|
|
|
|
|
|
|
|
case PROXY_TYPE_HTTP:
|
2024-09-17 10:26:55 +02:00
|
|
|
return http_proxy_connect(context, bufferedBio, proxyUsername, proxyPassword, hostname,
|
|
|
|
|
port);
|
2016-12-13 12:10:47 +01:00
|
|
|
|
2017-08-18 19:17:17 +02:00
|
|
|
case PROXY_TYPE_SOCKS:
|
2024-09-17 10:26:55 +02:00
|
|
|
return socks_proxy_connect(context, bufferedBio, proxyUsername, proxyPassword, hostname,
|
|
|
|
|
port);
|
2017-08-18 19:17:17 +02:00
|
|
|
|
2016-12-13 12:10:47 +01:00
|
|
|
default:
|
|
|
|
|
WLog_ERR(TAG, "Invalid internal proxy configuration");
|
|
|
|
|
return FALSE;
|
2016-12-10 23:13:35 +01:00
|
|
|
}
|
2014-09-22 16:58:01 +02:00
|
|
|
}
|
|
|
|
|
|
2020-01-07 13:30:28 +01:00
|
|
|
static const char* get_response_header(char* response)
|
|
|
|
|
{
|
|
|
|
|
char* current_pos = strchr(response, '\r');
|
|
|
|
|
if (!current_pos)
|
|
|
|
|
current_pos = strchr(response, '\n');
|
|
|
|
|
|
|
|
|
|
if (current_pos)
|
|
|
|
|
*current_pos = '\0';
|
|
|
|
|
|
|
|
|
|
return response;
|
|
|
|
|
}
|
|
|
|
|
|
2024-09-17 10:26:55 +02:00
|
|
|
static BOOL http_proxy_connect(rdpContext* context, BIO* bufferedBio, const char* proxyUsername,
|
2022-02-06 08:04:21 +00:00
|
|
|
const char* proxyPassword, const char* hostname, UINT16 port)
|
2014-09-22 16:58:01 +02:00
|
|
|
{
|
2022-02-07 09:07:18 +01:00
|
|
|
BOOL rc = FALSE;
|
2024-01-23 16:49:54 +01:00
|
|
|
int status = 0;
|
|
|
|
|
wStream* s = NULL;
|
2022-02-07 09:07:18 +01:00
|
|
|
char port_str[10] = { 0 };
|
|
|
|
|
char recv_buf[256] = { 0 };
|
|
|
|
|
char* eol = NULL;
|
|
|
|
|
size_t resultsize = 0;
|
2024-01-23 16:49:54 +01:00
|
|
|
size_t reserveSize = 0;
|
|
|
|
|
size_t portLen = 0;
|
|
|
|
|
size_t hostLen = 0;
|
2022-11-04 15:07:28 +01:00
|
|
|
const char connect[] = "CONNECT ";
|
|
|
|
|
const char httpheader[] = " HTTP/1.1" CRLF "Host: ";
|
2022-02-07 09:07:18 +01:00
|
|
|
|
2024-09-17 10:26:55 +02:00
|
|
|
WINPR_ASSERT(context);
|
2022-02-07 09:07:18 +01:00
|
|
|
WINPR_ASSERT(bufferedBio);
|
|
|
|
|
WINPR_ASSERT(hostname);
|
2024-09-17 10:26:55 +02:00
|
|
|
const UINT32 timeout =
|
|
|
|
|
freerdp_settings_get_uint32(context->settings, FreeRDP_TcpConnectTimeout);
|
2022-02-07 09:07:18 +01:00
|
|
|
|
2016-12-08 18:51:26 +01:00
|
|
|
_itoa_s(port, port_str, sizeof(port_str), 10);
|
2022-02-07 09:07:18 +01:00
|
|
|
|
|
|
|
|
hostLen = strlen(hostname);
|
|
|
|
|
portLen = strnlen(port_str, sizeof(port_str));
|
2022-11-04 15:07:28 +01:00
|
|
|
reserveSize = strlen(connect) + (hostLen + 1 + portLen) * 2 + strlen(httpheader);
|
2022-02-07 09:07:18 +01:00
|
|
|
s = Stream_New(NULL, reserveSize);
|
|
|
|
|
if (!s)
|
|
|
|
|
goto fail;
|
|
|
|
|
|
2022-11-04 15:07:28 +01:00
|
|
|
Stream_Write(s, connect, strlen(connect));
|
2022-02-07 09:07:18 +01:00
|
|
|
Stream_Write(s, hostname, hostLen);
|
2016-12-08 18:51:26 +01:00
|
|
|
Stream_Write_UINT8(s, ':');
|
2022-02-07 09:07:18 +01:00
|
|
|
Stream_Write(s, port_str, portLen);
|
2022-11-04 15:07:28 +01:00
|
|
|
Stream_Write(s, httpheader, strlen(httpheader));
|
2022-02-07 09:07:18 +01:00
|
|
|
Stream_Write(s, hostname, hostLen);
|
2016-12-08 18:51:26 +01:00
|
|
|
Stream_Write_UINT8(s, ':');
|
2022-02-07 09:07:18 +01:00
|
|
|
Stream_Write(s, port_str, portLen);
|
2022-02-06 08:04:21 +00:00
|
|
|
|
|
|
|
|
if (proxyUsername && proxyPassword)
|
|
|
|
|
{
|
2022-02-07 09:07:18 +01:00
|
|
|
const int length = _scprintf("%s:%s", proxyUsername, proxyPassword);
|
2022-02-06 08:04:21 +00:00
|
|
|
if (length > 0)
|
|
|
|
|
{
|
2022-02-07 09:07:18 +01:00
|
|
|
const size_t size = (size_t)length + 1ull;
|
|
|
|
|
char* creds = (char*)malloc(size);
|
2022-02-06 08:04:21 +00:00
|
|
|
|
2022-02-07 09:07:18 +01:00
|
|
|
if (!creds)
|
|
|
|
|
goto fail;
|
|
|
|
|
else
|
2022-02-06 08:04:21 +00:00
|
|
|
{
|
2022-02-07 09:07:18 +01:00
|
|
|
const char basic[] = CRLF "Proxy-Authorization: Basic ";
|
2024-01-23 16:49:54 +01:00
|
|
|
char* base64 = NULL;
|
2022-02-06 08:04:21 +00:00
|
|
|
|
2024-08-26 15:39:33 +02:00
|
|
|
(void)sprintf_s(creds, size, "%s:%s", proxyUsername, proxyPassword);
|
2022-02-07 09:07:18 +01:00
|
|
|
base64 = crypto_base64_encode((const BYTE*)creds, size - 1);
|
|
|
|
|
|
2022-11-04 15:07:28 +01:00
|
|
|
if (!base64 || !Stream_EnsureRemainingCapacity(s, strlen(basic) + strlen(base64)))
|
2022-02-07 09:07:18 +01:00
|
|
|
{
|
|
|
|
|
free(base64);
|
|
|
|
|
free(creds);
|
|
|
|
|
goto fail;
|
|
|
|
|
}
|
2022-11-04 15:07:28 +01:00
|
|
|
Stream_Write(s, basic, strlen(basic));
|
2022-02-06 08:04:21 +00:00
|
|
|
Stream_Write(s, base64, strlen(base64));
|
|
|
|
|
|
|
|
|
|
free(base64);
|
|
|
|
|
}
|
2022-02-07 09:07:18 +01:00
|
|
|
free(creds);
|
2022-02-06 08:04:21 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2022-02-07 09:07:18 +01:00
|
|
|
if (!Stream_EnsureRemainingCapacity(s, 4))
|
|
|
|
|
goto fail;
|
|
|
|
|
|
2016-12-08 18:51:26 +01:00
|
|
|
Stream_Write(s, CRLF CRLF, 4);
|
2022-07-02 15:53:10 +02:00
|
|
|
ERR_clear_error();
|
2024-10-03 13:15:24 +02:00
|
|
|
|
2026-01-08 10:32:30 +01:00
|
|
|
{
|
|
|
|
|
const size_t pos = Stream_GetPosition(s);
|
|
|
|
|
if (pos > INT32_MAX)
|
|
|
|
|
goto fail;
|
|
|
|
|
|
|
|
|
|
status = BIO_write(bufferedBio, Stream_Buffer(s), WINPR_ASSERTING_INT_CAST(int, pos));
|
|
|
|
|
}
|
2015-01-22 13:19:25 +01:00
|
|
|
|
2019-02-07 14:22:28 +01:00
|
|
|
if ((status < 0) || ((size_t)status != Stream_GetPosition(s)))
|
2016-12-13 12:10:47 +01:00
|
|
|
{
|
2016-12-10 18:59:58 +01:00
|
|
|
WLog_ERR(TAG, "HTTP proxy: failed to write CONNECT request");
|
2022-02-07 09:07:18 +01:00
|
|
|
goto fail;
|
2015-01-22 13:19:25 +01:00
|
|
|
}
|
2014-09-22 16:58:01 +02:00
|
|
|
|
|
|
|
|
/* Read result until CR-LF-CR-LF.
|
2015-01-22 13:19:25 +01:00
|
|
|
* Keep recv_buf a null-terminated string. */
|
2016-12-13 12:10:47 +01:00
|
|
|
{
|
2026-01-08 10:32:30 +01:00
|
|
|
const UINT64 start = GetTickCount64();
|
|
|
|
|
while (strstr(recv_buf, CRLF CRLF) == NULL)
|
2016-12-13 12:10:47 +01:00
|
|
|
{
|
2026-01-08 10:32:30 +01:00
|
|
|
if (resultsize >= sizeof(recv_buf) - 1)
|
2016-12-13 12:10:47 +01:00
|
|
|
{
|
2026-01-08 10:32:30 +01:00
|
|
|
WLog_ERR(TAG, "HTTP Reply headers too long: %s", get_response_header(recv_buf));
|
|
|
|
|
goto fail;
|
2016-12-09 20:43:02 +01:00
|
|
|
}
|
2026-01-08 10:32:30 +01:00
|
|
|
const size_t rdsize = sizeof(recv_buf) - resultsize - 1ULL;
|
2016-12-13 12:10:47 +01:00
|
|
|
|
2026-01-08 10:32:30 +01:00
|
|
|
ERR_clear_error();
|
|
|
|
|
|
|
|
|
|
WINPR_ASSERT(rdsize <= INT32_MAX);
|
|
|
|
|
status = BIO_read(bufferedBio, (BYTE*)recv_buf + resultsize, (int)rdsize);
|
|
|
|
|
|
|
|
|
|
if (status < 0)
|
2024-09-17 10:26:55 +02:00
|
|
|
{
|
|
|
|
|
/* Error? */
|
2026-01-08 10:32:30 +01:00
|
|
|
if (!freerdp_shall_disconnect_context(context) && BIO_should_retry(bufferedBio))
|
|
|
|
|
{
|
|
|
|
|
USleep(100);
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
WLog_ERR(TAG, "Failed reading reply from HTTP proxy (Status %d)", status);
|
2024-09-17 10:26:55 +02:00
|
|
|
goto fail;
|
|
|
|
|
}
|
2026-01-08 10:32:30 +01:00
|
|
|
else if (status == 0)
|
|
|
|
|
{
|
|
|
|
|
const UINT64 now = GetTickCount64();
|
|
|
|
|
const UINT64 diff = now - start;
|
|
|
|
|
if (freerdp_shall_disconnect_context(context) || (now < start) || (diff > timeout))
|
|
|
|
|
{
|
|
|
|
|
/* Error? */
|
|
|
|
|
WLog_ERR(TAG, "Failed reading reply from HTTP proxy (BIO_read returned zero)");
|
|
|
|
|
goto fail;
|
|
|
|
|
}
|
|
|
|
|
Sleep(10);
|
|
|
|
|
}
|
2016-12-13 12:10:47 +01:00
|
|
|
|
2026-01-08 10:32:30 +01:00
|
|
|
resultsize += WINPR_ASSERTING_INT_CAST(size_t, status);
|
|
|
|
|
}
|
2014-09-22 16:58:01 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Extract HTTP status line */
|
2015-01-22 13:19:25 +01:00
|
|
|
eol = strchr(recv_buf, '\r');
|
2016-12-13 12:10:47 +01:00
|
|
|
|
|
|
|
|
if (!eol)
|
|
|
|
|
{
|
2014-09-22 16:58:01 +02:00
|
|
|
/* should never happen */
|
2022-02-07 09:07:18 +01:00
|
|
|
goto fail;
|
2014-09-22 16:58:01 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
*eol = '\0';
|
2016-12-10 18:59:58 +01:00
|
|
|
WLog_INFO(TAG, "HTTP Proxy: %s", recv_buf);
|
2014-09-22 16:58:01 +02:00
|
|
|
|
2019-10-29 10:18:09 +01:00
|
|
|
if (strnlen(recv_buf, sizeof(recv_buf)) < 12)
|
2022-02-07 09:07:18 +01:00
|
|
|
goto fail;
|
2014-09-22 16:58:01 +02:00
|
|
|
|
2015-01-22 13:19:25 +01:00
|
|
|
recv_buf[7] = 'X';
|
2016-12-13 12:10:47 +01:00
|
|
|
|
2024-08-29 15:10:21 +02:00
|
|
|
if (strncmp(recv_buf, "HTTP/1.X 200", 12) != 0)
|
2022-02-07 09:07:18 +01:00
|
|
|
goto fail;
|
2016-12-13 12:10:47 +01:00
|
|
|
|
2022-02-07 09:07:18 +01:00
|
|
|
rc = TRUE;
|
|
|
|
|
fail:
|
|
|
|
|
Stream_Free(s, TRUE);
|
|
|
|
|
return rc;
|
2014-09-22 16:58:01 +02:00
|
|
|
}
|
|
|
|
|
|
2024-09-17 10:26:55 +02:00
|
|
|
static int recv_socks_reply(rdpContext* context, BIO* bufferedBio, BYTE* buf, int len, char* reason,
|
|
|
|
|
BYTE checkVer)
|
2018-04-23 20:30:08 +02:00
|
|
|
{
|
2024-01-23 16:49:54 +01:00
|
|
|
int status = 0;
|
2018-04-23 20:30:08 +02:00
|
|
|
|
2024-09-17 10:26:55 +02:00
|
|
|
WINPR_ASSERT(context);
|
|
|
|
|
|
|
|
|
|
const UINT32 timeout =
|
|
|
|
|
freerdp_settings_get_uint32(context->settings, FreeRDP_TcpConnectTimeout);
|
|
|
|
|
const UINT64 start = GetTickCount64();
|
2018-05-04 12:35:51 +02:00
|
|
|
for (;;)
|
2018-04-29 21:25:28 +02:00
|
|
|
{
|
2022-06-30 23:30:21 -04:00
|
|
|
ERR_clear_error();
|
2018-04-29 21:25:28 +02:00
|
|
|
status = BIO_read(bufferedBio, buf, len);
|
2018-05-04 12:35:51 +02:00
|
|
|
|
2018-04-29 21:25:28 +02:00
|
|
|
if (status > 0)
|
2019-10-16 19:49:24 +03:00
|
|
|
{
|
2018-04-29 21:25:28 +02:00
|
|
|
break;
|
2019-10-16 19:49:24 +03:00
|
|
|
}
|
|
|
|
|
else if (status < 0)
|
2018-04-29 21:25:28 +02:00
|
|
|
{
|
|
|
|
|
/* Error? */
|
2024-09-17 10:26:55 +02:00
|
|
|
if (!freerdp_shall_disconnect_context(context) && BIO_should_retry(bufferedBio))
|
2018-04-29 21:25:28 +02:00
|
|
|
{
|
|
|
|
|
USleep(100);
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
WLog_ERR(TAG, "Failed reading %s reply from SOCKS proxy (Status %d)", reason, status);
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
2024-09-17 10:26:55 +02:00
|
|
|
else if (status == 0)
|
|
|
|
|
{
|
|
|
|
|
const UINT64 now = GetTickCount64();
|
|
|
|
|
const UINT64 diff = now - start;
|
|
|
|
|
if (freerdp_shall_disconnect_context(context) || (now < start) || (diff > timeout))
|
|
|
|
|
{
|
|
|
|
|
/* Error? */
|
|
|
|
|
WLog_ERR(TAG, "Failed reading %s reply from SOCKS proxy (BIO_read returned zero)",
|
|
|
|
|
reason);
|
|
|
|
|
return status;
|
|
|
|
|
}
|
|
|
|
|
Sleep(10);
|
|
|
|
|
}
|
2019-10-16 19:49:24 +03:00
|
|
|
else // if (status == 0)
|
2018-04-29 21:25:28 +02:00
|
|
|
{
|
|
|
|
|
/* Error? */
|
2019-11-06 15:24:51 +01:00
|
|
|
WLog_ERR(TAG, "Failed reading %s reply from SOCKS proxy (BIO_read returned zero)",
|
|
|
|
|
reason);
|
2018-04-29 21:25:28 +02:00
|
|
|
return -1;
|
|
|
|
|
}
|
2018-04-23 20:30:08 +02:00
|
|
|
}
|
2018-05-04 12:35:51 +02:00
|
|
|
|
2018-04-29 21:25:28 +02:00
|
|
|
if (status < 2)
|
2018-04-23 20:30:08 +02:00
|
|
|
{
|
2018-04-29 21:25:28 +02:00
|
|
|
WLog_ERR(TAG, "SOCKS Proxy reply packet too short (%s)", reason);
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (buf[0] != checkVer)
|
|
|
|
|
{
|
|
|
|
|
WLog_ERR(TAG, "SOCKS Proxy version is not 5 (%s)", reason);
|
|
|
|
|
return -1;
|
2018-04-23 20:30:08 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return status;
|
|
|
|
|
}
|
|
|
|
|
|
2025-04-25 12:12:29 +02:00
|
|
|
static BOOL socks_proxy_userpass(rdpContext* context, BIO* bufferedBio, const char* proxyUsername,
|
|
|
|
|
const char* proxyPassword)
|
2017-08-18 19:17:17 +02:00
|
|
|
{
|
2025-04-25 12:12:29 +02:00
|
|
|
WINPR_ASSERT(context);
|
|
|
|
|
WINPR_ASSERT(bufferedBio);
|
2018-04-29 21:25:28 +02:00
|
|
|
|
2025-04-25 12:12:29 +02:00
|
|
|
if (!proxyUsername || !proxyPassword)
|
2018-04-29 21:25:28 +02:00
|
|
|
{
|
2025-04-25 12:12:29 +02:00
|
|
|
WLog_ERR(TAG, "%s invalid username (%p) or password (%p)", logprefix, proxyUsername,
|
|
|
|
|
proxyPassword);
|
|
|
|
|
return FALSE;
|
2018-04-29 21:25:28 +02:00
|
|
|
}
|
2017-08-18 19:17:17 +02:00
|
|
|
|
2025-04-25 12:12:29 +02:00
|
|
|
const size_t usernameLen = (BYTE)strnlen(proxyUsername, 256);
|
|
|
|
|
if (usernameLen > 255)
|
|
|
|
|
{
|
|
|
|
|
WLog_ERR(TAG, "%s username too long (%" PRIuz ", max=255)", logprefix, usernameLen);
|
|
|
|
|
return FALSE;
|
|
|
|
|
}
|
2018-05-04 12:35:51 +02:00
|
|
|
|
2025-04-25 12:12:29 +02:00
|
|
|
const size_t userpassLen = (BYTE)strnlen(proxyPassword, 256);
|
|
|
|
|
if (userpassLen > 255)
|
|
|
|
|
{
|
|
|
|
|
WLog_ERR(TAG, "%s password too long (%" PRIuz ", max=255)", logprefix, userpassLen);
|
|
|
|
|
return FALSE;
|
|
|
|
|
}
|
2018-04-29 21:25:28 +02:00
|
|
|
|
2025-04-25 12:12:29 +02:00
|
|
|
/* user/password v1 method */
|
|
|
|
|
{
|
|
|
|
|
BYTE buf[2 * 255 + 3] = { 0 };
|
|
|
|
|
size_t offset = 0;
|
|
|
|
|
buf[offset++] = 1;
|
|
|
|
|
|
|
|
|
|
buf[offset++] = WINPR_ASSERTING_INT_CAST(uint8_t, usernameLen);
|
|
|
|
|
memcpy(&buf[offset], proxyUsername, usernameLen);
|
|
|
|
|
offset += usernameLen;
|
2018-05-04 12:35:51 +02:00
|
|
|
|
2025-04-25 12:12:29 +02:00
|
|
|
buf[offset++] = WINPR_ASSERTING_INT_CAST(uint8_t, userpassLen);
|
|
|
|
|
memcpy(&buf[offset], proxyPassword, userpassLen);
|
|
|
|
|
offset += userpassLen;
|
|
|
|
|
|
|
|
|
|
ERR_clear_error();
|
|
|
|
|
const int ioffset = WINPR_ASSERTING_INT_CAST(int, offset);
|
|
|
|
|
const int status = BIO_write(bufferedBio, buf, ioffset);
|
|
|
|
|
|
|
|
|
|
if (status != ioffset)
|
|
|
|
|
{
|
|
|
|
|
WLog_ERR(TAG, "%s error writing user/password request", logprefix);
|
|
|
|
|
return FALSE;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
BYTE buf[2] = { 0 };
|
|
|
|
|
const int status = recv_socks_reply(context, bufferedBio, buf, sizeof(buf), "AUTH REQ", 1);
|
|
|
|
|
|
|
|
|
|
if (status < 2)
|
|
|
|
|
return FALSE;
|
|
|
|
|
|
|
|
|
|
if (buf[1] != 0x00)
|
2017-08-18 19:17:17 +02:00
|
|
|
{
|
2025-04-25 12:12:29 +02:00
|
|
|
WLog_ERR(TAG, "%s invalid user/password", logprefix);
|
2017-08-18 19:17:17 +02:00
|
|
|
return FALSE;
|
|
|
|
|
}
|
2025-04-25 12:12:29 +02:00
|
|
|
return TRUE;
|
|
|
|
|
}
|
2017-08-18 19:17:17 +02:00
|
|
|
|
2025-04-25 12:12:29 +02:00
|
|
|
static BOOL socks_proxy_connect(rdpContext* context, BIO* bufferedBio, const char* proxyUsername,
|
|
|
|
|
const char* proxyPassword, const char* hostname, UINT16 port)
|
|
|
|
|
{
|
|
|
|
|
BYTE nauthMethods = 1;
|
|
|
|
|
const size_t hostnlen = strnlen(hostname, 255);
|
2018-05-04 12:35:51 +02:00
|
|
|
|
2025-04-25 12:12:29 +02:00
|
|
|
if (proxyUsername || proxyPassword)
|
|
|
|
|
nauthMethods++;
|
2017-08-18 19:17:17 +02:00
|
|
|
|
2025-04-25 12:12:29 +02:00
|
|
|
/* select auth. method */
|
2017-08-18 19:17:17 +02:00
|
|
|
{
|
2025-04-25 12:12:29 +02:00
|
|
|
const BYTE buf[] = { 5, /* SOCKS version */
|
|
|
|
|
nauthMethods, /* #of methods offered */
|
|
|
|
|
AUTH_M_NO_AUTH, AUTH_M_USR_PASS };
|
2018-04-29 21:25:28 +02:00
|
|
|
|
2025-04-25 12:12:29 +02:00
|
|
|
size_t writeLen = sizeof(buf);
|
|
|
|
|
if (nauthMethods <= 1)
|
|
|
|
|
writeLen--;
|
2018-05-04 12:35:51 +02:00
|
|
|
|
2025-04-25 12:12:29 +02:00
|
|
|
ERR_clear_error();
|
|
|
|
|
const int iwriteLen = WINPR_ASSERTING_INT_CAST(int, writeLen);
|
|
|
|
|
const int status = BIO_write(bufferedBio, buf, iwriteLen);
|
2018-05-04 12:35:51 +02:00
|
|
|
|
2025-04-25 12:12:29 +02:00
|
|
|
if (status != iwriteLen)
|
|
|
|
|
{
|
|
|
|
|
WLog_ERR(TAG, "SOCKS proxy: failed to write AUTH METHOD request", logprefix);
|
|
|
|
|
return FALSE;
|
|
|
|
|
}
|
|
|
|
|
}
|
2018-05-04 12:35:51 +02:00
|
|
|
|
2025-04-25 12:12:29 +02:00
|
|
|
{
|
|
|
|
|
BYTE buf[2] = { 0 };
|
|
|
|
|
const int status = recv_socks_reply(context, bufferedBio, buf, sizeof(buf), "AUTH REQ", 5);
|
2018-05-04 12:35:51 +02:00
|
|
|
|
2025-04-25 12:12:29 +02:00
|
|
|
if (status <= 0)
|
|
|
|
|
return FALSE;
|
|
|
|
|
|
|
|
|
|
switch (buf[1])
|
|
|
|
|
{
|
|
|
|
|
case AUTH_M_NO_AUTH:
|
|
|
|
|
WLog_DBG(TAG, "%s (NO AUTH) method was selected", logprefix);
|
|
|
|
|
break;
|
2018-05-04 12:35:51 +02:00
|
|
|
|
2025-04-25 12:12:29 +02:00
|
|
|
case AUTH_M_USR_PASS:
|
|
|
|
|
if (nauthMethods < 2)
|
2018-05-04 12:35:51 +02:00
|
|
|
{
|
2025-04-25 12:12:29 +02:00
|
|
|
WLog_ERR(TAG, "%s USER/PASS method was not proposed to server", logprefix);
|
2018-05-04 12:35:51 +02:00
|
|
|
return FALSE;
|
|
|
|
|
}
|
2025-04-25 12:12:29 +02:00
|
|
|
if (!socks_proxy_userpass(context, bufferedBio, proxyUsername, proxyPassword))
|
|
|
|
|
return FALSE;
|
|
|
|
|
break;
|
2018-04-29 21:25:28 +02:00
|
|
|
|
2025-06-19 19:45:24 +02:00
|
|
|
default:
|
|
|
|
|
WLog_ERR(TAG, "%s unknown method 0x%x was selected by proxy", logprefix, buf[1]);
|
|
|
|
|
return FALSE;
|
2025-04-25 12:12:29 +02:00
|
|
|
}
|
2017-08-18 19:17:17 +02:00
|
|
|
}
|
|
|
|
|
/* CONN request */
|
|
|
|
|
{
|
2025-04-25 12:12:29 +02:00
|
|
|
BYTE buf[262] = { 0 };
|
|
|
|
|
size_t offset = 0;
|
|
|
|
|
buf[offset++] = 5; /* SOCKS version */
|
|
|
|
|
buf[offset++] = SOCKS_CMD_CONNECT; /* command */
|
|
|
|
|
buf[offset++] = 0; /* 3rd octet is reserved x00 */
|
|
|
|
|
|
|
|
|
|
if (inet_pton(AF_INET6, hostname, &buf[offset + 1]) == 1)
|
|
|
|
|
{
|
|
|
|
|
buf[offset++] = SOCKS_ADDR_IPV6;
|
2025-06-19 19:45:24 +02:00
|
|
|
offset += 16;
|
2025-04-25 12:12:29 +02:00
|
|
|
}
|
|
|
|
|
else if (inet_pton(AF_INET, hostname, &buf[offset + 1]) == 1)
|
|
|
|
|
{
|
|
|
|
|
buf[offset++] = SOCKS_ADDR_IPV4;
|
2025-06-19 19:45:24 +02:00
|
|
|
offset += 4;
|
2025-04-25 12:12:29 +02:00
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
buf[offset++] = SOCKS_ADDR_FQDN;
|
|
|
|
|
buf[offset++] = WINPR_ASSERTING_INT_CAST(uint8_t, hostnlen);
|
|
|
|
|
memcpy(&buf[offset], hostname, hostnlen);
|
|
|
|
|
offset += hostnlen;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (offset > sizeof(buf) - 2)
|
|
|
|
|
return FALSE;
|
|
|
|
|
|
|
|
|
|
/* follows DST.PORT in netw. format */
|
|
|
|
|
buf[offset++] = (port >> 8) & 0xff;
|
|
|
|
|
buf[offset++] = port & 0xff;
|
|
|
|
|
|
|
|
|
|
ERR_clear_error();
|
|
|
|
|
const int ioffset = WINPR_ASSERTING_INT_CAST(int, offset);
|
|
|
|
|
const int status = BIO_write(bufferedBio, buf, ioffset);
|
|
|
|
|
|
|
|
|
|
if ((status < 0) || (status != ioffset))
|
|
|
|
|
{
|
|
|
|
|
WLog_ERR(TAG, "SOCKS proxy: failed to write CONN REQ", logprefix);
|
|
|
|
|
return FALSE;
|
|
|
|
|
}
|
2017-08-18 19:17:17 +02:00
|
|
|
}
|
|
|
|
|
|
2025-04-25 12:12:29 +02:00
|
|
|
BYTE buf[255] = { 0 };
|
|
|
|
|
const int status = recv_socks_reply(context, bufferedBio, buf, sizeof(buf), "CONN REQ", 5);
|
2018-05-04 12:35:51 +02:00
|
|
|
|
2018-04-29 21:25:28 +02:00
|
|
|
if (status < 4)
|
|
|
|
|
return FALSE;
|
2017-08-18 19:17:17 +02:00
|
|
|
|
|
|
|
|
if (buf[1] == 0)
|
|
|
|
|
{
|
2022-09-29 14:55:27 +02:00
|
|
|
WLog_INFO(TAG, "Successfully connected to %s:%" PRIu16, hostname, port);
|
2018-04-29 21:25:28 +02:00
|
|
|
return TRUE;
|
2017-08-18 19:17:17 +02:00
|
|
|
}
|
|
|
|
|
|
2025-04-25 12:12:29 +02:00
|
|
|
if ((buf[1] > 0) && (buf[1] < 9))
|
2018-05-04 12:35:51 +02:00
|
|
|
WLog_INFO(TAG, "SOCKS Proxy replied: %s", rplstat[buf[1]]);
|
2017-08-18 19:17:17 +02:00
|
|
|
else
|
2022-09-29 14:55:27 +02:00
|
|
|
WLog_INFO(TAG, "SOCKS Proxy replied: %" PRIu8 " status not listed in rfc1928", buf[1]);
|
2017-08-18 19:17:17 +02:00
|
|
|
|
|
|
|
|
return FALSE;
|
|
|
|
|
}
|
