From 013d4bc3339d8e3760855eae448972f3f34cba14 Mon Sep 17 00:00:00 2001 From: Vladimir Dubrovin <3proxy@3proxy.ru> Date: Mon, 20 May 2024 13:01:38 +0300 Subject: [PATCH] tlspr (SNI proxy) implemented Options -cN - level of TLS check default - allow non-TLS traffic 1 - require TLS, only check client HELLO packet 2 - require TLS, check both client and server HELLO 3 - require TLS, check server send certificate (not compatible with TLS 1.3) 4 - require mutual TLS, check server send certificate request and client sends certificate (not compatible with TLS 1.3) -P - default port examples: 1. tlspr -p1443 -P443 -c1 (port 1443 may be used to redirect traffic to destination port 143). SNI is used to find destination host 2. allow * * * 80 parent 1000 http 0.0.0.0 0 allow * * * * CONNECT parent 1000 tls 0.0.0.0 0 deny * * some.not.allowed.host allow * socks attempts to take destination hostname from SNI in SOCKS --- bin/tlspr | Bin 0 -> 57888 bytes src/Makefile.inc | 16 ++- src/auth.c | 3 + src/conf.c | 11 +- src/plugins.c | 16 +-- src/proxy.h | 1 + src/proxymain.c | 7 ++ src/socks.c | 2 +- src/structures.h | 11 +- src/tlspr.c | 292 +++++++++++++++++++++++++++++++++++++++++++++++ 10 files changed, 343 insertions(+), 16 deletions(-) create mode 100644 bin/tlspr create mode 100644 src/tlspr.c diff --git a/bin/tlspr b/bin/tlspr new file mode 100644 index 0000000000000000000000000000000000000000..8993cb0bf6a02edbd13e7d909fb4ef9057ed589f GIT binary patch literal 57888 zcmeFadtg-6)i-=5nLvo>35u4sh*Kq+cmbkd37}?V24{2vc?2v~F@$6SsUb--GYASY zI2q09VI-~6+UL{9RIRo3sijpRfWQQl1nVUzwRovUYwH=u3tkGr3-kVdd!I8iiD3QS z@A~OA&OkUjSXC7Wh870WQG@BV-XiHeU{;dh>|ee~4=fYEs;Zi%#z3Zk zgXv9ZmGqXF@C*+qpBZmCpce?X)Hg0NBL>s!FzH1LBml$N^w_4^zpAQG;|=wVwN>?v zbxlYZOs{yYEMKpQ#PDDm+4R`1cL_Q!=NxC%^jR}!%hpBv36>R_&TJeMFHQz7GH^FRA!ezIo;HiZSx2kGkAS1nBEnmm)CB1As zi-jbU9nWy4zx%v1uW-A(vNaWDy$M@RDEtuS&vCwVNhh1uL`4Y;mI7`cDsX`r-uIZI zbf81C45RS$ZB~>x5FIZgFicU7gHwrzzcUceXEyvx;a)CckNoO;NwHMM0Duz^a^M+` zXM8BoGQOdH;rQC+4YdgK_gy?JN8{4Esjuf=@V)z9`0+1poBykyvsw;3$QD0Pv7aFP zqM3)EYCjvXqJAPBIurFHo$`y!2-9J{)Spa~d?$rmvn)+D)eYmDnuB=!je$Tz`30hU zC}T~_^5$UExC_Ritn~|J`Tuw5fM|vYa%OoZbhtFb zRniYMMwv*#KRdNUCKL*&uVeN;ZQTMm-m({*VvgZfFYR?{bJuvvo^z?wdt6#YnA{5mn46HM*DO(&pdo(*vWN`mG+sM&qFo zk(-)_Y*NY-V*gcOrM{)Sm>!!iuA zU~xqjr+lL`p?g(3-zwQXdfj@WImrP(Y^4A?j}){h0+7=(gPw)(%sPpyjj=o=)AP=+O%(4+Beel`Scj&PCYG5ENv?T(HDIB z?jw zawK(}y7mWHd5FzAER~G&#Xh7|XwTm~%QaOryt?*6090su)gQ#w5;vdqcslgyL5=Ta zn)@M-ep4Z}izgQ9*v!Qgm)4c4oQLL4o?zt<3T|x|q4YK(dr*DDJY_l;Uv3zwhbzg! zXgqk5r!3MB|Iz}F_D1Oe!+x2f=#hR9^~8=ps42?S)psGVau!KNI!6N(rR%TI-U@vO z7^!wB2}U@z9l!k&JW-=Nuyh67Ex^^CE40X`0MG>yP0&pisHc^iG(37_o-Bw<_um~n z9))26)yNqnqDK~(rDOt2sYVKr01*q0j|fGl1ka3Y5ehaqfzb`7E=b&lT(jH5r9D0e z#dB-#AgA`kWaOgjY*kmu9@GO$S9COe9s8?K7oFHxZQ+mYIb+q#}W`yh3?1B zo~m5z)poeiwQhfo6jG5w6y2rudTfFtx=uPS+a67LriwaI$+2$yWs2r4dCI4W-s>re zvRCQ?XsS@tn+Pt744pL!i7xfhH(i?lZnS%`E;|1vlEXN&45<*E3hj_Sw^a|dtF3Q* z4u!*!P$W@~T-pnez*H}i0R(9Qw5x2tOP#e}5=%S`91Lw95Hr+zMG^SSI5HX46O9!t zF#d%#w#ei&LbF_29~&+i0&BjhF4LkyYe>C-Zm7mWU!+orpWtQO4Z;{;sVcQSk=;3w z$#&HZNf0r5MY~{y>c;Te=hU7N0^aS@MR6;lag&c~>&akSWGly7=&^hTq%^9nhY#dbweh42FnDMe3nd{WoLIK0hg^;6P~GJ zRC4Kpg_H!UKmIZ!BE$#n;VtQcAW(^WbTNd%e9~hap{CkI^}B@;L2Ppd{44@z|br=|WdIwS z=g9^2lo$_OwsqH{M4}6cLZQ+evUM9-Xe)gIVJd+#o4Rg?HuvsscN=gODYia{hD&=l zyYAWJDF+9#I`M2jb?eZ2L*ERZU@Slc`%Clyqz?sj=>m4Z_=k2El68)|UA=V}x^LEvKqj@07IB+t;|qDzPt=NR_&ElzEj-Qt%51L`s#dAqeeKARZ&T(&#N zTv!{$oD7sf^}Do}N?-74!q{L_K>N?Qo=xhEV0RbxfSht zgheb($?iw5=Rup%cs=63h$xo+9bDO=Cxm zKE+Z-wh|YFHzGt3yJ-DUhy-lnSBQPcCQ74++En+)583q?+go)%tqBjZf2c4tMGLhh z?nAFR&}GwCu5k*T?^NCW2fFOAhe!^g{T@wtLHR&eVdzY4<(lNBE_LIQ2b>3^L?0XFw)swN_{^8Luy(`>{|$4+&J!n^JMJTV=FhMq!(pFme7TP`LMi z0D9MCyQnk=Dp+a;CN8Gf48!DKNDVuKDY&MZOO#-sGp+@Jv{F1HGdNg^G@};PX#8Uo zJ^2~1&JAM{-=Vn-@v<4Gl z5t=VU$x!Fj@Fg45f;A~ExYNuU!uG#362C5adFQnRovw9ZVMOE+Ig}Hc2%5?9oePnK z^#U$7P84P4)eyjQIK*`v+v^lD#fp}ktDr>@)mj9u}? zRuwwy<6@rd?u91t#PUvGg)C#9c^<7|y(bc1fF+=Ka=6pB%USli8rz2)0Ce6;D7el$ znVlN#Vw~4ph;bDs*a3LI#((qi?IXv*wVg zIB5RX!mZFNMtLJ$3w&C?N1yDi!L+NQ(-RwM(_V&&RkK?U?S)a|OpU-0uGK)SjWOUD z^=<1sh6+W@<3c;-&XMNWIj`o6CCPyCvPZk5FGx;5=+YEh+zy0K8EbrNy zviSQZ;?Q1C+R5dIz~xmSSOHBr+^b(ExC{pMNH)i_+58k3)OHK7q59R^?-8t?3r^-; zY!Rr?e*jkRSPa4-VDcIbDS7P-uNZ3^1CDnV0(To{QmShgY(m)r722E5)QM~aYGmV= z5PZSm3mDQx2pld#C^^=+$x1z$sY|TXp$H}Bq}{Qoip31z2wvma#=UBy%_pK2{rlj8mv&Z zj`bjTv?a=$K|OnkatAQK9!E?gjx?$M zaf+8vo&)+{nqOQGuk>n%J-T2PWF>fkQ~Rq&`=lcF;ABv9>OYsxtzzLK_6VJ_9ib7< zZa4DeK>Cm5n9^61&0G&U)q_^7X z^%HCS+r?}E^(#gFyxIX@?0(wvy0GZwB-j^wm~&y&?qsXTtQ}VA4kT8S!2@b|-4Bmk zLtokcz*XLoU1&+#e;%#NldCgxuG?&(sZ!GIEj#Q|FFR;f5RHljKVzt@;3+mSgEJ=| zS{zF?T-9>x6UR!Gon7azmw)D}gs`fGb-XY+dqnBKNC~4RPw?$hEBYc^;=qD;W}mm_ z3&TH8bPUP8xZ1jbY1;j)N7f87y<9FQUsCu5GcDm~0K!i?$@(K=29{YY(*?gE{LE#b z@V^B^2vTsaCYU5=vjDQ@YH4<%Gcc>8bcO-);fcIA3i}{f@$AN84eW*m=zjHu&D@Esy z9LiPKL;x?!{GwAkfRWi3J8yN6vQm-12?|4T3Q&UzQ|szPiBmueRfeaY61pOMlPx#o zRyR)1mD%*f{v)>&swL$rdu!EsPHnFzvNM;Id>Uqo2Rzyx96<$ag)7 ziew9AUHgFYg1^Oby!xzMUDE|w_G+IxwJ+5TGxD~uOlAFQ^mmBf!rVCu4}qEWOGG%; zjjpj47b5XtTbLmi?pF{R+!oNoa@FYdh^WwZIn@oWu?0>|ano~-Ggdxs3j~HZw|M}< zK`~Z-t~2tbE#w9D;r6<&F0gpFQ;U0TJ%G>M0{dLRj{^L3kg?}@Bk>$(Y`7BX%H7h> z)II8LpFy~sHkf6!79;WTAenbj*Ft5hS zr&HVM()P7tgYDNyVpWhRHCXwlCzyL&k*oz zY&3z2J ze0z-{bD$(wVh48qULULk7|NZr)SSEQHbr+omY_kf*thS;bZXF@bY>%lbbLF1I| zL1viuq!PbDI!Tf|vst~ehl?XizqREfBny_4I&(>c0qcqE8U`_EpEbfbC~Iarl*YP% zVwq61#QlQsi(fIggn4^}@dvxjS(eC>Z?ISTuPcSV<&cQ+Mr}Qt5~F|3_UhNzA!2|N zs=2Hy_#Yl^2X+jo6|pResYNVrZZpJ8FVCk{u?dXRy5w+pj#yL{`U0{Z{Uca+q;*4I z?4pxE!Kwcse_I}4Naj9BdRo=wtyu1nhKx`w;pNaci`0!yp>Z(D-|vm=$`e||HT6-B zPd9kYP1HgBbeDa)@*L)aEPUDlV;XXi`wy-%tgt_M!|R>Y2FU`Uo|3s3DAR@y_lpMT zqe`dtDb%~ZmWGXfn=oj)f>(h(-rS#)?=VG{3I0sNrZV{h&2Rh?lB0E5=FmAmCz{BO z9J-8H-NHlyALu1*{=AWG)wZvN^%`Jqaxs9T93+WzlA{5lk; zb}L6nWXG1~4_*$m!W+AGY@V;?bF}l4M$oBbHGJA(;|-`CG?7&GhtxGc0klth%d6im zGOl?+v`BbG0b1+F(7+?C<}#eNzX?9Or#`}bZ%SIdGF8K$JH4Gk0#C&!@`{De?V(4aha$_^5R_4i# z?&u2E2|u+sZ!=h_mPFeTgV5bF6h_EcfI)=ILN{Y7@+g}-eDNuv1`I|ynjqkb#kiU0 zi;0jg79*BeRWXV%HUM$1N8h3V5!SNW`aV3ydovO0jxdrxtZ@i$sMHhNN@B*#vk|p`d1@QCHM%2Q?g>jqnU2wFuw3C?eI_ z4rkXVC6S5IuxsdUs!KZfy&9j91cKEgiLyUP{x4YRpb&vR~d=1Z`WWJLgR z>L)0pPjzE1`Ch&+_G?xfbHpyj#k0ah1{Z`uM#Z1kxc_n1xX(Ox$$!V(O6 zSS>Q*sS++}CJYe6R3Kd$1v@2(@4OHMN_rCK&_9R%-o$C}JB7q?Yb*K-ka6jc3T2K7 zqPedT%lpNT(%RdlePr~%N7HS;8XX5J83S8#>~mo@tGACvnrRw`C!Z3!MBU)YiyS&3 z*d94_JT}7*9T!>?UN%Gt6^54$RYC>fW%*9^mZj)Ya{W7TJ-ttWh>}xkfTSL-gOKpftO)#TK6q3hfTMw)wZ;VEdZM*yL2xLlOsd+Tj1!07OeD8TUW zjVQp7@QwM-mIBEPPG?)=!J9FUf@=9Cc74sUi?#nODQX|OIWwFT@=K`{PL2z3VFPdp^!SIGGPWPFJ6?ey{HOyXAfxMu%trYNzha~*C6%43gVPZ z4FrQ&f{_P8j)W6fVIeFd!q>wtvtWb&9yTap*&o>V=X+>|z%zuUN%d~;VZC#28fBD; zYUg6l4e7f>!!~uWPPtb=Ct{A3OPqX>sCnQ{AC+qB1waNr&g z!gRzK88IpyalDLhq$9rYfGEy=aNaXN@c}{u$G?H&73PdKSdTWx9&Jsmf8>^ktm6{>G_2rFCzE z_Et*cMn6vTM0&9I_~AA?VzeEIdz&YG&;ePp1uqk1e>nUs8JU@$r9%ijDY3{o+;#lgI*jNCreP-d29pp=wE>rRdMv~ z&@0_y6vUA*k@6e#I&5VPoK#DG4QP)_kA8drx|v(JRcIKPu|WiVu}P0352@w{*`IQG z^VUVUJr|o+?2WvKZNXQd1lF)nI8h0k6ufx}ym8u|^6IKL(p^Yt?FLLGu!NvwHZlgz zk5QgUf3IPA4g_5&4@!V}{F{goqs{@WKd|Btfx2i^mv-pIw;=bJdGB=&d&#SZAOPLo z$WzGjKxl6=H@&z#U{a1MrR}qU{D>a7d9n71Q#;&A8APVY{z_!;i~08^fm05Pcy7Oo z*5jMbPKtu@GH!`>VhF@6_0WrbX7*+KRyiQjBof^h?8Byr5}rI~8%`xC!L8f4J)PVz zh!ca?udMUAXj7~~qDZhJ{>mAVJe=Dd9SIwf89*Yw#ZDO8+KiaZFJt~;?81s9A}WR9 z@^}v>G{)@j5;yPKg>Y~-5(BHAcMSqs)DAQ~Z?^DH#xz!o_5-gwIt?(O4?-9HSG^Di z7#xp)vK#?BMVc1v#Kv`Z^fkO0(H-qGeO7u8!j``ue&=?=Sut_M;F!`_lmYwL*e|}P z7+!Tv?NIctD5Fu@QE4YaAG?Jy5X60}WGt32T5Z9s; zQAbL6S{}Tqr+ia?&kQkWqrGP86O+#H#pkKf|3=8EZku6?#Gi@uJJs825rKYx-6%LU z_SGI+PpZ$G+C}oen@+~of_U-~ECXDJg_B*mOn4RfhCi=Yqc#W+YR2tkk1pz*Z0(MI ziqcXK;>e?HyBK4*J-2QGr~B(@#lu)z7Y}bOMMMsETJyVvu=2;P52N&c42!0 z5%eV-pg;y}ABQZ^Q9+dlbd1H5F;eH6i7aLEQmAn(+tgvvAn`6hEVhkC@x5BN4NvfFkRg2^Y&s2nqDN7`+s)?&zI(6P;YoiNt#& z{lnDTuF1lfE-(m|U{;>ksj&r6)LUACq=fQ}569E~V@Pxq$>+qk0m?%XBcj(rPhx6R z35PWVKj^jCV^n@0%KruE7aYe`TOZ6p({23^0OZJJH?>d@z$~ea6h}B0sKtU7ymJya z0NkUmd`Oxse{n)#>eG^*NOz9$5{m7?`P0N&w5H5>(s+y>U_FXJVxYMO4rX37xuH;h z3Y5eG6WpggPO(lFO)j%L2JjAnahXvq8j- zirCHQ7b#<^EZTYq?Tj2wv1a6gq5b7*v<56hW|U%aXk|0RUNP!PCYCn@5(Q~y7KxF- zV5ulb_mxv3CNuheFb)klGe<~kr0bE$q3@};iRn@7Vwof6ARi7=yLlTL>=XIrcVFomymJBWL=CjrfwM&eNfzao3C zjObaX^!I_=pudaLXjWt!!e&KwAWl}qqTlw-=_hXj)n<$8c9W_v zR@5M=mcA;)D>FW@{KZG3KkP*>_NKg%C)4t!-LnkEPmacL<>l#Uq3IL9!0HKNz&x?! zsz=#aK3xjFE(G5Mg-t&~s&`EQC9VZ(X*{`KqLcT@?b1&^;ULMYW|qG-dr*b;PV%IT zUyi9TZjl{xiLvUu``DNonvE`wESRvcM|h0wyKeP^cV_zG7d#@!Ul~!hivxj%?)!h2An0{joG< z+1+7Kf!&P=442aEUc#uYv{{r;U3at>XvmvN=%?6d)ys!#(Y=T>M^I=`LX;lZO!H(@ z7?93Q`FN++aUCZEMQh4};%MRA#2h6QOd*&>2x2mY;u+VX2%=-I;OTmt2Z;$2Ycmr) zxa8wuI!yL;w6aQHCFr`Hi9ErgyzkObjvfCt_Dnsx*174U%{EEefFEuF-6r8h--YKAf#WAiCq1t&T&|tNe!+1dn+Xy)1 z1Y0+IHEf^(d*6v1e}4^@DxsmfqV(j{MYd7|L2D~V#0u?;(245Cyj4FKpvZSc|3=_l z(JnY+F#h>u9}AwOZajH5V9f?J)|Oi5Nw$*z5XaI2N}Dilab^gm*SFHD!!X?r0InfV z<oO*E` z^j{EOS)4B?qt&xZ5ISXG?kFJ&u=3{-DTBd_68$KOwO)ojZYyDI;teDW8lN)hYBY}I zRw(CAxCbQHL#iyr4JbuoKWbq%DS7}KM@lQ%mRk1^np7-RuDTiQ<0;eD?LaVo2kR2& zklfn8)YeBB@k zwIM#O8QV*bi>TPv^-u`NQV2TqDHf(79>#p2rG&(B?Bo)=SZy+PB7Ojy#+S43xMXXT zPfD{%jaC99i&b|OqA{l-E;E5NWkhZL0@2~E6__iI!8ma7T-JKB=u(@grc~EQSsJRc zP>wF5!`}+UqpzcZ!b?-kQWzpwQo#^&5mq8Jq2`kwN?_W45dW}`6$ue;L8KnOn$o!{Y^>UXSK*lX-&kOQtS4i z0We=gWAaF^DNbtib74@+P8gfC`(kK=1`IZdzat(T*Q0D6Y#r_clGUUyPo#vs9~4`i z*I^0I6N_^0EoO}64s}F%p*jLvQsonXq+kG|HdAo1;B+zThMEZE>9XKh9Z&FZQ?(*Lv=<`Cf zsqLrZwj=@>@i%LYqw16op4pKLDCwHFqvm9q4QR$b4ExYmZWI}sZa@c&z%Y^>a65oZ z!9x3~(LcZt&+3CCVY{$h??SY38wtYT>Hq!>-|=ix3d1ZZ%&q&o0tMR((YnUL^U>#V zWYii@gE3 z;*Eat=b&Y9tE?p#x({Y7?$06V8ABV|c%X?5?q-Z@)80OUjhzM)8a5`DFSBi$gzGah zH1Gd{oIyp&mXli}vJX9pqGcG8C_%xu(8x;sH)PowK}Nz(RZ)4f%BghuU2qW zJeMdKGM+_8Oq_-Q1ehfng{)!beGiRq+CeZ*9zf(*Udw!>ds&A;3QE9hxGCr10h-)nbuq^2VqA)3^>s zo!f>w+>Sz`(TytLo24=PkkCLZjxH8yvx^hd(j)LMP%hoH@;F%!PV9;kz0B^`55Gk(_!#yJB^LB`(wx74zmHOn{8n7 z{b1<<9MYA9omv;h?$-0t)#j0%1m>TK->_t{NgIJ~abyqT#i_c)E3_Id%bto`j&R~s zU}7s0v&QURZKoKne~W_Zk8=?K(s|}PbgWK21^J^>BZ6}Yv3YeCqO^M`p@kQ_bg*gMt+)pAf!bPy!%c|_k^2V;H+$CRb41S~$I#wCmH6rQF2!L}+Gibr z5{EL=!g4YwnK{7%B!clFjMl`LI9Z4-l@TChOaKGK!Oz4yGS<%6?;tjDH`>Oi1l79s zhtZm;_fsj$rT_oVv(3cM#xaf%=QAYTdeglHZU>%?W;h%F-}!d|=M6ju@D#&}nvG`@ zp1eX)(_PrKaFTiiR8;%wkjXvkqw>QJ#gk`AFem0=P-ME!HBVfK-aJV4wzEE{BT(1xF#X z#b##1jWcBO0wi}wdVq`;!U?w9Xdr6ha5@6qo7W;Nyxfi^On2lxKqE@o#^o`NlQqRO zPIv^c5798c`{C$(Ha55hH5am2M2 zA^na9rfEOF8;)1I{Z58}(aJP^B;Juj{ z*_OrTo$@^W>`L@AePa(;$m2DI=sNxx;FCU8+KU+p)gOH(3#fb`5R;^cJ_MhN2d5P~ z;3&aUaaf|2K4m*?EyDwzT8W|eOkp$bK9iYl8O63j^J2fTNJOxg$cWcvglJ6x@vMws zdrF8WWP~Ff@vw|2PDlKwh?p+U1RaMuigN?=Q+?9iIcWWd`e^X^s`U51Dsc+DH?lp> zirwsUYR`Fj0SHHczbt*#Jb!?x7%m0c_xW^u8fO{oUd%M#f*px#IXD5{iw^@-;!I0u zgeSGrTO(GOJY_pq?1mZ|c=Lf-@Mr1A*_EC74v74Mv8Z{;lk;$<0qej+Fn5s$8v4kN zQV;Jn;I+|V_ADge8#=LzY(7B5CY|p^ zHhxSdcIBObG#eK2PD2#N;J!D6p$-$abhq&$8r-YTV0Qcx43zbMT*{bx+aZTA^FswF z!BSCzZ=;WTa2(Vb+17{5l+b8obNYDFTt}K*_KO?uok8nl*?8|%K|)Rwo8suDCq&Vp z_rIlmT(YBn2iIF&xIuG{82B~!6FyCT>_vVt0M|}?#khbG;KK4&%+@-N13PWIeV{G! zK9uLRb@_BRZlQ+zD86!E8KKui$Q_3FNtrMKwL&N^Lz88QDi=uQGSntR9vKqD9;|d3 zqGku=JQ;dOh87^?*_^lHlOMhH!#y5R<##>!R*0;7Ec}23YbKa1v#0A&fyai=Z^RZO z(r0_xgD)|mE}pJ;^K3h=-!aWu(uHq{6eCf0Kk>0gJv;ufI>OzC>nL}5#ODbLkyQFB zy6q#J!H?;$+ zJNTh`XpiSnFeh#l;|fxLLCZ_s?#Gyh0^sn_orLI0IdF|?_{HI_-flOoG$nj!*bU#W zupKm(p9a&({TRpZM&a%B);x)9+mV@Xhz%GZ9zImi@?omtu~bDTRxj~UjJuRjWg>~( zGxF`J*_qnuY@2AuK|N#^9A^^}(>M(Ir=D8BQBDGs_`pL9W_jgat!|iF z-kMtWHVEF6O)&Wy?i;$-r{Yt|xlbyz!=WP0y*|M9_2(U;+3rQNnGMr96mvw*-(`dEvfGOi!$k1UY=8Uk#OGKv z@zi|ov%Q1S%0WX>U*}+_i5uTXF>s|Z!DVv^5?T3#qPEV>Bb2-MW3@1>pfZV5p_v$= zZs?@>9l<7o{y6o5M|C|;ZISpLA*@_B!c5ZVK9M+ubYvuu^>$iXD8$1^M(#Y16xo@V zxH_FXvUmu$auTaS4EJ;@P-NhF^mY~^`QrgmcY#*&x-@m**%MyiL8OSJ&ufl+eu8@2 zpX|&sZzVRKeR?Ma8x}Z@7YxBy1E=SC^=aM4H7G}-A4MHNp92ZXIt*n+Z$xnm2zGyl z5j2MdBSK+vVHvsbfM|KaCtA&tPt>i1m_UeI2w}10A-yoMjuGs_YAer_$$q7-<&uL> zUwK#ZG&w$^PVv}0n>W>c5j!3wM2$^Cp&?J-=jvk#D}WocQe@HdajE7j;yT(C*UHhz z6yiGE5?4qH;H9kIiL0U$M+-SEHsMyg+k&Gl8BGZN4I|K_ug)iz*rBI_G2zLm#QE@8 zmEb`p96v~&irxU|Bh(pi zCs(iu(dRhDm9ivQ4_V?!n=H%F(Azs?-?|RvPJBYYMCGhmqH?IF7*>iZzv#2QwW%C% zMh@zo;B}AeybCd;#U{OWhG0VBcgTdC#2>Mi>e1&y2Z|+5(UEv(grn6dfMFVBVQnSi z64e7JdTPosJv)9W_eo(TEpX*w6u5B}P?KXb(TIA5Q6mOK@${j* zQ{0Q9&PP#YKV1mY@L|xp8;xYFM9_x2b%{^*ar$rB|e<6@J#5d*3;WpL`2Mhl3)Fp5>pOYq_i zPLakY{Sr`!=fO!)u&YI`9Im0g&r4i^AVx9v@Wds=iQ|^gDX7sl=rF}t2Q)I8-PZ@D zPo!(q4V#akj=Zsvc28=DZ07GmKg5RTrn+L+=H_^6x`;O)OcK{~{))R_9{m;?Fk*aH zTVFw5RyTeQetF?2%f7HWsC~3gUx*I+#8_)gESlzM8KG|2Z@l}hOi>G=Pg=(wVPw3J z16iiKZpgwpExW5GN6^4X+ZV+0=%ILQChok5fG`yNS#|}j*>yk`oz*`@{^nXw@I=&D zu2qovdfvCtJLFo$eoU(O4sU>O>- zD_7YL+ZblZE5>y!efnnGIH2pNs84Gcm!ETLwCSJjdUsTpQK)XfS5qe?S!%8W$z{33 zUSJEE9!)+X%LE;b8-mb|;XkO{=X=8AR#1osQdscUgS#~Vahg47OQBLBW;V;Kv z6yGnt$h8@k5{?tNdX2wg4-{Ks-&Qy3KLS)IkI&Xk)j4dct&3rj>G}hJEsd{6-&K`W zBk^?#wRIK}B8TveE}rgBj#_<)e~U|Pos1CuiVd6E#0`k6ju)7h^Q;?lp4B^_5CyB) z%iZA0$=rX89zxEYSawnpAHmn{?g5CR=Y4^dB+dPdFSdp254gY=hZEjHD|rky1H7sW z=5En{VF_tq&A2=LS)r(06~DXXvAD4%iyQsU?c{{O^r^0XkG3){yP>g7;Hs^Akxt&Z z+8$<}fC}ML8wWXrP@~@iFm*$ONp+De;$lPS1Td2ftkZNxOv9W+6ZZXxA$8r6`w&K1Kuup?48IE&TfuIQ z`Laf6VPDMMvze!>HiZFd9^9y`B#uY#w3eZp3@-;(_g>oki@*f;}I&|oxHGfxb&PiNZ>(< zmqSIS<)trB+}CxfckYPUuZ;8zZ`~c_F5I9G2wLk8QopDhPkk6G7r5ZI;xui4mvNeH z|DOKR-56rjjU#8N8(%Gb(Ua=Jb^p+ZMlCv#Z6`MIe*uqi6<%6iBaltS;zq8pdxzMV|sRfZCG|JjhBa07(-!gjf{9AJM27bb1!NI6?FU0sQlCoH`x+8d_Mi6+KJ|hP&+as zF(ASzN4@ef3J3B%vDx<4-Qqx!^9eE>CF*mv)nIXOZrp>fP+~{uC71RNa&e~qO5Qrf zJscy_lN0G5f{zDAz8ojfw@P%E;cB}cvlgJMuDSRk{)ZA5Xh3(X?tkD5<%uM+;+94U zKKO0^%?g%FP}(HNo*q$NSC3Y4rzbYI9l8n4gJVa=O;V#>M1&yj&3`#gjdHzA5FoC} zF=AqUW+3v#0y)&k*2cNE;6m(U(O30VX8%%1KGs#SkcVc(zNNZB z<=^9>(c)z1{Umben$U?p+|w6bW&!fXeN|orPhr^t@%ZSsIiYqTjlJYMyjmAqW_FZu zGFEMU93(~e!iTAyyM|&A6<<#9m3@e>+KIhf8*1Qa=Aq?Z5lWBGhbSr#C z)wmbSESv_2@$^w9>YdyI$0)TAj*-M9XF#Wt`JqpleUyF5*|jUb&ZRvn>^fdujnD#v zLn~`gA2a(kOfom-zX^U&V94=t3Ic%*Dl?U5bKxjcFYObMF!* z=sW7@^=z z;esCdn7d1vLe*@kS~Pq1HxrNa{ea3$qM=3I-i< z@Hy+MVGiP`3BTjjZ^lQ1XW-kIhkg8`6>p|0CqUtkPG0EIFM9V3=(Tjh$;YAE;NNKD z7O;cg>pjs}1|K?vurniNV?#|wok&xHMIKC)z%>w9DL&1eCo(*-0-51ki}P^BwJ>=i z?t4!2#qwT8MmWrHBOI@Oas8jUZJho}v6G)EzPYe;_W}2Fc99eQx&A)oIu{PIV{yoZml?;Ya(qk@4e#v zl6dbE?^ne8HSvC3y!*uaE%AO^y#FcQhIqd#-tUR`2jab7ygwH2PsRIyc=wCZ zcpnyT1@p*MQI2@y&(y;|M7;CGyFk2$i}wlQT`1lsiuXwIK1IAoiT8KJd$f3u5pM_H zNBf<3w1jm0gz1Vh0h5^QALIBl?I0FhYJQ15RH4n(M~sqr@l zi%T4J)%6YjT4nmc&iI{T;X~de_ zo$j9LtZ0VT!(+$qHzv?aB(TI{a?lQFZ*WL z=PfF}>`Lc!ch#ILoik>fEB!O)R+v7)>JrC!$hV<-xkDz4NXL@;hKBlpAFW&)a4huK zHMRI1%}t0yv(?u*s+am(suyLV0`)ig0oKrTgTo{va&#RwKV!e-J@`t!M~9l{#dB$f+gujrB{IsaYs6s&2-tD=VC$ zi59V#DD#r)prbh82dSo-&=QEL$WpXtx+R0P{+1S?H_Y(*LE@ajYNaMMV(hDz`JW&Max+WpGjv#o&GC#BvnC@TJESU}_vyUUda{IqR=m;`c z+!P8fYLY!$V4{7|cnuAX#Sj?Or#?VhEuLAk=S*Q|cFYa<9p1_*%}p&q!6h?Csdk!M znwBj`fdfGyF?9||WYFJ;CT|IX%#{Pl2zn^A33LQXW)uqrxaMjwq_#R(jR2@kG|RG7 zHrEkq5&+bN7L;t`qd-l(&{5gqr&xF^zlPqqju5K9unAg5z_FXab0PDYm_^~}d3_Cq zrkYumbG)-=&OX<1UQ-~;-;m{RG5r9!GVMj*lzk9VTma^rXNqHSQ%%Xa3{%!9@=XDR zCA-0QvLuV5Bv#sE;ppOhd<6!A9 z{R+sDx}FL2gX)$>6lDrBgz~O#TyEtC^=_%3;-cE|MYSagRl2MLf{JBJhzg>GNRSO= z*0KVlY|Cfzmg=*r21+z&LA#gL2gwncrWB1kzZS2Fcm?2=P6#PQ_&@Ff zyv`YSenTw)7@jZ*5R2h!XuzvhxvXe;(UPLtB2Q68(d=O;hu7FyJgl9mbGx1wU*Gp*5C^VT8(vD%t^YT+~v%L=3yoa1Pl5 zWZPG0f?eaR|H^m_%F6h~D4;UFwtBfT{szDQdc-z01{W*im;0+*vcVyRG|#ZYqi{zH z3qQ&PJp9q+D(#+m{8o@+v*G`U!;X zF6+%O7L7BT~WALh7~T>?}dx)65(PWL%5iz2v<%e3d2~K5Miuy2p8-UF1F!? zi|u>ijx=2y0uf=H=n*d1BwU=b5-v9}Sw65!xZgEhwi)BG-7j387GM}h6NKw9-S3(1 z>85*z>0)&Vzrt{l>7Hr2XPGXV0>8p=iRqqgy62egxuz@UNrmBYW_Y~mN?9rlmzv@8 zP4@!RooKp~OqZvanBVtJce3f0neG(Rooc$%O!p$wz1VawG2L?0b(-#_rYk3Cg<+Q& zcAM@D)4j}eJ*Mjwt`e5cvG*|!9OJ+-4jkjaF%BH#z%dRS6lbUy<{0MG-fGvFKnk3w%M89)}{=0~F;FGmI4n@$;EsxgMY>KQzN~evgxs zW>~D003#s6?GicbeR*}GGQ+=6slY0Xv$+NCa^><+Bc2Au8Cs;w_BSiDYJ$qlrlpF@ zU!#n^oyeJT%5oPfpNRNErQdW9n{Mt}!WSyTOt;Wzjv%>ja!TKZYkCiyf*N zrpxsIsUNq$k3{QJi}6QDG+CZb;hM}m5ovKdo%9vYVBBl~xi*p=lktBYUIr@TEBrD2 zg-W=I?tZ@hKlzoLxwN&?Gr8>~3Uen!gx`j7Lx(?xH%5lthj049waEt@TIB<*u$2f3|1IIXUj049waEt^0e{jHo zOc$DH$WxY<+B?71%Y+N~Lt*mvjkl6FLzKjNk1JFHkqFBcQYTx^c#&cw3-PYa%( z;CTqoGk8A6gWEf~WAL1dXBr+4o;i3H;tAqu#e8aJPml-@Z5z5cLQ>t!}B(tPw^DwD!Jdmb2gqSczk%S!_$c8Mm!JVc?QoA zJIaFRT0B3&gAY~ZzJg~+o|1byo^g1l;F*c%YCJ!}b0eOg;du}bt_tP$;CTtpKk*#E zGh~R8dkUVj@l3&UIi4UMp022>a>*l_SB4t>KAd=J@FT9Os%G)^f#CI3wbd;*;P?t6 z7T)M@X`%<`LYrFXSyCOiz6DtH2jnRpqKP06XEIR5!&w7k7KN%?YGoA9m^PbU9I2t# zkE2LRRkb*z1vl7KuZW{)N>xomQvi9HXRVZ~Iy0iKrZI>t>gpOofyHofh86|JDLs^= zP8JIuoc57#9{Q|rtV30BYHC2B+0V1bO8|$I=6aMd>s(bjfHP;pAFN;EZ>r;go~lJl z7*ML}>#B&4GB?)xmm!SPuvLvXbZUB=gH0%zJPrnz%$A5t#9=d~YKebI%@RPBI3RyAqD`y*_TkyM2d<`4Xxtr%oy2F=8I47p-}YU5R%AF{e=} zZC>6|zi4q#aVfcr>lW(O%e zr94-utf*0Lx1kd%-8Qq=ylNA?debHZO8m)+=RP_*J60)@QUUst7c=QJsI<>o5uo5{{s*h(Gyq2iVG%Rqx?Qx`5L zr>cbLDu2$cZ=QIevL_d83n+ihwJUc4N6A4^U&~#*un}D!-7barF#e_;3dFx`mxB|X z$}jAJmZi!)_FSa{Qj>#|)^!a*<$il}i{JGB(GFf?=zt*9LK$zcFU19dMar{??ng98 zzCn_m&kO%w`0mArND$x0`hxlaJ9=3nDE}vhfNfaW%&Ash8^U9wg8c>{dQkRUrEeaqAzGrkHrNnQT89Rj8kW|D z8fz47D9XeBl?w&a#7hz_%Hbh?W$n-=dH*4xJOGe5{=yVmeK}se^XU5zyxM0YPqyA) zhqCov8=9+xXCXd3*Np#A#D9wT^*>Xd>H~2$U#r(9*S{_!u#w{u%h%r<%OY5%Km)R z?x(|oVC|wHPjxH58iv{jQPjRVyxJGw)lp+s`t4z4MgmziL!m-VDQ^r5HnGAVAWq!U z5S)Ky7+T_sVM^i5xjvt`xiqY5$zqK3{u&G;Rf}_E-N6# zbXV>oC2C(>t-NSwSGYHCiIT``3@wr8;{(c zU&k4JXY}TTbJypr&*`)6x2@0VuobSig@?4~#&hGt3j1=~bK7lUTf1%j_uK7#IUPAT zqZ$WjbKiHvIbozsSP;%%Q0Txl+ll3gNn3o3iP+8Fd6B>Nvc3zL)+>aZq+_R+w>P@w{Yiq%k~mP=R{oXr;75n~XQ#9Ly(lEpmYDcfm~kwBm>&G-5I;Me z_?2hMw7Dj}6(&6KC(wf*9pY!F6F+>GOgqskzZoX{k?<{erW1dCvBckxK1BXoVGF+x zaQrdM{Ik=E-;M*jOtYE!r^AS2{`>LpXW?h3i}GVG!?e?_@|$7C9kKjb>7x8NAWYcv zP5kv{*ur0jH2xSC<8Rc{u?au(bkHzD_}y@*5j{#Q^!O#KC0J#&k&V&k9@l z7n(Gz{IkE1br+i|o_+XQvb2F zAIh&4w(tujdKy1Fo%j<>{Av^53S0Pn^x#KlCSKX;#4p4_ai-m8@y`r1j`I5z{$-^T zzXJ!%3HzUB`&r>MKGOJOnE7X?6Mq6W*O|s|qp|*0m~qTMjE6sliJzTL{PiaOt7iUI z*urlY*ctrnbmEueKs;ejG4ZXig}+{2AV}w*olgAy^CbQ)CjYFkh0niH!5_mce|9?Y zm1|_0ZsJ>E3x5GU_|YMLb~^DFTr1O-Tk>ay2}=Gs=)sQ;@hy0Ui66%IcIf{vyvTnm z%sAo?mcQ(D;4j8X59i-nD z4GJ$Y_1)${<8|S6vc6Y?AnR*|NuTvCrw2beEN^x?>syI?Gy=qw7c0y-;`iaXMW3!Y)(cPx-;m%&ebE6j9}zr0|R#?MYCez;NMmz(%j z*uocxS@~zD3w)g8AnZRZd^2p}hmpn~!!z;XxexmJ5MMzB=^SVB&k8e+k-#DBM3N{0qp(nO|cM-akm5dIp8}nDRB)9t@lHt40|_e=@_! zUes@bSw@Bhf3niaAIx(Ff5w{pvBDPqfBQ%G8^X@QOUSnww(u3ZB)~B9x8NBT z_&Dc6f2o;&p&4cz+h+kD{umbcS?R>*xf-TT#Ebb`Va5@^5D$M06F)nh_&krpv<5ta ze_8a2@4&+!VTfBR3d@&9PzTj8VO zXQvaN=a1;TVB%Y03x6>GveSuQXyV^t;#*-0-+_4k7@nC0&oJ>PnD{#oCjYE3(~rcz z>~!K+n)s){PkbwUH2myz;y0W4ubcT>;iKVarxU;3#AgMWzZE_jes((X*PHkSCcYIu z8h&;<@q0~t!z{lQJ{o>@I`Q|L_}B&!<+s8|!_Q79KF^sE_DsB3e=E$mBlW-RbmH@T z8ewlS^S8oB!_Q79{sa^M$EN0gZ(%kMD5jAQvHfG&Rw z6F)nh_?0)xv=wIlR@lNHJRigWtiikfX^D=8168`x0vZxf296rdZDRLI?Ql9YkXq5 zHU8`{(*SLeAStF1ur>QD#NqR#8ddJGtUS3S!d!E9PxtVhM?{;QBZR7cT`KGs@_jcy5^q)Rij<56v zrGKn1m`}qoUuHcE$9k3dGw-k2BjtEL$F#@%k@+6H#@`=&zBu3A{_kZyX4ikL9M9(m z-t6tfJC2WdMn1>JTUYw?Jb>eQKzxQH{t|EDh^OQej6J_VJmLC(_3K~s_Q)sk`R97p z`1KHP=zrDw6Au|L;vM+{IPw91I!Ats_`~sk94*&Re$o0rT$p?z9Qi=k7fN2$NHXp1RVJW@(Xa} z4~VDSugdS&QE!iY5cw<{@6mET@@sJ9*T|Q_kq^5j7V7`yKQ_5+^WTZ@T-DpYI`Kf_ zhY~-Q`02#YC*G2Hd*W9U?@BzCcqZ||#B+(~6CY1}D)C}sembIkKQAS|lK6V!8;O?^ z|C9KhyL!*}K;j1zcM{7A({sH~Bz`9G3yC);9!=a$JegQut@fOMf8yE13yCizmTjkJ zJT?t(zaDqUveV{)#OzPpZeO2xW8#s-FD33K-jjGb@xH{fiRTk9BtD(^T;iV-Uru}_ z@o$NLPkbZsQsTc7->cZ!zQ6Y;=4Z2ZOOw(b=?&>kXEj_{wB)x3%mLvI`bBMBRN+raRfj*s*j+ zW2q@sqh`hNGJc%pVtFC$z}7*H;l@0AZlTeOSgbZGG+vu}yz$i3nC{GRf?KcLP`rh5 zoXDt$hF=czi`~(7h20S<^jhGlX*xK!+rw;QBjTR1f}c=BG#(nOcR!)(DVe8mToxNl zq8hX~7`>o(kxYP%Bc?8%OLMl=@)(8pg|fL{>>>l~3Rf();kR858+rv-EVe5aTRvKS zT5L-IAF|J8=Q&xwCOSKZMtpzB&Xe0;d+PNqzU^aYVtlw`yM-zc3=LQPbSKQvd#tbC yHn>Nj+c-fS(dS7ly!1JI>D%YPddl=UEIoMu^YFZld(R%`V>|jhhj&&=s`?kzL?yWZ literal 0 HcmV?d00001 diff --git a/src/Makefile.inc b/src/Makefile.inc index 335a444..d7f4b1e 100644 --- a/src/Makefile.inc +++ b/src/Makefile.inc @@ -2,7 +2,7 @@ # 3 proxy common Makefile # -all: $(BUILDDIR)3proxy$(EXESUFFICS) $(BUILDDIR)mycrypt$(EXESUFFICS) $(BUILDDIR)pop3p$(EXESUFFICS) $(BUILDDIR)smtpp$(EXESUFFICS) $(BUILDDIR)ftppr$(EXESUFFICS) $(BUILDDIR)tcppm$(EXESUFFICS) $(BUILDDIR)udppm$(EXESUFFICS) $(BUILDDIR)socks$(EXESUFFICS) $(BUILDDIR)proxy$(EXESUFFICS) allplugins +all: $(BUILDDIR)3proxy$(EXESUFFICS) $(BUILDDIR)mycrypt$(EXESUFFICS) $(BUILDDIR)pop3p$(EXESUFFICS) $(BUILDDIR)smtpp$(EXESUFFICS) $(BUILDDIR)ftppr$(EXESUFFICS) $(BUILDDIR)tcppm$(EXESUFFICS) $(BUILDDIR)tlspr$(EXESUFFICS) $(BUILDDIR)udppm$(EXESUFFICS) $(BUILDDIR)socks$(EXESUFFICS) $(BUILDDIR)proxy$(EXESUFFICS) allplugins sockmap$(OBJSUFFICS): sockmap.c proxy.h structures.h @@ -41,6 +41,10 @@ ftppr$(OBJSUFFICS): ftppr.c proxy.h structures.h proxymain.c tcppm$(OBJSUFFICS): tcppm.c proxy.h structures.h proxymain.c $(CC) $(CFLAGS) $(DEFINEOPTION)WITHMAIN $(DEFINEOPTION)PORTMAP tcppm.c +tlspr$(OBJSUFFICS): tlspr.c proxy.h structures.h proxymain.c + $(CC) $(CFLAGS) $(DEFINEOPTION)WITHMAIN $(DEFINEOPTION)PORTMAP tlspr.c + + socks$(OBJSUFFICS): socks.c proxy.h structures.h proxymain.c $(CC) $(CFLAGS) $(DEFINEOPTION)WITHMAIN $(DEFINEOPTION)NOPORTMAP socks.c @@ -68,6 +72,9 @@ $(BUILDDIR)socks$(EXESUFFICS): sockmap$(OBJSUFFICS) socks$(OBJSUFFICS) sockgetch $(BUILDDIR)tcppm$(EXESUFFICS): sockmap$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) tcppm$(OBJSUFFICS) common$(OBJSUFFICS) log$(OBJSUFFICS) $(LN) $(LNOUT)$(BUILDDIR)tcppm$(EXESUFFICS) $(LDFLAGS) sockmap$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) tcppm$(OBJSUFFICS) log$(OBJSUFFICS) common$(OBJSUFFICS) $(LIBS) +$(BUILDDIR)tlspr$(EXESUFFICS): sockmap$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) tlspr$(OBJSUFFICS) common$(OBJSUFFICS) log$(OBJSUFFICS) + $(LN) $(LNOUT)$(BUILDDIR)tlspr$(EXESUFFICS) $(LDFLAGS) sockmap$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) tlspr$(OBJSUFFICS) log$(OBJSUFFICS) common$(OBJSUFFICS) $(LIBS) + $(BUILDDIR)udppm$(EXESUFFICS): sockmap$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) udppm$(OBJSUFFICS) common$(OBJSUFFICS) log$(OBJSUFFICS) $(LN) $(LNOUT)$(BUILDDIR)udppm$(EXESUFFICS) $(LDFLAGS) sockmap$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) udppm$(OBJSUFFICS) log$(OBJSUFFICS) common$(OBJSUFFICS) $(LIBS) @@ -91,6 +98,9 @@ srvftppr$(OBJSUFFICS): ftppr.c proxy.h structures.h srvtcppm$(OBJSUFFICS): tcppm.c proxy.h structures.h $(CC) $(COUT)srvtcppm$(OBJSUFFICS) $(CFLAGS) tcppm.c +srvtlspr$(OBJSUFFICS): tlspr.c proxy.h structures.h + $(CC) $(COUT)srvtlspr$(OBJSUFFICS) $(CFLAGS) tlspr.c + srvauto$(OBJSUFFICS): auto.c proxy.h structures.h $(CC) $(COUT)srvauto$(OBJSUFFICS) $(CFLAGS) auto.c @@ -146,6 +156,6 @@ ntlm$(OBJSUFFICS): ntlm.c stringtable$(OBJSUFFICS): stringtable.c $(CC) $(COUT)stringtable$(OBJSUFFICS) $(CFLAGS) stringtable.c -$(BUILDDIR)3proxy$(EXESUFFICS): 3proxy$(OBJSUFFICS) mainfunc$(OBJSUFFICS) srvproxy$(OBJSUFFICS) srvpop3p$(OBJSUFFICS) srvsmtpp$(OBJSUFFICS) srvftppr$(OBJSUFFICS) srvsocks$(OBJSUFFICS) srvtcppm$(OBJSUFFICS) srvauto$(OBJSUFFICS) srvudppm$(OBJSUFFICS) sockmap$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) common$(OBJSUFFICS) auth$(OBJSUFFICS) authradius$(OBJSUFFICS) conf$(OBJSUFFICS) log$(OBJSUFFICS) datatypes$(OBJSUFFICS) md4$(OBJSUFFICS) md5$(OBJSUFFICS) mycrypt$(OBJSUFFICS) base64$(OBJSUFFICS) ftp$(OBJSUFFICS) smbdes$(OBJSUFFICS) ntlm$(OBJSUFFICS) stringtable$(OBJSUFFICS) srvwebadmin$(OBJSUFFICS) srvdnspr$(OBJSUFFICS) plugins$(OBJSUFFICS) $(COMPATLIBS) $(VERSIONDEP) - $(LN) $(LNOUT)$(BUILDDIR)3proxy$(EXESUFFICS) $(LDFLAGS) $(VERFILE) 3proxy$(OBJSUFFICS) mainfunc$(OBJSUFFICS) auth$(OBJSUFFICS) authradius$(OBJSUFFICS) conf$(OBJSUFFICS) datatypes$(OBJSUFFICS) srvauto$(OBJSUFFICS) srvproxy$(OBJSUFFICS) srvpop3p$(OBJSUFFICS) srvsmtpp$(OBJSUFFICS) srvftppr$(OBJSUFFICS) srvsocks$(OBJSUFFICS) srvtcppm$(OBJSUFFICS) srvudppm$(OBJSUFFICS) sockmap$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) common$(OBJSUFFICS) log$(OBJSUFFICS) mycrypt$(OBJSUFFICS) md5$(OBJSUFFICS) md4$(OBJSUFFICS) base64$(OBJSUFFICS) ftp$(OBJSUFFICS) smbdes$(OBJSUFFICS) ntlm$(OBJSUFFICS) stringtable$(OBJSUFFICS) srvwebadmin$(OBJSUFFICS) srvdnspr$(OBJSUFFICS) plugins$(OBJSUFFICS) $(COMPATLIBS) $(LIBS) +$(BUILDDIR)3proxy$(EXESUFFICS): 3proxy$(OBJSUFFICS) mainfunc$(OBJSUFFICS) srvproxy$(OBJSUFFICS) srvpop3p$(OBJSUFFICS) srvsmtpp$(OBJSUFFICS) srvftppr$(OBJSUFFICS) srvsocks$(OBJSUFFICS) srvtcppm$(OBJSUFFICS) srvtlspr$(OBJSUFFICS) srvauto$(OBJSUFFICS) srvudppm$(OBJSUFFICS) sockmap$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) common$(OBJSUFFICS) auth$(OBJSUFFICS) authradius$(OBJSUFFICS) conf$(OBJSUFFICS) log$(OBJSUFFICS) datatypes$(OBJSUFFICS) md4$(OBJSUFFICS) md5$(OBJSUFFICS) mycrypt$(OBJSUFFICS) base64$(OBJSUFFICS) ftp$(OBJSUFFICS) smbdes$(OBJSUFFICS) ntlm$(OBJSUFFICS) stringtable$(OBJSUFFICS) srvwebadmin$(OBJSUFFICS) srvdnspr$(OBJSUFFICS) plugins$(OBJSUFFICS) $(COMPATLIBS) $(VERSIONDEP) + $(LN) $(LNOUT)$(BUILDDIR)3proxy$(EXESUFFICS) $(LDFLAGS) $(VERFILE) 3proxy$(OBJSUFFICS) mainfunc$(OBJSUFFICS) auth$(OBJSUFFICS) authradius$(OBJSUFFICS) conf$(OBJSUFFICS) datatypes$(OBJSUFFICS) srvauto$(OBJSUFFICS) srvproxy$(OBJSUFFICS) srvpop3p$(OBJSUFFICS) srvsmtpp$(OBJSUFFICS) srvftppr$(OBJSUFFICS) srvsocks$(OBJSUFFICS) srvtcppm$(OBJSUFFICS) srvtlspr$(OBJSUFFICS) srvudppm$(OBJSUFFICS) sockmap$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) common$(OBJSUFFICS) log$(OBJSUFFICS) mycrypt$(OBJSUFFICS) md5$(OBJSUFFICS) md4$(OBJSUFFICS) base64$(OBJSUFFICS) ftp$(OBJSUFFICS) smbdes$(OBJSUFFICS) ntlm$(OBJSUFFICS) stringtable$(OBJSUFFICS) srvwebadmin$(OBJSUFFICS) srvdnspr$(OBJSUFFICS) plugins$(OBJSUFFICS) $(COMPATLIBS) $(LIBS) diff --git a/src/auth.c b/src/auth.c index 716870f..4e1e363 100644 --- a/src/auth.c +++ b/src/auth.c @@ -302,6 +302,9 @@ int handleredirect(struct clientparam * param, struct ace * acentry){ case R_SMTP: param->redirectfunc = smtppchild; break; + case R_TLS: + param->redirectfunc = tlsprchild; + break; default: param->redirectfunc = proxychild; } diff --git a/src/conf.c b/src/conf.c index 724d408..2f353b9 100644 --- a/src/conf.c +++ b/src/conf.c @@ -238,6 +238,13 @@ static int h_proxy(int argc, unsigned char ** argv){ childdef.service = S_TCPPM; childdef.helpmessage = ""; } + else if(!strcmp((char *)argv[0], "tlspr")) { + childdef.pf = tlsprchild; + childdef.port = 1443; + childdef.isudp = 0; + childdef.service = S_TLSPR; + childdef.helpmessage = ""; + } else if(!strcmp((char *)argv[0], "udppm")) { childdef.pf = udppmchild; childdef.port = 0; @@ -756,6 +763,7 @@ static int h_parent(int argc, unsigned char **argv){ else if(!strcmp((char *)argv[2], "socks4b"))chains->type = R_SOCKS4B; else if(!strcmp((char *)argv[2], "socks5b"))chains->type = R_SOCKS5B; else if(!strcmp((char *)argv[2], "pop3"))chains->type = R_POP3; + else if(!strcmp((char *)argv[2], "tls"))chains->type = R_TLS; else if(!strcmp((char *)argv[2], "ftp"))chains->type = R_FTP; else if(!strcmp((char *)argv[2], "admin"))chains->type = R_ADMIN; else if(!strcmp((char *)argv[2], "extip"))chains->type = R_EXTIP; @@ -1618,8 +1626,9 @@ struct commands commandhandlers[]={ {commandhandlers+63, "parentretries", h_parentretries, 2, 2}, {commandhandlers+64, "auto", h_proxy, 1, 0}, {commandhandlers+65, "backlog", h_backlog, 2, 2}, + {commandhandlers+66, "tlspr", h_proxy, 1, 0}, #ifndef NORADIUS - {commandhandlers+66, "radius", h_radius, 3, 0}, + {commandhandlers+67, "radius", h_radius, 3, 0}, #endif {specificcommands, "", h_noop, 1, 0} }; diff --git a/src/plugins.c b/src/plugins.c index 36b62a4..c1146a4 100644 --- a/src/plugins.c +++ b/src/plugins.c @@ -68,13 +68,15 @@ struct symbol symbols[] = { {symbols+41, "admin", (void *) adminchild}, {symbols+42, "ftppr", (void *) ftpprchild}, {symbols+43, "smtpp", (void *) smtppchild}, - {symbols+44, "authfuncs", (void *) &authfuncs}, - {symbols+45, "commandhandlers", (void *) &commandhandlers}, - {symbols+46, "decodeurl", (void *) decodeurl}, - {symbols+47, "parsestr", (void *) parsestr}, - {symbols+48, "make_ace", (void *) make_ace}, - {symbols+49, "freeacl", (void *) freeacl}, - {symbols+50, "handleredirect", (void *) handleredirect}, + {symbols+44, "auto", (void *) smtppchild}, + {symbols+45, "tlspr", (void *) smtppchild}, + {symbols+46, "authfuncs", (void *) &authfuncs}, + {symbols+47, "commandhandlers", (void *) &commandhandlers}, + {symbols+48, "decodeurl", (void *) decodeurl}, + {symbols+49, "parsestr", (void *) parsestr}, + {symbols+50, "make_ace", (void *) make_ace}, + {symbols+51, "freeacl", (void *) freeacl}, + {symbols+52, "handleredirect", (void *) handleredirect}, {NULL, "", NULL} }; diff --git a/src/proxy.h b/src/proxy.h index fdcfab9..983678d 100644 --- a/src/proxy.h +++ b/src/proxy.h @@ -297,6 +297,7 @@ void * autochild(struct clientparam * param); void * udppmchild(struct clientparam * param); void * adminchild(struct clientparam * param); void * ftpprchild(struct clientparam * param); +void * tlsprchild(struct clientparam * param); struct datatype; diff --git a/src/proxymain.c b/src/proxymain.c index 1d188af..e0612cd 100644 --- a/src/proxymain.c +++ b/src/proxymain.c @@ -383,6 +383,9 @@ int MODULEMAINFUNC (int argc, char** argv){ case 'p': *SAPORT(&srv.intsa) = htons(atoi(argv[i]+2)); break; + case 'P': + srv.targetport = ntohs(atoi(argv[i]+2)); + break; case '4': case '6': srv.family = atoi(argv[i]+1); @@ -414,6 +417,10 @@ int MODULEMAINFUNC (int argc, char** argv){ case 'h': hostname = argv[i] + 2; break; + case 'c': + srv.requirecert = 1; + if(isdigit(argv[i][2])) srv.requirecert = atoi(argv[i]+2); + break; case 'r': cbc_string = (unsigned char *)mystrdup(argv[i] + 2); iscbc = 1; diff --git a/src/socks.c b/src/socks.c index 4dbdbb7..6220dca 100644 --- a/src/socks.c +++ b/src/socks.c @@ -18,7 +18,7 @@ unsigned char * commands[] = {(unsigned char *)"UNKNOWN", (unsigned char *)"CONN static void printcommand(unsigned char * buf, int command, struct clientparam *param){ sprintf((char *)buf, "%s ", commands[command]); if(param->hostname){ - sprintf((char *)buf + strlen((char *)buf), "%.265s", param->hostname); + sprintf((char *)buf + strlen((char *)buf), "%.256s", param->hostname); } else myinet_ntop(*SAFAMILY(¶m->req), SAADDR(¶m->req), (char *)buf + strlen((char *)buf), 64); diff --git a/src/structures.h b/src/structures.h index 9705f1d..a2f5ba7 100644 --- a/src/structures.h +++ b/src/structures.h @@ -168,10 +168,10 @@ typedef enum { typedef enum { - S_NOSERVICE, + S_NOSERVICE = 0, S_PROXY, S_TCPPM, - S_POP3P, + S_POP3P = 3, S_SOCKS4 = 4, /* =4 */ S_SOCKS5 = 5, /* =5 */ S_UDPPM, @@ -184,7 +184,8 @@ typedef enum { S_REVLI, S_REVCO, S_ZOMBIE, - S_AUTO + S_AUTO, + S_TLSPR }PROXYSERVICE; struct clientparam; @@ -279,7 +280,8 @@ typedef enum { R_SOCKS4B, R_SOCKS5B, R_ADMIN, - R_EXTIP + R_EXTIP, + R_TLS } REDIRTYPE; struct chain { @@ -487,6 +489,7 @@ struct srvparam { int anonymous; int clisockopts, srvsockopts, lissockopts, cbcsockopts, cbssockopts; int gracetraf, gracenum, gracedelay; + int requirecert; #ifdef WITHSPLICE int usesplice; #endif diff --git a/src/tlspr.c b/src/tlspr.c new file mode 100644 index 0000000..b337ecf --- /dev/null +++ b/src/tlspr.c @@ -0,0 +1,292 @@ +/* + 3APA3A simpliest proxy server + (c) 2002-2021 by Vladimir Dubrovin <3proxy@3proxy.org> + + please read License Agreement + +*/ + +#include "proxy.h" + +#ifndef PORTMAP +#define PORTMAP +#endif +#define RETURN(xxx) { param->res = xxx; goto CLEANRET; } + +unsigned size16(unsigned char *buf){ + unsigned res; + res = (((unsigned)buf[0]) << 8) + +buf[1]; + return res; +} + +int readtls(struct clientparam *param, int direction, unsigned char *buf, int bufsize){ + int res = 0; + int len; + + if(bufsize < 3) return -1; + res = sockgetlinebuf(param, direction, buf, 3, EOF, conf.timeouts[STRING_S]); + if(res !=3 || buf[0] != 22 || buf[1] != 3) return -2; + len = size16(buf+3); + if((len+3) > bufsize) return -3; + res = sockgetlinebuf(param, direction, buf+3, len, EOF, conf.timeouts[STRING_S]); + if(res != len) return -4; + return len+3; +} + +#define BSIZE (4096) +#define SNILEN (256) +#define PROTOLEN (32) + + +int parsehello(int type, unsigned char *hello, int len, unsigned char *sni, int *lv, unsigned char * proto){ + int hlen; + unsigned offset; + int slen; + int cslen; + int elen; + int snllen, snlen, alpnlen; + int snifound=0; + + if(len < 64) return -1; + if(hello[5] != type) return -2; + if(hello[6] != 0) return -3; + hlen = size16(hello+7); + if((hlen+9) != len) return -4; + offset = 9; + if(hello[offset] != 3) return -5; + *lv = hello[offset+1]; + offset += 34; + slen = hello[offset]; + if((offset + slen + 3) > len) return -6; + offset += (slen+1); + if(type == 1){ + cslen = size16(hello+offset); + if((offset + cslen + 3) > len) return -7; + offset += (cslen+2); + cslen = hello[offset]; + if((offset + cslen + 3) > len) return -8; + offset += (cslen+1); + } + else if(type == 2){ + offset += 3; + } + elen = size16(hello+offset); + offset += 2; + if(elen+offset != len) return -9; + while(elen > 1){ + int xlen; + xlen = size16(hello+offset+2); + if(xlen+4 > elen) return -10; + if(type == 1 && hello[offset] == 0 && hello[offset+1] == 0){ + snllen=size16(hello+offset+4); + if(snllen>3){ + if(snllen+2 != xlen) return -12; + if(hello[offset+6] != 0) return -13; + snlen=size16(hello+offset+7); + if(snlen + 3 > snllen) return -14; + if(snlen+1 > SNILEN) return -15; + memcpy(sni, hello + offset + 9, snlen); + sni[snlen] = 0; + snifound = snlen; + } + } + else if(hello[offset] == 0 && hello[offset+1] == 43){ + if(xlen>2){ + *lv = hello[offset+6]; + } + else if(xlen==2){ + *lv = hello[offset+5]; + } + } + else if(hello[offset] == 0 && hello[offset+1] == 16){ + alpnlen=hello[offset+6]; + if(alpnlen+7>elen) return -16; + if(alpnlen+1>PROTOLEN) return -17; + memcpy(proto, hello+offset+7, alpnlen); + proto[alpnlen] = 0; + } + offset += (xlen+4); + elen -= (xlen+4); + } + return snifound; +} + +int tlstobufcli(struct clientparam *param, int offset){ + int len, newlen; + if(!param->clibuf){ + if(!(param->clibuf = myalloc(SRVBUFSIZE))) return -1; + param->clibufsize = SRVBUFSIZE; + param->clioffset = param->cliinbuf = 0; + } + if(param->srvinbuf != param->srvoffset){ + len = socksend(param, param->clisock, param->srvbuf+param->srvoffset,param->srvinbuf-param->srvoffset, conf.timeouts[STRING_S]); + if(len != param->srvinbuf-param->srvoffset){ + return -2; + } + param->srvinbuf = param->srvoffset = 0; + } + len = sockfillbuffcli(param, 5, conf.timeouts[STRING_S]); + if(len < 5) return -2; + if(param->clibuf[1] != 3) { + return -3; + } + else { + len = 5 + size16(param->clibuf+3); + if(len > param->clibufsize) return -4; + for(newlen=param->cliinbuf; newlen < len; newlen=param->cliinbuf){ + sockfillbuffcli(param, len, conf.timeouts[STRING_S]); + if(param->cliinbuf <= newlen) return -5; + } + } + return len; +} + +int tlstobufsrv(struct clientparam *param, int offset){ + int len, newlen; + + if(param->cliinbuf != param->clioffset){ + len = socksend(param, param->remsock, param->clibuf+param->clioffset,param->cliinbuf-param->clioffset, conf.timeouts[STRING_S]); + if(len != param->cliinbuf-param->clioffset){ + return -1; + } + param->cliinbuf = param->clioffset = 0; + } + if(!param->srvbuf){ + if(!(param->srvbuf = myalloc(SRVBUFSIZE))) return -1; + param->srvbufsize = SRVBUFSIZE; + param->srvoffset = param->srvinbuf = 0; + } + len = sockfillbuffsrv(param, offset+5, conf.timeouts[STRING_S]); + if(len < offset+5) return -3; + if(param->srvbuf[offset+1] != 3) { + return -4; + } + else { + len = offset + 5 + size16(param->srvbuf+offset+3); + if(len > param->srvbufsize) return -5; + for(newlen=param->srvinbuf; newlen < len; newlen=param->srvinbuf){ + sockfillbuffsrv(param, len, conf.timeouts[STRING_S]); + if(param->srvinbuf <= newlen) return -6; + } + } + return len-offset; +} + +void * tlsprchild(struct clientparam* param) { + int res; + unsigned char sni[SNILEN]; + char req[SNILEN+PROTOLEN+16]; + int lv=-1; + unsigned char proto[PROTOLEN]="-"; + + res = tlstobufcli(param, 0); + if(res <= 0 || param->clibuf[0] != 22){ + if(param->srv->requirecert)RETURN(300-res); + } + else { + lv = param->clibuf[2]; + res = parsehello(1, param->clibuf, res, sni, &lv, proto); + if(res > 0){ + if(param->hostname){ + myfree(param->hostname); + param->hostname = NULL; + } + else if (parsehostname(sni, param, param->srv->targetport? param->srv->targetport:443)) RETURN (100); + if (!param->hostname)param->hostname = mystrdup((char *)sni); + } + else if (res < 0 && param->srv->requirecert) RETURN(310-res); + } + param->operation = CONNECT; + param->redirectfunc = NULL; + res = (*param->srv->authfunc)(param); + if(res) {RETURN(res);} + if (param->npredatfilters){ + int action; + action = handlepredatflt(param); + if(action == HANDLED){ + RETURN(0); + } + if(action != PASS) RETURN(19); + } + if(param->redirectfunc && param->redirectfunc != tlsprchild){ + return (*param->redirectfunc)(param); + } + + if(param->srv->requirecert > 1){ + res = tlstobufsrv(param, 0); + if(res <= 0 || param->srvbuf[0] != 22) RETURN(340-res); + lv = param->srvbuf[2]; + res = parsehello(2, param->srvbuf, res, sni, &lv, proto); + if (res < 0) RETURN(350-res); + } + if(param->srv->requirecert > 2){ + if(lv > 3) RETURN(370); + int srvcert=0, clicert=0, reqcert=0, len, rlen, done; + for(done=0;!done;) { + len = param->srvinbuf; + if(socksend(param, param->clisock, param->srvbuf,len, conf.timeouts[STRING_S]) != len) RETURN(371); + param->srvinbuf = 0; + res = tlstobufsrv(param, 0); + if(res <= 0) RETURN(380-res); + if(param->srvbuf[0]!= 22) break; + switch(param->srvbuf[5]){ + case 11: + /* process server certificates here */ + if(param->srvbuf[6]||param->srvbuf[7]||param->srvbuf[8]>64) srvcert = 1; + break; + case 13: + reqcert = 1; + break; + case 14: + done = 1; + break; + default: + break; + } + } + if(!srvcert) RETURN(373); + if(param->srv->requirecert > 3){ + if(!reqcert) RETURN(374); + for(done=0;!done;) { + res = tlstobufcli(param, 0); + if(res <= 0) RETURN(390-res); + len = res; + if(param->clibuf[0]!= 22) break; + switch(param->clibuf[5]){ + case 11: + /* process client certificates here */ + if(param->clibuf[6]||param->clibuf[7]||param->clibuf[8]>64)clicert = 1; + break; + case 14: + done = 1; + break; + default: + break; + } + if(done) break; + if(socksend(param, param->remsock, param->clibuf,len, conf.timeouts[STRING_S]) != len) RETURN(375); + param->cliinbuf = 0; + } + if(!clicert) RETURN(375); + } + } + + RETURN (mapsocket(param, conf.timeouts[CONNECTION_L])); +CLEANRET: + + sprintf(req, "%sv%d.%d %s %s", lv<0?"NONE":lv?"TLS":"SSL", lv<0?0:lv?1:3, lv<0?0:lv?lv-1:0, param->hostname?param->hostname:"-", proto); + dolog(param, req); + freeparam(param); + return (NULL); +} + +#ifdef WITHMAIN +struct proxydef childdef = { + tlsprchild, + 1443, + 0, + S_TLSPR, + "" +}; +#include "proxymain.c" +#endif