bughz/3proxy
1
0
Fork 0
mirror of https://github.com/3proxy/3proxy.git synced 2025-02-22 18:15:41 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

initial import to git

Browse Source
This commit is contained in:
z3APA3A 2014-04-08 13:03:21 +04:00
commit a060376f1e
217 changed files with 64253 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
.gitattributes vendored Normal file
View File

@ -0,0 +1,22 @@
# Auto detect text files and perform LF normalization
* text=auto
# Custom for Visual Studio
*.cs diff=csharp
*.sln merge=union
*.csproj merge=union
*.vbproj merge=union
*.fsproj merge=union
*.dbproj merge=union
# Standard to msysgit
*.doc diff=astextplain
*.DOC diff=astextplain
*.docx diff=astextplain
*.DOCX diff=astextplain
*.dot diff=astextplain
*.DOT diff=astextplain
*.pdf diff=astextplain
*.PDF diff=astextplain
*.rtf diff=astextplain
*.RTF diff=astextplain

215
.gitignore vendored Normal file
View File

@ -0,0 +1,215 @@
#################
## Eclipse
#################
*.pydevproject
.project
.metadata
bin/
tmp/
*.tmp
*.bak
*.swp
*~.nib
local.properties
.classpath
.settings/
.loadpath
# External tool builders
.externalToolBuilders/
# Locally stored "Eclipse launch configurations"
*.launch
# CDT-specific
.cproject
# PDT-specific
.buildpath
#################
## Visual Studio
#################
## Ignore Visual Studio temporary files, build results, and
## files generated by popular Visual Studio add-ons.
# User-specific files
*.suo
*.user
*.sln.docstates
# Build results
[Dd]ebug/
[Rr]elease/
x64/
build/
[Bb]in/
[Oo]bj/
# MSTest test Results
[Tt]est[Rr]esult*/
[Bb]uild[Ll]og.*
*_i.c
*_p.c
*.ilk
*.meta
*.obj
*.pch
*.pdb
*.pgc
*.pgd
*.rsp
*.sbr
*.tlb
*.tli
*.tlh
*.tmp
*.tmp_proj
*.log
*.vspscc
*.vssscc
.builds
*.pidb
*.log
*.scc
# Visual C++ cache files
ipch/
*.aps
*.ncb
*.opensdf
*.sdf
*.cachefile
# Visual Studio profiler
*.psess
*.vsp
*.vspx
# Guidance Automation Toolkit
*.gpState
# ReSharper is a .NET coding add-in
_ReSharper*/
*.[Rr]e[Ss]harper
# TeamCity is a build add-in
_TeamCity*
# DotCover is a Code Coverage Tool
*.dotCover
# NCrunch
*.ncrunch*
.*crunch*.local.xml
# Installshield output folder
[Ee]xpress/
# DocProject is a documentation generator add-in
DocProject/buildhelp/
DocProject/Help/*.HxT
DocProject/Help/*.HxC
DocProject/Help/*.hhc
DocProject/Help/*.hhk
DocProject/Help/*.hhp
DocProject/Help/Html2
DocProject/Help/html
# Click-Once directory
publish/
# Publish Web Output
*.Publish.xml
*.pubxml
# NuGet Packages Directory
## TODO: If you have NuGet Package Restore enabled, uncomment the next line
#packages/
# Windows Azure Build Output
csx
*.build.csdef
# Windows Store app package directory
AppPackages/
# Others
sql/
*.Cache
ClientBin/
[Ss]tyle[Cc]op.*
~$*
*~
*.dbmdl
*.[Pp]ublish.xml
*.pfx
*.publishsettings
# RIA/Silverlight projects
Generated_Code/
# Backup & report files from converting an old project file to a newer
# Visual Studio version. Backup files are not needed, because we have git ;-)
_UpgradeReport_Files/
Backup*/
UpgradeLog*.XML
UpgradeLog*.htm
# SQL Server files
App_Data/*.mdf
App_Data/*.ldf
#############
## Windows detritus
#############
# Windows image file caches
Thumbs.db
ehthumbs.db
# Folder config file
Desktop.ini
# Recycle Bin used on file shares
$RECYCLE.BIN/
# Mac crap
.DS_Store
#############
## Python
#############
*.py[co]
# Packages
*.egg
*.egg-info
dist/
build/
eggs/
parts/
var/
sdist/
develop-eggs/
.installed.cfg
# Installer logs
pip-log.txt
# Unit test / coverage reports
.coverage
.tox
#Translations
*.mo
#Mr Developer
.mr.developer.cfg

2215
Changelog Normal file
View File

File diff suppressed because it is too large Load Diff

98
Makefile.Linux Normal file
View File

@ -0,0 +1,98 @@
#$Id: Makefile.Linux,v 1.24 2014-04-07 20:34:57 vlad Exp $
#
# 3 proxy Makefile for GCC/Linux/Cygwin
#
# You can try to remove -DWITH_STD_MALLOC to CFLAGS to use optimized malloc
# libraries
#
# remove -DNOODBC from CFLAGS and add -lodbc to LDFLAGS to compile with ODBC
# library support. Add -DSAFESQL for poorely written ODBC library / drivers.
BUILDDIR =
CC = gcc
CFLAGS = -Wall -g -O2 -c -pthread -DGETHOSTBYNAME_R -D_THREAD_SAFE -D_REENTRANT -DNOODBC -DWITH_STD_MALLOC -DFD_SETSIZE=4096 -DWITH_POLL
COUT = -o
LN = gcc
DCFLAGS = -fpic
LDFLAGS = -Wall -O2 -pthread
DLFLAGS = -shared
DLSUFFICS = .ld.so
# -lpthreads may be reuqired on some platforms instead of -pthreads
LIBS = -lcrypto -lssl -ldl
LNOUT = -o
EXESUFFICS =
OBJSUFFICS = .o
DEFINEOPTION = -D
COMPFILES = *~
REMOVECOMMAND = rm -f
TYPECOMMAND = cat
COMPATLIBS =
MAKEFILE = Makefile.Linux
PLUGINS = SSLPlugin StringsPlugin TrafficPlugin PCREPlugin TransparentPlugin
include Makefile.inc
allplugins:
@list='$(PLUGINS)'; for p in $$list; do cp Makefile Makefile.var plugins/$$p; cd plugins/$$p ; make ; cd ../.. ; done
DESTDIR =
prefix = /usr/local
exec_prefix = $(prefix)
man_prefix = $(prefix)/share
INSTALL = /usr/bin/install
INSTALL_BIN = $(INSTALL) -m 755
INSTALL_DATA = $(INSTALL) -m 644
INSTALL_OBJS = src/3proxy \
src/countersutil \
src/dighosts \
src/ftppr \
src/mycrypt \
src/pop3p \
src/proxy \
src/socks \
src/tcppm \
src/udppm
INSTALL_CFG_OBJS = scripts/3proxy.cfg \
scripts/add3proxyuser.sh
INSTALL_CFG_DEST = config
INSTALL_CFG_OBJS2 = passwd counters bandlimiters
MANDIR1 = $(DESTDIR)$(man_prefix)/man/man1
MANDIR3 = $(DESTDIR)$(man_prefix)/man/man3
MANDIR8 = $(DESTDIR)$(man_prefix)/man/man8
BINDIR = $(DESTDIR)$(exec_prefix)/bin
ETCDIR = $(DESTDIR)$(prefix)/etc/3proxy
install-bin:
$(INSTALL_BIN) -d $(BINDIR)
$(INSTALL_BIN) -s $(INSTALL_OBJS) $(BINDIR)
install-etc-dir:
$(INSTALL_BIN) -d $(ETCDIR)
install-etc-default-config:
if [ -f $(ETCDIR)/$(INSTALL_CFG_DEST) ]; then \
: ; \
else \
$(INSTALL_DATA) $(INSTALL_CFG_OBJS) $(ETCDIR)/$(INSTALL_CFG_DEST) \
fi
install-etc: install-etc-dir
for file in $(INSTALL_CFG_OBJS2); \
do \
touch $(ETCDIR)/$$file; chmod 0600 $(ETCDIR)/$$file; \
done;
install-man:
$(INSTALL_BIN) -d $(MANDIR3)
$(INSTALL_BIN) -d $(MANDIR8)
$(INSTALL_DATA) man/*.3 $(MANDIR3)
$(INSTALL_DATA) man/*.8 $(MANDIR8)
install: install-bin install-etc install-man

35
Makefile.Solaris Normal file
View File

@ -0,0 +1,35 @@
#$Id: Makefile.Solaris,v 1.18 2008/09/30 13:58:44 vlad Exp $
#
# 3 proxy Makefile for Solaris/SunCC
#
# You can try to remove -DWITH_STD_MALLOC to CFLAGS to use optimized malloc
# libraries
#
# remove -DNOODBC from CFLAGS and add -lodbc to LDFLAGS to compile with ODBC
# library support. Add -DSAFESQL for poorely written ODBC library / drivers.
BUILDDIR =
CC = cc
CFLAGS = -xO3 -c -D_SOLARIS -D_THREAD_SAFE -DGETHOSTBYNAME_R -D_REENTRANT -DNOODBC -DWITH_STD_MALLOC -DFD_SETSIZE=4096 -DWITH_POLL
COUT = -o ./
LN = cc
LDFLAGS = -xO3
DCFLAGS = -fpic
DLFLAGS = -shared
DLSUFFICS = .ld.so
LIBS = -lpthread -lsocket -lnsl -lresolv -ldl
LNOUT = -o ./
EXESUFFICS =
OBJSUFFICS = .o
DEFINEOPTION = -D
COMPFILES = *~
REMOVECOMMAND = rm -f
TYPECOMMAND = cat
COMPATLIBS =
MAKEFILE = Makefile.Solaris
PLUGINS = StringsPlugin TrafficPlugin PCREPlugin
include Makefile.inc
allplugins:
@list='$(PLUGINS)'; for p in $$list; do cp Makefile Makefile.var plugins/$$p; cd plugins/$$p ; make ; cd ../.. ; done

36
Makefile.Solaris-gcc Normal file
View File

@ -0,0 +1,36 @@
#$Id: Makefile.Solaris-gcc,v 1.14 2008/09/30 13:58:44 vlad Exp $
#
# 3 proxy Makefile for Solaris/gcc
#
# You can try to remove -DWITH_STD_MALLOC to CFLAGS to use optimized malloc
# libraries
#
# remove -DNOODBC from CFLAGS and add -lodbc to LDFLAGS to compile with ODBC
# library support. Add -DSAFESQL for poorely written ODBC library / drivers.
BUILDDIR =
CC = gcc
CFLAGS = -O3 -c -D_SOLARIS -D_THREAD_SAFE -DGETHOSTBYNAME_R -D_REENTRANT -DNOODBC -DWITH_STD_MALLOC -DFD_SETSIZE=4096 -DWITH_POLL
COUT = -o ./
LN = gcc
LDFLAGS = -O3
DCFLAGS = -fpic
DLFLAGS = -shared
DLSUFFICS = .ld.so
LIBS = -lpthread -lsocket -lnsl -lresolv -ldl
LNOUT = -o ./
EXESUFFICS =
OBJSUFFICS = .o
DEFINEOPTION = -D
COMPFILES = *~
REMOVECOMMAND = rm -f
TYPECOMMAND = cat
COMPATLIBS =
MAKEFILE = Makefile.Solaris-gcc
PLUGINS = StringsPlugin TrafficPlugin PCREPlugin
include Makefile.inc
allplugins:
@list='$(PLUGINS)'; for p in $$list; do cp Makefile Makefile.var plugins/$$p; cd plugins/$$p ; make ; cd ../.. ; done

2
Makefile.am Normal file
View File

@ -0,0 +1,2 @@
SUBDIRS = src man
EXTRA_DIST = doc cfg

35
Makefile.ccc Normal file
View File

@ -0,0 +1,35 @@
#$Id: Makefile.ccc,v 1.12 2007/04/10 16:29:25 vlad Exp $
#
# 3 proxy Makefile for Compaq C Compiler
#
# You can try to remove -DWITH_STD_MALLOC to CFLAGS to use optimized malloc
# libraries
#
# remove -DNOODBC from CFLAGS and add -lodbc to LDFLAGS to compile with ODBC
# library support. Add -DSAFESQL for poorely written ODBC library / drivers.
BUILDDIR =
CC = ccc
CFLAGS = -Wall -O2 -c -pthread -D_THREAD_SAFE -DNOODBC -DWITH_STD_MALLOC -DFD_SETSIZE=4096 -WITH_POLL
COUT = -o
LN = ccc
LDFLAGS = -Wall -O2 -pthread
DCFLAGS = -fpic
DLFLAGS = -shared
DLSUFFICS = .ld.so
LIBS =
LNOUT = -o
EXESUFFICS =
OBJSUFFICS = .o
DEFINEOPTION = -D
COMPFILES = *~
REMOVECOMMAND = rm -f
TYPECOMMAND = cat
COMPATLIBS =
MAKEFILE = Makefile.ccc
PLUGINS = StringsPlugin TrafficPlugin PCREPlugin
include Makefile.inc
allplugins:
@list='$(PLUGINS)'; for p in $$list; do cp Makefile Makefile.var plugins/$$p; cd plugins/$$p ; make ; cd ../.. ; done

27
Makefile.debug Normal file
View File

@ -0,0 +1,27 @@
#$Id: Makefile.debug,v 1.7 2007/04/18 05:33:19 vlad Exp $
#
# 3 proxy Makefile for Microsoft Visual C compiler (for both make and nmake)
#
# You can try to add /D "WITH_STD_MALLOC" to CFLAGS to use standard malloc
# libraries
BUILDDIR = ../bin/
CC = cl
CFLAGS = /FD /MDd /nologo /W3 /ZI /Wp64 /GS /Gs /RTCsu /EHs- /GA /GF /DEBUG /D "WITH_STD_MALLOC" /D "_DEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "_WIN32" /c
COUT = /Fo
LN = link
LDFLAGS = /nologo /subsystem:console /machine:I386 /DEBUG
LIBS = ws2_32.lib advapi32.lib odbc32.lib user32.lib
LNOUT = /out:
EXESUFFICS = .exe
OBJSUFFICS = .obj
DEFINEOPTION = /D
COMPFILES = *.pch *.idb
REMOVECOMMAND = del 2>NUL >NUL
TYPECOMMAND = type
COMPATLIBS =
MAKEFILE = Makefile.debug
include Makefile.inc
allplugins:

13
Makefile.inc Normal file
View File

@ -0,0 +1,13 @@
#$Id: Makefile.inc,v 1.3 2007/01/23 16:00:26 vlad Exp $
#
# 3 proxy common Makefile
#
all:
$(TYPECOMMAND) $(MAKEFILE) > src/Makefile.var
@cd src && $(MAKE)
clean:
@$(REMOVECOMMAND) *$(OBJSUFFICS) $(COMPFILES)
@cd src && $(MAKE) clean

34
Makefile.intl Normal file
View File

@ -0,0 +1,34 @@
#$Id: Makefile.intl,v 1.8 2007/07/21 18:47:00 vlad Exp $
#
# 3 proxy Makefile for Intel C compiler for Windows (for both make and nmake)
#
# You can try to remove -DWITH_STD_MALLOC to CFLAGS to use optimized malloc
# libraries
#
# Add /DSAFESQL to CFLAGS if you are using poorely written/tested ODBC driver
BUILDDIR = ../bin/
CC = icl
CFLAGS = /nologo /MD /W3 /G6 /GX /O2 /D "WITH_STD_MALLOC" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "_WIN32" /Fp"proxy.pch" /YX /FD /c
COUT = /Fo
LN = xilink
LDFLAGS = /nologo /subsystem:console /incremental:no /machine:I386
LIBS = ws2_32.lib advapi32.lib odbc32.lib user32.lib
DLFLAGS = /DLL
DLSUFFICS = .dll
LNOUT = /out:
EXESUFFICS = .exe
OBJSUFFICS = .obj
DEFINEOPTION = /D
COMPFILES = *.pch *.idb
REMOVECOMMAND = del 2>NUL
TYPECOMMAND = type
COMPATLIBS =
MAKEFILE = Makefile.intl
PLUGINS = WindowsAuthentication TrafficPlugin PCREPlugin
include Makefile.inc
allplugins:
for /D %%i in ($(PLUGINS)) do (copy Makefile Makefile.var plugins\%%i && cd plugins\%%i && nmake && del *.obj *.idb &&cd ..\..)

36
Makefile.msvc Normal file
View File

@ -0,0 +1,36 @@
#$Id: Makefile.msvc,v 1.17 2010-11-11 14:44:11 v.dubrovin Exp $
#
# 3 proxy Makefile for Microsoft Visual C compiler (for both make and nmake)
#
# You can try to remove -DWITH_STD_MALLOC to CFLAGS to use optimized malloc
# libraries
#
# Add /DSAFESQL to CFLAGS if you are using poorely written/tested ODBC driver
BUILDDIR = ../bin/
CC = cl
CFLAGS = /nologo /MT /W3 /Ox /GS /EHs- /GA /GF /D "MSVC" /D "WITH_STD_MALLOC" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "_WIN32" /Fp"proxy.pch" /FD /c
COUT = /Fo
LN = link
LDFLAGS = /nologo /subsystem:console /incremental:no /machine:I386
DLFLAGS = /DLL
DLSUFFICS = .dll
LIBS = ws2_32.lib advapi32.lib odbc32.lib user32.lib kernel32.lib Gdi32.lib libeay32MT.lib ssleay32MT.lib
LIBEXT = .lib
LNOUT = /out:
EXESUFFICS = .exe
OBJSUFFICS = .obj
DEFINEOPTION = /D
COMPFILES = *.pch *.idb
REMOVECOMMAND = del 2>NUL >NUL
TYPECOMMAND = type
COMPATLIBS =
MAKEFILE = Makefile.msvc
PLUGINS = utf8tocp1251 WindowsAuthentication TrafficPlugin StringsPlugin PCREPlugin lastFripper FilePlugin
include Makefile.inc
allplugins:
for /D %%i in ($(PLUGINS)) do (copy Makefile plugins\%%i && copy Makefile.var plugins\%%i && cd plugins\%%i && nmake && del *.obj *.idb &&cd ..\..)

35
Makefile.msvc64 Normal file
View File

@ -0,0 +1,35 @@
#$Id: Makefile.msvc64,v 1.14 2007/07/21 18:47:05 vlad Exp $
#
# 3 proxy Makefile for Microsoft Visual C compiler (for both make and nmake)
#
# You can try to remove -DWITH_STD_MALLOC to CFLAGS to use optimized malloc
# libraries
#
# Add /DSAFESQL to CFLAGS if you are using poorely written/tested ODBC driver
BUILDDIR = ../bin64/
CC = cl
CFLAGS = /nologo /MT /W3 /Ox /EHs- /GS /GA /GF /D "MSVC" /D "WITH_STD_MALLOC" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "_WIN32" /Fp"proxy.pch" /FD /c
COUT = /Fo
LN = link
LDFLAGS = /nologo /subsystem:console /incremental:no /machine:x64
DLFLAGS = /DLL
DLSUFFICS = .dll
LIBS = ws2_32.lib advapi32.lib odbc32.lib user32.lib kernel32.lib Gdi32.lib libeay32MT.lib ssleay32MT.lib
LIBEXT = .lib
LNOUT = /out:
EXESUFFICS = .exe
OBJSUFFICS = .obj
DEFINEOPTION = /D
COMPFILES = *.pch *.idb
REMOVECOMMAND = del 2>NUL >NUL
TYPECOMMAND = type
COMPATLIBS =
MAKEFILE = Makefile.msvc64
PLUGINS = utf8tocp1251 WindowsAuthentication TrafficPlugin StringsPlugin PCREPlugin
include Makefile.inc
allplugins:
for /D %%i in ($(PLUGINS)) do (copy Makefile plugins\%%i && copy Makefile.var plugins\%%i && cd plugins\%%i && nmake && del *.obj *.idb &&cd ..\..)

36
Makefile.msvcCE Normal file
View File

@ -0,0 +1,36 @@
#$Id: Makefile.msvc,v 1.14 2007/07/21 18:47:02 vlad Exp $
#
# 3 proxy Makefile for Microsoft Visual C compiler (for both make and nmake)
#
# You can try to remove -DWITH_STD_MALLOC to CFLAGS to use optimized malloc
# libraries
#
# Add /DSAFESQL to CFLAGS if you are using poorely written/tested ODBC driver
BUILDDIR = ../bin/
CC = cl
CFLAGS = /DARM /D "NOODBC" /nologo /MT /W3 /Wp64 /Ox /GS /EHs- /GA /GF /D "MSVC" /D "_WINCE" /D "WITH_STD_MALLOC" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "_WIN32" /Fp"proxy.pch" /FD /c
COUT = /Fo
LN = link
LDFLAGS = /nologo /subsystem:console /incremental:no
DLFLAGS = /DLL
DLSUFFICS = .dll
LIBS = ws2_32.lib advapi32.lib odbc32.lib user32.lib
LIBEXT = .lib
LNOUT = /out:
EXESUFFICS = .exe
OBJSUFFICS = .obj
DEFINEOPTION = /D
COMPFILES = *.pch *.idb
REMOVECOMMAND = del 2>NUL >NUL
TYPECOMMAND = type
COMPATLIBS =
MAKEFILE = Makefile.msvc
PLUGINS = WindowsAuthentication TrafficPlugin StringsPlugin PCREPlugin
include Makefile.inc
allplugins:
for /D %%i in ($(PLUGINS)) do (copy Makefile plugins\%%i && copy Makefile.var plugins\%%i && cd plugins\%%i && nmake && del *.obj *.idb &&cd ..\..)

58
Makefile.unix Normal file
View File

@ -0,0 +1,58 @@
#$Id: Makefile.unix,v 1.20 2007/04/10 16:29:25 vlad Exp $
#
# 3 proxy Makefile for GCC/Unix
#
# You can try to remove -DWITH_STD_MALLOC to CFLAGS to use optimized malloc
# libraries
#
# remove -DNOODBC from CFLAGS and add -lodbc to LDFLAGS to compile with ODBC
# library support. Add -DSAFESQL for poorely written ODBC library / drivers.
BUILDDIR =
CC = gcc
# you may need -L/usr/pkg/lib for older NetBSD versions
CFLAGS = -Wall -g -O2 -c -pthread -D_THREAD_SAFE -D_REENTRANT -DNOODBC -DWITH_STD_MALLOC -DFD_SETSIZE=4096 -DWITH_POLL
COUT = -o
LN = gcc
LDFLAGS = -Wall -O2 -pthread
# -lpthreads may be reuqired on some platforms instead of -pthreads
# -ldl or -lld may be required for some platforms
DCFLAGS = -fpic
DLFLAGS = -shared
DLSUFFICS = .ld.so
LIBS =
LNOUT = -o
EXESUFFICS =
OBJSUFFICS = .o
DEFINEOPTION = -D
COMPFILES = *~
REMOVECOMMAND = rm -f
TYPECOMMAND = cat
COMPATLIBS =
MAKEFILE = Makefile.unix
PLUGINS = StringsPlugin TrafficPlugin PCREPlugin
include Makefile.inc
install: all
if [ ! -d /usr/local/etc/3proxy/bin ]; then mkdir -p /usr/local/etc/3proxy/bin/; fi
install src/3proxy /usr/local/etc/3proxy/bin/3proxy
install src/mycrypt /usr/local/etc/3proxy/bin/mycrypt
install scripts/rc.d/proxy.sh /usr/local/etc/rc.d/proxy.sh
install scripts/add3proxyuser.sh /usr/local/etc/3proxy/bin/
if [ -s /usr/local/etc/3proxy/3proxy.cfg ]; then
echo /usr/local/etc/3proxy/3proxy.cfg already exists
else
install scripts/3proxy.cfg /usr/local/etc/3proxy/
if [ ! -d /var/log/3proxy/ ]; then
mkdir /var/log/3proxy/
fi
touch /usr/local/etc/3proxy/passwd
touch /usr/local/etc/3proxy/counters
touch /usr/local/etc/3proxy/bandlimiters
echo Run /usr/local/etc/3proxy/bin/add3proxyuser.sh to add \'admin\' user
fi
allplugins:
@list='$(PLUGINS)'; for p in $$list; do cp Makefile Makefile.var plugins/$$p; cd plugins/$$p ; make ; cd ../.. ; done

61
Makefile.unix-install Normal file
View File

@ -0,0 +1,61 @@
DESTDIR =
prefix = /usr/local
exec_prefix = $(prefix)
man_prefix = $(prefix)/share
INSTALL = /usr/bin/install
INSTALL_BIN = $(INSTALL) -m 755
INSTALL_DATA = $(INSTALL) -m 644
INSTALL_OBJS = src/3proxy \
src/countersutil \
src/dighosts \
src/ftppr \
src/mycrypt \
src/pop3p \
src/proxy \
src/socks \
src/tcppm \
src/udppm \
scripts/add3proxyuser.sh
INSTALL_CFG_OBJS = scripts/3proxy.cfg
INSTALL_CFG_DEST = config
INSTALL_CFG_OBJS2 = passwd counters bandlimiters
MANDIR1 = $(DESTDIR)$(man_prefix)/man/man1
MANDIR3 = $(DESTDIR)$(man_prefix)/man/man3
MANDIR8 = $(DESTDIR)$(man_prefix)/man/man8
BINDIR = $(DESTDIR)$(exec_prefix)/bin
ETCDIR = $(DESTDIR)$(prefix)/etc/3proxy
install-bin:
$(INSTALL_BIN) -d $(BINDIR)
$(INSTALL_BIN) -s $(INSTALL_OBJS) $(BINDIR)
install-etc-dir:
$(INSTALL_BIN) -d $(ETCDIR)
install-etc-default-config:
if [ -f $(ETCDIR)/$(INSTALL_CFG_DEST) ]; then \
: ; \
else \
$(INSTALL_DATA) $(INSTALL_CFG_OBJS) $(ETCDIR)/$(INSTALL_CFG_DEST) \
fi
install-etc: install-etc-dir
for file in $(INSTALL_CFG_OBJS2); \
do \
touch $(ETCDIR)/$$file; chmod 0600 $(ETCDIR)/$$file; \
done;
install-man:
$(INSTALL_BIN) -d $(MANDIR1)
$(INSTALL_BIN) -d $(MANDIR3)
$(INSTALL_BIN) -d $(MANDIR8)
$(INSTALL_DATA) man/*.1 $(MANDIR1)
$(INSTALL_DATA) man/*.3 $(MANDIR3)
$(INSTALL_DATA) man/*.8 $(MANDIR8)
install: install-bin install-etc install-man

35
Makefile.win Normal file
View File

@ -0,0 +1,35 @@
#$Id: Makefile.win,v 1.9 2007/08/20 15:26:27 vlad Exp $
#
# 3 proxy Makefile for GCC/windows
#
# You can try to remove -DWITH_STD_MALLOC to CFLAGS to use optimized malloc
# libraries
#
# remove -DNOODBC from CFLAGS and add -lodbc to LDFLAGS to compile with ODBC
# library support
BUILDDIR = ../bin/
CC = gcc
CFLAGS = -O2 -s -c -mthreads -DWITH_STD_MALLOC
COUT = -o
LN = gcc
LDFLAGS = -O2 -s -mthreads
DLFLAGS = -shared
DLSUFFICS = .dll
LIBS = -lws2_32 -lodbc32 -ladvapi32
LNOUT = -o
EXESUFFICS = .exe
OBJSUFFICS = .o
DEFINEOPTION = -D
COMPFILES = *.tmp
REMOVECOMMAND = rm -f
TYPECOMMAND = cat
COMPATLIBS =
MAKEFILE = Makefile.win
PLUGINS = utf8tocp1251 WindowsAuthentication TrafficPlugin StringsPlugin PCREPlugin
include Makefile.inc
allplugins:
@list='$(PLUGINS)'; for p in $$list; do cp Makefile Makefile.var plugins/$$p; cd plugins/$$p ; make ; rm *.o ; cd ../.. ; done

35
Makefile.winCE Normal file
View File

@ -0,0 +1,35 @@
#$Id: Makefile.win,v 1.9 2007/08/20 15:26:27 vlad Exp $
#
# 3 proxy Makefile for GCC/windows
#
# You can try to remove -DWITH_STD_MALLOC to CFLAGS to use optimized malloc
# libraries
#
# remove -DNOODBC from CFLAGS and add -lodbc to LDFLAGS to compile with ODBC
# library support
BUILDDIR = ../bin/
CC = /opt/cegcc/arm-wince-cegcc/bin/gcc
CFLAGS = -Wall -O2 -s -c -mthreads -DWITH_STD_MALLOC -DNOODBC -D_WINCE -D_WIN32 -D__USE_W32_SOCKETS
COUT = -o
LN = /opt/cegcc/arm-wince-cegcc/bin/gcc
LDFLAGS = -Wall -O2 -s -mthreads
DLFLAGS = -shared
DLSUFFICS = .dll
LIBS = -lws2
LNOUT = -o
EXESUFFICS = .exe
OBJSUFFICS = .o
DEFINEOPTION = -D
COMPFILES = *.tmp
REMOVECOMMAND = rm -f
TYPECOMMAND = more
COMPATLIBS =
MAKEFILE = Makefile.winCE
PLUGINS = TrafficPlugin StringsPlugin PCREPlugin
include Makefile.inc
allplugins:
@list='$(PLUGINS)'; for p in $$list; do cp Makefile Makefile.var plugins/$$p; cd plugins/$$p ; make ; rm *.o ; cd ../.. ; done

67
Readme Normal file
View File

@ -0,0 +1,67 @@
/*
3APA3A 3proxy tiny proxy server
(c) 2002-2009 by ZARAZA <3APA3A@security.nnov.ru>,
Vladimir Dubrovin <vlad@sandy.ru>
please read License Agreement
$Id: Readme,v 1.8 2009/03/18 17:46:22 vlad Exp $
*/
Please read doc/html/index.html and man pages.
3proxy Combined proxy server may be used as
Windows 95/98/NT/2000/XP/2003/Vista
executable or service (supports installation and removal).
It uses config file to read it's configuration (see
3proxy.cfg.sample for details).
--install installs and starts proxy as NT/2000/XP service
(config file should be located in the same directory)
--remove removes the service (should be stopped before via
net stop 3proxy).
3proxy.exe is all-in-one, it doesn't require all others .exe
to work.
See 3proxy.cfg.sample for examples, see man 3proxy.cfg
proxy HTTP proxy server, binds to port 3128
ftppr FTP proxy server, binds to port 21
socks SOCKS 4/5 proxy server, binds to port 1080
ftppr FTP proxy server, please do not mess it with FTP over HTTP
proxy used in browsers
pop3p POP3 proxy server, binds to port 110. You must specify
POP3 username as username@target.host.ip[:port]
port is 110 by default.
Exmple: in Username configuration for you e-mail reader
set someuser@pop.somehost.ru, to obtains mail for someuser
from pop.somehost.ru via proxy.
smtpp SMTP proxy server, binds to port 25. You must specify
SMTP username as username@target.host.ip[:port]
port is 25 by default.
Exmple: in Username configuration for you e-mail reader
set someuser@mail.somehost.ru, to send mail as someuser
via mail.somehost.ru via proxy.
icqpr ICQ/AIM proxy. Maps some TCP port to TCP port of ICQ
server and performs packets translation. Example:
icqpr 5190 login.icq.com 5190
msnpr MSN proxy (beta)
tcppm TCP port mapping. Maps some TCP port on local machine to
TCP port on remote host.
udppm UDP port mapping. Maps some UDP port on local machine to
UDP port on remote machine. Only one user simulationeously
can use UDP mapping, so it cann't be used for public service
in large networks. It's OK to use it to map to DNS server
in small network or to map Counter-Strike server for single
client (you can use few mappings on different ports for
different clients in last case).
mycrypt Program to obtain crypted password fro cleartext. Supports
both MD5/crypt and NT password.
mycrypt password
produces NT password
mycrypt salt password
produces MD5/crypt password with salt "salt".
dighosts Utility for building networks list from web page.
countersutil Utility to manage counters file
Run utility with --help option for command line reference.
Latest version is available from http://3proxy.ru/

1
authors Normal file
View File

@ -0,0 +1 @@
(c) 2002-2007 by ZARAZA <3APA3A@security.nnov.ru>, Vladimir Dubrovin <vlad@sandy.ru>

18
cfg/0.scenario.txt Normal file
View File

@ -0,0 +1,18 @@
Please read doc/config.txt before using 3proxy.
In all examples next scenario is used:
3proxy is installed on multihomed host. IP address of internal interface
is 192.168.1.1. IP address of external interface is 10.1.1.1.
Internal network has few subnetworks for 192.168.0.0/16.
Users are named user1, user2, etc.
You use external DNS server 10.1.2.1 and 10.1.2.2
Provider has networks with free access. A list of networks is published
on the provider's Web server.
Provider has proxy server 10.1.2.5. Traffic from proxy server is not free, but
is cheaper than traffic from non-free networks.
$Id: 0.scenario.txt,v 1.2 2004/07/23 13:33:39 vlad Exp $

202
cfg/3proxy.cfg.sample Normal file
View File

@ -0,0 +1,202 @@
#!/usr/local/bin/3proxy
# Yes, 3proxy.cfg can be executable, in this case you should place
# something like
#config /usr/local/3proxy/3proxy.cfg
# to show which configuration 3proxy should re-read on realod.
#system "echo Hello world!"
# you may use system to execute some external command if proxy starts
# We can configure nservers to avoid unsafe gethostbyname() usage
nserver 10.1.2.1
nserver 10.2.2.2
# nscache is good to save speed, traffic and bandwidth
nscache 65536
#nsrecord porno.security.nnov.ru 0.0.0.0
# nobody will be able to access porno.security.nnov.ru by the name.
#nsrecord wpad.security.nnov.ru www.security.nnov.ru
# wpad.security.nnov.ru will resolve to www.security.nnov.ru for
# clients
timeouts 1 5 30 60 180 1800 15 60
# Here we can change timeout values
users 3APA3A:CL:3apa3a "test:CR:$1$qwer$CHFTUFGqkjue9HyhcMHEe1"
# note that "" required, overvise $... is treated as include file name.
# $1$qwer$CHFTUFGqkjue9HyhcMHEe1 is 'test' in MD5 crypt format.
#users $/usr/local/etc/3proxy/passwd
# this example shows you how to include passwd file. For included files
# <CR> and <LF> are treated as field separators.
#daemon
# now we will not depend on any console (daemonize). daemon must be given
# before any significant command on *nix.
service
# service is required under NT if you want 3proxy to start as service
#log /usr/local/etc/3proxy/logs/3proxy.log D
log c:\3proxy\logs\3proxy.log D
# log allows to specify log file location and rotation, D means logfile
# is created daily
#logformat "L%d-%m-%Y %H:%M:%S %z %N.%p %E %U %C:%c %R:%r %O %I %h %T"
#logformat "Linsert into log (l_date, l_user, l_service, l_in, l_out, l_descr) values ('%d-%m-%Y %H:%M:%S', '%U', '%N', %I, %O, '%T')"
#Compatible with Squid access.log:
#
#"- +_G%t.%. %D %C TCP_MISS/200 %I %1-1T %2-2T %U DIRECT/%R application/unknown"
#or, more compatible format without %D
#"- +_G%t.%. 1 %C TCP_MISS/200 %I %1-1T %2-2T %U DIRECT/%R application/unknown"
#
#Compatible with ISA 2000 proxy WEBEXTD.LOG (fields are TAB-delimited):
#
#"- + L%C %U Unknown Y %Y-%m-%d %H:%M:%S w3proxy 3PROXY - %n %R %r %D %O %I http TCP %1-1T %2-2T - - %E - - -"
#
#Compatible with ISA 2004 proxy WEB.w3c
#
#"- + L%C %U Unknown %Y-%m-%d %H:%M:%S 3PROXY - %n %R %r %D %O %I http %1-1T %2-2T - %E - - Internal External 0x0 Allowed"
#
#Compatible with ISA 2000/2004 firewall FWSEXTD.log (fields are TAB-delimited):
#
#"- + L%C %U unnknown:0:0.0 N %Y-%m-%d %H:%M:%S fwsrv 3PROXY - %n %R %r %D %O %I %r TCP Connect - - - %E - - - - -"
#
#Compatible with HTTPD standard log (Apache and others)
#
#"-""+_L%C - %U [%d/%o/%Y:%H:%M:%S %z] ""%T"" %E %I"
#or more compatible without error code
#"-""+_L%C - %U [%d/%o/%Y:%H:%M:%S %z] ""%T"" 200 %I"
# in log file we want to have underscores instead of spaces
logformat "- +_L%t.%. %N.%p %E %U %C:%c %R:%r %O %I %h %T"
#archiver gz /bin/gzip %F
#archiver zip zip -m -qq %A %F
#archiver zip pkzipc -add -silent -move %A %F
archiver rar rar a -df -inul %A %F
# if archiver specified log file will be compressed after closing.
# you should specify extension, path to archiver and command line, %A will be
# substituted with archive file name, %f - with original file name.
# Original file will not be removed, so archiver should care about it.
rotate 30
# We will keep last 30 log files
auth iponly
#auth nbname
#auth strong
# auth specifies type of user authentication. If you specify none proxy
# will not do anything to check name of the user. If you specify
# nbname proxy will send NetBIOS name request packet to UDP/137 of
# client and parse request for NetBIOS name of messanger service.
# Strong means that proxy will check password. For strong authentication
# unknown user will not be allowed to use proxy regardless of ACL.
# If you do not want username to be checked but wanna ACL to work you should
# specify auth iponly.
#allow ADMINISTRATOR,root
#allow * 127.0.0.1,192.168.1.1 * *
#parent 1000 http 192.168.1.2 80 * * * 80
#allow * 192.168.1.0/24 * 25,53,110,20-21,1024-65535
# we will allow everything if username matches ADMINISTRATOR or root or
# client ip is 127.0.0.1 or 192.168.1.1. Overwise we will redirect any request
# to port 80 to our Web-server 192.168.0.2.
# We will allow any outgoing connections from network 192.168.1.0/24 to
# SMTP, POP3, FTP, DNS and unprivileged ports.
# Note, that redirect may also be used with proxy or portmapper. It will
# allow you to redirect requests to different ports or different server
# for different clients.
# sharing access to internet
external 10.1.1.1
# external is address 3proxy uses for outgoing connections. 0.0.0.0 means any
# interface. Using 0.0.0.0 is not good because it allows to connect to 127.0.0.1
internal 192.168.1.1
# internal is address of interface proxy will listen for incoming requests
# 127.0.0.1 means only localhost will be able to use this proxy. This is
# address you should specify for clients as proxy IP.
# You MAY use 0.0.0.0 but you shouldn't, because it's a chance for you to
# have open proxy in your network in this case.
auth none
# no authentication is requires
dnspr
# dnsproxy listens on UDP/53 to answer client's DNS requests. It requires
# nserver/nscache configuration.
#external $./external.ip
#internal $./internal.ip
# this is just an alternative form fo giving external and internal address
# allows you to read this addresses from files
auth strong
# We want to protect internal interface
deny * * 127.0.0.1,192.168.1.1
# and llow HTTP and HTTPS traffic.
allow * * * 80-88,8080-8088 HTTP
allow * * * 443,8443 HTTPS
proxy -n
auth none
# pop3p will be used without any authentication. It's bad choice
# because it's possible to use pop3p to access any port
pop3p
tcppm 25 mail.my.provider 25
#udppm -s 53 ns.my.provider 53
# we can portmap port TCP/25 to provider's SMTP server and UDP/53
# to provider's DNS.
# Now we can use our proxy as SMTP and DNS server.
# -s switch for UDP means "single packet" service - instead of setting
# association for period of time association will only be set for 1 packet.
# It's very userfull for services like DNS but not for some massive services
# like multimedia streams or online games.
auth strong
flush
allow 3APA3A,test
maxconn 20
socks
# for socks we will use password authentication and different access control -
# we flush previously configured ACL list and create new one to allow users
# test and 3APA3A to connect from any location
auth strong
flush
internal 127.0.0.1
allow 3APA3A 127.0.0.1
maxconn 3
admin
#only allow acces to admin interface for user 3APA3A from 127.0.0.1 address
#via 127.0.0.1 address.
# map external 80 and 443 ports to internal Web server
# examples below show how to use 3proxy to publish Web server in internal
# network to Internet. We must switch internal and external addresses and
# flush any ACLs
#auth none
#flush
#external $./internal.ip
#internal $./external.ip
#maxconn 300
#tcppm 80 websrv 80
#tcppm 443 websrv 443
#chroot /usr/local/jail
#setgid 65535
#setuid 65535
# now we needn't any root rights. We can chroot and setgid/setuid.
###$Id: 3proxy.cfg.sample,v 1.7 2006/11/18 14:37:06 vlad Exp $#######

53
cfg/counters.sample Normal file
View File

@ -0,0 +1,53 @@
# Scenario:
# You're billed for traffic except internal networks
# 192.168.0.0 mask 255.255.0.0 and 10.0.0.0 mask 255.0.0.0.
# If you exceed 2Gb limit you will have very high penalty
#
# You want to have daily report about common amount of external traffic.
# You also need to know amount of Web traffic for every user
# You want to limit Web traffic to 100Mb/day to whole campus and
# to 20MB/day to every user
# see explanations in 3proxy.cfg.sample
internal 192.168.1.1
external 10.1.1.1
nserver 10.1.2.1
nserver 10.2.2.2
nscache 65536
dnspr
# no logging will be used, only traffic reports
# use d:\3proxy\3profy.3cf to store counters data
# generate daily traffic reports in d:\3proxy\traf\
counter "d:\3proxy\3profy.3cf" D "d:\3proxy\traf\traf"
# define users
users "user1:CL:password1" "user2:CL:password2" "user3:CL:password3"
users "user4:CL:password4" "user5:CL:password5" "user6:CL:password6"
# ...
# do not count traffic for 192.168.0.0/16,10.0.0.0/8
nocountin * * 192.168.0.0/16,10.0.0.0/8
# Count external traffic summary for all clients with limit to 100MB/day
countin "1/Test 1" D 100 *
# Count external Web traffic summary for all clients to 1Gb/month
countin "2/Test 2" M 1024 vlad,3APA3A,test 127.0.0.1 * 80,81,8080-8088
# For every user count and limit daily Web traffic to 20 Mb
# There is no way to configure it in a single line, we need a line
# for every user we have
countin "3/User 1" D 20 user1 * * 80,81,8080-8088
countin "4/User 2" D 20 user2 * * 80,81,8080-8088
# ...
countin "202/User 200" D 20 user200 * * 80,81,8080-8088
# enable proxy
auth strong
proxy
# enable administration to user1 from localhost
internal 127.0.0.1
allow user1
admin
#$Id: counters.sample,v 1.2 2004/07/23 13:33:39 vlad Exp $

6
contrib/www3proxy/isqlodbc/Makefile.inc Normal file
View File

@ -0,0 +1,6 @@
all: isqlodbc$(EXESUFFICS)
clean:
@$(REMOVECOMMAND) *$(OBJSUFFICS) $(COMPFILES)
isqlodbc$(EXESUFFICS): isqlodbc$(OBJSUFFICS)
$(LN) $(LNOUT)isqlodbc$(EXESUFFICS) $(LDFLAGS) $(VERFILE) isqlodbc$(OBJSUFFICS) $(COMPATLIBS) $(LIBS)

15
contrib/www3proxy/isqlodbc/Makefile.unix Normal file
View File

@ -0,0 +1,15 @@
CC = gcc
CFLAGS = -I /usr/local/include -DUNIX
COUT = -o
LN = gcc
LDFLAGS =
LIBS =-L /usr/local/lib -lodbc
LNOUT = -o
EXESUFFICS =
OBJSUFFICS = .o
DEFINEOPTION = -D
COMPFILES = *~
REMOVECOMMAND = rm -f
COMPATLIBS =
include Makefile.inc

15
contrib/www3proxy/isqlodbc/Makefile.win Normal file
View File

@ -0,0 +1,15 @@
CC = gcc
CFLAGS = -DWIN32
COUT = -o
LN = gcc
LDFLAGS =
LIBS = -lodbc32
LNOUT = -o
EXESUFFICS =
OBJSUFFICS = .o
DEFINEOPTION = -D
COMPFILES = *~
REMOVECOMMAND = rm -f
COMPATLIBS =
include Makefile.inc

191
contrib/www3proxy/isqlodbc/isqlodbc.c Normal file
View File

@ -0,0 +1,191 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#ifdef WIN32
#include <io.h>
#include <windows.h>
#endif
#ifdef UNIX
#include <sqltypes.h>
#endif
#include <sql.h>
#include <sqlext.h>
#define BUF_LENGTH 65000
/* environment variable */
SQLHENV env=NULL;
SQLHDBC dbc=NULL;
SQLHSTMT stmt=NULL;
SQLHSTMT cstmt=NULL;
unsigned char *dsn;
unsigned char *user;
unsigned char *pass;
RETCODE retcod;
/*description a columns of result of request */
SQLSMALLINT ColumnCount;
unsigned int ColNumber;
unsigned char ColName[SQL_MAX_COLUMN_NAME_LEN];
unsigned int Length;
unsigned int Type;
unsigned int Size;
unsigned int Digits;
unsigned int Nullable;
unsigned char data_buf[BUF_LENGTH];
unsigned long OutData;
/* function print error message*/
void PrintError(HENV env,HDBC dbc,HSTMT stmt,RETCODE retcod)
{
SQLINTEGER nError;
SQLSMALLINT TextLength;
unsigned char BufErrMsg[SQL_MAX_MESSAGE_LENGTH+1];
unsigned char SqlState[128];
SQLError(env,dbc,stmt,SqlState,&nError,BufErrMsg,512, &TextLength);
printf("%s\n" ,BufErrMsg);
}
void sqlquery(SQLHDBC dbc,SQLHSTMT stmt, unsigned char *strquery)
{
retcod=SQLAllocStmt(dbc, &stmt);
retcod=SQLExecDirect(stmt,strquery,SQL_NTS);
if(retcod!=SQL_SUCCESS)
{ PrintError(env,dbc,stmt,retcod);}
SQLNumResultCols(stmt,&ColumnCount);
while(SQLFetch(stmt)==SQL_SUCCESS)
{
for(ColNumber=1; ColNumber<=ColumnCount ; ColNumber++)
{
SQLGetData(stmt,ColNumber,SQL_CHAR,data_buf,BUF_LENGTH,&OutData);
printf("%s|",data_buf);
}
printf("\n",data_buf);
strcpy(data_buf,"");
}
SQLFreeStmt( stmt, SQL_DROP );
}
/* isqlodbc dsn[[,user][,pass]] ["SQLCMD"] */
int main(int argc, char *argv[])
{
unsigned char qbuf[64000];
unsigned char *ptr=NULL;
/* Allocate environment and database connection handles */
retcod=SQLAllocEnv( &env );
if(retcod!=SQL_SUCCESS)
{
PrintError(env,dbc,stmt,retcod);
SQLFreeEnv(env);
return (-1);
}
retcod = SQLAllocConnect( env, &dbc );
if(retcod!=SQL_SUCCESS)
{
PrintError(env,dbc,stmt,retcod);
SQLFreeConnect( dbc );
return (-1);
}
if(argc > 1 )
{
/* parsing command line and get parametrs */
dsn = strtok(argv[1],",");
user = strtok(NULL, ",");
pass = strtok(NULL, ",");
/* Connect from DSN */
retcod=SQLConnect(dbc,dsn,SQL_NTS,user,SQL_NTS,pass,SQL_NTS);
if(retcod!=SQL_SUCCESS)
{ PrintError(env,dbc,stmt,retcod); }
else
{
if (argc > 2)
{
/*sql cmd from command line*/
sqlquery(dbc,stmt,argv[2]);
}
else
{
/*sql cmd from stdin */
if( isatty(0) ){ printf(".tables - list table\n.q - exit\nsql>"); }
while(fgets(qbuf,63000,stdin) != NULL )
{
ptr=strrchr(qbuf,';');
if (ptr!=NULL)
{
sqlquery(dbc,stmt,qbuf);
}
else
{
/*cmd exit*/
if (strstr(qbuf,".q")){ break; };
/*cmd table list*/
if (strstr(qbuf,".tables"))
{
retcod=SQLAllocStmt(dbc, &stmt);
if(retcod!=SQL_SUCCESS){ PrintError(env,dbc,stmt,retcod); }
else
{
retcod=SQLTables(stmt,NULL,0,NULL,0,NULL,0,NULL,0);
if(retcod !=SQL_SUCCESS) { PrintError(env,dbc,stmt,retcod);}
while(SQLFetch(stmt)==SQL_SUCCESS)
{
SQLGetData(stmt,3,SQL_CHAR,data_buf,BUF_LENGTH,&OutData);
printf("%s|",data_buf);
/*list columns */
retcod=SQLAllocStmt(dbc, &cstmt);
retcod=SQLColumns(cstmt,NULL,0,NULL,0,data_buf,strlen(data_buf),NULL,0);
if(retcod !=SQL_SUCCESS) { PrintError(env,dbc,stmt,retcod);}
else
{
printf("create table %s (",data_buf);
while(SQLFetch(cstmt)==SQL_SUCCESS)
{
SQLGetData(cstmt,4,SQL_CHAR,data_buf,BUF_LENGTH,&OutData);
printf("%s ",data_buf);
SQLGetData(cstmt,6,SQL_CHAR,data_buf,BUF_LENGTH,&OutData);
printf("%s, ",data_buf);
}
printf(");\n");
SQLFreeStmt( cstmt, SQL_DROP );
}/*end list columns*/
}/*end while SQLFetch */
SQLFreeStmt( stmt, SQL_DROP );
}
}/*end if (strstr(qbuf,".tables")) */
} /*end else cmd*/
if( isatty(0) ){ printf("sql>"); }
} /*end while*/
}
}
SQLDisconnect(dbc);
} /* if (argc > 2) */
else
{
printf("isqlodbc dsn[[,user][,pass]] [\"SQLCMD\"]\n");
}
SQLFreeConnect( dbc );
SQLFreeEnv( env );
return 0;
}

22
contrib/www3proxy/log.sql Normal file
View File

@ -0,0 +1,22 @@
create table log (ldate date,ltime time,username char (30),userip char (16),bytein integer (10),byteout integer (10),service char (8), host char(255), hostport integer (10), url char (255) );
create index idate on log (ldate);
create index iusername on log (username);
create index iuserip on log (userip);
create index ihost on log (host);
create table services (port integer(10),service char(100),description char (100));
INSERT INTO services values (80,'PROXY', 'Access to Web Server');
INSERT INTO services values (21,'PROXY', 'Access to Ftp Server via HTTP proxy');
INSERT INTO services values (5190,'PROXY', 'Access to ICQ via HTTP proxy');
INSERT INTO services values (0, 'POP3P', 'Received Mail via POP3');
INSERT INTO services values (0,'FTPPR', 'Access to Ftp server via FTP proxy');
INSERT INTO services values (0,'SOCKS4', 'Access to external server via Socks v4');
INSERT INTO services values (0,'SOCKS5', 'Access to external server via Socks v5');
INSERT INTO services values (0,'TCPPM', 'Access to external server via TCP mapping');
INSERT INTO services values (0,'UDPPM', 'Access to external server via UDP mapping');
INSERT INTO services values (0, 0, NULL, 'Unknown');

63
contrib/www3proxy/readme.ru Normal file
View File

@ -0,0 +1,63 @@
------------------------------ KOI8-R ------------------------------------
Этот архив содержит набор CGI cкриптов и программ для получения
статистики работы пользователей прокси сервера "3proxy", посредством анализа
лога расположенного в ODBC источнике(базе), через Web интерфейс.
stat.awk - основной CGI скрипт (Для его испольнения под Win9X/2000 необходима
программа awk.exe ,в linux/freebsd она как правило входит в сиситему
по умолчанию).
isqlodbc - программа для выполнения SQL запросов к базам ODBC
(вызывается из stat.awk). компилируется gcc и работает как в
win9X/2000 так и в linux/freebsd. (Так же может
использоваться независимо от stat.awk как отдельная
программа..)
log.sql - SQL скрипт создания базы для лога сервера.
awk.exe - awk интерпретатор под Win9X/2000.
Настройка скриптов статистики .
Для работы вам потребуется:
1) любой http сервер подерживающий CGI
2) odbc менеджер (под win32 ) или iodbc менеджер (под unix)
любая база данных например : sqlite, mysql, postgress или любые другие
имеющие ODBC драйвера.(Как настраивать iODBC под linux/freebsd смотрите в
файле iodbc.txt в каталоге /doc/ru архива 3proxy.)
Шаг настройки N1:
Создаем базу данных и DSN для хранения лога. ( в нашем случае DSN будет
называться "sqlite".) далее выполняя скрипт log.sql создаем необходимые
таблицы и индексы:
isqlodbc sqlite < log.sql
Шаг настройки N2:
Устанавливаем DSN и формат таблицы с логом в файле 3proxy.cfg следующего вида:
-----------
# create table log (
# ldate date,
# ltime time,
# username char (30),
# userip char (16),
# bytein integer (10),
# byteout integer (10),
# service char (8),
# host char(255),
# hostport integer (10),
# url char (255)
# );
log &sqlite
logformat "Linsert into log values ('%Y-%m-%d','%H:%M:%S','%U','%C','%I','%O','%N','%n','%r','%T');"
-----------
Шаг настройки N3:
Копируем файлы isqlodbc и stat.awk в каталог с CGI скриптами http сервера
и меняем в stat.awk путь вызова и DSN на свои значения , например:
isql="./isqlodbc.exe sqlite "
Шаг настройки N4:
Пробуем вызвать скрипт из web браузера , например
http://localhost/cgi/stat.awk?
------------------------------ KOI8-R ------------------------------------

129
contrib/www3proxy/stat.awk Normal file
View File

@ -0,0 +1,129 @@
#!/usr/bin/awk -f
BEGIN {
scriptname = ENVIRON["SCRIPT_NAME"]
#for win32
isql=".\\isqlodbc.exe sqlite "
#for unix
#isql="./isqlodbc sqlite "
print "Content-Type: text/html; charset=koi8-r \n\n"
print "<HTML>\n<BODY>\n";
# query parse
query_str = ENVIRON["QUERY_STRING"]
n = split(query_str, querys, "&")
for (i=1; i<=n; i++)
{
split(querys[i], data, "=")
qr[data[1]] = data[2]
}
printf "<FORM METHOD=PUT action=\"" scriptname "?rep=1\">"
printf "datefrom:<INPUT name=\"datefrom\" value=\"2004-06-01\"> "
printf "dateto:<INPUT name=\"dateto\" value=\"2004-07-30\"> <br>"
printf "<INPUT type=\"radio\" name=\"userid\" value=\"username\" checked> LOGIN user <br>"
printf "<INPUT type=\"radio\" name=\"userid\" value=\"userip\"> IP user <br>"
printf "<INPUT type=\"hidden\" name=\"rep\" value=\"user\">"
printf "<INPUT type=\"submit\" value=\"Report\">"
printf "</FORM>"
#printf "query_str=%s\n<br>",query_str
#print qr["rep"]
if(qr["rep"]=="user")
{
cmd = isql " \"select " qr["userid"] ",sum(bytein),sum(byteout),sum(bytein+byteout) from log \
where ldate > '" qr["datefrom"] "' AND ldate < '" qr["dateto"] \
"' group by " qr["userid"] " order by sum(bytein+byteout) desc;\""
printf " <table WIDTH=100%% BORDER=1><tr><td><b>user</b></td> <td><b>bytein</b></td> <td><b>byteout</b> </td> <td> <b>bytesum</b></td></tr>"
while( (cmd|getline result)>0)
{
split(result, rt, "|")
printf "<tr> <td><a href=\"%s?rep=host&datefrom=%s&dateto=%s&userid=%s&selectid=%s\"> %s <\/a></td><td>%d</td><td>%d</td><td>%d</td></tr>",
scriptname,qr["datefrom"],qr["dateto"],qr["userid"],rt[1],rt[1],rt[2],rt[3],rt[4]
totalbytein=totalbytein+rt[2];
totalbyteout=totalbyteout+rt[3];
totalbytesum=totalbytesum+rt[4];
}
printf "<tr> <td><br>Total users</td> <td><br>%d</td> <td><br>%d</td> \
<td><br>%d</td></tr> </table> ",totalbytein,totalbyteout, totalbytesum
close(cmd)
}
if(qr["rep"]=="host")
{
cmd = isql "\"select sum(bytein+byteout), sum(bytein), sum(byteout),host from log \
where ldate > '" qr["datefrom"] "' AND ldate < '"qr["dateto"] \
"' AND " qr["userid"] " = '" qr["selectid"] \
"' group by host order by sum(bytein+byteout) desc;\""
printf "<center><b>Detail statistic for user: %s</b></center>",qr["selectid"]
printf " <table WIDTH=100%% BORDER=1> <tr><td><b>sum byte</b></td> <td><b>bytein</b></td> <td><b>byteout</b></td><td><b>host</b></td></tr>"
while( (cmd|getline result)>0)
{
split(result, rt, "|")
printf "<tr><td>%d</td><td>%d</td><td>%d</td><td>%s</td></tr>",rt[1],rt[2],rt[3],rt[4]
totalbytein=totalbytein+rt[1];
totalbyteout=totalbyteout+rt[2];
totalbytesum=totalbytesum+rt[3];
}
printf "<tr> <td><br>%d</td> <td><br>%d</td> \
<td><br>%d</td><td><br>Total host</td></tr> </table> ",totalbytein,totalbyteout, totalbytesum
printf " </table> "
close(cmd)
}
printf " </BODY> </HTML>";
} # end BEGIN
# decode urlencoded string
function decode(text, hex, i, hextab, decoded, len, c, c1, c2, code) {
split("0 1 2 3 4 5 6 7 8 9 a b c d e f", hex, " ")
for (i=0; i<16; i++) hextab[hex[i+1]] = i
# urldecode function from Heiner Steven
# http://www.shelldorado.com/scripts/cmds/urldecode
# decode %xx to ASCII char
decoded = ""
i = 1
len = length(text)
while ( i <= len ) {
c = substr (text, i, 1)
if ( c == "%" )
{
if ( i+2 <= len )
{
c1 = tolower(substr(text, i+1, 1))
c2 = tolower(substr(text, i+2, 1))
if ( hextab [c1] != "" || hextab [c2] != "" ) {
if ( (c1 >= 2 && (c1 != 7 && c2 != "F")) || (c1 == 0 && c2 ~ "[9acd]") )
{
code = 0 + hextab [c1] * 16 + hextab [c2] + 0
c = sprintf ("%c", code)
}
else { c = " " }
i = i + 2
}
}
} else if ( c == "+" ) { # special handling: "+" means " "
c = " "
}
decoded = decoded c
++i
}
# change linebreaks to \n
gsub(/\r\n/, "\n", decoded)
# remove last linebreak
sub(/[\n\r]*$/,"",decoded)
return decoded
}

185
contrib/www3proxy/stat.pl Normal file
View File

@ -0,0 +1,185 @@
#!/usr/bin/perl
eval 'exec /usr/bin/perl -S $0 ${1+"$@"}'
if $running_under_some_shell;
# this emulates #! processing on NIH machines.
# (remove #! line above if indigestible)
eval '$'.$1.'$2;' while $ARGV[0] =~ /^([A-Za-z_0-9]+=)(.*)/ && shift;
# process any FOO=bar switches
$[ = 1; # set array base to 1
$, = ' '; # set output field separator
$\ = "\n"; # set output record separator
$scriptname = $ENVIRON{'SCRIPT_NAME'};
#for win32
$isql = ".\\isqlodbc.exe sqlite ";
#for unix
#isql="./isqlodbc sqlite "
print "Content-Type: text/html; charset=koi8-r \n\n";
print "<HTML>\n<BODY>\n";
# query parse
$query_str = $ENVIRON{'QUERY_STRING'};
$n = (@querys = split(/&/, $query_str, 9999));
for ($i = 1; $i <= $n; $i++) {
@data = split(/=/, $querys[$i], 9999);
$qr{$data[1]} = $data[2];
}
printf "<FORM METHOD=PUT action=\"" . $scriptname . "?rep=1\">";
printf "datefrom:<INPUT name=\"datefrom\" value=\"2004-06-01\"> ";
printf "dateto:<INPUT name=\"dateto\" value=\"2004-07-30\"> <br>";
printf
"<INPUT type=\"radio\" name=\"userid\" value=\"username\" checked> LOGIN user <br>";
printf
"<INPUT type=\"radio\" name=\"userid\" value=\"userip\"> IP user <br>";
printf "<INPUT type=\"hidden\" name=\"rep\" value=\"user\">";
printf "<INPUT type=\"submit\" value=\"Report\">";
printf '</FORM>';
#printf "query_str=%s\n<br>",query_str
#print qr["rep"]
if ($qr{'rep'} eq 'user') {
$cmd = $isql . " \"select " . $qr{'userid'} .
",sum(bytein),sum(byteout),sum(bytein+byteout) from log where ldate > '"
. $qr{'datefrom'} . "' AND ldate < '" . $qr{'dateto'} . "' group by " .
$qr{'userid'} . " order by sum(bytein+byteout) desc;\"";
printf
' <table WIDTH=100%% BORDER=1><tr><td><b>user</b></td> <td><b>bytein</b></td> <td><b>byteout</b> </td> <td> <b>bytesum</b></td></tr>';
while ((($result = &Getline3($cmd, '|'),$getline_ok)) > 0) {
@rt = split(/\|/, $result, 9999);
printf
"<tr> <td><a href=\"%s?rep=host&datefrom=%s&dateto=%s&userid=%s&selectid=%s\"> %s <\\/a></td><td>%d</td><td>%d</td><td>%d</td></tr>",
$scriptname, $qr{'datefrom'}, $qr{'dateto'}, $qr{'userid'}, $rt[1],
$rt[1], $rt[2], $rt[3], $rt[4];
$totalbytein = $totalbytein + $rt[2];
$totalbyteout = $totalbyteout + $rt[3];
$totalbytesum = $totalbytesum + $rt[4];
}
printf
'<tr> <td><br>Total users</td> <td><br>%d</td> <td><br>%d</td> <td><br>%d</td></tr> </table> ',
$totalbytein, $totalbyteout, $totalbytesum;
delete $opened{$cmd} && close($cmd);
}
if ($qr{'rep'} eq 'host') {
$cmd = $isql .
"\"select sum(bytein+byteout), sum(bytein), sum(byteout),host from log where ldate > '"
. $qr{'datefrom'} . "' AND ldate < '" . $qr{'dateto'} . "' AND " .
$qr{'userid'} . " = '" . $qr{'selectid'} .
"' group by host order by sum(bytein+byteout) desc;\"";
printf '<center><b>Detail statistic for user: %s</b></center>',
$qr{'selectid'};
printf
' <table WIDTH=100%% BORDER=1> <tr><td><b>sum byte</b></td> <td><b>bytein</b></td> <td><b>byteout</b></td><td><b>host</b></td></tr>';
while ((($result = &Getline3($cmd, '|'),$getline_ok)) > 0) {
@rt = split(/\|/, $result, 9999);
printf '<tr><td>%d</td><td>%d</td><td>%d</td><td>%s</td></tr>',
$rt[1], $rt[2], $rt[3], $rt[4];
$totalbytein = $totalbytein + $rt[1];
$totalbyteout = $totalbyteout + $rt[2];
$totalbytesum = $totalbytesum + $rt[3];
}
printf
'<tr> <td><br>%d</td> <td><br>%d</td> <td><br>%d</td><td><br>Total host</td></tr> </table> ',
$totalbytein, $totalbyteout, $totalbytesum;
printf ' </table> ';
delete $opened{$cmd} && close($cmd);
}
printf ' </BODY> </HTML>';
# end BEGIN
# decode urlencoded string
sub decode {
local($text, *Hex, $i, *hextab, $decoded, $len, $c, $c1, $c2, $code) = @_;
@Hex = split(' ', '0 1 2 3 4 5 6 7 8 9 a b c d e f', 9999);
for ($i = 0; $i < 16; $i++) {
$hextab{$Hex[$i + 1]} = $i;
# urldecode function from Heiner Steven
# http://www.shelldorado.com/scripts/cmds/urldecode
# decode %xx to ASCII char
;
}
$decoded = '';
$i = 1;
$len = length($text);
while ($i <= $len) { #???
$c = substr($text, $i, 1);
if ($c eq '%') {
if ($i + 2 <= $len) {
$c1 = &tolower(substr($text, $i + 1, 1));
$c2 = &tolower(substr($text, $i + 2, 1));
if ($hextab{$c1} ne '' || $hextab{$c2} ne '') {
if (($c1 >= 2 && ($c1 != 7 && $c2 ne 'F')) ||
($c1 == 0 && $c2 =~ '[9acd]')) {
$code = 0 + $hextab{$c1} * 16 + $hextab{$c2} + 0;
$c = sprintf('%c', $code);
}
else {
$c = ' ';
}
$i = $i + 2;
}
}
}
elsif ($c eq '+') {
# special handling: "+" means " "
$c = ' ';
}
$decoded = $decoded . $c;
++$i;
}
# change linebreaks to \n
$decoded =~ s/\r\n/\n/g;
# remove last linebreak
$decoded =~ s/[\n\r]*$//;
$decoded;
}
sub Getline3 {
&Pick('',@_);
local($_);
if ($getline_ok = (($_ = <$fh>) ne '')) {
;
}
$_;
}
sub Pick {
local($mode,$name,$pipe) = @_;
$fh = $name;
open($name,$mode.$name.$pipe) unless $opened{$name}++;
}

62
copying Normal file
View File

@ -0,0 +1,62 @@
3proxy 0.7 Public License Agreement
(c) 2000-2014 by 3APA3A (3APA3A@security.nnov.ru)
(c) 2000-2014 by SecurityVulns.com (http://3proxy.ru/)
(c) 2000-2014 by Vladimir Dubrovin (vlad@sandy.ru)
This software uses:
RSA Data Security, Inc. MD4 Message-Digest Algorithm
RSA Data Security, Inc. MD5 Message-Digest Algorithm
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
This software is FREEWARE.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that following conditions
are met (BSD style license):
* Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
* Neither the name of the SecurityVulns.COM nor the names of its
contributors may be used to endorse or promote products derived from this
software without specific prior written permission.
Instead of this license, you can also use and redistribute this software under
terms of compatible license, including:
1. Apache License, Version 2.0
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
2. GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
You may obtain a copy of the License at
http://www.gnu.org/licenses/gpl.txt
3. GNU Lesser General Public License as published by the
Free Software Foundation; either version 2.1 of the License, or
(at your option) any later version.
You may obtain a copy of the License at
http://www.gnu.org/licenses/lgpl.txt
$Id: License,v 1.3 2007/04/05 11:59:47 vlad Exp $

158
doc/html/faqe.html Normal file
View File

@ -0,0 +1,158 @@
<h3>Why ... doesn't work?</h3>
<p><i>Q: Why does nothing work?</i></p>
A: Valid configuration file is required.
<p><i>Q: Why restrictions (redirections, limits, etc) do not work?</i></p>
A: Most probable reasons: 'auth none' or no auth is used. For any ACL based feature one of 'iponly', 'nbname' or 'strong' auths required. Sequence of commands may be invalid. Commands are executed one-by-one and 'proxy', 'tcppm', 'socks' or another service commands must follow valid configuration. Invalid sequence of ACLs. First matching ACL is used (except of internal redirections, see below). If ACL contains at least one records last record is assumed to be 'deny *'.
<p><i>Q: Why doesn't 3proxy work as service under Windows?</i></p>
Possible reasons:
<ul>
<li>'service' command absents in configuration file. Command is required for
3proxy.exe to behave as system service in 3proxy 0.5.2 and prior.
<li>there are relative paths in configuration file for included files,
log files, etc. Always use absolute paths. For example
$"c:\3proxy\networks.local" instead of $networks.local. For debugging remove
'service' and 'daemon', log to stdout an try to execute 3proxy from command
line from some different directory (for example from disk root).
<li>SYSTEM account doesn't have access to executable file, configuration files,
log files, etc.
<li>configuration files is not located in default path (3proxy.cfg in same
location with 3proxy.exe). For alternative configuration file location use
<pre>
3proxy --install full_path_to_configuration_file
</pre>
<li>user has no rights to install or start service
<li>service is already installed and/or started
</ul>
<p><A NAME="INTEXT"><i>Q: Why doesn't internal and external commands work as expected</i></A></li></p>
A: Check your expectations first.
Both internal and external IPs are IPs of the host running 3proxy itself.
This configuration option is usefull in situation 3proxy is running on the
border host with 2 (or more) connections: e.g. LAN and WAN with different IPs
<pre>
LAN connection +-------------+ Internet connection
LAN <-------------->| 3proxy host |<-------------------> INTERNET
^+-------------+^
| |
Internal IP External IP
</pre>
If 3proxy is used on the host with single connection, both internal and
external are usually same IP.
<br>Internal should exist and be UP on the moment 3proxy is started and
should never be disconnected/DOWN. If this interface is periodically
disconnected (e.g. direct link between 2 hosts), do not specify internal
address or use 0.0.0.0 instead. In this case, if you have 2 or more
interfaces you must use firewall (preferably) or 3proxy ACLs to avoid open
proxy situation.
<br>
External IP (if specified) must exist in the momet 3proxy
serves client request. If external interface is no specified (or 0.0.0.0),
system select external IP. It may be possible to access resources of internal
network, to prevent this use ACLs. In addition, SOCKSv5 will not support BIND
operation, required for incoming connections (this operation is quite rarely
implemented in SOCKSv5 clients and usually is not required). In case of
dynamic address, do not specify external or use external 0.0.0.0 or, if
external address is required, create a script to determine current external
IP and save it to file, and use external "$path_to_file" with "monitor" command
to automatically reload configuration on address change.
<p><i>Q: Why doesn't ODBC loggind work?</i></p>
A: Check you use system DSN.
Check SQL request is valid.
The best way to check is to make file or stdout logging, get SQL request from log file or console and execute this request manually.
<p><i>Q: Why doesn't APOP/CRAM-MD5 authentication work with POP3 proxy?</i></p>
A: Any Challenge-response authentication require challenge to be transmitted from server. Pop3p doesn't know which server to use before authentication, it makes it impossible to obtain challenge. You can encrypt your POP3 communications with TLS (i.e. stunnel) or IPSec.
<h3>Redirection to local proxy</h3>
<p><i>Q: What is it for?</i></p>
A: To have control based on request and to have URLs and another protocol specific parameters to be logged.
<p><i>Q: What are restrictions?</i></p>
A: It's hard to redirect services for non-default ports; Internet Explorer supports only SOCKSv4 with no password authentication (Internet Explorer sends username, but not password), for SOCKSv5 only cleartext password authentication is supported.
<p><i>Q: What are advantages?</i></p>
A: You need only to setup SOCKS proxy in browser settings. You can use socksifier, i.e. FreeCAP or SocksCAP with application which is not proxy aware.
<p><i>Q: How to setup?</i></p>
A: You should specify parent proxy with IP of 0.0.0.0 and port 0. Examples:
<pre>
auth iponly
allow * * * 80,8080-8088
parent 1000 http 0.0.0.0 0
allow * * * 80,8080-8088
#redirect ports 80 and 8080-8088 to local HTTP proxy
#Second allow is required, because ACLs are checked
#twice: first time by socks and second by http proxy.
allow * * * 21,2121
parent 1000 ftp 0.0.0.0 0
allow * * * 21,2121
#redirect ports 21 and 2121 to local
#ftp proxy
allow *
#allow rest of connections directly
socks
#now let socks server to start
</pre>
<p><i>Q: How it affects different ACL rules?</i></p>
A: After local redirections rules are applied again to protocol-level request. Redirection rule itself is skipped. It makes it possible to redirect request again on the external proxy depending on request itself.
<pre>
allow * * * 80,8080-8088
parent 1000 http 0.0.0.0 0
#redirect http traffic to internal proxy
allow * * $c:\3proxy\local.nets 80,8080-8088
#allow direct access to local.nets networks
allow * * * 80,8080-8088
parent 1000 http proxy.sandy.ru 3128
#use parent caching proxy for rest of the networks
allow *
#allow direct connections for rest of socks
#requests
</pre>
<h3>Can I ...?</h3>
<p><i>Q: Is it possible to resolve names through parent proxy?</i></p>
A: Yes, use 'proxy', 'connect+', 'socks4+' or 'socks5+' as parent proxy type.
3proxy itself requires name resolutions for ACL checks, so, if it's impossible
to resolve names from 3proxy host, use
<pre>
fakeresolve
</pre>
command. Fakeresolve resolves any name to 127.0.0.2.
<p><i>Q: Can I use 3proxy as FTP proxy?</i></p>
A: There are two kinds of FTP proxy supported: FTP over HTTP support (known as FTP proxy inside Internet Explorer, Mozilla and another browsers) and real FTP proxy (usable in Far and different FTP clients). Both are supported in 3proxy: first one as a part of HTTP 'proxy' and second one as 'ftppr'.
<p><i>Q: Can I bind any 3proxy service to non-default port?</i></p>
A: proxy -p8080
<h3>Why so ...?</h3>
<p><i>Q: Why traffic accounting is incomplete? It differs for what my provider (or another accounting application) shows to me?</i></p>
A: 3proxy accounts protocol level traffic. Provider counts channel or IP-level traffic with network and transport headers. In additions, 3proxy doesn't counts DNS resolutions, pings, floods, scans, etc. It makes approx. 10% of difference. That's why you should have 15% reserve if you use 3proxy to limit your traffic. If difference with your provider is significantly above 10% you should look for traffic avoiding proxy server, for example connections through NAT, traffic originated from the host with proxy installed, traffic from server applications, etc.
<p><i>Q: Why configuration is so difficult and non-intuitive?</i></p>
A: Configuration format is created in a way it's easy to parse and matches to internal 3proxy structures. In addition, there are some older things left for compatibility to be cleaned in 3proxy release. And last, I think it's easy and intuitive.
<p><i>Q: Why the code is so difficult and non-intuitive?</i></p>
A: First, I'm not programmer. Second, 3proxy was 'proof of concept' in reply for some conference post. Request was to write proxy server in 100 lines of code. First version of 3proxy had less, with HTTP and SOCKS support and portmappers. Third, there are peoples who want to use 3proxy code in trojans. I don't want to help them. Fourth, the aim is to support different platforms. It's well known - the worse code is, the better it compiles.
<p><i>Q: Why do you use insecure strcpy, sprintf, etc?</i></p>
A: Why not? I try to use insecure function in secure manner. You're welcome to look for vulnerabilities.
<pre>
$Id: faqe.html,v 1.10 2007/07/31 08:42:38 vlad Exp $
</pre>

283
doc/html/faqr.html Normal file
View File

@ -0,0 +1,283 @@
<meta http-equiv="Content-Type" content="text/html; charset=windows-1251">
3APA3A 3proxy tiny proxy server Frequently Asked Questions (FAQ)
<ul>
<li><a href="#TROUBLE">Почему не работает...</a></li>
<ul>
<li><a href="#NOTHING">Q: Почему ничего не работает?</a></li>
<li><a href="#LIMITS">Q: Почему не работают ограничения доступа (перенаправления, ограничения по скорости, трафику и т.д.)?</a></li>
<li><a href="#SERVICE">Q: Почему 3proxy не запускается как служба?</a></li>
<li><a href="#INTEXT">Q: Почему не получается указать internal и external?</a></li>
<li><a href="#ODBC">Q: Почему не работает ведение журналов в ODBC?</a></li>
<li><a href="#CHAP">Q: Почему не поддерживаются APOP и CRAM-MD5 в POP3 прокси?</a></li>
</ul>
<li><a href="#SOCKSREDIR">Перенаправление socks соединений в локальный прокси</a></li>
<ul>
<li><a href="#REDIR">Q: Для чего это надо?</a></li>
<li><a href="#REDIRLIMIT">Q: Какие недостатки?</a></li>
<li><a href="#REDIRADV">Q: Какие преимущества?</a></li>
<li><a href="#REDIRHOW">Q: Как настраивается?</a></li>
<li><a href="#REDIINTER">Q: Как взаимодействует с другими правилами в ACL?</a></li>
</ul>
<li><a href="#ISIT">А есть ли...</a></li>
<ul>
<li><a href="#NAMES">Можно ли разрешать имена на родительском прокси?</a></li>
<li><a href="#ISFTP">Существует ли сейчас поддержка FTP прокси в продукте?</a></li>
<li><a href="#PORT">Каким образом можно прибиндить сервисы на свой порт, к примеру, HTTP прокси к 8080, а не 3128 как по-умолчанию?</a></li>
<li><a href="#BANDLIM">Как ограничить ширину канала?</a></li>
</ul>
<li><a href="#BRRR">Почему так криво...</a></li>
<ul>
<li><a href="#TRAF">Почему так криво считается трафик? Не совпадает с ...</a></li>
<li><a href="#CONFIG">Почему такая кривая конфигурация и ничерта не понятно?</a></li>
<li><a href="#CODE">Почему так криво написан код?</a>
<li><a href="#UNSAFE">Почему так много strcpy, sprintf и т.д., это ж дыры!</a>
</ul>
</ul>
<hr>
<li><b><a name="TROUBLE">Почему не работает...<a></b></li>
<ul>
<li><a name="NOTHING"><i>Q: Почему ничего не работает?</i></a></li>
<p>
<i>A:</i> Потому что для работы нужен правильный файл конфигурации.
</p>
<li><a name="LIMITS"><i>Q: Почему не работают ограничения доступа (перенаправления, ограничения по скорости,
трафику и т.д.)?</i></a></li>
<p>
<i>A:</i> Обычные ошибки - использование auth none (для работы любых
функций, основанных на ACL, требуется auth iponly, nbname или strong),
нарушение порядка ввода команд (команды выполняются последовательно,
запуск сервиса proxy, socks, tcppm и т.д. должен осуществляться после
того, как указана его конфигурация), неправильный порядок записей в ACL
(записи просматриваются последовательно до первой, удовлетворяющей
критериям). Если в ACL имеется хотя бы одна запись, то считается, что
последняя запись в ACL - это неявная deny *.
</p>
<li><a name="SERVICE"><i>Q: Почему 3proxy не запускается как служба?</i></a></li>
<p>
<i>A:</i> Наиболее вероятные причины:
<ul>
<li>Отсутствие команды service в файле конфигурации - команда необходима в 3proxy 0.5.2 и более ранних, чтобы 3proxy вел себя как системная служба Windows
<li>Использование относительных (неполных) путей файлов в файле конфигурации
При использовании файлов журналов, файлов вставок ($filename) используйте
полные пути, например, $"c:\3proxy\include files\networks.local". Тоже самое
относится к файлам журналов и любым другим.
Для отладки лучше запускать 3proxy с ведением журнала на стандартный вывод.
Не забудьте в таком случае отключить daemon и service в файле конфигурации.
Для чистоты эксперимента запускать 3proxy из коммандной строки в таком случае
следует, находясь в другой папке.
<li>Отсутствие у системной записи прав на доступ к исполняемому файлу, каким-либо файлам конфигурации, журнала и т.п.
<li>Отсутствие файла конфигурации по стандартному расположению -
3proxy.cfg в одном каталоге с исполняемым файлом. Если файл расположен по
другому пути, необходимо использовать команду
<pre>
3proxy --install path_to_configuration_file</pre>
<li>Отсутствие у пользователя прав на установку или запуск службы
<li>Служба уже установлена или запущена
</ul>
</p>
<li><a name="INTEXT"><i>Q: Почему не получается указать internal и external?</i></a></li></li>
<p>
<i>A:</i> Убедитесь, что выправильно понимаете что такое internal и external адреса.
Оба адреса - это адреса, принадлежищие хосту, на котором установлен 3proxy.
Эта опция конфигурации необходима в классической ситуации, когда 3proxy
установлен на граничном компьютере с двумя (или более) подключениями:
<pre>
LAN connection +-------------+ Internet connection
LAN <-------------->| 3proxy host |<-------------------> INTERNET
^+-------------+^
| |
Internal IP External IP</pre>
Если 3proxy работает на хосте с одним интерфейсом, то его адрес будет и
internal и external.
<br>Интерфейс с адресом internal должен существовать и быть рабочим на момент
запуска 3proxy, и не должен отключаться. Если internal интерфейс
периодически отключается, то не следует его указывать, или можно указать адрес
0.0.0.0. При этом прокси будет принимать запросы на всех интерфейсах, поэтому
при наличии нескольких интерфейсов для ограничения доступа следует использовать
фаервол или хотя бы ACL.
</p>
<p>
Интерфейс с адресом external, если он указан, должен быть рабочим на момент
получения запроса клиента. При отсутствии external или адресе 0.0.0.0 внешний
адрес будет выбираться системой при установке соединения. При этом, может быть
возможность доступа через прокси к ресурсам локальной сети, поэтому для
предотвращения несанкционированного доступа следует использовать ACL. Кроме
того, могут быть проблемы с приемом входящих соединений через SOCKSv5
(SOCKSv5 используется в клиентах исключительно редко).
В случае, если адрес динамический, можно либо не
указывать external, либо использовать адрес 0.0.0.0, либо, если необходима
поддержка входящих соединений в SOCKSv5, использовать скрипт,
который будет получать текущий адрес и сохранять его в файл, который будет
отслуживаться через команду monitor.
</p>
<li><a name="ODBC"><i>Q: Почему не работает ведение журналов в ODBC?</i></a></li>
<p>
<i>A:</i> Убедитесь, что используется системный, а не
пользовательский DSN. Убедитесь, что выполняется правильный SQL запрос. Наиболее
распространенная проблема связана с отсутствием кавычек или неправильным
форматом данных. Самый простой способ - сделать ведение журнала в файл или
на стандартный вывод, просмотреть выдаваемые SQL запросы и попробовать
дать такой запрос вручную.
</p>
<li><a name="CHAP"><i>Q: Почему не поддерживаются APOP и CRAM-MD5 в POP3 прокси?</i></a></li>
<p>
<i>A:</i> Любая challenge-response аутентификация, к которым относятся APOP
и CRAM-MD5, требует, чтобы со стороны сервера был передан уникальный challenge.
До начала аутентификации POP3 прокси не знает, к какому серверу следует
подключаться для получения Challenge, поэтому challenge-response в принципе
невозможен. Защитить соединение можно с помощью TLS (например, stunnel) или
IPSec.
</p>
</ul>
<hr>
<li><b><a name="SOCKSREDIR">Перенаправление socks соединений в локальный прокси</a></b></li>
<ul>
<li><a name="REDIR"><i>Q: Для чего это надо?</i></a></li>
<p>
<i>A:</i> Чтобы иметь в логах URL запросов, если пользователь SOCKS пользуется
Web, FTP или POP3.
</p>
<li><a name="REDIRLIMIT"><i>Q: Какие недостатки?</i></a></li>
<p>
<i>A:</i> Перенапраление невозможно для web-серверов или FTP, висящих на
нестандартных портах, для SOCKSv4 не поддрживается авторизация с
паролем (IE поддерживает только SOCKSv4), но при этом IE передает
имя пользователя по SOCKSv4 (имя, с которым пользователь вошел в систему).
Для SOCKSv5 не поддерживается NTLM авторизация, пароли передаются в открытом
тексте.
</p>
<li><a name="REDIRADV"><i>Q: Какие преимущества?</i></a></li>
<p>
<i>A:</i> Достаточно в настройках IE только указать адрес SOCKS прокси. В
больших сетях можно для этого использовать WPAD (автоматическое
обнаружение прокси). В 3proxy достаточно запускать только одну службу
(socks). Если используется только Internet Explorer, то можно
автоматически получать имя пользователя в логах, не запрашивая
логин/пароль.
</p>
<li><a name="REDIRHOW"><i>Q: Как настраивается?</i></a></li>
<p>
<i>A:</i> Указывается parent http proxy со специальным адресом 0.0.0.0 и портом
0. Пример:
<pre>
allow * * * 80,8080-8088
parent 1000 http 0.0.0.0 0
allow * * * 80,8080-8088
#перенаправить соединения по портам 80 и 8080-8088 в локальный
#http прокси. Вторая команда allow необходима, т.к. контроль доступа
#осуществляется 2 раза - на уровне socks и на уровне HTTP прокси
allow * * * 21,2121
parent 1000 ftp 0.0.0.0 0
allow * * * 21,2121
#перенаправить соединения по портам 21 и 2121 в локальный
#ftp прокси
allow *
#пустить все соединения напрямую
socks</pre>
</p>
<li><a name="REDIINTER"><i>Q: Как взаимодействует с другими правилами в ACL?</i></a></li>
<p>
<i>A:</i> После внутреннего перенаправления правила рассматриваются еще раз за
исключением самого правила с перенаправлением (т.е. обработка правил не
прекращается). Это позволяет сделать дальнейшие перенаправления на
внешний прокси. По этой же причине локальное перенаправление не должно
быть последним правилом (т.е. должно быть еще хотя бы правило allow,
чтобы разрешить внешние соединения через HTTP прокси).
Например,
<pre>
allow * * * 80,8080-8088
parent 1000 http 0.0.0.0 0
#перенаправить во внутренний прокси
allow * * $c:\3proxy\local.nets 80,8080-8088
#разрешить прямой web-доступ к сетям из local.nets
allow * * * 80,8080-8088
parent 1000 http proxy.sandy.ru 3128
#все остальные веб-запросы перенаправить на внешний прокси-сервер
allow *
#разрешить socks-запросы по другим портам</pre>
</p>
</ul>
<hr>
<li><b><a name="ISIT">А есть ли...</a></b></li>
<ul>
<li><a name="NAMES"><i>Q: Можно ли разрешать имена на родительском прокси?</i></a></li>
<p>
<i>A:</i> Можно. Для этого надо использовать тип родительского прокси http,
connect+, socks4+ и socks5+. Однако, при это надо помнить, что самому 3proxy
требуется разрешение имени для управления ACL. Поэтому, если с прокси-хоста
не работают разрешения имени, необходимо в конфигурации дать команду
<pre>
fakeresolve</pre>
которая разрешает любое имя в адрес 127.0.0.2.
</p>
<li><a name="ISFTP"><i>Q: Существует ли сейчас поддержка FTP прокси в продукте?</i></a></li>
<p>
Есть поддержка как FTP через HTTP (то, что называется FTP прокси в Internet
Explorer, Netscape, Opera) так и настоящего FTP прокси (то, что называется
FTP proxy в FAR и FTP клиентах).
</p>
<li><a name="PORT"><i>Q: Каким образом можно прибиндить сервисы на свой порт, к примеру, HTTP прокси к 8080, а не 3128 как по-умолчанию?</i></a></li>
<p>
А:
<pre>
proxy -p8080</pre>
</p>
<li><a name="BANDLIM"><i>Q: Как ограничить ширину канала?</i></a></li>
<p>
<i>A:</i> Читайте HowTo <a href="http://3proxy.ru/howtor.asp#BANDLIM">http://3proxy.ru/howtor.asp#BANDLIM</a>
</p>
</ul>
<hr>
<li><b><a name="BRRR">Почему так криво...</a></b></li>
<ul>
<li><a name="TRAF"><i>Q: Почему так криво считается трафик? Не совпадает с ...</i></a></li>
<p>
<i>A:</i> Следует учитывать, что 3proxy считает трафик только на прикладном уровне и
только проходящий через прокси-сервер. Провайдеры и другие средства учета
трафика считают трафик на сетевом уровне, что уже дает расхождение порядка 10%
за счет информации из заголовков пакетов. Кроме того, часть трафика, как
минимум DNS-разрешения, различный флудовый трафик и т.д. идут мимо прокси.
Уровень "шумового" трафика в Internet сейчас составляет порядка 50KB/день на
каждый реальный IP адрес, но может сильно варьироваться в зависимости от сети,
наличия открытых портов, реакции на ping-запросы и текущего уровня вирусной
активности. По этим причинам, если 3proxy используется чтобы не "выжрать"
трафик, выделенный провайдером, всегда следует делать некий запас порядка
15%.
</p>
<p>
Если на одной с 3proxy машине имеются какие-либо сервисы или
работает пользователь, то их трафик не проходит через proxy-сервер и так же
не будет учтен. Если где-то есть NAT, то клиенты, выходящие через NAT мимо
прокси, так же останутся неучтенными. Если расхождение с провайдером превышает
10% - нужно искать причину именно в этом.
</p>
<li><a name="CONFIG"><i>Q: Почему такая кривая конфигурация и ничерта не понятно?</i></a></li>
<p>
<i>A:</i> Есть несколько причин. Во-первых, до выхода релиза (т.е. версии 1.0) я буду изо
всех сил добиваться совместимости конфигурации между версиями. Во-вторых,
конфигурация сделана так, чтобы ее можно было легко разбирать программно.
В-третьих, все там понятно. При желании. Если знать как все работает.
</p>
<li><a name="CODE"><i>Q: Почему так криво написан код?</i></a></li>
<p>
<i>A:</i> Есть несколько причин. Во-первых, я не программист. Во-вторых, 3proxy изначально
писался на коленке (в отет на &quot;слабо&quot; в одной из конференций). Никто
не мог предположить, что им кто-то реально будет пользоваться. В-третьих, у многих
возникает желание разобраться в коде 3proxy чтобы внедрить его в какой-нибудь
троян. Очень не хочется облегчать эту задачу. В-четвертых, мне надо добиться
компиляции кода в как можно большем числе систем. Замечено, что чем кривее код в
C, тем он лучше переносится.
</p>
<li><a name="UNSAFE"><i>Q: Почему так много strcpy, sprintf и т.д., это ж дыры!</i></a><li>
<p>
<i>A:</i> Есть несколько причин. Во-первых, несмотря на дурной тон использования этих
функций, они наиболее совместимы между разными системами и компиляторами.
Во-вторых, само по себе их использование не означает присутствие дыры, если их
параметры должным образом контролируются. Найдете дыру - обязательно сообщите.
В третьих, может быть я уберу их перед конечным релизом, чтобы никого не
пугать.
</p>
</ul>
<pre>
$Id: faqr.html,v 1.28 2007/09/25 09:47:13 vlad Exp $
</pre>

835
doc/html/howtoe.html Normal file
View File

@ -0,0 +1,835 @@
<ul>
<li>3APA3A 3proxy tiny proxy server HowTo
<br>Under construction, very incomplete
<ul>
<li><A HREF="#COMPILE">Compilation</A>
<ul>
<li><A HREF="#MSVC">How to compile 3proxy with Visual C++</A>
<li><A HREF="#INTL">How to compile 3proxy with Intel C Compiler under Windows</A>
<li><A HREF="#GCCWIN">How to compile 3proxy with GCC under Windows</A>
<li><A HREF="#GCCUNIX">How to compile 3proxy with GCC under Unix/Linux</A>
<li><A HREF="#CCCUNIX">How to compile 3proxy with Compaq C Compiler under Unix/Linux</A>
</ul>
<li><A HREF="#INSTALL">Proxy server installation and removal</A>
<ul>
<li><A HREF="#INSTNT">How to install/remove 3proxy under Windows NT/2000/XP</A>
<li><A HREF="#INST95">How to install/remove 3proxy under Windows 95/98/ME</A>
<li><A HREF="#INSTUNIX">How to install/remove 3proxy under Unix/Linux</A>
</ul>
<li><A HREF="#SERVER">Server configuration</A>
<ul>
<li><A HREF="#SAMPLE">Where to find configuration example</A>
<li><A HREF="#LOGGING">How to set up logging</A>
<li><A HREF="#LOGFORMAT">How to setup logging format</A>
<li><A HREF="#LOGANALIZERS">How to use log analizers with 3proxy</A>
<li><A HREF="#LAUNCH">How to start any of proxy services (HTTP, SOCKS etc)</A>
<li><A HREF="#BIND">How to bind service to specific interface and port?</A>
<li><A HREF="#AUTH">How to limit service access</A>
<li><A HREF="#USERS">How to create user list</A>
<li><A HREF="#ACL">How to limit user access to resources</A>
<li><A HREF="#REDIR">How to manage redirections</A>
<li><A HREF="#ROUNDROBIN">How to balance traffic between few external channgels?</A>
<li><A HREF="#CHAIN">How to manage proxy chains</A>
<li><A HREF="#BANDLIM">How to limit bandwidth</A>
<li><A HREF="#TRAFLIM">How to limit traffic amount</A>
<li><A HREF="#NETLIST">How to build network lists</A>
</ul>
<li><A HREF="#CLIENT">Client configuration</A>
<li><A HREF="#ADMIN">Administering and information analisys</A>
<ul>
<li><A HREF="#NEWVERSION">How to obtain latest 3proxy version</A>
<li><A HREF="#NTSERVICE">How to control 3proxy service under Windows NT/2000/XP</A>
<li><A HREF="#ERRORS">Log error codes reference</A>
</ul>
<li><A HREF="#QUEST">How To ask quiestion not in How To?</A>
</ul>
<br>
<ul>
<hr>
<li><A NAME="COMPILE">Compilation</A>
<p>
<ul>
<li><A NAME="MSVC">How to compile 3proxy with Visual C++</A>
<p>
Extract source code files from 3proxy.tgz (with WinZip or another utility).
Use nmake /f Makefile.msvc command
</p>
<li><A NAME="INTL">How to compile 3proxy with Intel C Compiler under Windows</A>
<p>
See <A HREF="#MSVC">How to compile 3proxy with Visual C++</A>
Use Makefile.intl instead of Makefile.msvc
</p>
<li><A NAME="GCCWIN">How to compile 3proxy with GCC under Windows</A></li>
<p>
Extract source files from 3proxy.tgz (for example with tar -xzf 3proxy.tgz command if you have tar installed)
Use make -f Makefile.win command.
If you want to use POSIX emulation Cygwin library (normally you shouldn't) - use make -f Makefile.unix instead.
Windows specific things (like installing as service) will not be available if compiled with Cygwin emulation.
</p>
<li><A NAME="GCCUNIX">How to compile 3proxy with GCC under Unix/Linux</A></li>
<p>
Use
<pre>
make -f Makefile.Linux
</pre>
for Linux or Cygwin, Makefile.Solaris* (depending on compiler version) for Solaris
and Makefile.unix for different Unix-like OS. On BSD derivered systems make
sure to use GNU make, sometimes it's called gmake instead of make.
<br>Compilation is tested under FreeBSD/i386, NetBSD/i386, OpenBSD/i386,
RH Linux/Alpha, Debian/i386, Gentoo/i386, Gentoo/PPC, Solaris/x86 but you
shouldn't have problems under different Solaris, BSD or linux compatible systems.
For different systems you may be required to patch Makefile or even source codes.
If you want to use ODBC support, make sure to install ODBC for unix, remove -DNOODBC
option from makefile compiler options and add ODBC library to linker variable.
</p>
</ul>
<hr>
<li><A NAME="CCCUNIX">How to compile 3proxy with Compaq C Compiler under Unix/Linux</A></li>
<p>
See <A HREF="#GCCUNIX">How to compile 3proxy with GCC under Unix/Linux</A>, use Makefile.ccc instead of Makefile.unix.
</p>
</ul>
<hr>
<li><A NAME="INSTALL">Proxy server installation and removal</A>
<p>
<ul>
<li><A NAME="INSTNT">How to install/remove 3proxy under Windows NT/2000/XP</A>
<p>
Unpack 3proxy.zip to any directory, for example
c:\Program Files\3proxy. If needed, create directory for storing log files,
ODBC sources, etc. Create 3proxy.cfg in the 3proxy installation directory (See <A HREF="#SERVER">Server configuration</A>).
If you use 3proxy before 0.6 Add
<pre>
service
</pre>
string into 3proxy.cfg. Now, start command prompt (cmd.exe).
Change directory to 3proxy installation and run 3proxy.exe --install:
<pre>
D:\>C:
C:\>cd C:\Program Files\3proxy
C:\Program Files\3proxy>3proxy.exe --install
</pre>
Now, you should have 3proxy service installed and running. If service is not
started, remove "service" string from 3proxy.cfg, run 3proxy.exe manually
and correct all errors.
</p><p>
To remove 3proxy run 3proxy --remove:
<pre>
D:\>C:
C:\>cd C:\Program Files\3proxy
C:\Program Files\3proxy>net stop 3proxy
C:\Program Files\3proxy>3proxy.exe --remove
</pre>
Now you can simply remove 3proxy installation directory.
</p>
<li><A NAME="INST95">How to install/remove 3proxy under Windows 95/98/ME</A>
<p>
Unpack 3proxy.zip to any directory, for example
c:\Program Files\3proxy. If needed, create directory for storing log files,
ODBC sources, etc. Create 3proxy.cfg in the 3proxy installation directory (See <A HREF="#SERVER">Server configuration</A>).
Remove string
<pre>
service
</pre>
from 3proxy.cfg and add
<pre>
daemon
</pre>
if you want 3proxy to run in background.
Create shortcut for 3proxy.exe and place it in autostart or add
to registry with regedit.exe:
<br>HKLM\Software\Microsoft\Windows\CurrentVersion\Run</br>
Type: String
<br>3proxy = "c:\Program Files\3proxy.exe" "C:\Program Files\3proxy.cfg"<br>
You must use quotes if path contains space. If neccessary, restart Windows.
If service is not started, check log. Remove "daemon" command from 3proxy.cfg,
start 3proxy.exe manually and correct all errors.
</p>
<li><A NAME="INSTUNIX">How to install/remove 3proxy under Unix/Linux</A>
<p>
Complie 3proxy (see <A HREF="#COMPILE">Compilation</A>). Copy
executables to any appropriate location (for example /usr/local/3proxy/sbin
for servers and /usr/local/3proxy/bin for utilities).
Create /usr/local/etc/3proxy.cfg.
(see <A HREF="#SERVER">Server configuration</A>).
You can change default configuration file location by specifing configuration file
in 3proxy command line.
Add 3proxy to system startup scripts.
</p>
</ul>
<hr>
<li><A NAME="SERVER">Server configuration</A>
<p>
<ul>
<li><A NAME="SAMPLE">Where to find configuration example</A>
<p>
Server configuration example 3proxy.cfg.sample is in any 3proxy distribution.
</p>
<li><A NAME="LOGGING">How to set up logging</A>
<p>
3proxy can log to stdout, file, ODBC datasource and
syslog (Unix/Linux/Cygwin only). For using ODBC under Unix/Linux you must
compile 3proxy with Unix ODBC libraries, see <A HREF="#COMPILE">Compilation</A>.
You can control logging from 3proxy.cfg for all services or you can control
logging of individual service, for example
/usr/local/sbin/socks -l/var/log/socks.log starts SOCKS proxy with logging to file.
For universal proxy (3proxy) log file rotation and archiving is supported.
Log type is defined with "log" configuration file command or with
-l switch on individual service invokation. log or -l is stdout logging.
<pre>
log filename
</pre>
and
<pre>
-lfilename
</pre>
specify filename for logging
<pre>
log @ident
</pre>
and
<pre>
-l@ident
</pre>
specify ident for syslog logging. If filename within "log" command contains
'%' characters, it's processes as format specificator (see "logformat"). E.g.
log c:\3proxy\logs\%y%m%d.log D creates file like c:\3proxy\logs\060729.log,
date is generated based on local time.
<pre>
log &connstring
</pre>
specifies ODBC connection string, connstring is in format
datasource,username,password (2 last are optional of
datasource does not require or already has authentication information).
Also, you must specify logformat to build SQL query, to insert recod into
log, see <A HREF="#LOGFORMAT">How to setup logging format</A>
</p>
<p>
Rotation and archiving may be set up with log, rotate ¨ archiver commands
<pre>
log filename LOGTYPE
</pre>
sets rotation type. LOGTYPE may be:
<ul>
<li>M, monthely
<li>W, weekly
<li>D, daily
<li>H, hourly
<li>, minutely
</ul>
<pre>
rotate NUMBER
</pre>
specifies number of files in rotation (that is how many files to keep).
<pre>
archiver EXT COMMAND PARAMETERS
</pre>
Sets external archiver. EXT is extention of archived files
(for example zip, gz, Z, rar etc) COMMAND and PARAMETERS are command
to execute and command line PARAMETERS. Originale file is not deleted by
3proxy, this work is left for archiver.
You can pass original filename to archiver with %F macro and archive filename with %A.
Examples are located in
3proxy.cfg.sample
</p>
<li><A NAME="LOGFORMAT">How to setup logging format</A>
<p>
Since 0.3 version log format may be set with "logformat" command.
First symbol of log format specifies format of date and time and
should be L (LOCAL) or G (GMT - Grinwitch Meridian Time). Format
string may contains some macro substitutions:
<ul>
<li> %y - Year (2 digits)
<li> %Y - Year (4 digits)
<li> %m - Month (2 digits)
<li> %o - mOnth (3 letter abbriviation)
<li> %d - Day (2 digits)
<li> %H - Hour (2 digits)
<li> %M - Minute (2 digits)
<li> %S - Second (2 digits)
<li> %t - Timestamp (seconds since January, 1 1970 00:00:00 GMT)
<li> %. - Milliseconds
<li> %z - Timezone in mail format (from GMT, '+' east, '-' west HHMM), For example Moscow winter time is +0300.
<li> %U - Username ('-' if unknown).
<li> %N - Service name (PROXY, SOCKS, POP3P, etc)
<li> %p - Service port
<li> %E - Error code (see. <A HREF="#ERRORS">Log error codes reference</A>)
<li> %C - client IP
<li> %c - client port
<li> %R - target IP
<li> %r - target port
<li> %e - external IP address used to establish connection
<li> %Q - requested IP
<li> %q - requested port
<li> %I - bytes received from target
<li> %O - bytes sent to target
<li> %n - host name from request
<li> %h - hops before target (if redirection or chaning is used).
see <A HREF="#CHAIN">How to use chains and parent proxies</A>)
<li> %T - service specific text (for example URL requested). %X-YT
where X and Y are positive numbers, only displays fields
(space delimited) X to Y of the text. An example is %1-2T.
</ul>
Example:
<pre>
logformat "L%t.%. %N.%p %E %U %C:%c %R:%r %O %I %h %T"
</pre>
generates something like
<p><font face="courier">
1042454727.0296 SOCK4.1080 000 3APA3A 127.0.0.1:4739 195.122.226.28:4739 505 18735 1 GET http://3proxy.ru/ HTTP/1.1
</font>
<br>(no line breaks)
</p>
<p>
If ODBC used, logformat should specify SQL command,
to insert record into log, for example
<p><font face="courier">
logformat "GINSERT INTO proxystat VALUES (%t, '%c', '%U', %I)"
</font>
<br>(no line breaks)
</p>
<li><A NAME="LOGANALIZERS">How to use log analizers with 3proxy</A>
<p>
Just make format of 3proxy logs compatible with format supported by your
favourite log analizer. Examples of compatible logformats are:
<br>
For Squid access.log:
<p><font face="courier">
&quot;- +_G%t.%. %D %C TCP_MISS/200 %I %1-1T %2-2T %U DIRECT/%R application/unknown&quot;
</p>
or, more compatible format without %D
<pre>
&quot;- +_G%t.%. 1 %C TCP_MISS/200 %I %1-1T %2-2T %U
DIRECT/%R application/unknown&quot;
</pre>
ISA 2000 proxy WEBEXTD.LOG (fields are TAB-delimited):
<pre>
&quot;- + L%C %U Unknown Y %Y-%m-%d %H:%M:%S
w3proxy 3PROXY - %n %R %r %D
%O %I http TCP %1-1T %2-2T - -
%E - - -&quot;
</pre>
ISA 2004 proxy WEB.w3c (fields are TAB-delimited):
<pre>
&quot;- + L%C %U Unknown %Y-%m-%d %H:%M:%S
3PROXY - %n %R %r %D %O
%I http %1-1T %2-2T - %E -
- Internal External 0x0 Allowed&quot;
</pre>
ISA 2000/2004 firewall FWSEXTD.log (fields are TAB-delimited):
<pre>
&quot;- + L%C %U unnknown:0:0.0 N %Y-%m-%d
%H:%M:%S fwsrv 3PROXY - %n %R %r
%D %O %I %r TCP Connect - -
- %E - - - - -&quot;
</pre>
HTTPD standard log (Apache and others):
<p><font face="courier">
&quot;-&quot;&quot;+_L%C - %U [%d/%o/%Y:%H:%M:%S %z] &quot;&quot;%T&quot;&quot; %E %I&quot;
</p>
or more compatible without error code
<p><font face="courier">
&quot;-&quot;&quot;+_L%C - %U [%d/%o/%Y:%H:%M:%S %z] &quot;&quot;%T&quot;&quot; 200 %I&quot;
</p>
<li><A NAME="LAUNCH">How to start any of proxy services (HTTP, SOCKS etc)</A>
<p>
3proxy is distributed in 2 variants: as a set of standalone modules (proxy,
socks, pop3p, tcppm, udppm) and as universal proxy server. These services are
absolutely independant, and if you use 3proxy you needn't any of standalone
modules.
<br>Standalone modules are only configurable via command line interface while
3proxy uses configuration file. Many functions, such as ODBC logging, log
rotation, access control, etc are only available in 3proxy, not in standalone
proxies.
Standalone module may be started from command line, for example:
<pre>
$/sbin/socks -l/var/log/socks.log -i127.0.0.1
</pre>
Starts SOCKS server binded to localhost ip, port 1080 with logging to
/var/log/socks.log.
You can get help for any standalone service with -? command line option.
</p><p>
If 3proxy is used you should start all services in 3proxy.cfg file. 3proxy.cfg
is executed by 3proxy as a batch file. Example of 3proxy.cfg and command syntaxys
can be found in
3proxy.cfg.sample.
<pre>
log /var/log/3proxy.log D
rotate 30
internal 127.0.0.1
external 192.168.1.1
proxy
socks -p3129
pop3p
</pre>
Starts 3 services: HTTP PROXY, SOCKS and POP3 PROXY. Each listens localhost
interface with default port (3128 for HTTP, 1080 for SOCKS and 110 for POP3P)
except socks started with port 3129.
All logs are in file /var/log/3proxy.log (with daily date modification and
rotation). 30 last files are stored.
</p>
<li><A NAME="BIND">How to bind service to specific interface and port?</A>
<p>
-i options specifies internal interface, -p - listening port. No space are
allowed. To bind 'proxy' service to port 8080 on interfaces 192.168.1.1
and 192.168.2.1 use
<pre>
proxy -p8080 -i192.168.1.1
proxy -p8080 -i192.168.2.1
</pre>
</p>
<li><A NAME="AUTH">How to limit service access</A>
<p>
First, always specify internal interface to accept incoming connection with
'internal' configuration command or '-i' service command. (See
<A HREF="#LAUNCH">How to start any of proxy services (HTTP, SOCKS etc)</A>). If
no internal interface is specified your proxy will act as open one.
<p>It's also important to specify external interface to prevent access to
internal network with 'external' or -e.
<p>3proxy with configuration files allows to use authentication and
authorization for user's access. Authentication is possible by
username/password or user's NetBIOS name. Authentication type is specified by
'auth' command.
<pre>
auth none
</pre>
Disables both authentication and authorization. You can not use ACLs.
<pre>
auth iponly
</pre>
Specifies no authentication, ACLs authorization is used.
<pre>
auth nbname
</pre>
Authentication by NetBIOS name + ACLs. NetBIOS name of 'messenger' service
is obrained before ACL validation. If no name is obtained it's assumed to be
empty. Messenger is started by default in Windows NT/2000/XP. For Win9x
WinPopUP need to be launched. This type of authentication may be spoofed
by privileged local user.
<pre>
auth strong
</pre>
Authentication by username/password. If user is not registered his
access is denied regardless of ACLs.
<p>
Different services can have different authentication levels.
<pre>
auth none
pop3p
auth iponly
proxy
auth strong
socks
</pre>
It's possible to authorize access by client IP address, IP address or requested resource,
target port, time, etc after authentication.
(See <A HREF="#ACL">How to limit resource access</A>).
</p><p>Since 0.6 version double authentication is possible, e.g.
<pre>
auth iponly strong
allow * * 192.168.0.0/16
allow user1,user2
proxy
</pre>
strong authentication will only be used if ACL requires username to deside if
access must be granted. That is, in example, strong username authentication
is not required to access 192.168.0.0/16
</p><p>0.6 version introduces authentication (username) caching to increase
productivity. It's recommended to use authentication caching with resource
or time consuming authentication types, such as nbname or external plugins
(WindowsAuthentication).
Caching can be set with 'authcache' command with 2 parameters: caching type
and caching time (in seconds). Caching type defines the type of cached access:
'ip' - after successful authentication all connections during caching time
from same IP are assigned to the same user, username is not requested.
"ip,user" - username is requested and all connections from the same IP are
assigned to the same user without actual authentication. "user" - same as above,
but IP is not checked. "user,password" - username and password are checked
against cached ones. For authentication special authentication type 'cache'
must be used.
Example:
<pre>
authcache ip 60
auth cache strong windows
proxy -n
</pre>
</p>
Please note, that caching affects security. Never use caching for access to
critical resources, such as web administration.
<li><A NAME="USERS">How to create user list</A>
<p>
Userslist is created with 'users' command.
<pre>
users USERDESC ...
</pre>
With a single command it's possible to define few users, or you
can use few 'users' commands. USERDESC is user description. Description
consists of three semicolon delimited parts - login, password type and
<pre>
users admin:CL:bigsecret test:CL:password test1:CL:password1
users "test2:CR:$1$lFDGlder$pLRb4cU2D7GAT58YQvY49."
users test3:NT:BD7DFBF29A93F93C63CB84790DA00E63
</pre>
Please note the usage of quotation sign: it's required to comment out $ sign
overwise used as a file inclusion macro.
Next password types are available:
<ul>
<li>No password type: use system authentication.
<li>CL - cleartext password
<li>CR - crypt password, only MD5 crypt passwords are supported
<li>NT - NT-hashed (MD4) passwords in hex, as used in pwdump or SAMBA
</ul>
NT and crypt passwords can be used to import accounts from Windows/SAMBA or
Unix. For Windows you can use pwdump family of utilities.
It's convenient to store accounts apart and include account file with $ macro.
Because for included files newlines are treated as a space, it's possible to
use atandard passwd file format:
<pre>
users $/etc/.3proxypasswd
</pre>
or
<pre>
users $"c:\Program Files\3proxy\passwords"
</pre>
It's possible to create NT and crypt passwords with mycrypt utility included
in distribution.
<br>Userlist is system-wide. To manage user access to specific service use ACLs.
</p>
<li><A NAME="ACL">How to limit user access to resources</A>
<p>
Commands allow, deny and flush are used to manage ACLs:
<p><font face="courier">
allow &lt;userlist&gt; &lt;sourcelist&gt; &lt;targetlist&gt; &lt;targetportlist&gt; &lt;commandlist&gt; &lt;weekdaylist&gt; &lt;timeperiodlist&gt;
<br>deny &lt;userlist&gt; &lt;sourcelist&gt; &lt;targetlist&gt; &lt;weekdaylist&gt; &lt;timeperiodlist&gt;
<br>flush
</font>
</p>
'flush' command is used to finish with existing ACL and to start new one.
It's required to have different ACLs for different services.
'allow' is used to allow connection and 'deny' to deny connection. 'allow'
command can be extended by 'parent' command to manage redirections (see <A NAME="REDIR">How to manage redirections</A>)). If ACL
is empty it allow everything. If ACL is not empty, first matching ACL entry
is searched for user request and ACL action (allow or deny) performed. If
no matching record found, connection is denied and user will be asked to
re-authenticate (requested for username/password). To prevent this request
add 'deny *' to the end of list.
<ul>
<li>&lt;userlist&gt; - comma delimited list of users
<li>&lt;sourcelist&gt; - comma delimited list of source (client) networks.
Networks can be defined as single IP address or in CIDR form
xxx.yyy.zzz.mmm/l, where l - is the length of network mask
(a number of non-zero bits). 192.168.1.0/24
means network with 255.255.255.0 mask.
<li>&lt;targetlist&gt; - comma delimited list of target (server) networks.
In 3proxy 0.6 and above it's allowed to use hostnames with wildmasks
in targetlist. Wildmask may only present in the begginning or at the
end of the hostname, e.g.
192.168.0.0/16,www.example.com,*wrongsite.com,*wrongcontent*.
<li>&lt;targetportlist&gt; - comma delimited list of ports. I
It's possible to define port ranges with -, e.g. 80,1024-65535
means port 80 and all unprivileged ports.
<li>&lt;commandlist&gt; - the list of allowed actions
<br> CONNECT - establish outgoing TCP connection. e.g. POP3 or SOCKSv5
<br> BIND - allow incoming TCP connection (SOCKSv5)
<br> UDPASSOC - create UDP association (SOCKSv5)
<br> ICMPASSOC - create ICMP association (not implemented)
<br> HTTP_GET - HTTP GET request (HTTP proxy)
<br> HTTP_PUT - HTTP PUT request (HTTP proxy)
<br> HTTP_POST - HTTP POST request (HTTP proxy)
<br> HTTP_HEAD - HTTP HEAD request (HTTP proxy)
<br> HTTP_CONNECT - HTTP CONNECT, aka HTTPS request (HTTP proxy)
<br> HTTP_OTHER - another HTTP request (HTTP proxy)
<br> HTTP - any HTTP request except HTTP_CONNECT (HTTP proxy)
<br> HTTPS - alias to HTTP_CONNECT (HTTP proxy)
<br> FTP_GET - FTP get request (http, ftp proxy)
<br> FTP_PUT - FTP put request (ftp proxy)
<br> FTP_LIST - FTP list request (http, ftp proxy)
<br> FTP - any FTP request
<br> ADMIN - administration interface access
<p>
<li>&lt;weeksdays&gt; - week days numbers or periods (0 or 7 means Sunday, 1 is Monday, 1-5 means Monday through Friday).
<li>&lt;timeperiodlists&gt; - a list of time periods in HH:MM:SS-HH:MM:SS format. For example,
00:00:00-08:00:00,17:00:00-24:00:00 lists non-working hours.
</ul>
* in ACL means &quot;any&quot;.
Usage examples could be found in 3proxy.cfg.sample.
</p>
<li><A NAME="REDIR">How to manage redirections</A>
<p>
Redirections are usefull to e.g. forward requests from specific clients
to different servers or proxy server. Additionally, redirections are usefull
to convert proxy interface from ont format to another, e.g. requests from
SOCKS proxy can be redirected to parent HTTP proxy, or SOCKSv5 client can be
redirected to SOCKSv4 proxy.
<br>Because 3proxy understand "transparent" web request, it can be used as an
intermediate software between HTTP proxy and NAT server for transparent HTTP
forwarding, because it can convert "Web server" request issued by client to
"proxy request" required by proxy server. A simplest redirection is:
<pre>
auth iponly
allow *
parent 1000 http 192.168.1.1 3128
proxy
</pre>
All trafiic of HTTP proxy is redirected to parent proxy 192.168.1.1 port 3128.
<br>If port number is '0', IP address from 'parent' is used as external address
for this connection (that is like -eIP, but only for connections matching
'allow').
<br>Special case of redirection are local redirections. In this case both IP is
0.0.0.0 and port is 0. It's only usseful with SOCKS service. In this case no
new connection is established, but request is parsed by corresponding local
service. E.g.:
<pre>
auth iponly
allow * * * 80
parent 1000 http 0.0.0.0 0
allow * * * 21
parent 1000 ftp 0.0.0.0 0
allow * * * 110
parent 1000 pop3 0.0.0.0 0
socks
</pre>
In this case all SOCKS traffic with destination port 80 is forwarded to local
'proxy' service, destination port 21 to 'ftppr' and 110 to 'pop3pr'. There is
no need to run these services expicitly. Local redirections are usefull if
you want to see and control via ACLs protocol specific parameters, e.g.
filenames requests thorugh FTP while clients are using SOCKS.
</p>
<li><A NAME="ROUNDROBIN">How to balance traffic between few external channgels?</A>
<p>
Proxy itself doesn't manage network level routing. The only way to control
outgoing channel is to select external interface. It's possible to make
external interface (what is usually selected with 'external' command or
'-e' option) random by using local redirection with external port 0.
<pre>
auth iponly
allow *
parent 500 http 10.1.1.101 0
parent 500 http 10.2.1.102 0
</pre>
Now external interface is randomly selected with 0.5 probability between
10.1.1.101 and 10.2.1.102. To work as expected, different default routes
must between 2 interfaces.
used
<p>
If both interface addresses are in same network, e.g. 10.1.1.101 and 10.1.1.102
and you want to select random gateway between 10.1.1.1 and 10.1.1.2, you must
control it by using routing table, in case there is no default gateway route
for Windows:
<pre>
route add -p 10.1.1.1 10.1.1.101
route add -p 10.1.1.2 10.1.1.102
route add -p 0.0.0.0 mask 0.0.0.0 192.168.1.1
route add -p 0.0.0.0 mask 0.0.0.0 192.168.1.2
</pre>
If you have no second address yet, just add it. Under Linux/Unix it's better
to use source routing.
</p>
<li><A NAME="CHAIN">How to manage proxy chains</A>
<p>
parent command may also be used to build a proxy chains. In this case
few 'parent' commands are used for single 'allow' rule with different
weights (first argument of parent command). Chain may contain any number
of proxy servers, but it should be noted that every hope significantly
reduces productivity. It's possible to mix different types of proxy within
single chain: HTTPS (HTTP connect), SOCKS4, SOCKS5. Weight different from
1000 is used to build random chains. if weight W is below 1000, this proxy
will be used as a next chain hop with probability of W/1000. That is, if
the weight is 250 probability this proxy will be used for the next hope is
25%. 'parent' records with common weight of 1000 establish a group, one of
these record will be used for the hop with probability according to weight.
Warning: each group must have a weight even of 1000. As follows, common
weight of all 'parent' records must also be even of 1000. If common weight
of 'parent' records in te chain is 3000, chain has 3 hops and must be formed
of 3 groups. Example:
<pre>
allow *
parent 500 socks5 192.168.1.1 1080
parent 500 connect 192.168.10.1 3128
</pre>
In this case we have 1 parent proxy (1 hop) which is randomely choosen between
2 hosts: 192.168.1.1 and 192.168.10.1. 2 records form a single group.
<pre>
allow * * * 80
parent 1000 socks5 192.168.10.1 1080
parent 1000 connect 192.168.20.1 3128
parent 300 socks4 192.168.30.1 1080
parent 700 socks5 192.168.40.1 1080
</pre>
In this case we have 3 groups (3 hops in the chain). First hop is 192.168.10.1,
second hop is 192.168.20.1 and 3rd one is either 192.168.30.1 with probability
of 30% or 192.168.40.1 with probability of 70%.
</p>
<li><A NAME="BANDLIM">How to limit bandwidth</A>
<p>
3proxy supports bandwidth filters. To manage filters bandlimin/bandlimout and
nobandlimin/nobandlimout. 'in' means incoming and 'out' - outgoing traffic.
<p><font face="courier">
bandlimin &lt;bitrate&gt; &lt;userlist&gt; &lt;sourcelist&gt; &lt;targetlist&gt; &lt;targetportlist&gt; &lt;commandlist&gt;
<br>nobandlimin &lt;userlist&gt; &lt;sourcelist&gt; &lt;targetlist&gt; &lt;targetportlist&gt; &lt;commandlist&gt;
</font>
</p>
Commands are applied to all services. Imagine bandwidth filters as a series of
pipes. Bitrate is a pipe's width and ACLs controls the flow thorugh this pipe.
<pre>
bandlimin 57600 * 192.168.10.16
bandlimin 57600 * 192.168.10.17
bandlimin 57600 * 192.168.10.18
bandlimin 57600 * 192.168.10.19
</pre>
Create 4 separete pipes for 4 client with emulation of modem connection.
<pre>
bandlimin 57600 * 192.168.10.16/30
</pre>
Create single pipe for all 4 clients. That is 4 clients share modem connection.
In this example:
<pre>
nobandlimin * * * 110
bandlimin 57600 * 192.168.10.16/32
</pre>
mail traffic from POP3 servers bypasses the pipe and has no bandwidth
limitation.
</p>
<li><A NAME="TRAFLIM">How to limit traffic amount</A>
<p>
<p><font face="courier">
counter &lt;filename&gt; &lt;type&gt; &lt;reportpath&gt;
<br>countin &lt;number&gt; &lt;type&gt; &lt;amount&gt; &lt;userlist&gt; &lt;sourcelist&gt; &lt;targetlist&gt; &lt;targetportlist&gt; &lt;commandlist&gt;
<br>nocountin &lt;userlist&gt; &lt;sourcelist&gt; &lt;targetlist&gt; &lt;targetportlist&gt; &lt;commandlist&gt;
<br>countout &lt;number&gt; &lt;type&gt; &lt;amount&gt; &lt;userlist&gt; &lt;sourcelist&gt; &lt;targetlist&gt; &lt;targetportlist&gt; &lt;commandlist&gt;
<br>nocountout &lt;userlist&gt; &lt;sourcelist&gt; &lt;targetlist&gt; &lt;targetportlist&gt; &lt;commandlist&gt;
</font>
</p>
<p>
You can set traffic limit per day (D), week (W), month (M), year (Y) or
absolute ('N'), as specified by 'type' argument of counterin command.
Traffic information is stored in binary file specified by 'filename' argument.
countersutil utility can be used to manage this file.
reportpath specifies location of text reports, type parameter of 'counter'
command controls how often text reports are created. amount is amount of
allowed traffic in Megabytes (MB). nocountin allows you to set exclusions.
</p>
<li><A NAME="NETLIST">How to build network lists</A>
<p>Networks or users lists are often very huge. 3proxy doesn't currently
supports user groups, but ones can be created by the means of include files.
You can store comma-delimited lists of networks or users in the separate
file and use $ macro to insert this list into 3proxy.cfg.
3proxy comes with 'dighosts'
utility. This utility helps to grab the list of the network from HTTP page.
It may be usefull to e.g. obtain a regullary updated list of local networks
from ISP's server. A network list can be either in form of NETWORK MASK,
e.g. 192.168.1.0 255.255.255.0 or NETWORK/LENGTH, e.g. 192.168.1.0/24. You can
launch dighosts from 3proxy.cfg to be executed on every 3proxy startup or
configuration reload:
<pre>
system "dighosts http://provider/network.html local.networks"
allow * * $local.networks
allow *
parent 1000 proxy.provider 3128 *
proxy
flush
</pre>
In this example we obtain list of local networks from provider's page to
local.networks file, allow direct access to these networks and redirect all
connection to external networks to provider's proxy.
</p>
</ul>
<hr>
<li><A NAME="CLIENT">Client configuration</A>
<p>
<hr>
<li><A NAME="ADMIN">Administering and information analisys</A>
<p>
<ul>
<li><A NAME="NEWVERSION">How to obtain latest 3proxy version</A>
<p>
Latest version of 3proxy may be obtained
<A HREF="http://3proxy.ru/">here</A>.
New version may have changes and incompatibilities with previous one in files
format or commands. Please, read CHANGELOG file and another documentation
before installing new version.
</p>
<li><A NAME="NTSERVICE">How to control 3proxy service under Windows NT/2000/XP</A>
<p>
If installed as system service, 3proxy understands Windows service commands
for START, STOP, PAUSE and RESUME. If service is PAUSEd, no new connections
are accepted while older connections are processed. Currently there is no
support for dynamic configuration change, so, you have to restart service
completely if you have changed any configuration.
You can control 3proxy service via "Services" administration ot via "net" command:
<pre>
net start 3proxy
net stop 3proxy
net pause 3proxy
net continue 3proxy
</pre>
</p>
<li><A NAME="ERRORS">Log error codes reference</A>
<p>
<ul>
<li>0 - Operation successfully complited (connection
was closed by one of peers)
<li>1-9 - AUTHENTICATION ERRORS
<li>1 - Access denied by ACL (deny)
<li>2 - Redirection (should not appear)
<li>3 - No ACL found, denied by default
<li>4 - auth=strong and no username in request
<li>5 - auth=strong and no matching username in configuration
<li>6 - User found, wrong password (cleartext)
<li>7 - User found, wrong password (crypt)
<li>8 - User found, wrong password (NT)
<li>9 - Redirection data not found (should not appear)
<li>10 - Traffic limit exceeded
<li>11-19 - CONNECTION ERRORS
<li>11 - failed to create socket()
<li>12 - failed to bind()
<li>13 - failed to connect()
<li>14 - failed to getpeername()
<li>20-29 - COMMON ERRORS
<li>21 - memory allocation failed
<li>30-39 - CONNECT PROXY REDIRECTION ERRORS
<li>31 - failed to request HTTP CONNECT proxy
<li>32 - CONNECT proxy connection timed out or wrong reply
<li>33 - CONNECT proxy fails to establish connection
<li>34 - CONNECT proxy timed out or closed connection
<li>40-49 - SOCKS4 PROXY REDIRECTION ERRORS
<li>50-69 - SOCKS5 PROXY REDIRECTION ERRORS
<li>70-79 PARENT PROXY CONNECTION ERRORS (identical to 1x)
<li>90-99 - established connection errors
<li>90 - socket error or connection broken
<li>91 - TCP/IP common failure
<li>92 - connection timed out
<li>93 - error on reading data from server
<li>94 - error on reading data from client
<li>95 - timeout from bandlimin/bandlimout limitations
<li>96 - error on sending data to client
<li>97 - error on sending data to server
<li>98 - server data limit (should not appear)
<li>99 - client data limit (should not appear)
<li>100 - HOST NOT FOUND
<li>200-299 - UDP portmapper specific bugs
<li>300-399 - TCP portmapper specific bugs
<li>400-499 - SOCKS proxy specific bugs
<li>500-599 - HTTP proxy specific bugs
<li>600-699 - POP3 proxy specific bugs
<li>999 - NOT IMPLEMENTED
</ul>
</p>
</ul>
<hr>
<li><A NAME="QUEST">How To ask quiestion not in How To?</A>
<p>
Ask it in <A HREF="http://3proxy.ru/board4.html">3proxy forum</A>.
Don't try to ask something before reading this document.
</ul>
</ul>
<pre>$Id: howtoe.html,v 1.41 2009/02/02 10:04:49 vlad Exp $</pre>

1031
doc/html/howtor.html Normal file
View File

File diff suppressed because it is too large Load Diff

18
doc/html/index.html Normal file
View File

@ -0,0 +1,18 @@
<html><title>3proxy documentation</title><body><h2>3proxy documentation</h2>
<a href="securityen.html">Security recommendations</a><br>
<a href="howtoe.html">How To (English, very incomplete)</a><br>
<a href="howtor.html">How To (Russian, Windows1251)</a><br>
<a href="faqe.html">FAQ (English)</a><br>
<a href="faqr.html">FAQ (Russian, Windows1251)</a>
<h3>Man pages:</h>
<br><A HREF="man8/3proxy.8.html">3proxy.8</A>
<br><A HREF="man8/ftppr.8.html">ftppr.8</A>
<br><A HREF="man8/icqpr.8.html">icqpr.8</A>
<br><A HREF="man8/pop3p.8.html">pop3p.8</A>
<br><A HREF="man8/proxy.8.html">proxy.8</A>
<br><A HREF="man8/smtpp.8.html">smtpp.8</A>
<br><A HREF="man8/socks.8.html">socks.8</A>
<br><A HREF="man8/tcppm.8.html">tcppm.8</A>
<br><A HREF="man8/udppm.8.html">udppm.8</A>
<br><A HREF="man3/3proxy.cfg.3.html">3proxy.cfg.3</A>
</body></html>

1300
doc/html/man3/3proxy.cfg.3.html Normal file
View File

File diff suppressed because it is too large Load Diff

268
doc/html/man8/3proxy.8.html Normal file
View File

@ -0,0 +1,268 @@
<HTML><HEAD><TITLE>Manpage of 3proxy</TITLE>
</HEAD><BODY>
<H1>3proxy</H1>
Section: Universal proxy server (8)<BR>Updated: July 2009<BR><A HREF="#index">Index</A>
<A HREF="../index.html">Return to Main Contents</A><HR>
<A NAME="lbAB">&nbsp;</A>
<H2>NAME</H2>
<B>3proxy</B>
- 3[APA3A] tiny proxy server, or trivial proxy server, or free proxy
server
<A NAME="lbAC">&nbsp;</A>
<H2>SYNOPSIS</H2>
<B>3proxy</B>
[<I>config_file</I>]
<BR>
<B>3proxy</B>
[<I>--install</I>]
<BR>
<B>3proxy</B>
[<I>--remove</I>]
<A NAME="lbAD">&nbsp;</A>
<H2>DESCRIPTION</H2>
<B>3proxy</B>
is universal proxy server. It can be used to provide internal users wuth
fully controllable access to external resources or to provide external
users with access to internal resources. 3proxy is not developed to replace
<B><A HREF="../man8/squid.8.html">squid</A></B>(8),
but it can extend functionality of existing cashing proxy.
It can be used to route requests between different types of clients and proxy
servers. Think about it as application level
gateway with configuration like hardware router has for network layer.
It can establish multiple
gateways with HTTP and HTTPS proxy with FTP over HTTP support, SOCKS v4,
v4.5 and v5, POP3 proxy, UDP and TCP portmappers. Each gateway is started
from configuration file like independant service
<B><A HREF="../man8/proxy.8.html">proxy</A></B>(8)
<B><A HREF="../man8/socks.8.html">socks</A></B>(8)
<B><A HREF="../man8/pop3p.8.html">pop3p</A></B>(8)
<B><A HREF="../man8/tcppm.8.html">tcppm</A></B>(8)
<B><A HREF="../man8/udppm.8.html">udppm</A></B>(8)
<B><A HREF="../man8/ftppr.8.html">ftppr</A></B>(8)
<B>dnspr</B>
but
<B>3proxy</B>
is not a kind of wrapper or superserver for this daemons. It just has same
code compiled in, but provides much more functionality. SOCKSv5
implementatation allows to use 3proxy with any UDP or TCP based client
applications designed without
proxy support (with
<I>SocksCAP</I>,
<I>FreeCAP</I>
or another client-side redirector under Windows of with socksification library
under Unix). So you can play your favourite games, listen music, exchange
files and messages and even accept incoming connections behind proxy server.
<P>
<I>dnspr</I>
does not exist as independant service. It' DNS caching proxy (it requires
<I>nscache</I>
and
<I>nserver</I>
to be set in configuration. Only A-records are cached. Please note, the
this caching is mostly a 'hack' and has nothing to do with real
DNS server, but it works perfectly for SOHO networks.
<P>
<P>
3proxy supports access control lists (ACL) like network router. Source
and destination networks and destination port can be specified. In addition,
usernames and gateway action (for example GET or POST) can be used in ACLs.
In order to filter request on username basis user must be authenticated somehow. There are few
authentication types including password authentication and authentication by
NetBIOS name for Windows clients (it's very like ident authentication).
Depending on ACL action request can be allowed, denied or redirected to another
host or to another proxy server or even to a chain of proxy servers.
<P>
It supports different types of logging: to logfiles,
<B><A HREF="../man3/syslog.3.html">syslog</A></B>(3)
(only under Unix) or to ODBC database. Logging format is turnable to provide
compatibility with existing log file parsers. It makes it possible to use
3proxy with IIS, ISA, Apache or Squid log parsers.
<A NAME="lbAE">&nbsp;</A>
<H2>OPTIONS</H2>
<DL COMPACT>
<DT><B>config_file</B>
<DD>
Name of config file. See
<B><A HREF="../man3/3proxy.cfg.3.html">3proxy.cfg</A></B>(3)
for configuration file format. Under Windows, if config_file is not specified,
<B>3proxy</B>
looks for file named
<I>3proxy.cfg</I>
in the default location (in same directory with executable file and in current
directory). Under Unix, if no config file is specified, 3proxy reads
configuration from stdin. It makes it possible to use 3proxy.cfg file as
executable script just by setting +x mode and adding
<BR>
#!/usr/local/3proxy/3proxy
<BR>
as a first line in 3proxy.cfg
<DT><B>--install</B>
<DD>
(Windows NT family only) install
<B>3proxy</B>
as a system service
<DT><B>--remove</B>
<DD>
(Windows NT family only) remove
<B>3proxy</B>
from system services
</DL>
<A NAME="lbAF">&nbsp;</A>
<H2>SIGNALS</H2>
Under Unix there are few signals
<B>3proxy</B>
catches. See
<B><A HREF="../man1/kill.1.html">kill</A></B>(1).
<DL COMPACT>
<DT><B>SIGTERM</B>
<DD>
cleanup connections and exit
<DT><B>SIGPAUSE</B>
<DD>
stop to accept new connections, on second signal - start and re-read
configuration
<DT><B>SIGCONT</B>
<DD>
start to accept new conenctions
<DT><B>SIGUSR1</B>
<DD>
reload configuration
</DL>
<P>
Under Windows, if
<B>3proxy</B>
is installed as service you can standard service management to start, stop,
pause and continue 3proxy service, for example:
<BR>
<B>net start 3proxy</B>
<BR>
<B>net stop 3proxy</B>
<BR>
<B>net pause 3proxy</B>
<BR>
<B>net continue 3proxy</B>
<P>
Web admin service can also be used to reload configuration. Use
wget to automate this task.
<A NAME="lbAG">&nbsp;</A>
<H2>FILES</H2>
<DL COMPACT>
<DT><I>/usr/local/3proxy/3proxy.cfg (3proxy.cfg)</I>
<DD>
<B>3proxy</B>
configuration file
</DL>
<A NAME="lbAH">&nbsp;</A>
<H2>BUGS</H2>
Report all bugs to
<B><A HREF="mailto:3proxy@security.nnov.ru">3proxy@security.nnov.ru</A></B>
<A NAME="lbAI">&nbsp;</A>
<H2>SEE ALSO</H2>
<A HREF="../man3/3proxy.cfg.3.html">3proxy.cfg</A>(3), <A HREF="../man8/proxy.8.html">proxy</A>(8), <A HREF="../man8/ftppr.8.html">ftppr</A>(8), <A HREF="../man8/socks.8.html">socks</A>(8), <A HREF="../man8/pop3p.8.html">pop3p</A>(8), <A HREF="../man8/tcppm.8.html">tcppm</A>(8), <A HREF="../man8/udppm.8.html">udppm</A>(8),
<A HREF="../man1/kill.1.html">kill</A>(1), <A HREF="../man8/syslogd.8.html">syslogd</A>(8),
<BR>
<A HREF="http://3proxy.ru/">http://3proxy.ru/</A>
<A NAME="lbAJ">&nbsp;</A>
<H2>TRIVIA</H2>
3APA3A is pronounced as ``zaraza''.
<A NAME="lbAK">&nbsp;</A>
<H2>AUTHORS</H2>
3proxy is designed by 3APA3A
(<I><A HREF="mailto:3APA3A@security.nnov.ru">3APA3A@security.nnov.ru</A></I>),
Vladimir Dubrovin
(<I><A HREF="mailto:vlad@sandy.ru">vlad@sandy.ru</A></I>)
<P>
<HR>
<A NAME="index">&nbsp;</A><H2>Index</H2>
<DL>
<DT><A HREF="#lbAB">NAME</A><DD>
<DT><A HREF="#lbAC">SYNOPSIS</A><DD>
<DT><A HREF="#lbAD">DESCRIPTION</A><DD>
<DT><A HREF="#lbAE">OPTIONS</A><DD>
<DT><A HREF="#lbAF">SIGNALS</A><DD>
<DT><A HREF="#lbAG">FILES</A><DD>
<DT><A HREF="#lbAH">BUGS</A><DD>
<DT><A HREF="#lbAI">SEE ALSO</A><DD>
<DT><A HREF="#lbAJ">TRIVIA</A><DD>
<DT><A HREF="#lbAK">AUTHORS</A><DD>
</DL>
<HR>
This document was created by
using the manual pages.<BR>
Time: 21:23:55 GMT, April 07, 2014
</BODY>
</HTML>

693
doc/html/man8/3proxy.conf.3.html Normal file
View File

@ -0,0 +1,693 @@
<HTML><HEAD><TITLE>Manpage of 3proxy.conf</TITLE>
</HEAD><BODY>
<H1>3proxy.conf</H1>
Section: Universal proxy server (5)<BR>Updated: December 2004<BR><A HREF="#index">Index</A>
<A HREF="../index.html">Return to Main Contents</A><HR>
<A NAME="lbAB">&nbsp;</A>
<H2>NAME</H2>
<B>3proxy.conf</B>
- 3proxy configuration file
<A NAME="lbAC">&nbsp;</A>
<H2>DESCRIPTION</H2>
Common structure:
Configuration file is a text file 3proxy reads configuration from. Each line
of the file is command and is executed immediately, as it was given from
console. Each line of the file is treated as a blank (space or tab) separated
command line. Additional space characters are ignored.
Think about 3proxy as &quot;application level router&quot; with console interface.
Comments:
Any string beginning with space character or '#' character is comment. It's
ignored. &lt;LF&gt;s are ignored. &lt;CR&gt; is end of command.
Quotation:
Quotation character is spaces or another special characters. To use quotation character inside
quotation character must be dubbed (BASIC convention). For example to use
HELLO Good practice is to quote any argument you use.
File inclusion:
You can include file by using $FILENAME macro (replace FILENAME with a path
to file, for example $/usr/local/etc/3proxy/conf.incl or
<BR>&nbsp;$&quot;c:\Program&nbsp;Files\3proxy\include.cfg&quot;&nbsp;Quotation&nbsp;is
required in last example because path contains space character.
For included file &lt;CR&gt; (end of line characters) is treated as space character
(arguments delimiter instead of end of command delimiter).
Thus, include files are only useful to store long signle-line commands
(like userlist, network lists, etc).
To use dollar sign somewhere in argument it must be quoted.
Recursion is not allowed.
Commands:
<B>proxy</B>
[options]
<BR>
<B>socks</B>
[options]
<BR>
<B>pop3p</B>
[options]
<BR>
<B>ftppr</B>
[options]
<BR>
<B>admin</B>
[options]
<BR>
<B>dnspr</B>
[options]
<BR>
<B>tcppm</B>
[options]
&lt;SRCPORT&gt; &lt;DSTADDR&gt; &lt;DSTPORT&gt;
<BR>
<B>udppm</B>
[options]
&lt;SRCPORT&gt; &lt;DSTADDR&gt; &lt;DSTPORT&gt;
starts gateway services
<B>proxy</B>
- HTTP/HTTPS proxy (default port 3128)
<BR>
<B>socks</B>
- SOCKS 4/4.5/5 proxy (default port 1080)
<BR>
<B>pop3p</B>
- POP3 proxy (default port 110)
<BR>
<B>ftppr</B>
- FTP proxy (default port 21)
<BR>
<B>admin</B>
- Web interface (default port 80)
<BR>
<B>dnspr</B>
- caching DNS proxy (default port 53)
<BR>
<B>tcppm</B>
- TCP portmapper
<BR>
<B>udppm</B>
- UDP portmapper
Options:
<BR>
<B>-pNUMBER</B>
change default server port to NUMBER
<BR>
<B>-n</B>
disable NTLM authentication (required if passwords are stored in Unix crypt format.
<BR>
Also, all options mentioned for
<B><A HREF="../man8/proxy.8.html">proxy</A></B>(8)
<B><A HREF="../man8/socks.8.html">socks</A></B>(8)
<B><A HREF="../man8/pop3p.8.html">pop3p</A></B>(8)
<B><A HREF="../man8/tcppm.8.html">tcppm</A></B>(8)
<B><A HREF="../man8/udppm.8.html">udppm</A></B>(8)
<B><A HREF="../man8/ftppr.8.html">ftppr</A></B>(8)
are also supported.
Portmapping services listen at SRCPORT and connect to DSTADDR:DSTPORT
HTTP and SOCKS proxies are standard.
POP3 proxy must be configured as POP3 server and requires username in the form of:
<A HREF="mailto:pop3username@pop3server">pop3username@pop3server</A>. If POP3 proxy access must be authenticated, you can
specify username as proxy_username:proxy_password:<A HREF="mailto:POP3_username@pop3server">POP3_username@pop3server</A>
DNS proxy is only capable to resolve hostnames (no MX, PTR, SRV, etc) and
requires nserver/nscache to be configured.
FTP proxy can be used as FTP server in any FTP client or configured as FTP
proxy on a client with FTP proxy support. Username format is one of
<BR>&nbsp;<A HREF="mailto:FTPuser@FTPServer">FTPuser@FTPServer</A>
<BR>&nbsp;FTPuser:<A HREF="mailto:FTPpassword@FTPserver">FTPpassword@FTPserver</A>
<BR>&nbsp;proxyuser:proxypassword:FTPuser:<A HREF="mailto:FTPpassword@FTPserver">FTPpassword@FTPserver</A>
<BR>
Please note, if you use FTP client interface for FTP proxy
do not add FTPpassword and FTPServer to username, because
FTP client does it for you. That is, if you use 3proxy with
authentication use
proxyuser:proxypassword:FTPuser
as FTP username, otherwise do not change original FTP user name<TT>&nbsp;</TT><BR>
<B>config</B>
&lt;path&gt;
<BR>
Path to configuration file to use on 3proxy restart or to save configuration.
<B>writable</B>
<BR>
ReOpens configuration file for write access via Web interface,
and re-reads it. Usually should be first command on config file
but in combination with &quot;config&quot; it can be used anywhere to open
alternate config file. Think twice before using it.
<B>end</B>
<BR>
End of configuration
<B>log</B>
[[@|&amp;]logfile] [&lt;LOGTYPE&gt;]
<BR>
sets logfile for all gateways
<BR>&nbsp;@&nbsp;-&nbsp;(for&nbsp;Unix)&nbsp;use&nbsp;syslog,&nbsp;filename&nbsp;is&nbsp;used&nbsp;as&nbsp;ident&nbsp;name
<BR>&nbsp;&amp;&nbsp;-&nbsp;use&nbsp;ODBC,&nbsp;filename&nbsp;consists&nbsp;of&nbsp;comma-delimited&nbsp;datasource,username,password&nbsp;(username&nbsp;and&nbsp;password&nbsp;are&nbsp;optional)
<BR>&nbsp;LOGTYPE&nbsp;is&nbsp;one&nbsp;of:
<BR>&nbsp;&nbsp;M&nbsp;-&nbsp;Monthly
<BR>&nbsp;&nbsp;W&nbsp;-&nbsp;Weekly&nbsp;(starting&nbsp;from&nbsp;Sunday)
<BR>&nbsp;&nbsp;D&nbsp;-&nbsp;Daily
<BR>&nbsp;&nbsp;H&nbsp;-&nbsp;Hourly
if logfile is not specified logging goes to stdout. You can specify individual logging options for gateway by using
-l option in gateway configuration.
<B>rotate</B>
&lt;n&gt;
how many archived log files to keep
<B>logformat</B>
&lt;format&gt;
Format for log record. First symbol in format must be L (local time)
or G (absolute Grinwitch time).
It can be preceeded with -XXX+Y where XXX is list of characters to be
filtered in user input (any non-printable characters are filtered too
in this case) and Y is replacement character. For example, &quot;-,%+ L&quot; in
the beginning of logformat means comma and percent are replaced
with space and all time based elemnts are in local time zone.
You can use:
<BR>&nbsp;%y&nbsp;-&nbsp;Year&nbsp;in&nbsp;2&nbsp;digit&nbsp;format
<BR>&nbsp;%Y&nbsp;-&nbsp;Year&nbsp;in&nbsp;4&nbsp;digit&nbsp;format
<BR>&nbsp;%m&nbsp;-&nbsp;Month&nbsp;number
<BR>&nbsp;%o&nbsp;-&nbsp;Month&nbsp;abbriviature
<BR>&nbsp;%d&nbsp;-&nbsp;Day
<BR>&nbsp;%H&nbsp;-&nbsp;Hour
<BR>&nbsp;%M&nbsp;-&nbsp;Minute
<BR>&nbsp;%S&nbsp;-&nbsp;Second
<BR>&nbsp;%t&nbsp;-&nbsp;Timstamp&nbsp;(in&nbsp;seconds&nbsp;since&nbsp;01-Jan-1970)
<BR>&nbsp;%.&nbsp;-&nbsp;milliseconds
<BR>&nbsp;%z&nbsp;-&nbsp;timeZone&nbsp;(from&nbsp;Grinvitch)
<BR>&nbsp;%D&nbsp;-&nbsp;request&nbsp;duration&nbsp;(in&nbsp;milliseconds)
<BR>&nbsp;%b&nbsp;-&nbsp;average&nbsp;send&nbsp;rate&nbsp;per&nbsp;request&nbsp;(in&nbsp;Bytes&nbsp;per&nbsp;second)&nbsp;this&nbsp;speed&nbsp;is&nbsp;typically&nbsp;below&nbsp;connection&nbsp;speed&nbsp;shown&nbsp;by&nbsp;download&nbsp;manager.
<BR>&nbsp;%B&nbsp;-&nbsp;average&nbsp;receive&nbsp;rate&nbsp;per&nbsp;request&nbsp;(in&nbsp;Bytes&nbsp;per&nbsp;second)&nbsp;this&nbsp;speed&nbsp;is&nbsp;typically&nbsp;below&nbsp;connection&nbsp;speed&nbsp;shown&nbsp;by&nbsp;download&nbsp;manager.
<BR>&nbsp;%U&nbsp;-&nbsp;Username
<BR>&nbsp;%N&nbsp;-&nbsp;service&nbsp;Name
<BR>&nbsp;%p&nbsp;-&nbsp;service&nbsp;Port
<BR>&nbsp;%E&nbsp;-&nbsp;Error&nbsp;code
<BR>&nbsp;%C&nbsp;-&nbsp;Client&nbsp;IP
<BR>&nbsp;%c&nbsp;-&nbsp;Client&nbsp;port
<BR>&nbsp;%R&nbsp;-&nbsp;Remote&nbsp;IP
<BR>&nbsp;%r&nbsp;-&nbsp;Remote&nbsp;port
<BR>&nbsp;%n&nbsp;-&nbsp;requested&nbsp;hostname
<BR>&nbsp;%I&nbsp;-&nbsp;bytes&nbsp;In
<BR>&nbsp;%O&nbsp;-&nbsp;bytes&nbsp;Out
<BR>&nbsp;%h&nbsp;-&nbsp;Hops&nbsp;(redirections)&nbsp;count
<BR>&nbsp;%T&nbsp;-&nbsp;service&nbsp;specific&nbsp;Text
<BR>&nbsp;%N1-N2T&nbsp;-&nbsp;(N1&nbsp;and&nbsp;N2&nbsp;are&nbsp;positive&nbsp;numbers)&nbsp;-&nbsp;log&nbsp;only&nbsp;fields&nbsp;from&nbsp;N1&nbsp;thorugh&nbsp;N2&nbsp;of&nbsp;service&nbsp;specific&nbsp;text
in case of ODBC logging logformat specifies SQL statement, for exmample:
<BR>&nbsp;&nbsp;&nbsp;logformat&nbsp;&quot;-'+_Linsert&nbsp;into&nbsp;log&nbsp;(l_date,&nbsp;l_user,&nbsp;l_service,&nbsp;l_in,&nbsp;l_out,&nbsp;l_descr)&nbsp;values&nbsp;('%d-%m-%Y&nbsp;%H:%M:%S',&nbsp;'%U',&nbsp;'%N',&nbsp;%I,&nbsp;%O,&nbsp;'%T')&quot;
<B>archiver</B>
&lt;ext&gt; &lt;commandline&gt;
<BR>
Archiver to use for log files. &lt;ext&gt; is file extension produced by
archiver. Filename will be last argument to archiver, optionally you
can use %A as produced archive name and %F as filename.
<B>timeouts</B>
&lt;BYTE_SHORT&gt; &lt;BYTE_LONG&gt; &lt;STRING_SHORT&gt; &lt;STRING_LONG&gt; &lt;CONNECTION_SHORT&gt; &lt;CONNECTION_LONG&gt; &lt;DNS&gt; &lt;CHAIN&gt;
Sets timeout values
<BR>&nbsp;BYTE_SHORT&nbsp;-&nbsp;short&nbsp;timeout&nbsp;for&nbsp;single&nbsp;byte,&nbsp;is&nbsp;usually&nbsp;used&nbsp;for&nbsp;receiving&nbsp;single&nbsp;byte&nbsp;from&nbsp;stream.
<BR>&nbsp;BYTE_LONG&nbsp;-&nbsp;long&nbsp;timeout&nbsp;for&nbsp;single&nbsp;byte,&nbsp;is&nbsp;usually&nbsp;used&nbsp;for&nbsp;receiving&nbsp;first&nbsp;byte&nbsp;in&nbsp;frame&nbsp;(for&nbsp;example&nbsp;first&nbsp;byte&nbsp;in&nbsp;socks&nbsp;request).
<BR>&nbsp;STRING_SHORT&nbsp;-&nbsp;short&nbsp;timeout,&nbsp;for&nbsp;character&nbsp;string&nbsp;within&nbsp;stream&nbsp;(for&nbsp;example&nbsp;to&nbsp;wait&nbsp;between&nbsp;2&nbsp;HTTP&nbsp;headers)
<BR>&nbsp;STRING_LONG&nbsp;-&nbsp;long&nbsp;timeout,&nbsp;for&nbsp;first&nbsp;string&nbsp;in&nbsp;stream&nbsp;(for&nbsp;example&nbsp;to&nbsp;wait&nbsp;for&nbsp;HTTP&nbsp;request).
<BR>&nbsp;CONNECTION_SHORT&nbsp;-&nbsp;inactivity&nbsp;timeout&nbsp;for&nbsp;short&nbsp;connections&nbsp;(HTTP,&nbsp;POP3,&nbsp;etc).
<BR>&nbsp;CONNECTION_LONG&nbsp;-&nbsp;inactivity&nbsp;timeout&nbsp;for&nbsp;long&nbsp;connection&nbsp;(SOCKS,&nbsp;portmappers,&nbsp;etc).
<BR>&nbsp;DNS&nbsp;-&nbsp;timeout&nbsp;for&nbsp;DNS&nbsp;request&nbsp;before&nbsp;requesting&nbsp;next&nbsp;server
<BR>&nbsp;CHAIN&nbsp;-&nbsp;timeout&nbsp;for&nbsp;reading&nbsp;data&nbsp;from&nbsp;chained&nbsp;connection
<B>nserver</B>
<BR>&nbsp;&lt;ipaddr&gt;
<BR>
Nameserver to use for name resolutions. If none spcified system
or name server fails system routines for name resolution will be
used. It's better to specify nserver because gethostbyname() may
be thread unsafe.
<B>nscache</B>
&lt;cachesize&gt;
<BR>
Cache &lt;cachesize&gt; records for name resolution. Cachesize usually
should be large enougth (for example 65536).
<B>nsrecord</B>
&lt;hostname&gt; &lt;hostaddr&gt;
<B></B>
Adds static record to nscache. nscache must be enabled. If 0.0.0.0
is used as a hostaddr host will never resolve, it can be used to
blacklist something or together with
<B>dialer</B>
command to set up UDL for dialing.
<B>dialer</B>
&lt;progname&gt;
<BR>
Execute progname if external name can't be resolved.
Hint: if you use nscache, dialer may not work, because names will
be resolved through cache. In this case you can use something like
<A HREF="http://dial.right.now/">http://dial.right.now/</A> from browser to set up connection.
<B>internal</B>
&lt;ipaddr&gt;
<BR>
sets ip address of internal interface. This IP address will be used
to bind gateways. Alternatively you can use -i option for individual
gateways
<B>external</B>
&lt;ipaddr&gt;
<BR>
sets ip address of external interface. This IP address will be source
address for all connections made by proxy. Alternatively you can use
-e option to specify individual address for gateway.
<BR>&nbsp;&nbsp;&nbsp;
<B>maxconn</B>
&lt;number&gt;
<BR>
sets maximum number of simulationeous connections to each services
started after this command. Default is 100.
<B>service</B>
<BR>
(depricated) Should be specified to launch as Windows 95/98/NT/2000/XP service,
no effect for Unix. Is not reqired since 0.6, but you must re-install 3proxy
service with --remove and --install.
<B>daemon</B>
<BR>
Should be specified to close console (not required for 'service').
At least under FreeBSD 'daemon' should preceed any proxy service
and log commands to avoid sockets problem. Always place it in the beginning
of the configuration file.
<B>auth</B>
<BR>
Type of user authorization. Currently supported:
<BR>&nbsp;none&nbsp;-&nbsp;no&nbsp;authorization&nbsp;required.&nbsp;Note:&nbsp;is&nbsp;auth&nbsp;is&nbsp;none&nbsp;any&nbsp;ip&nbsp;based&nbsp;limitation,&nbsp;redirection,&nbsp;etc&nbsp;will&nbsp;not&nbsp;work.&nbsp;
<BR>&nbsp;iponly&nbsp;-&nbsp;authorization&nbsp;by&nbsp;source/destination&nbsp;IP&nbsp;and&nbsp;ports.&nbsp;Appropriate&nbsp;for&nbsp;most&nbsp;cases
<BR>&nbsp;nbname&nbsp;-&nbsp;iponly&nbsp;+&nbsp;authorization&nbsp;by&nbsp;NetBIOS&nbsp;name.&nbsp;Messanger
service should be started on user's machine. Note, that
Windows 95/98 hosts do not have messanger service by default,
WinPopup program need to be started.
NB: there is no any password check, name may be spoofed.
Think about it as about ident for Windows.
<BR>&nbsp;Q:&nbsp;Will&nbsp;ident&nbsp;authorization&nbsp;be&nbsp;implemented?
<BR>&nbsp;A:&nbsp;Yes,&nbsp;as&nbsp;soon&nbsp;as&nbsp;it&nbsp;will&nbsp;be&nbsp;required&nbsp;by&nbsp;someone.
<BR>&nbsp;strong&nbsp;-&nbsp;username/password&nbsp;authentication&nbsp;required.&nbsp;It&nbsp;will&nbsp;work&nbsp;with&nbsp;SOCKSv5,&nbsp;FTP,&nbsp;POP3&nbsp;and&nbsp;HTTP&nbsp;proxy.
<B>allow</B>
&lt;userlist&gt; &lt;sourcelist&gt; &lt;targetlist&gt; &lt;targetportlist&gt; &lt;operationlist&gt;
&lt;weekdayslist&gt; &lt;timeperiodslist&gt;
<BR>
<B>deny</B>
&lt;userlist&gt; &lt;sourcelist&gt; &lt;targetlist&gt; &lt;targetportlist&gt; &lt;operationlist&gt;
&lt;weekdayslist&gt; &lt;timeperiodslist&gt;
<BR>
Access control entries. All lists are comma-separated, no spaces are
allowed. Usernames are case sensitive (if used with authtype nbname
username must be in uppercase). Source and target lists may contain
IP addresses (W.X.Y.Z) or CIDRs (W.X.Y.Z/L). Targetportlist may
contain ports (X) or port lists (X-Y).<TT>&nbsp;&nbsp;</TT>For any field * sign means &quot;ANY&quot;<BR>
If access list is empty it's assumed to be
<BR>&nbsp;allow&nbsp;*
If access list is not empty last item in access list is assumed to be
<BR>&nbsp;deny&nbsp;*
You may want explicitly add &quot;deny *&quot; into the end of access list to prevent
HTTP proxy from requesting user's password.
Access lists are checked after user have requested any resource.
If you want 3proxy to reject connections from specific addresses
immediately without any conditions you should either bind proxy
to appropriate interface only or to use ip filters.
Operation is one of:
<BR>&nbsp;CONNECT<TT>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</TT>-&nbsp;establish&nbsp;outgoing&nbsp;TCP&nbsp;connection<BR>
<BR>&nbsp;BIND&nbsp;-&nbsp;bind&nbsp;TCP&nbsp;port&nbsp;for&nbsp;listening
<BR>&nbsp;UDPASSOC&nbsp;-&nbsp;make&nbsp;UDP&nbsp;association
<BR>&nbsp;ICMPASSOC&nbsp;-&nbsp;make&nbsp;ICMP&nbsp;association&nbsp;(for&nbsp;future&nbsp;use)
<BR>&nbsp;HTTP_GET&nbsp;-&nbsp;HTTP&nbsp;GET&nbsp;request
<BR>&nbsp;HTTP_PUT&nbsp;-&nbsp;HTTP&nbsp;PUT&nbsp;request
<BR>&nbsp;HTTP_POST&nbsp;-&nbsp;HTTP&nbsp;POST&nbsp;request
<BR>&nbsp;HTTP_HEAD&nbsp;-&nbsp;HTTP&nbsp;HEAD&nbsp;request
<BR>&nbsp;HTTP_CONNECT&nbsp;-&nbsp;HTTP&nbsp;CONNECT&nbsp;request
<BR>&nbsp;HTTP_OTHER&nbsp;-&nbsp;over&nbsp;HTTP&nbsp;request
<BR>&nbsp;HTTP&nbsp;-&nbsp;matches&nbsp;any&nbsp;HTTP&nbsp;request&nbsp;except&nbsp;HTTP_CONNECT
<BR>&nbsp;HTTPS&nbsp;-&nbsp;same&nbsp;as&nbsp;HTTP_CONNECT
<BR>&nbsp;FTP_GET&nbsp;-&nbsp;FTP&nbsp;get&nbsp;request
<BR>&nbsp;FTP_PUT&nbsp;-&nbsp;FTP&nbsp;put&nbsp;request
<BR>&nbsp;FTP_LIST&nbsp;-&nbsp;FTP&nbsp;list&nbsp;request
<BR>&nbsp;FTP&nbsp;-&nbsp;matches&nbsp;any&nbsp;FTP&nbsp;request
Weeksdays are week days numbers or periods (0 or 7 means Sunday, 1 is Monday,
1-5 means Monday through Friday). Timeperiodlists is a list of time
periods in HH:MM:SS-HH:MM:SS format. For example,
<BR>&nbsp;00:00:00-08:00:00,17:00:00-24:00:00
lists non-working hours.
<TT>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</TT><BR>
<B>parent</B>
&lt;weight&gt; &lt;type&gt; &lt;ip&gt; &lt;port&gt; &lt;username&gt; &lt;password&gt;
<BR>
this command may follow &quot;allow&quot; rule. It extends last allow rule to
build proxy chain. Proxy may be grouped. Proxy inside the
group is selected randomely. If few groups are specified one proxy
is randomely picked from each group and chain of proxies is created
(that is second proxy connected through first one and so on).
Weight is used to group proxies. Weigt is a number between 1 and 1000.
Weights are summed and proxies are grouped together untill weight of
group is 1000. That is:
<BR>&nbsp;allow&nbsp;*
<BR>&nbsp;parent&nbsp;500&nbsp;socks5&nbsp;192.168.10.1&nbsp;1080
<BR>&nbsp;parent&nbsp;500&nbsp;connect&nbsp;192.168.10.1&nbsp;3128
makes 3proxy to randomely choose between 2 proxies for all outgoing
connections
<BR>&nbsp;allow&nbsp;*&nbsp;*&nbsp;*&nbsp;80
<BR>&nbsp;parent&nbsp;1000&nbsp;socks5&nbsp;192.168.10.1&nbsp;1080
<BR>&nbsp;parent&nbsp;1000&nbsp;connect&nbsp;192.168.20.1&nbsp;3128
<BR>&nbsp;parent&nbsp;300&nbsp;socks4&nbsp;192.168.30.1&nbsp;1080
<BR>&nbsp;parent&nbsp;700&nbsp;socks5&nbsp;192.168.40.1&nbsp;1080
creates chain of 3 proxies: 192.168.10.1, 192.168.20.1 and third
is (192.168.30.1 with probability of 0.3 or 192.168.40.1
with probability of 0.7) for outgoing web connections.
type is one of:
<BR>&nbsp;tcp&nbsp;-&nbsp;simply&nbsp;redirect&nbsp;connection.&nbsp;TCP&nbsp;is&nbsp;always&nbsp;last&nbsp;in&nbsp;chain.
<BR>&nbsp;http&nbsp;-&nbsp;redirect&nbsp;to&nbsp;HTTP&nbsp;proxy.&nbsp;HTTP&nbsp;is&nbsp;always&nbsp;last&nbsp;chain.
<BR>&nbsp;pop3&nbsp;-&nbsp;redirect&nbsp;to&nbsp;POP3&nbsp;proxy&nbsp;(only&nbsp;local&nbsp;redirection&nbsp;is&nbsp;supported,&nbsp;can&nbsp;not&nbsp;be
used for chaining)
<BR>&nbsp;ftp&nbsp;-&nbsp;redirect&nbsp;to&nbsp;FTP&nbsp;proxy&nbsp;(only&nbsp;local&nbsp;redirection&nbsp;is&nbsp;supported,&nbsp;can&nbsp;not&nbsp;be
used for chaining)
<BR>&nbsp;connect&nbsp;-&nbsp;parent&nbsp;is&nbsp;HTTP&nbsp;CONNECT&nbsp;method&nbsp;proxy
<BR>&nbsp;socks4&nbsp;-&nbsp;parent&nbsp;is&nbsp;SOCKSv4&nbsp;proxy
<BR>&nbsp;socks5&nbsp;-&nbsp;parent&nbsp;is&nbsp;SOCKSv5&nbsp;proxy
IP and port are ip addres and port of parent proxy server.
If IP is zero, ip is taken from original request, only port is changed.
If port is zero, it's taken from original request, only IP is changed.
If both IP and port are zero - it's a special case of local redirection,
it works only with
socks
proxy. In case of local redirection request is redirected to different service,
<B>ftppr</B>
<B>pop3p</B>
<B>proxy .</B>
Main purpose of local redirections is to have requested resource
(URL or POP3 username) logged and protocol-specific filters to be applied.
In case of local redirection ACLs are revied twice: first, by SOCKS proxy up to
redirected (HTTP, FTP or POP3) after 'parent' command. It means,
additional 'allow' command is required for redirected requests, for
example:
<BR>&nbsp;allow&nbsp;*&nbsp;*&nbsp;*&nbsp;80
<BR>&nbsp;parent&nbsp;1000&nbsp;http&nbsp;0.0.0.0&nbsp;0
<BR>&nbsp;allow&nbsp;*&nbsp;*&nbsp;*&nbsp;80&nbsp;HTTP_GET,HTTP_POST
<BR>&nbsp;socks
redirects all SOCKS requests with target port 80 to local HTTP proxy,
local HTTP proxy parses requests and allows only GET and POST requests.
Optional username and password are used to authenticate on parent
proxy. Username of '*' means username must be supplied by user.
<B>bandlimin</B>
&lt;rate&gt; &lt;userlist&gt; &lt;sourcelist&gt; &lt;targetlist&gt; &lt;targetportlist&gt; &lt;operationlist&gt;
<BR>
<B>nobandlimin</B>
&lt;userlist&gt; &lt;sourcelist&gt; &lt;targetlist&gt; &lt;targetportlist&gt; &lt;operationlist&gt;
<BR>
bandlim sets bandwith limitation filter to &lt;rate&gt; bps (bits per second)
(if you want to specife bytes per second - multiply your value to 8).
bandlim rules act in a same manner as allow/deny rules except
one thing: bandwidth limiting is applied to all services, not to some
specific service.
bandlimin and nobandlimin applies to incoming traffic
bandlimout and nobandlimout applies to outgoing traffic
If tou want to ratelimit your clients with ip's 192.168.10.16/30 (4
addresses) to 57600 bps you have to specify 4 rules like
<BR>&nbsp;bandlimin&nbsp;57600&nbsp;*&nbsp;192.168.10.16
<BR>&nbsp;bandlimin&nbsp;57600&nbsp;*&nbsp;192.168.10.17
<BR>&nbsp;bandlimin&nbsp;57600&nbsp;*&nbsp;192.168.10.18
<BR>&nbsp;bandlimin&nbsp;57600&nbsp;*&nbsp;192.168.10.19
and every of you clients will have 56K channel.<TT>&nbsp;</TT>if you specify<BR>
<BR>&nbsp;bandlimin&nbsp;57600&nbsp;*&nbsp;192.168.10.16/30
you will have 56K channel shared between all clients.
if you want, for example, to limit all speed ecept access to POP3 you can use
<BR>&nbsp;nobandlimin&nbsp;*&nbsp;*&nbsp;*&nbsp;110
before the rest of bandlim rules.
<B>counter</B>
&lt;filename&gt; &lt;reporttype&gt; &lt;repotname&gt;
<BR>
<B>countin</B>
&lt;number&gt; &lt;type&gt; &lt;limit&gt; &lt;userlist&gt; &lt;sourcelist&gt; &lt;targetlist&gt; &lt;targetportlist&gt; &lt;operationlist&gt;
<BR>
<B>nocountin</B>
&lt;userlist&gt; &lt;sourcelist&gt; &lt;targetlist&gt; &lt;targetportlist&gt; &lt;operationlist&gt;
<BR>
counter, countin, nocountin commands are used to set traffic limit
in MB for period of time (day, week or month). Filename is a path
to a special file where traffic information is permanently stored.
number is sequential number of record in this file. If number is 0
no traffic information on this counter is saved in file (that is
if proxy restarted all information is loosed) overwise it should be
unique sequential number.
Type specifies a type of counter. Type is one of:
<BR>&nbsp;D&nbsp;-&nbsp;counter&nbsp;is&nbsp;resetted&nbsp;daily
<BR>&nbsp;W&nbsp;-&nbsp;counter&nbsp;is&nbsp;resetted&nbsp;weekly
<BR>&nbsp;M&nbsp;-&nbsp;counter&nbsp;is&nbsp;resetted&nbsp;monthely
reporttype/repotname may be used to generate traffic reports.
Reporttype is one of D,W,M,H(hourly) and repotname specifies filename
template for reports. Report is text file with counter values in
format:
<BR>&nbsp;&lt;COUNTERNUMBER&gt;&nbsp;&lt;TRAF*4GB&gt;&nbsp;&lt;TRAF&gt;
The rest of parameters is identical to bandlim/nobandlim.
<B>users</B>
username[:pwtype:password] ...
<BR>
pwtype is one of:
<BR>&nbsp;none&nbsp;(empty)&nbsp;-&nbsp;use&nbsp;system&nbsp;authentication
<BR>&nbsp;CL&nbsp;-&nbsp;password&nbsp;is&nbsp;cleartext
<BR>&nbsp;CR&nbsp;-&nbsp;password&nbsp;is&nbsp;crypt-style&nbsp;password
<BR>&nbsp;NT&nbsp;-&nbsp;password&nbsp;is&nbsp;NT&nbsp;password&nbsp;(in&nbsp;hex)
example:
<BR>&nbsp;users&nbsp;test1:CL:password1&nbsp;&quot;test2:CR:$1$lFDGlder$pLRb4cU2D7GAT58YQvY49.&quot;
<BR>&nbsp;users&nbsp;test3:NT:BD7DFBF29A93F93C63CB84790DA00E63
<BR>
(note: double quotes are requiered because password contains $ sign).<TT>&nbsp;&nbsp;</TT><BR>
<B>flush</B>
<BR>
empty active access list. Access list must be flushed avery time you creating
new access list for new service. For example:
<BR>&nbsp;allow&nbsp;*
<BR>&nbsp;pop3p
<BR>&nbsp;flush
<BR>&nbsp;allow&nbsp;*&nbsp;192.168.1.0/24
<BR>&nbsp;socks
sets different ACLs for
<B>pop3p</B>
and
<B>socks</B>
<B>system</B>
<BR>
execute system command
<B>pidfile</B>
&lt;filename&gt;
<BR>
write pid of current process to file. It can be used to manipulate
3proxy with signals under Unix. Currently next signals are available:
<B>setuid</B>
&lt;uid&gt;
<BR>
calls setuid(uid), uid must be numeric. Unix only.
<B>setgid</B>
&lt;gid&gt;
<BR>
calls setgid(gid), gid must be numeric. Unix only.
<B>chroot</B>
&lt;path&gt;
<BR>
calls chroot(path). Unix only.
<A NAME="lbAD">&nbsp;</A>
<H2>SEE ALSO</H2>
<A HREF="../man8/3proxy.8.html">3proxy</A>(8), <A HREF="../man8/proxy.8.html">proxy</A>(8), <A HREF="../man8/ftppr.8.html">ftppr</A>(8), <A HREF="../man8/socks.8.html">socks</A>(8), <A HREF="../man8/pop3p.8.html">pop3p</A>(8), <A HREF="../man8/tcppm.8.html">tcppm</A>(8), <A HREF="../man8/udppm.8.html">udppm</A>(8), <A HREF="../man8/syslogd.8.html">syslogd</A>(8),
<BR>
<A HREF="http://3proxy.ru/">http://3proxy.ru/</A>
<A NAME="lbAE">&nbsp;</A>
<H2>TRIVIA</H2>
3APA3A is pronounced as ``zaraza''.
<A NAME="lbAF">&nbsp;</A>
<H2>AUTHORS</H2>
3proxy is designed by 3APA3A
(<I><A HREF="mailto:3APA3A@security.nnov.ru">3APA3A@security.nnov.ru</A></I>),
Vladimir Dubrovin
(<I><A HREF="mailto:vlad@sandy.ru">vlad@sandy.ru</A></I>)
<P>
<HR>
<A NAME="index">&nbsp;</A><H2>Index</H2>
<DL>
<DT><A HREF="#lbAB">NAME</A><DD>
<DT><A HREF="#lbAC">DESCRIPTION</A><DD>
<DT><A HREF="#lbAD">SEE ALSO</A><DD>
<DT><A HREF="#lbAE">TRIVIA</A><DD>
<DT><A HREF="#lbAF">AUTHORS</A><DD>
</DL>
<HR>
This document was created by
using the manual pages.<BR>
Time: GMT, December 11, 2004
</BODY>
</HTML>

160
doc/html/man8/ftppr.8.html Normal file
View File

@ -0,0 +1,160 @@
<HTML><HEAD><TITLE>Manpage of ftppr</TITLE>
</HEAD><BODY>
<H1>ftppr</H1>
Section: Universal proxy server (8)<BR>Updated: July 2009<BR><A HREF="#index">Index</A>
<A HREF="../index.html">Return to Main Contents</A><HR>
<A NAME="lbAB">&nbsp;</A>
<H2>NAME</H2>
<B>ftppr</B>
- FTP proxy gateway service
<A NAME="lbAC">&nbsp;</A>
<H2>SYNOPSIS</H2>
<B>ftppr </B>[<B>-d</B>]
<I></I>[<B>-l</B><I></I>[<B></B>[<I>@</I><B></B>]<I>logfile</I><B></B>]]
<I></I>[<B>-p</B><I>port</I>]
<I></I>[<B>-i</B><I>internal_ip</I>]
<I></I>[<B>-e</B><I>external_ip</I>]
<I></I>[<B>-h</B><I>default_ip[:port]</I>]
<A NAME="lbAD">&nbsp;</A>
<H2>DESCRIPTION</H2>
<B>ftppr</B>
is FTP gateway service to allow internal users to access external FTP
servers.
<A NAME="lbAE">&nbsp;</A>
<H2>OPTIONS</H2>
<DL COMPACT>
<DT><B>-I</B>
<DD>
Inetd mode. Standalone service only.
<DT><B>-d</B>
<DD>
Daemonise. Detach service from console and run in the background.
<DT><B>-t</B>
<DD>
Be silenT. Do not log start/stop/accept error records.
<DT><B>-u</B>
<DD>
Never look for username authentication.
<DT><B>-e</B>
<DD>
External address. IP address of interface proxy should initiate connections
from.
By default system will deside which address to use in accordance
with routing table.
<DT><B>-i</B>
<DD>
Internal address. IP address proxy accepts connections to.
By default connection to any interface is accepted. It's usually unsafe.
<DT><B>-h</B>
<DD>
Default destination. It's used if targed address is not specified by user.
<DT><B>-p</B>
<DD>
Port. Port proxy listens for incoming connections. Default is 21.
<DT><B>-l</B>
<DD>
Log. By default logging is to stdout. If
<I>logfile</I>
is specified logging is to file. Under Unix, if
'<I>@</I>'
preceeds
<I>logfile</I>,
syslog is used for logging.
</DL>
<A NAME="lbAF">&nbsp;</A>
<H2>CLIENTS</H2>
You can use any FTP client, regardless of FTP proxy support. For client with
FTP proxy support configure
<I>internal_ip</I>
and
<I>port</I>
in FTP proxy parameters.
For clients without FTP proxy support use
<I>internal_ip</I>
and
<I>port</I>
as FTP server. Address of real FTP server must be configured as a part of
FTP username. Format for username is
<I>username</I><B>@</B><I>server</I>,
where
<I>server</I>
is address of FTP server and
<I>username</I>
is user's login on this FTP server. Login itself may contain '@' sign.
Only cleartext authentication is currently supported.
<A NAME="lbAG">&nbsp;</A>
<H2>BUGS</H2>
Report all bugs to
<B><A HREF="mailto:3proxy@security.nnov.ru">3proxy@security.nnov.ru</A></B>
<A NAME="lbAH">&nbsp;</A>
<H2>SEE ALSO</H2>
<A HREF="../man8/3proxy.8.html">3proxy</A>(8), <A HREF="../man8/proxy.8.html">proxy</A>(8), <A HREF="../man8/pop3p.8.html">pop3p</A>(8), <A HREF="../man8/socks.8.html">socks</A>(8), <A HREF="../man8/tcppm.8.html">tcppm</A>(8), <A HREF="../man8/udppm.8.html">udppm</A>(8), <A HREF="../man8/syslogd.8.html">syslogd</A>(8),
<BR>
<A HREF="http://3proxy.ru/">http://3proxy.ru/</A>
<A NAME="lbAI">&nbsp;</A>
<H2>AUTHORS</H2>
3proxy is designed by 3APA3A
(<I><A HREF="mailto:3APA3A@security.nnov.ru">3APA3A@security.nnov.ru</A></I>),
Vladimir Dubrovin
(<I><A HREF="mailto:vlad@sandy.ru">vlad@sandy.ru</A></I>)
<P>
<HR>
<A NAME="index">&nbsp;</A><H2>Index</H2>
<DL>
<DT><A HREF="#lbAB">NAME</A><DD>
<DT><A HREF="#lbAC">SYNOPSIS</A><DD>
<DT><A HREF="#lbAD">DESCRIPTION</A><DD>
<DT><A HREF="#lbAE">OPTIONS</A><DD>
<DT><A HREF="#lbAF">CLIENTS</A><DD>
<DT><A HREF="#lbAG">BUGS</A><DD>
<DT><A HREF="#lbAH">SEE ALSO</A><DD>
<DT><A HREF="#lbAI">AUTHORS</A><DD>
</DL>
<HR>
This document was created by
using the manual pages.<BR>
Time: 21:23:56 GMT, April 07, 2014
</BODY>
</HTML>

155
doc/html/man8/icqpr.8.html Normal file
View File

@ -0,0 +1,155 @@
<HTML><HEAD><TITLE>Manpage of icqpr</TITLE>
</HEAD><BODY>
<H1>icqpr</H1>
Section: Universal proxy server (8)<BR>Updated: July 2009<BR><A HREF="#index">Index</A>
<A HREF="../index.html">Return to Main Contents</A><HR>
<A NAME="lbAB">&nbsp;</A>
<H2>NAME</H2>
<B>icqpr</B>
- ICQ (AOL OSCAR) proxy
<A NAME="lbAC">&nbsp;</A>
<H2>SYNOPSIS</H2>
<B>icqpr </B>[<B>-d</B>]
<I></I>[<B>-l</B><I></I>[<B></B>[<I>@</I><B></B>]<I>logfile</I><B></B>]]
<I></I>[<B>-i</B><I>internal_ip</I>]
<I></I>[<B>-e</B><I>external_ip</I>]
<I>local_port remote_host remote_port</I>
<A NAME="lbAD">&nbsp;</A>
<H2>DESCRIPTION</H2>
<B>icqpr</B>
forwards ICQ connections from local to remote ICQ host. Most usual is
<B>icqpr 5190 login.icq.com 5190</B>
Also, icqpr adds UIN / AOL screen name as a username. It makes it possible
to control user's access to ICQ/AOL by UIN/screen name (use
<B>auth useronly</B>
in 3proxy).
<A NAME="lbAE">&nbsp;</A>
<H2>OPTIONS</H2>
<DL COMPACT>
<DT><B>-I</B>
<DD>
Inetd mode. Standalone service only.
<DT><B>-d</B>
<DD>
Daemonise. Detach service from console and run in the background.
<DT><B>-t</B>
<DD>
Be silenT. Do not log start/stop/accept error records.
<DT><B>-e</B>
<DD>
External address. IP address of interface proxy should initiate connections
from.
By default system will deside which address to use in accordance
with routing table.
<DT><B>-i</B>
<DD>
Internal address. IP address proxy accepts connections to.
By default connection to any interface is accepted. It's usually unsafe.
<DT><B>-l</B>
<DD>
Log. By default logging is to stdout. If
<I>logfile</I>
is specified logging is to file. Under Unix, if
'<I>@</I>'
preceeds
<I>logfile</I>,
syslog is used for logging.
</DL>
<A NAME="lbAF">&nbsp;</A>
<H2>ARGUMENTS</H2>
<DL COMPACT>
<DT><I>local_port</I>
<DD>
- port icqpr accepts connection
<DT><I>remote_host</I>
<DD>
- IP address of the host connection is forwarded to
<DT><I>remote_port</I>
<DD>
- remote port connection is forwarded to
</DL>
<A NAME="lbAG">&nbsp;</A>
<H2>CLIENTS</H2>
You can use any ICQ/AOL client where server address configuration is supported
or spoof login server name (e.g. login.icq.com) with IP address of proxy server
via DNS record or hosts file. Transparent redirection is also possible. Use
<I>internal_ip</I>
and
<I>local_port</I>
as a destination in client application. Connection is forwarded to
<I>remote_host</I>:<I>remote_port</I>
<A NAME="lbAH">&nbsp;</A>
<H2>BUGS</H2>
Report all bugs to
<B><A HREF="mailto:3proxy@security.nnov.ru">3proxy@security.nnov.ru</A></B>
<A NAME="lbAI">&nbsp;</A>
<H2>SEE ALSO</H2>
<A HREF="../man8/3proxy.8.html">3proxy</A>(8), <A HREF="../man8/proxy.8.html">proxy</A>(8), <A HREF="../man8/ftppr.8.html">ftppr</A>(8), <A HREF="../man8/socks.8.html">socks</A>(8), <A HREF="../man8/pop3p.8.html">pop3p</A>(8), <A HREF="../man8/udppm.8.html">udppm</A>(8), <A HREF="../man8/syslogd.8.html">syslogd</A>(8),
<BR>
<A HREF="http://3proxy.ru/">http://3proxy.ru/</A>
<A NAME="lbAJ">&nbsp;</A>
<H2>AUTHORS</H2>
3proxy is designed by 3APA3A
(<I><A HREF="mailto:3APA3A@security.nnov.ru">3APA3A@security.nnov.ru</A></I>),
Vladimir Dubrovin
(<I><A HREF="mailto:vlad@sandy.ru">vlad@sandy.ru</A></I>)
<P>
<HR>
<A NAME="index">&nbsp;</A><H2>Index</H2>
<DL>
<DT><A HREF="#lbAB">NAME</A><DD>
<DT><A HREF="#lbAC">SYNOPSIS</A><DD>
<DT><A HREF="#lbAD">DESCRIPTION</A><DD>
<DT><A HREF="#lbAE">OPTIONS</A><DD>
<DT><A HREF="#lbAF">ARGUMENTS</A><DD>
<DT><A HREF="#lbAG">CLIENTS</A><DD>
<DT><A HREF="#lbAH">BUGS</A><DD>
<DT><A HREF="#lbAI">SEE ALSO</A><DD>
<DT><A HREF="#lbAJ">AUTHORS</A><DD>
</DL>
<HR>
This document was created by
using the manual pages.<BR>
Time: 21:23:56 GMT, April 07, 2014
</BODY>
</HTML>

154
doc/html/man8/pop3p.8.html Normal file
View File

@ -0,0 +1,154 @@
<HTML><HEAD><TITLE>Manpage of pop3p</TITLE>
</HEAD><BODY>
<H1>pop3p</H1>
Section: Universal proxy server (8)<BR>Updated: July 2009<BR><A HREF="#index">Index</A>
<A HREF="../index.html">Return to Main Contents</A><HR>
<A NAME="lbAB">&nbsp;</A>
<H2>NAME</H2>
<B>pop3p</B>
- POP3 proxy gateway service
<A NAME="lbAC">&nbsp;</A>
<H2>SYNOPSIS</H2>
<B>pop3p </B>[<B>-d</B>]
<I></I>[<B>-l</B><I></I>[<B></B>[<I>@</I><B></B>]<I>logfile</I><B></B>]]
<I></I>[<B>-p</B><I>port</I>]
<I></I>[<B>-i</B><I>internal_ip</I>]
<I></I>[<B>-e</B><I>external_ip</I>]
<I></I>[<B>-h</B><I>default_ip[:port]</I>]
<A NAME="lbAD">&nbsp;</A>
<H2>DESCRIPTION</H2>
<B>pop3p</B>
is POP3 gateway service to allow internal users to access external POP3
servers.
<A NAME="lbAE">&nbsp;</A>
<H2>OPTIONS</H2>
<DL COMPACT>
<DT><B>-I</B>
<DD>
Inetd mode. Standalone service only.
<DT><B>-d</B>
<DD>
Daemonise. Detach service from console and run in the background.
<DT><B>-t</B>
<DD>
Be silenT. Do not log start/stop/accept error records.
<DT><B>-u</B>
<DD>
Never look for username authentication.
<DT><B>-e</B>
<DD>
External address. IP address of interface proxy should initiate connections
from.
By default system will deside which address to use in accordance
with routing table.
<DT><B>-i</B>
<DD>
Internal address. IP address proxy accepts connections to.
By default connection to any interface is accepted. It's usually unsafe.
<DT><B>-p</B>
<DD>
Port. Port proxy listens for incoming connections. Default is 110.
<DT><B>-h</B>
<DD>
Default destination. It's used if targed address is not specified by user.
<DT><B>-l</B>
<DD>
Log. By default logging is to stdout. If
<I>logfile</I>
is specified logging is to file. Under Unix, if
'<I>@</I>'
preceeds
<I>logfile</I>,
syslog is used for logging.
</DL>
<A NAME="lbAF">&nbsp;</A>
<H2>CLIENTS</H2>
You can use any MUA (Mail User Agent) with POP3 support. Set client to use
<I>internal_ip</I>
and
<I>port</I>
as a POP3 server. Address of real POP3 server must be configured as a part of
POP3 username. Format for username is
<I>username</I><B>@</B><I>server</I>,
where
<I>server</I>
is address of POP3 server and
<I>username</I>
is user's login on this POP3 server. Login itself may contain '@' sign.
Only cleartext authentication is supported, because challenge-response
authentication (APOP, CRAM-MD5, etc) requires challenge from server before
we know which server to connect.
<A NAME="lbAG">&nbsp;</A>
<H2>BUGS</H2>
Report all bugs to
<B><A HREF="mailto:3proxy@security.nnov.ru">3proxy@security.nnov.ru</A></B>
<A NAME="lbAH">&nbsp;</A>
<H2>SEE ALSO</H2>
<A HREF="../man8/3proxy.8.html">3proxy</A>(8), <A HREF="../man8/ftppr.8.html">ftppr</A>(8), <A HREF="../man8/proxy.8.html">proxy</A>(8), <A HREF="../man8/socks.8.html">socks</A>(8), <A HREF="../man8/tcppm.8.html">tcppm</A>(8), <A HREF="../man8/udppm.8.html">udppm</A>(8), <A HREF="../man8/syslogd.8.html">syslogd</A>(8),
<BR>
<A HREF="http://3proxy.ru/">http://3proxy.ru/</A>
<A NAME="lbAI">&nbsp;</A>
<H2>AUTHORS</H2>
3proxy is designed by 3APA3A
(<I><A HREF="mailto:3APA3A@security.nnov.ru">3APA3A@security.nnov.ru</A></I>),
Vladimir Dubrovin
(<I><A HREF="mailto:vlad@sandy.ru">vlad@sandy.ru</A></I>)
<P>
<HR>
<A NAME="index">&nbsp;</A><H2>Index</H2>
<DL>
<DT><A HREF="#lbAB">NAME</A><DD>
<DT><A HREF="#lbAC">SYNOPSIS</A><DD>
<DT><A HREF="#lbAD">DESCRIPTION</A><DD>
<DT><A HREF="#lbAE">OPTIONS</A><DD>
<DT><A HREF="#lbAF">CLIENTS</A><DD>
<DT><A HREF="#lbAG">BUGS</A><DD>
<DT><A HREF="#lbAH">SEE ALSO</A><DD>
<DT><A HREF="#lbAI">AUTHORS</A><DD>
</DL>
<HR>
This document was created by
using the manual pages.<BR>
Time: 21:23:56 GMT, April 07, 2014
</BODY>
</HTML>

147
doc/html/man8/proxy.8.html Normal file
View File

@ -0,0 +1,147 @@
<HTML><HEAD><TITLE>Manpage of proxy</TITLE>
</HEAD><BODY>
<H1>proxy</H1>
Section: Universal proxy server (8)<BR>Updated: July 2009<BR><A HREF="#index">Index</A>
<A HREF="../index.html">Return to Main Contents</A><HR>
<A NAME="lbAB">&nbsp;</A>
<H2>NAME</H2>
<B>proxy</B>
- HTTP proxy gateway service
<A NAME="lbAC">&nbsp;</A>
<H2>SYNOPSIS</H2>
<B>proxy </B>[<B>-d</B>][<B>-a</B>]
<I></I>[<B>-l</B><I></I>[<B></B>[<I>@</I><B></B>]<I>logfile</I><B></B>]]
<I></I>[<B>-p</B><I>port</I>]
<I></I>[<B>-i</B><I>internal_ip</I>]
<I></I>[<B>-e</B><I>external_ip</I>]
<A NAME="lbAD">&nbsp;</A>
<H2>DESCRIPTION</H2>
<B>proxy</B>
is HTTP gateway service with HTTPS and FTP over HTTPS support.
<A NAME="lbAE">&nbsp;</A>
<H2>OPTIONS</H2>
<DL COMPACT>
<DT><B>-I</B>
<DD>
Inetd mode. Standalone service only.
<DT><B>-d</B>
<DD>
Daemonise. Detach service from console and run in the background.
<DT><B>-t</B>
<DD>
Be silenT. Do not log start/stop/accept error records.
<DT><B>-u</B>
<DD>
Never ask for username authentication
<DT><B>-e</B>
<DD>
External address. IP address of interface proxy should initiate connections
from.
By default system will deside which address to use in accordance
with routing table.
<DT><B>-i</B>
<DD>
Internal address. IP address proxy accepts connections to.
By default connection to any interface is accepted. It's usually unsafe.
<DT><B>-a</B>
<DD>
Anonymous. Hide information about client.
<DT><B>-a1</B>
<DD>
Anonymous. Show fake information about client.
<DT><B>-p</B>
<DD>
Port. Port proxy listens for incoming connections. Default is 3128.
<DT><B>-l</B>
<DD>
Log. By default logging is to stdout. If
<I>logfile</I>
is specified logging is to file. Under Unix, if
'<I>@</I>'
preceeds
<I>logfile</I>,
syslog is used for logging.
</DL>
<A NAME="lbAF">&nbsp;</A>
<H2>CLIENTS</H2>
You should use client with HTTP proxy support or configure router to redirect
HTTP traffic to proxy (transparent proxy). Configure client to connect to
<I>internal_ip</I>
and
<I>port</I>.
HTTPS support allows to use almost any TCP based protocol. If you need to
limit clients, use
<B><A HREF="../man8/3proxy.8.html">3proxy</A></B>(8)
instead.
<A NAME="lbAG">&nbsp;</A>
<H2>BUGS</H2>
Report all bugs to
<B><A HREF="mailto:3proxy@security.nnov.ru">3proxy@security.nnov.ru</A></B>
<A NAME="lbAH">&nbsp;</A>
<H2>SEE ALSO</H2>
<A HREF="../man8/3proxy.8.html">3proxy</A>(8), <A HREF="../man8/ftppr.8.html">ftppr</A>(8), <A HREF="../man8/socks.8.html">socks</A>(8), <A HREF="../man8/pop3p.8.html">pop3p</A>(8), <A HREF="../man8/tcppm.8.html">tcppm</A>(8), <A HREF="../man8/udppm.8.html">udppm</A>(8), <A HREF="../man8/syslogd.8.html">syslogd</A>(8),
<BR>
<A HREF="http://3proxy.ru/">http://3proxy.ru/</A>
<A NAME="lbAI">&nbsp;</A>
<H2>AUTHORS</H2>
3proxy is designed by 3APA3A
(<I><A HREF="mailto:3APA3A@security.nnov.ru">3APA3A@security.nnov.ru</A></I>),
Vladimir Dubrovin
(<I><A HREF="mailto:vlad@sandy.ru">vlad@sandy.ru</A></I>)
<P>
<HR>
<A NAME="index">&nbsp;</A><H2>Index</H2>
<DL>
<DT><A HREF="#lbAB">NAME</A><DD>
<DT><A HREF="#lbAC">SYNOPSIS</A><DD>
<DT><A HREF="#lbAD">DESCRIPTION</A><DD>
<DT><A HREF="#lbAE">OPTIONS</A><DD>
<DT><A HREF="#lbAF">CLIENTS</A><DD>
<DT><A HREF="#lbAG">BUGS</A><DD>
<DT><A HREF="#lbAH">SEE ALSO</A><DD>
<DT><A HREF="#lbAI">AUTHORS</A><DD>
</DL>
<HR>
This document was created by
using the manual pages.<BR>
Time: 21:23:56 GMT, April 07, 2014
</BODY>
</HTML>

155
doc/html/man8/smtpp.8.html Normal file
View File

@ -0,0 +1,155 @@
<HTML><HEAD><TITLE>Manpage of smtpp</TITLE>
</HEAD><BODY>
<H1>smtpp</H1>
Section: Universal proxy server (8)<BR>Updated: July 2009<BR><A HREF="#index">Index</A>
<A HREF="../index.html">Return to Main Contents</A><HR>
<A NAME="lbAB">&nbsp;</A>
<H2>NAME</H2>
<B>smtpp</B>
- SMTP proxy gateway service
<A NAME="lbAC">&nbsp;</A>
<H2>SYNOPSIS</H2>
<B>smtpp </B>[<B>-d</B>]
<I></I>[<B>-l</B><I></I>[<B></B>[<I>@</I><B></B>]<I>logfile</I><B></B>]]
<I></I>[<B>-p</B><I>port</I>]
<I></I>[<B>-i</B><I>internal_ip</I>]
<I></I>[<B>-e</B><I>external_ip</I>]
<I></I>[<B>-h</B><I>default_ip[:port]</I>]
<A NAME="lbAD">&nbsp;</A>
<H2>DESCRIPTION</H2>
<B>smtpp</B>
is SMTP gateway service to allow internal users to access external SMTP
servers.
<A NAME="lbAE">&nbsp;</A>
<H2>OPTIONS</H2>
<DL COMPACT>
<DT><B>-I</B>
<DD>
Inetd mode. Standalone service only.
<DT><B>-d</B>
<DD>
Daemonise. Detach service from console and run in the background.
<DT><B>-t</B>
<DD>
Be silenT. Do not log start/stop/accept error records.
<DT><B>-u</B>
<DD>
Never look for username authentication.
<DT><B>-e</B>
<DD>
External address. IP address of interface proxy should initiate connections
from.
By default system will deside which address to use in accordance
with routing table.
<DT><B>-i</B>
<DD>
Internal address. IP address proxy accepts connections to.
By default connection to any interface is accepted. It's usually unsafe.
<DT><B>-p</B>
<DD>
Port. Port proxy listens for incoming connections. Default is 25.
<DT><B>-h</B>
<DD>
Default destination. It's used if targed address is not specified by user.
<DT><B>-l</B>
<DD>
Log. By default logging is to stdout. If
<I>logfile</I>
is specified logging is to file. Under Unix, if
'<I>@</I>'
preceeds
<I>logfile</I>,
syslog is used for logging.
</DL>
<A NAME="lbAF">&nbsp;</A>
<H2>CLIENTS</H2>
You can use any MUA (Mail User Agent) with SMTP authentication support.
Set client to use
<I>internal_ip</I>
and
<I>port</I>
as a SMTP server. Address of real SMTP server must be configured as a part of
SMTP username. Format for username is
<I>username</I><B>@</B><I>server</I>,
where
<I>server</I>
is address of SMTP server and
<I>username</I>
is user's login on this SMTP server. Login itself may contain '@' sign.
Only cleartext authentication is supported, because challenge-response
authentication (CRAM-MD5, SPA, etc) requires challenge from server before
we know which server to connect.
<A NAME="lbAG">&nbsp;</A>
<H2>BUGS</H2>
Report all bugs to
<B><A HREF="mailto:3proxy@security.nnov.ru">3proxy@security.nnov.ru</A></B>
<A NAME="lbAH">&nbsp;</A>
<H2>SEE ALSO</H2>
<A HREF="../man8/3proxy.8.html">3proxy</A>(8), <A HREF="../man8/ftppr.8.html">ftppr</A>(8), <A HREF="../man8/proxy.8.html">proxy</A>(8), <A HREF="../man8/socks.8.html">socks</A>(8), <A HREF="../man8/tcppm.8.html">tcppm</A>(8), <A HREF="../man8/udppm.8.html">udppm</A>(8), <A HREF="../man8/syslogd.8.html">syslogd</A>(8),
<BR>
<A HREF="http://3proxy.ru/">http://3proxy.ru/</A>
<A NAME="lbAI">&nbsp;</A>
<H2>AUTHORS</H2>
3proxy is designed by 3APA3A
(<I><A HREF="mailto:3APA3A@security.nnov.ru">3APA3A@security.nnov.ru</A></I>),
Vladimir Dubrovin
(<I><A HREF="mailto:vlad@sandy.ru">vlad@sandy.ru</A></I>)
<P>
<HR>
<A NAME="index">&nbsp;</A><H2>Index</H2>
<DL>
<DT><A HREF="#lbAB">NAME</A><DD>
<DT><A HREF="#lbAC">SYNOPSIS</A><DD>
<DT><A HREF="#lbAD">DESCRIPTION</A><DD>
<DT><A HREF="#lbAE">OPTIONS</A><DD>
<DT><A HREF="#lbAF">CLIENTS</A><DD>
<DT><A HREF="#lbAG">BUGS</A><DD>
<DT><A HREF="#lbAH">SEE ALSO</A><DD>
<DT><A HREF="#lbAI">AUTHORS</A><DD>
</DL>
<HR>
This document was created by
using the manual pages.<BR>
Time: 21:23:56 GMT, April 07, 2014
</BODY>
</HTML>

148
doc/html/man8/socks.8.html Normal file
View File

@ -0,0 +1,148 @@
<HTML><HEAD><TITLE>Manpage of socks</TITLE>
</HEAD><BODY>
<H1>socks</H1>
Section: Universal proxy server (8)<BR>Updated: July 2009<BR><A HREF="#index">Index</A>
<A HREF="../index.html">Return to Main Contents</A><HR>
<A NAME="lbAB">&nbsp;</A>
<H2>NAME</H2>
<B>socks</B>
- SOCKS 4/4.5/5 gateway service
<A NAME="lbAC">&nbsp;</A>
<H2>SYNOPSIS</H2>
<B>socks </B>[<B>-d</B>]
<I></I>[<B>-l</B><I></I>[<B></B>[<I>@</I><B></B>]<I>logfile</I><B></B>]]
<I></I>[<B>-p</B><I>port</I>]
<I></I>[<B>-i</B><I>internal_ip</I>]
<I></I>[<B>-e</B><I>external_ip</I>]
<A NAME="lbAD">&nbsp;</A>
<H2>DESCRIPTION</H2>
<B>socks</B>
is SOCKS server. It supports SOCKSv4, SOCKSv4.5 (extension to v4 for
server side name resolution) and SOCKSv5. SOCKSv5 specification allows both
outgoing and reverse TCP connections and UDP portmapping.
<A NAME="lbAE">&nbsp;</A>
<H2>OPTIONS</H2>
<DL COMPACT>
<DT><B>-I</B>
<DD>
Inetd mode. Standalone service only.
<DT><B>-d</B>
<DD>
Daemonise. Detach service from console and run in the background.
<DT><B>-t</B>
<DD>
Be silenT. Do not log start/stop/accept error records.
<DT><B>-u</B>
<DD>
Never ask for username authentication
<DT><B>-e</B>
<DD>
External address. IP address of interface proxy should initiate connections
from. External IP must be specified if you need incoming connections.
By default system will deside which address to use in accordance
with routing table.
<DT><B>-i</B>
<DD>
Internal address. IP address proxy accepts connections to.
By default connection to any interface is accepted. It's usually unsafe.
<DT><B>-p</B>
<DD>
Port. Port proxy listens for incoming connections. Default is 1080.
<DT><B>-l</B>
<DD>
Log. By default logging is to stdout. If
<I>logfile</I>
is specified logging is to file. Under Unix, if
'<I>@</I>'
preceeds
<I>logfile</I>,
syslog is used for logging.
</DL>
<A NAME="lbAF">&nbsp;</A>
<H2>CLIENTS</H2>
You should use client with SOCKS support or use some socksification support
(for example
<I>SocksCAP</I>
or
<I>FreeCAP</I>).
Configure client to use
<I>internal_ip</I>
and
<I>port</I>.
SOCKS allows to use almost any application protocol without limitation. This
implementation also allows to open priviledged port on server (if socks has
sufficient privileges). If you need to control access use
<B><A HREF="../man8/3proxy.8.html">3proxy</A></B>(8)
instead.
<A NAME="lbAG">&nbsp;</A>
<H2>BUGS</H2>
Report all bugs to
<B><A HREF="mailto:3proxy@security.nnov.ru">3proxy@security.nnov.ru</A></B>
<A NAME="lbAH">&nbsp;</A>
<H2>SEE ALSO</H2>
<A HREF="../man8/3proxy.8.html">3proxy</A>(8), <A HREF="../man8/proxy.8.html">proxy</A>(8), <A HREF="../man8/ftppr.8.html">ftppr</A>(8), <A HREF="../man8/pop3p.8.html">pop3p</A>(8), <A HREF="../man8/tcppm.8.html">tcppm</A>(8), <A HREF="../man8/udppm.8.html">udppm</A>(8), <A HREF="../man8/syslogd.8.html">syslogd</A>(8),
<BR>
<A HREF="http://3proxy.ru/">http://3proxy.ru/</A>
<A NAME="lbAI">&nbsp;</A>
<H2>AUTHORS</H2>
3proxy is designed by 3APA3A
(<I><A HREF="mailto:3APA3A@security.nnov.ru">3APA3A@security.nnov.ru</A></I>),
Vladimir Dubrovin
(<I><A HREF="mailto:vlad@sandy.ru">vlad@sandy.ru</A></I>)
<P>
<HR>
<A NAME="index">&nbsp;</A><H2>Index</H2>
<DL>
<DT><A HREF="#lbAB">NAME</A><DD>
<DT><A HREF="#lbAC">SYNOPSIS</A><DD>
<DT><A HREF="#lbAD">DESCRIPTION</A><DD>
<DT><A HREF="#lbAE">OPTIONS</A><DD>
<DT><A HREF="#lbAF">CLIENTS</A><DD>
<DT><A HREF="#lbAG">BUGS</A><DD>
<DT><A HREF="#lbAH">SEE ALSO</A><DD>
<DT><A HREF="#lbAI">AUTHORS</A><DD>
</DL>
<HR>
This document was created by
using the manual pages.<BR>
Time: 21:23:56 GMT, April 07, 2014
</BODY>
</HTML>

146
doc/html/man8/tcppm.8.html Normal file
View File

@ -0,0 +1,146 @@
<HTML><HEAD><TITLE>Manpage of tcppm</TITLE>
</HEAD><BODY>
<H1>tcppm</H1>
Section: Universal proxy server (8)<BR>Updated: July 2009<BR><A HREF="#index">Index</A>
<A HREF="../index.html">Return to Main Contents</A><HR>
<A NAME="lbAB">&nbsp;</A>
<H2>NAME</H2>
<B>tcppm</B>
- TCP port mapper
<A NAME="lbAC">&nbsp;</A>
<H2>SYNOPSIS</H2>
<B>tcppm </B>[<B>-d</B>]
<I></I>[<B>-l</B><I></I>[<B></B>[<I>@</I><B></B>]<I>logfile</I><B></B>]]
<I></I>[<B>-i</B><I>internal_ip</I>]
<I></I>[<B>-e</B><I>external_ip</I>]
<I>local_port remote_host remote_port</I>
<A NAME="lbAD">&nbsp;</A>
<H2>DESCRIPTION</H2>
<B>tcppm</B>
forwards connections from local to remote TCP port
<A NAME="lbAE">&nbsp;</A>
<H2>OPTIONS</H2>
<DL COMPACT>
<DT><B>-I</B>
<DD>
Inetd mode. Standalone service only.
<DT><B>-d</B>
<DD>
Daemonise. Detach service from console and run in the background.
<DT><B>-t</B>
<DD>
Be silenT. Do not log start/stop/accept error records.
<DT><B>-e</B>
<DD>
External address. IP address of interface proxy should initiate connections
from.
By default system will deside which address to use in accordance
with routing table.
<DT><B>-i</B>
<DD>
Internal address. IP address proxy accepts connections to.
By default connection to any interface is accepted. It's usually unsafe.
<DT><B>-l</B>
<DD>
Log. By default logging is to stdout. If
<I>logfile</I>
is specified logging is to file. Under Unix, if
'<I>@</I>'
preceeds
<I>logfile</I>,
syslog is used for logging.
</DL>
<A NAME="lbAF">&nbsp;</A>
<H2>ARGUMENTS</H2>
<DL COMPACT>
<DT><I>local_port</I>
<DD>
- port tcppm accepts connection
<DT><I>remote_host</I>
<DD>
- IP address of the host connection is forwarded to
<DT><I>remote_port</I>
<DD>
- remote port connection is forwarded to
</DL>
<A NAME="lbAG">&nbsp;</A>
<H2>CLIENTS</H2>
Any TCP based application can be used as a client. Use
<I>internal_ip</I>
and
<I>local_port</I>
as a destination in client application. Connection is forwarded to
<I>remote_host</I>:<I>remote_port</I>
<A NAME="lbAH">&nbsp;</A>
<H2>BUGS</H2>
Report all bugs to
<B><A HREF="mailto:3proxy@security.nnov.ru">3proxy@security.nnov.ru</A></B>
<A NAME="lbAI">&nbsp;</A>
<H2>SEE ALSO</H2>
<A HREF="../man8/3proxy.8.html">3proxy</A>(8), <A HREF="../man8/proxy.8.html">proxy</A>(8), <A HREF="../man8/ftppr.8.html">ftppr</A>(8), <A HREF="../man8/socks.8.html">socks</A>(8), <A HREF="../man8/pop3p.8.html">pop3p</A>(8), <A HREF="../man8/udppm.8.html">udppm</A>(8), <A HREF="../man8/syslogd.8.html">syslogd</A>(8),
<BR>
<A HREF="http://3proxy.ru/">http://3proxy.ru/</A>
<A NAME="lbAJ">&nbsp;</A>
<H2>AUTHORS</H2>
3proxy is designed by 3APA3A
(<I><A HREF="mailto:3APA3A@security.nnov.ru">3APA3A@security.nnov.ru</A></I>),
Vladimir Dubrovin
(<I><A HREF="mailto:vlad@sandy.ru">vlad@sandy.ru</A></I>)
<P>
<HR>
<A NAME="index">&nbsp;</A><H2>Index</H2>
<DL>
<DT><A HREF="#lbAB">NAME</A><DD>
<DT><A HREF="#lbAC">SYNOPSIS</A><DD>
<DT><A HREF="#lbAD">DESCRIPTION</A><DD>
<DT><A HREF="#lbAE">OPTIONS</A><DD>
<DT><A HREF="#lbAF">ARGUMENTS</A><DD>
<DT><A HREF="#lbAG">CLIENTS</A><DD>
<DT><A HREF="#lbAH">BUGS</A><DD>
<DT><A HREF="#lbAI">SEE ALSO</A><DD>
<DT><A HREF="#lbAJ">AUTHORS</A><DD>
</DL>
<HR>
This document was created by
using the manual pages.<BR>
Time: 21:23:57 GMT, April 07, 2014
</BODY>
</HTML>

153
doc/html/man8/udppm.8.html Normal file
View File

@ -0,0 +1,153 @@
<HTML><HEAD><TITLE>Manpage of udppm</TITLE>
</HEAD><BODY>
<H1>udppm</H1>
Section: Universal proxy server (8)<BR>Updated: July 2009<BR><A HREF="#index">Index</A>
<A HREF="../index.html">Return to Main Contents</A><HR>
<A NAME="lbAB">&nbsp;</A>
<H2>NAME</H2>
<B>udppm</B>
- UDP port mapper
<A NAME="lbAC">&nbsp;</A>
<H2>SYNOPSIS</H2>
<B>pop3p </B>[<B>-ds</B>]
<I></I>[<B>-l</B><I></I>[<B></B>[<I>@</I><B></B>]<I>logfile</I><B></B>]]
<I></I>[<B>-i</B><I>internal_ip</I>]
<I></I>[<B>-e</B><I>external_ip</I>]
<I>local_port remote_host remote_port</I>
<A NAME="lbAD">&nbsp;</A>
<H2>DESCRIPTION</H2>
<B>udppm</B>
forwards datagrams from local to remote UDP port
<A NAME="lbAE">&nbsp;</A>
<H2>OPTIONS</H2>
<DL COMPACT>
<DT><B>-I</B>
<DD>
Inetd mode. Standalone service only.
<DT><B>-d</B>
<DD>
Daemonise. Detach service from console and run in the background.
<DT><B>-t</B>
<DD>
Be silenT. Do not log start/stop/accept error records.
<DT><B>-e</B>
<DD>
External address. IP address of interface proxy should initiate datagrams
from.
By default system will deside which address to use in accordance
with routing table.
<DT><B>-i</B>
<DD>
Internal address. IP address proxy accepts datagrams to.
By default connection to any interface is accepted. It's usually unsafe.
<DT><B>-l</B>
<DD>
Log. By default logging is to stdout. If
<I>logfile</I>
is specified logging is to file. Under Unix, if
'<I>@</I>'
preceeds
<I>logfile</I>,
syslog is used for logging.
<DT><B>-s</B>
<DD>
Single packet. By default only one client can use udppm service, but
if -s is specified only one packet will be forwarded between client and server.
It allows to share service between multiple clients for single packet services
(for example name lookups).
</DL>
<A NAME="lbAF">&nbsp;</A>
<H2>ARGUMENTS</H2>
<DL COMPACT>
<DT><I>local_port</I>
<DD>
- port udppm accepts datagrams
<DT><I>remote_host</I>
<DD>
- IP address of the host datagrams are forwarded to
<DT><I>remote_port</I>
<DD>
- remote port datagrams are forwarded to
</DL>
<A NAME="lbAG">&nbsp;</A>
<H2>CLIENTS</H2>
Any UDP based application can be used as a client. Use
<I>internal_ip</I>
and
<I>local_port</I>
as a destination in client application. All datagrams are forwarded to
<I>remote_host</I>:<I>remote_port</I>
<A NAME="lbAH">&nbsp;</A>
<H2>BUGS</H2>
Report all bugs to
<B><A HREF="mailto:3proxy@security.nnov.ru">3proxy@security.nnov.ru</A></B>
<A NAME="lbAI">&nbsp;</A>
<H2>SEE ALSO</H2>
<A HREF="../man8/3proxy.8.html">3proxy</A>(8), <A HREF="../man8/proxy.8.html">proxy</A>(8), <A HREF="../man8/ftppr.8.html">ftppr</A>(8), <A HREF="../man8/socks.8.html">socks</A>(8), <A HREF="../man8/pop3p.8.html">pop3p</A>(8), <A HREF="../man8/udppm.8.html">udppm</A>(8), <A HREF="../man8/syslogd.8.html">syslogd</A>(8),
<BR>
<A HREF="http://3proxy.ru/">http://3proxy.ru/</A>
<A NAME="lbAJ">&nbsp;</A>
<H2>AUTHORS</H2>
3proxy is designed by 3APA3A
(<I><A HREF="mailto:3APA3A@security.nnov.ru">3APA3A@security.nnov.ru</A></I>),
Vladimir Dubrovin
(<I><A HREF="mailto:vlad@sandy.ru">vlad@sandy.ru</A></I>)
<P>
<HR>
<A NAME="index">&nbsp;</A><H2>Index</H2>
<DL>
<DT><A HREF="#lbAB">NAME</A><DD>
<DT><A HREF="#lbAC">SYNOPSIS</A><DD>
<DT><A HREF="#lbAD">DESCRIPTION</A><DD>
<DT><A HREF="#lbAE">OPTIONS</A><DD>
<DT><A HREF="#lbAF">ARGUMENTS</A><DD>
<DT><A HREF="#lbAG">CLIENTS</A><DD>
<DT><A HREF="#lbAH">BUGS</A><DD>
<DT><A HREF="#lbAI">SEE ALSO</A><DD>
<DT><A HREF="#lbAJ">AUTHORS</A><DD>
</DL>
<HR>
This document was created by
using the manual pages.<BR>
Time: 21:23:57 GMT, April 07, 2014
</BODY>
</HTML>

37
doc/html/securityen.html Normal file
View File

@ -0,0 +1,37 @@
<h3>3proxy security considirations</h3>
</ul>
<ol>
<li>Never install 3proxy suid. If you need it to run suid write some
wrapper with fixed configuration file.
<li>Make configuration file only available to account 3proxy starts with.
<li>Under Windows NT/2000/XP/2003 if 3proxy is used as service create new
unprivileged local account without "logon locally" right. Assign this account
to 3proxy service.
<li>Under unix use chroot to jail 3proxy (make sure files included in
configuration file after 'chroot' command, if any, are available from jail)
<li>Under Unix, either start 3proxy with unprivileged account or, if you need
some privileged ports to be used by 3proxy, use setgid/setuid commands inside
3proxy.cfg immediately after last occurance of service binded to
privileged port in configuration file (setgid must preceed setuid).
<li>Allways use full paths in configuration file
<li>Try to avoid 'strong' authentication, because only cleartext
authentication method is currently available.
<li>Always specify internal and external interfaces.
<li>Always limit connections to internal network and localhost (to 127.0.0.1 and
all interfaces) with ACLs. Be carefull, because BIND command in SOCKS requies
BIND method with external interface IP address to be allowed.
<li> Always use nserver and nscache under Unix, overwise DoS attack is possible
with unreachable DNS server (because gethostbyname will block over threads).
<li>Remember, that 'nbname' authentication is not reliable and can be spoofed.
<li>Keep logs in secure location, because some confidential information from
user's request can be logged.
<li>Use -xyz+A character filtering sequences for 'logformat', especially with
ODBC logging to prevent SQL and log record injections.
<li>Immediately report all service crashes to developers
<li>Participate in code audit :)
</ol>
</ol>
<p>
<pre>$Id: securityen.html,v 1.4 2007/05/07 09:16:51 vlad Exp $</pre>

1825
doc/ru/3proxy_for_dummies.rtf Normal file
View File

File diff suppressed because it is too large Load Diff

99
doc/ru/example1.txt Normal file
View File

@ -0,0 +1,99 @@
KOI8-R
Kirill Lopuchov, lopuchov at mail ru
<3proxy>
Довольно часто перед системным администратором встает задача предоставить доступ к Internet-ресурсам группе пользователей (небольшой офис, Internet-кафе). Данную задачу можно решить, настроив на Internet-шлюзе proxy-сервер, службу NAT (трансляция сетевых адресов) или раздать каждому пользователю реальный IP адрес.
Давайте рассмотрим самый простой способ подключения - установку proxy-сервера. Традиционно для этих целей применяется популярный proxy Squid, но не всегда бывает необходимость в столь тяжеловатой программе :), да и в squid отсутствуют такие иногда необходимые вещи как SOCKS4/5-сервер, TCP/UP порт-маппинг. Поэтому вторым номером хочется представить вашему вниманию PROXY-сервер, под названием "3proxy" (http://3proxy.ru/), разработанный нашим программистом из г. Нижний Новгород. Одним из главных его достоинств является компактность и высокая переносимость. Код сервера написан так, что легко компилируется как для Win9x/2000/XP так и для Linux и FreeBSD.
Сервер поддерживает следующие возможности:
HTTP(S) proxy;
FTP over HTTP proxy;
SOCKS4/5 proxy;
POP3 proxy;
TCP & UDP маппинг портов;
листы доступа к различным службам и адресам;
ограничение пропускной способности канала каждого пользователя (чтобы пользователь не съел весь канал, качая кучу файлов в несколько потоков :) );
ограничение трафика пользователя на день, неделю и месяц;
авторизацию пользователей ко всем proxy-службам по имени и паролю или по ip адресам;
ведение журналов через ODBC (по-моему, такого нет ни в одном proxy) и syslog и т. д.
К недостаткам можно отнести отсутствие кэширования информации :-|. Но в последнее время Inernet-контент становится все более динамичным (то есть не поддающийся кэшированию) и может быть для кого-то экономия в 25% трафика за счет его кэширования не будет столь критична. Для тех пользователей, кому она может оказаться критичной, автор предлагает использовать цепочку из 2-х серверов и в качестве кэша такие сервера как wwwoffle или им подобные, либо ждать появления поддержки кеша в 3proxy :)
Установка
# wget http://3proxy.ru/current/3proxy.tgz
# tar -xvzf 3proxy.tgz
# cd 3proxy
# make -f Makefile.unix
# mkdir /usr/local/3proxy
# mkdir /usr/local/3proxy/logs
# mkdir /usr/local/3proxy/stat
# cp src/3proxy /usr/local/3proxy
# touch /usr/local/3proxy/3proxy.cfg
# chown -R nobody:nogroup /usr/local/3proxy
Далее приведу небольшой пример конфигурационного файла 3proxy.cfg с
комментариями, более подробную информацию по конфигурированию можно
найти файле 3proxy.cfg.sample или в
HowTo http://3proxy.ru/howtor.asp
и FAQ http://3proxy.ru/faqr.asp
-------------3proxy.cfg-------------
# ВНИМАНИЕ !! не должны быть пробелов
# перед любыми опциями конфигурации !!
# ip-адрес DNS-сервера провайдера или локального
nserver 127.0.0.1
timeouts 1 5 30 60 180 1800 15 60
# Создаем двух пользователей vasia, petia и vova
# и назначаем им пароли 24555, 14656 и 45455 соответственно
users vasia:CL:24555
users petia:CL:14656
users vova:CL:45455
# Лог-файл со списком запросов пользователей
# будет создаваться каждый день новый
log /usr/local/3proxy/logs/3proxy.log D
logformat "%d-%m-%Y %H:%M:%S %U %C:%c %R:%r %O %I %T"
# Внешний интерфейс,
# через который будут уходить запросы от сервера
external 10.1.1.1
# ip-адрес интерфейса, на котором будут приниматься
# запросы от клиентов
internal 192.168.1.1
# Устанавливаем тип авторизации по имени и паролю
auth strong
# Разрешаем доступ к портам 80,8080-8088
allow * * * 80,8080-8088
# Расскоментировать секцию parent, если у вас есть прокси верхнего
# уровня и заменить ip, порт, имя пользователя и пароль на свои значения
# parent 1000 http 192.168.0.1 8080 username passwd
# allow *
# Запускаем службу HTTP-proxy на порту (3128) и
# (-n) c отключенной NTLM-авторизацией)
proxy -p3128 -n
# Ограничиваем толшину канала для пользователей
# vasia и petia в 20000 bps,
# а для vova 10000 bps
bandlimin 20000 vasia,petia
bandlimin 10000 vova
# Запускаем сервер от пользователя nobody
# (возможно в вашей ОС uid и gid пользователя nobody
# будут другими. Для их определения воспользуйтесь коммандой id nobody)
setgid 65534
setuid 65534
------------------------------------
После того как мы создали конфигурационный файл сервера, запускаем 3proxy командой:
/usr/local/3proxy/3proxy /usr/local/3proxy/3proxy.cfg
$Id: example1.txt,v 1.7 2007/04/20 19:58:42 vlad Exp $

101
doc/ru/iodbc.txt Normal file
View File

@ -0,0 +1,101 @@
KOI8-R
Kirill Lopuchov, lopuchov at mail ru
÷ÅÄÅÎÉÅ ÌÏÇÏ× ÓÅÒ×ÅÒÁ × SQL-ÂÁÚÅ ÉÍÅÅÔ Ó×ÏÉ ÐÒÉÅÍÕÝÅÓÔ×Á ÐÅÒÅÄ ÏÂÙÞÎÙÍÉ ÔÅËÓÔÏ×ÙÍÉ ÆÁÊÌÁÍÉ. 3proxy ÐÏÄÄÅÒÖÉ×ÁÅÔ ×ÅÄÅÎÉÅ ÌÏÇÏ× ÞÅÒÅÚ ODBC-ÍÅÎÅÄÖÅÒ × ÌÀÂÏÊ ÂÁÚÅ ÄÁÎÎÙÈ, ÉÍÅÀÝÉÈ ODBC-ÄÒÁÊ×ÅÒ. üÔÏÔ ÍÅÎÅÄÖÅÒ ÓÔÁÌ ÓÔÁÎÄÁÒÔÏÍ ÄÅ-ÆÁËÔÏ × ÓÒÅÄÅ Windows, ÞÅÇÏ, Ë ÓÏÖÁÌÅÎÉÀ, ÎÅ ÓËÁÖÅÛØ ÐÒÏ Unix. ðÏÜÔÏÍÕ ÄÁÌÅÅ ÒÁÓÓÍÏÔÒÉÍ ÎÁ ÐÒÉÍÅÒÅ FreeBSD ÎÁÓÔÒÏÊËÕ ×ÅÄÅÎÉÑ ÌÏÇÏ× × ÂÁÚÅ SQLite. üÔÁ ÂÁÚÁ ÄÁÎÎÙÈ ×ÙÂÒÁÎÁ × ËÁÞÅÓÔ×Å ÐÒÉÍÅÒÁ ÐÏÔÏÍÕ, ÞÔÏ ÏÎÁ ÐÒÏÓÔÁ × ÕÓÔÁÎÏ×ËÅ É ÎÁÓÔÒÏËÅ (× ÐÒÉÎÃÉÐÅ ÎÁÓÔÒÏÊËÁ ×ÅÄÅÎÉÑ ÌÏÇÏ× × ÌÀÂÏÊ ÄÒÕÇÏÊ ÂÁÚÅ mysql ÉÌÉ postgresql ÏÔÌÉÞÁÅÔÓÑ ÔÏÌØËÏ ÎÁÓÔÒÏÊËÏÊ ÅÇÏ odbc-ÄÒÁÊ×ÅÒÁ)
õÓÔÁÎÁ×ÌÉ×ÁÅÍ SQLite
wget http://www.sqlite.org/sqlite-2.8.14.tar.gz
tar -xvzf sqlite-2.8.14.tar.gz
cd sqlite
./configure
gmake
gmake install
õÓÔÁÎÁ×ÌÉ×ÁÅÍ iODBC ÍÅÎÅÄÖÅÒ
wget http://www.iodbc.org/libiodbc-3.51.2.tar.gz
tar -xvzf libiodbc-3.51.2.tar.gz
cd libiodbc-3.51.2
./configure --disable-gui --disable-gtktest
make
make install
õÓÔÁÎÁ×ÌÉ×ÁÅÍ odbc ÄÒÁÊ×ÅÒ SQLite
wget http://www.ch-werner.de/sqliteodbc/sqliteodbc-0.62.tar.gz
tar -xvzf sqliteodbc-0.62.tar.gz
cd sqliteodbc-0.62
./configure
åÓÌÉ Õ ×ÁÓ ÓËÒÉÐÔ configure ×ÙÄÁÌ ÏÛÉÂËÕ :
(configure: error: SQLite library too old)
ÔÏ ÅÅ ÍÏÖÎÏ ÐÏÐÒÏÂÏ×ÁÔØ ÏÂÏÊÔÉ, ×ÓÔÁ×É× (SQLITE_COMPILE=1
× ÓÔÒ. 5092 ÐÏÓÌÅ ÕÓÌÏ×ÉÑ if endif) × ÆÁÊÌÅ configure
make
make install
äÁÌÅÅ ÎÁÓÔÒÁÉ×ÁÅÍ ÚÁÐÉÓÉ ÄÌÑ iODBC ÍÅÎÅÄÖÅÒÁ ×
ÆÁÊÌÁÈ /etc/odbcinst.ini É /etc/odbc.ini
îÁÓÔÒÁÉ×ÁÅÍ odbc ÄÒÁÊ×ÅÒ
--------------/etc/odbcinst.ini-------------
[ODBC Drivers]
SQLite=Installed
[SQLite]
Driver=/usr/local/lib/libsqliteodbc.so
---------------------------------------
óÏÚÄÁÅÍ DSN ÄÌÑ ÂÁÚÙ c ÉÍÅÎÅÍ "sqlite", ËÏÔÏÒÁÑ ÂÕÄÅÔ
ÒÁÓÐÏÌÁÇÁÔØÓÑ × ËÁÔÁÌÏÇÅ: /usr/local/3proxy/logs.db
--------------/etc/odbc.ini----------------
[ODBC Data Sources]
sqlite=SQLite
[sqlite]
Driver=/usr/local/lib/libsqliteodbc.so
Description=SQLite test database
Database=/usr/local/3proxy/logs.db
# optional lock timeout in milliseconds
Timeout=2000
---------------------------------------
óÏÚÄÁÅÍ ÂÁÚÕ ÄÌÑ ÌÏÇÏ× É ÔÁÂÌÉÃÕ × ÆÏÒÍÁÔÅ (logformat
ÓÍ. ÏÐÉÓÁÎÉÅ × 3proxy.cfg.sample )
sqlite /usr/local/3proxy/logs.db
SQLite version 2.8.14
Enter ".help" for instructions
sqlite>create table log (
...> l_date char (11),
...> l_chour char (10),
...> l_user char (30),
...> l_service char (30),
...> l_in integer,
...> l_out integer,
...> l_descr char (64000),
...>);
äÏÂÁ×ÌÑÅÍ ÓÌÅÄÕÀÝÉÅ ÚÁÐÉÓÉ × ËÏÎÆÉÇÕÒÁÃÉÏÎÎÙÊ ÆÁÊÌ 3proxy.cfg
---------------3proxy.cfg-----------------
log &sqlite
logformat "Linsert into log ( l_date, l_chour, l_user, l_service, l_in, l_out,
l_descr)
values ('%d-%m-%Y', '%H:%M:%S', '%U', '%N', %I, %O, '%T')"
------------------------------------------
CÏÂÒÁÔØ 3proxy c ÐÏÄÄÒÅÖËÏÊ iODBC, ÄÌÑ ÜÔÏÇÏ × Makefile.unix ÐÏÍÅÎÑÔØ
CFLAGS = -Wall -O2 -c -pthread -D_THREAD_SAFE -D_REENTRANT -DWITH_STD_MALLOC -I/usr/local/include
LIBS = -L /usr/local/lib -lodbc
É ÄÁÔØ ËÏÍÁÎÄÙ
make clean
make -f Makefile.unix
$Id: iodbc.txt,v 1.3 2006/02/08 17:59:07 vlad Exp $

28
doc/ru/odbc.txt Normal file
View File

@ -0,0 +1,28 @@
Eugene: Re: 3proxy 0.6 + iODBC + PostgreSQL 22.11.2007 19:04:23
Наконец-то я разобрался и запустил.
1. Я использовал пакет unixODBC.
2. /etc/unixODBC/odbc.ini
[proxy]
Description = PostgreSQL ODBC driver
Driver = PostgreSQL ODBC driver
Database = proxy
ServerName = localhost
3. /etc/unixODBC/odbcinst.ini
[PostgreSQL ODBC driver]
Description = PostgreSQL ODBC driver
Driver = /usr/local/lib/psqlodbcw.so
Setup = /usr/lib/libodbcpsqlS.so
4. Собирал вручную psqlodbc-08.02.0500, слитый с postgresql.org (получился psqlodbcw.so).
5. 3proxy.conf
log &proxy,logger,123
logformat "LINSERT INTO logger (ldatetime,username,userip,trafin,trafout,service,host,port,
url) VALUES ('%Y-%m-%d %H:%M:%S','%U','%C',
'%I','%O','%N',
'%n','%r','%T');"
То есть пароли и логины в odbc.ini прописывать не надо - система падает на драйвере ODBC.
Использовать libiodbc тоже не надо - система падает на libiodbc.so.
Все вышесказанное справедливо для unixODBC + psqlodbc производства postgresql.org, как с -DSAFESQL, так и без оного.
С myodbc + unixODBC проблем не наблюдалось никаких.
Шаманство, в общем ;)

153
man/3proxy.8 Normal file
View File

@ -0,0 +1,153 @@
.TH 3proxy "8" "July 2009" "3proxy 0.7" "Universal proxy server"
.SH NAME
.B 3proxy
\- 3[APA3A] tiny proxy server, or trivial proxy server, or free proxy
server
.SH SYNOPSIS
.B 3proxy
.RI [ config_file ]
.br
.B 3proxy
.RI [ \-\-install ]
.br
.B 3proxy
.RI [ \-\-remove ]
.SH DESCRIPTION
.B 3proxy
is universal proxy server. It can be used to provide internal users wuth
fully controllable access to external resources or to provide external
users with access to internal resources. 3proxy is not developed to replace
.BR squid (8),
but it can extend functionality of existing cashing proxy.
It can be used to route requests between different types of clients and proxy
servers. Think about it as application level
gateway with configuration like hardware router has for network layer.
It can establish multiple
gateways with HTTP and HTTPS proxy with FTP over HTTP support, SOCKS v4,
v4.5 and v5, POP3 proxy, UDP and TCP portmappers. Each gateway is started
from configuration file like independant service
.BR proxy (8)
.BR socks (8)
.BR pop3p (8)
.BR tcppm (8)
.BR udppm (8)
.BR ftppr (8)
.BR dnspr
but
.BR 3proxy
is not a kind of wrapper or superserver for this daemons. It just has same
code compiled in, but provides much more functionality. SOCKSv5
implementatation allows to use 3proxy with any UDP or TCP based client
applications designed without
proxy support (with
.IR SocksCAP ,
.I FreeCAP
or another client-side redirector under Windows of with socksification library
under Unix). So you can play your favourite games, listen music, exchange
files and messages and even accept incoming connections behind proxy server.
.PP
.I dnspr
does not exist as independant service. It\' DNS caching proxy (it requires
.I nscache
and
.I nserver
to be set in configuration. Only A-records are cached. Please note, the
this caching is mostly a 'hack' and has nothing to do with real
DNS server, but it works perfectly for SOHO networks.
.PP
3proxy supports access control lists (ACL) like network router. Source
and destination networks and destination port can be specified. In addition,
usernames and gateway action (for example GET or POST) can be used in ACLs.
In order to filter request on username basis user must be authenticated somehow. There are few
authentication types including password authentication and authentication by
NetBIOS name for Windows clients (it\'s very like ident authentication).
Depending on ACL action request can be allowed, denied or redirected to another
host or to another proxy server or even to a chain of proxy servers.
.PP
It supports different types of logging: to logfiles,
.BR syslog (3)
(only under Unix) or to ODBC database. Logging format is turnable to provide
compatibility with existing log file parsers. It makes it possible to use
3proxy with IIS, ISA, Apache or Squid log parsers.
.SH OPTIONS
.TP
.B config_file
Name of config file. See
.BR 3proxy.cfg (3)
for configuration file format. Under Windows, if config_file is not specified,
.BR 3proxy
looks for file named
.I 3proxy.cfg
in the default location (in same directory with executable file and in current
directory). Under Unix, if no config file is specified, 3proxy reads
configuration from stdin. It makes it possible to use 3proxy.cfg file as
executable script just by setting +x mode and adding
.br
#!/usr/local/3proxy/3proxy
.br
as a first line in 3proxy.cfg
.TP
.B --install
(Windows NT family only) install
.BR 3proxy
as a system service
.TP
.B --remove
(Windows NT family only) remove
.BR 3proxy
from system services
.SH SIGNALS
Under Unix there are few signals
.BR 3proxy
catches. See
.BR kill (1).
.TP
.B SIGTERM
cleanup connections and exit
.TP
.B SIGPAUSE
stop to accept new connections, on second signal - start and re-read
configuration
.TP
.B SIGCONT
start to accept new conenctions
.TP
.B SIGUSR1
reload configuration
.PP
Under Windows, if
.BR 3proxy
is installed as service you can standard service management to start, stop,
pause and continue 3proxy service, for example:
.br
.BR "net start 3proxy"
.br
.BR "net stop 3proxy"
.br
.BR "net pause 3proxy"
.br
.BR "net continue 3proxy"
.PP
Web admin service can also be used to reload configuration. Use
wget to automate this task.
.SH FILES
.TP
.I "/usr/local/3proxy/3proxy.cfg (3proxy.cfg)"
.BR 3proxy
configuration file
.SH BUGS
Report all bugs to
.BR 3proxy@security.nnov.ru
.SH SEE ALSO
3proxy.cfg(3), proxy(8), ftppr(8), socks(8), pop3p(8), tcppm(8), udppm(8),
kill(1), syslogd(8),
.br
http://3proxy.ru/
.SH TRIVIA
3APA3A is pronounced as \`\`zaraza\'\'.
.SH AUTHORS
3proxy is designed by 3APA3A
.RI ( 3APA3A@security.nnov.ru ),
Vladimir Dubrovin
.RI ( vlad@sandy.ru )

896
man/3proxy.cfg.3 Normal file
View File

@ -0,0 +1,896 @@
.TH 3proxy.cfg "3" "July 2009" "3proxy 0.7" "Universal proxy server"
.SH NAME
.B 3proxy.cfg
\- 3proxy configuration file
.SH DESCRIPTION
Common structure:
.br
Configuration file is a text file 3proxy reads configuration from. Each line
of the file is a command executed immediately, as it was given from
console. Sequence of commands is important. Configuration file as actually a
script for 3proxy executable.
Each line of the file is treated as a blank (space or tab) separated
command line. Additional space characters are ignored.
Think about 3proxy as "application level router" with console interface.
.br
Comments:
.br
Any string beginning with space character or \'#\' character is comment. It\'s
ignored. <LF>s are ignored. <CR> is end of command.
.br
Quotation:
.br
Quotation character is " (double quote). Quotation must be used to quote
spaces or another special characters. To use quotation character inside
quotation character must be dubbed (BASIC convention). For example to use
HELLO "WORLD" as an argument you should use it as "HELLO ""WORLD"""\.
Good practice is to quote any argument you use.
.br
File inclusion:
.br
You can include file by using $FILENAME macro (replace FILENAME with a path
to file, for example $/usr/local/etc/3proxy/conf.incl or
$"c:\\Program Files\\3proxy\\include.cfg" Quotation is
required in last example because path contains space character.
For included file <CR> (end of line characters) is treated as space character
(arguments delimiter instead of end of command delimiter).
Thus, include files are only useful to store long signle-line commands
(like userlist, network lists, etc).
To use dollar sign somewhere in argument it must be quoted.
Recursion is not allowed.
.br
Next commands start gateway services:
.br
.B proxy
[options]
.br
.B socks
[options]
.br
.B pop3p
[options]
.br
.B ftppr
[options]
.br
.B admin
[options]
.br
.B dnspr
[options]
.br
.B tcppm
[options]
<SRCPORT> <DSTADDR> <DSTPORT>
.br
.B udppm
[options]
<SRCPORT> <DSTADDR> <DSTPORT>
.br
Descriptions:
.br
.B proxy
\- HTTP/HTTPS proxy (default port 3128)
.br
.B socks
\- SOCKS 4/4.5/5 proxy (default port 1080)
.br
.B pop3p
\- POP3 proxy (default port 110)
.br
.B ftppr
\- FTP proxy (default port 21)
.br
.B admin
\- Web interface (default port 80)
.br
.B dnspr
\- caching DNS proxy (default port 53)
.br
.B tcppm
\- TCP portmapper
.br
.B udppm
\- UDP portmapper
.br
Options:
.br
.B -pNUMBER
change default server port to NUMBER
.br
.B -n
disable NTLM authentication (required if passwords are stored in Unix crypt format.
.br
.B -s
(for admin) - allow only secure operations (currently only traffic counters
view without ability to reset).
.br
.B -a
(for proxy) - anonymous proxy (no information about client reported)
.br
.B -a1
(for proxy) - anonymous proxy (random client information reported)
.br
Also, all options mentioned for
.BR proxy (8)
.BR socks (8)
.BR pop3p (8)
.BR tcppm (8)
.BR udppm (8)
.BR ftppr (8)
are also supported.
.br
Portmapping services listen at SRCPORT and connect to DSTADDR:DSTPORT
HTTP and SOCKS proxies are standard.
.br
POP3 proxy must be configured as POP3 server and requires username in the form of:
pop3username@pop3server. If POP3 proxy access must be authenticated, you can
specify username as proxy_username:proxy_password:POP3_username@pop3server
.br
DNS proxy resolves any types of records but only hostnames are cached. It
requires nserver/nscache to be configured.
.br
FTP proxy can be used as FTP server in any FTP client or configured as FTP
proxy on a client with FTP proxy support. Username format is one of
.br
FTPuser@FTPServer
.br
FTPuser:FTPpassword@FTPserver
.br
proxyuser:proxypassword:FTPuser:FTPpassword@FTPserver
.br
Please note, if you use FTP client interface for FTP proxy
do not add FTPpassword and FTPServer to username, because
FTP client does it for you. That is, if you use 3proxy with
authentication use
proxyuser:proxypassword:FTPuser
as FTP username, otherwise do not change original FTP user name
.B include
<path>
.br
Include config file
.br
.B config
<path>
.br
Path to configuration file to use on 3proxy restart or to save configuration.
.br
.B writable
.br
ReOpens configuration file for write access via Web interface,
and re-reads it. Usually should be first command on config file
but in combination with "config" it can be used anywhere to open
alternate config file. Think twice before using it.
.br
.B end
.br
End of configuration
.br
.B log
[[@|&]logfile] [<LOGTYPE>]
.br
sets logfile for all gateways
.br
@ - (for Unix) use syslog, filename is used as ident name
.br
& - use ODBC, filename consists of comma-delimited datasource,username,password (username and password are optional)
.br
LOGTYPE is one of:
.br
M - Monthly
.br
W - Weekly (starting from Sunday)
.br
D - Daily
.br
H - Hourly
.br
if logfile is not specified logging goes to stdout. You can specify individual logging options for gateway by using
-l option in gateway configuration.
.br
"log" command supports same format specifications for filename template
as "logformat" (if filename contains '%' sign it's believed to be template).
As with "logformat" filename must begin with 'L' or 'G' to specify Local or
Grinwitch time zone for all time-based format specificators.
.br
.B rotate
<n>
how many archived log files to keep
.br
.B logformat
<format>
Format for log record. First symbol in format must be L (local time)
or G (absolute Grinwitch time).
It can be preceeded with -XXX+Y where XXX is list of characters to be
filtered in user input (any non-printable characters are filtered too
in this case) and Y is replacement character. For example, "-,%+ L" in
the beginning of logformat means comma and percent are replaced
with space and all time based elemnts are in local time zone.
.br
You can use:
.br
%y - Year in 2 digit format
.br
%Y - Year in 4 digit format
.br
%m - Month number
.br
%o - Month abbriviature
.br
%d - Day
.br
%H - Hour
.br
%M - Minute
.br
%S - Second
.br
%t - Timstamp (in seconds since 01-Jan-1970)
.br
%. - milliseconds
.br
%z - timeZone (from Grinvitch)
.br
%D - request duration (in milliseconds)
.br
%b - average send rate per request (in Bytes per second) this speed is typically below connection speed shown by download manager.
.br
%B - average receive rate per request (in Bytes per second) this speed is typically below connection speed shown by download manager.
.br
%U - Username
.br
%N - service Name
.br
%p - service Port
.br
%E - Error code
.br
%C - Client IP
.br
%c - Client port
.br
%R - Remote IP
.br
%r - Remote port
.br
%e - External IP used to establish connection
.br
%Q - Requested IP
.br
%q - Requested port
.br
%n - requested hostname
.br
%I - bytes In
.br
%O - bytes Out
.br
%h - Hops (redirections) count
.br
%T - service specific Text
.br
%N1-N2T - (N1 and N2 are positive numbers) - log only fields from N1 thorugh N2 of service specific text
.br
in case of ODBC logging logformat specifies SQL statement, for exmample:
.br
logformat "-'+_Linsert into log (l_date, l_user, l_service, l_in, l_out, l_descr) values ('%d-%m-%Y %H:%M:%S', '%U', '%N', %I, %O, '%T')"
.br
.B logdump
<in_traffic_limit> <out_traffic_limit>
.br
Immediately creates additional log records if given amount of incoming/outgoing
traffic is achieved for connection, without waiting for connection to finish.
It may be useful to prevent information about long-lasting downloads on server
shutdown.
.br
.B archiver
<ext> <commandline>
.br
Archiver to use for log files. <ext> is file extension produced by
archiver. Filename will be last argument to archiver, optionally you
can use %A as produced archive name and %F as filename.
.br
.B timeouts
<BYTE_SHORT> <BYTE_LONG> <STRING_SHORT> <STRING_LONG> <CONNECTION_SHORT> <CONNECTION_LONG> <DNS> <CHAIN>
.br
Sets timeout values
.br
BYTE_SHORT - short timeout for single byte, is usually used for receiving single byte from stream.
.br
BYTE_LONG - long timeout for single byte, is usually used for receiving first byte in frame (for example first byte in socks request).
.br
STRING_SHORT - short timeout, for character string within stream (for example to wait between 2 HTTP headers)
.br
STRING_LONG - long timeout, for first string in stream (for example to wait for HTTP request).
.br
CONNECTION_SHORT - inactivity timeout for short connections (HTTP, POP3, etc).
.br
CONNECTION_LONG - inactivity timeout for long connection (SOCKS, portmappers, etc).
.br
DNS - timeout for DNS request before requesting next server
.br
CHAIN - timeout for reading data from chained connection
.br
.br
.B nserver
<ipaddr>
.br
Nameserver to use for name resolutions. If none spcified system
or name server fails system routines for name resolution will be
used. It's better to specify nserver because gethostbyname() may
be thread unsafe.
.br
.B nscache
<cachesize>
.br
Cache <cachesize> records for name resolution. Cachesize usually
should be large enougth (for example 65536).
.br
.B nsrecord
<hostname> <hostaddr>
.BR
Adds static record to nscache. nscache must be enabled. If 0.0.0.0
is used as a hostaddr host will never resolve, it can be used to
blacklist something or together with
.B dialer
command to set up UDL for dialing.
.br
.B fakeresolve
.BR
All names are resolved to 127.0.0.2 address. Usefull if all requests are
redirected to parent proxy with http, socks4+, connect+ or socks5+.
.br
.B dialer
<progname>
.br
Execute progname if external name can't be resolved.
Hint: if you use nscache, dialer may not work, because names will
be resolved through cache. In this case you can use something like
http://dial.right.now/ from browser to set up connection.
.br
.B internal
<ipaddr>
.br
sets ip address of internal interface. This IP address will be used
to bind gateways. Alternatively you can use -i option for individual
gateways
.br
.B external
<ipaddr>
.br
sets ip address of external interface. This IP address will be source
address for all connections made by proxy. Alternatively you can use
-e option to specify individual address for gateway.
.br
.B maxconn
<number>
.br
sets maximum number of simulationeous connections to each services
started after this command. Default is 100.
.br
.B service
.br
(depricated). Indicates 3proxy to behave as Windows 95/98/NT/2000/XP
service, no effect for Unix. Not required for 3proxy 0.6 and above. If
you upgraded from previous version of 3proxy use --remove and --install
to reinstall service.
.br
.B daemon
.br
Should be specified to close console. Do not use 'daemon' with 'service'.
At least under FreeBSD 'daemon' should preceed any proxy service
and log commands to avoid sockets problem. Always place it in the beginning
of the configuration file.
.br
.B auth
<authtype> [...]
.br
Type of user authorization. Currently supported:
.br
none - no authentication or authorization required.
Note: is auth is none any ip based limitation, redirection, etc will not work.
This is default authentication type
.br
iponly - authentication by access control list with username ignored.
Appropriate for most cases
.br
useronly - authentication by username without checking for any password with
authorization by ACLs. Useful for e.g. SOCKSv4 proxy and icqpr (icqpr set UIN /
AOL screen name as a username)
.br
dnsname - authentication by DNS hostnname with authorization by ACLs.
DNS hostname is resolved via PTR (reverse) record and validated (resolved
name must resolve to same IP address). It's recommended to use authcache by
ip for this authentication.
NB: there is no any password check, name may be spoofed.
.br
nbname - authentication by NetBIOS name with authorization by ACLs.
Messanger service should be started on user's machine. Note, that
Windows 95/98 hosts do not have messanger service by default,
WinPopup program need to be started. It's recommended to use authcache by
ip for this authentication.
NB: there is no any password check, name may be spoofed.
.br
strong - username/password authentication required. It will work with
SOCKSv5, FTP, POP3 and HTTP proxy.
.br
cache - cached authentication, may be used with 'authcache'.
.br
Plugins may add additional authentication types.
.br
It's possible to use few authentication types in the same commands. E.g.
.br
auth iponly strong
.br
In this case 'strong' authentication will be used only in case resource
access can not be performed with 'iponly' authentication, that is username is
required in ACL. It's usefull to protect access to some resources with
password allowing passwordless access to another resources, or to use
IP-based authentication for dedicated laptops and request username/password for
shared ones.
.br
.B authcache
<cachtype> <cachtime>
.br
Cache authentication information to given amount of time (cachetime) in seconds.
Cahtype is one of:
.br
ip - after successful authentication all connections during caching time
from same IP are assigned to the same user, username is not requested.
.br
ip,user username is requested and all connections from the same IP are
assigned to the same user without actual authentication.
.br
user - same as above, but IP is not checked.
.br
user,password - both username and password are checked against cached ones.
.br
Use auth type 'cache' for cached authentication
.br
.B allow
<userlist> <sourcelist> <targetlist> <targetportlist> <operationlist>
<weekdayslist> <timeperiodslist>
.br
.B deny
<userlist> <sourcelist> <targetlist> <targetportlist> <operationlist>
<weekdayslist> <timeperiodslist>
.br
Access control entries. All lists are comma-separated, no spaces are
allowed. Usernames are case sensitive (if used with authtype nbname
username must be in uppercase). Source and target lists may contain
IP addresses (W.X.Y.Z) or CIDRs (W.X.Y.Z/L). Since 0.6, targetlist may also
contain host names, instead of addresses. It's possible to use wildmask in
the begginning and in the the end of hostname, e.g. *badsite.com or
*badcontent*. Hostname is only checked if hostname presents in request.
Targetportlist may contain ports (X) or port ranges lists (X-Y). For any field
* sign means "ANY" If access list is empty it's assumed to be
.br
allow *
.br
If access list is not empty last item in access list is assumed to be
.br
deny *
.br
You may want explicitly add "deny *" to the end of access list to prevent
HTTP proxy from requesting user's password.
Access lists are checked after user have requested any resource.
If you want 3proxy to reject connections from specific addresses
immediately without any conditions you should either bind proxy
to appropriate interface only or to use ip filters.
.br
Operation is one of:
.br
CONNECT - establish outgoing TCP connection
.br
BIND - bind TCP port for listening
.br
UDPASSOC - make UDP association
.br
ICMPASSOC - make ICMP association (for future use)
.br
HTTP_GET - HTTP GET request
.br
HTTP_PUT - HTTP PUT request
.br
HTTP_POST - HTTP POST request
.br
HTTP_HEAD - HTTP HEAD request
.br
HTTP_CONNECT - HTTP CONNECT request
.br
HTTP_OTHER - over HTTP request
.br
HTTP - matches any HTTP request except HTTP_CONNECT
.br
HTTPS - same as HTTP_CONNECT
.br
FTP_GET - FTP get request
.br
FTP_PUT - FTP put request
.br
FTP_LIST - FTP list request
.br
FTP_DATA - FTP data connection. Note: FTP_DATA requires access to dynamic
non-ptivileged (1024-65535) ports on remote side.
.br
FTP - matches any FTP/FTP Data request
.br
ADMIN - access to administration interface
.br
Weeksdays are week days numbers or periods (0 or 7 means Sunday, 1 is Monday,
1-5 means Monday through Friday). Timeperiodlists is a list of time
periods in HH:MM:SS-HH:MM:SS format. For example,
00:00:00-08:00:00,17:00:00-24:00:00
lists non-working hours.
.br
.B parent
<weight> <type> <ip> <port> <username> <password>
.br
this command must follow "allow" rule. It extends last allow rule to
build proxy chain. Proxies may be grouped. Proxy inside the
group is selected randomly. If few groups are specified one proxy
is randomly picked from each group and chain of proxies is created
(that is second proxy connected through first one and so on).
Weight is used to group proxies. Weigt is a number between 1 and 1000.
Weights are summed and proxies are grouped together untill weight of
group is 1000. That is:
.br
allow *
.br
parent 500 socks5 192.168.10.1 1080
.br
parent 500 connect 192.168.10.1 3128
.br
makes 3proxy to randomly choose between 2 proxies for all outgoing
connections. These 2 proxies form 1 group (summarized weight is 1000).
.br
allow * * * 80
.br
parent 1000 socks5 192.168.10.1 1080
.br
parent 1000 connect 192.168.20.1 3128
.br
parent 300 socks4 192.168.30.1 1080
.br
parent 700 socks5 192.168.40.1 1080
.br
creates chain of 3 proxies: 192.168.10.1, 192.168.20.1 and third
is (192.168.30.1 with probability of 0.3 or 192.168.40.1
with probability of 0.7) for outgoing web connections.
.br
type is one of:
.br
tcp - simply redirect connection. TCP is always last in chain.
.br
http - redirect to HTTP proxy. HTTP is always last chain.
.br
pop3 - redirect to POP3 proxy (only local redirection is supported, can not be
used for chaining)
.br
ftp - redirect to FTP proxy (only local redirection is supported, can not be
used for chaining)
.br
connect - parent is HTTP CONNECT method proxy
.br
connect+ - parent is HTTP CONNECT proxy with name resolution
.br
socks4 - parent is SOCKSv4 proxy
.br
socks4+ - parent is SOCKSv4 proxy with name resolution (SOCKSv4a)
.br
socks5 - parent is SOCKSv5 proxy
.br
socks5+ - parent is SOCKSv5 proxy with name resolution
.br
socks4b - parent is SOCKS4b (broken SOCKSv4 implementation with shortened
server reply. I never saw this kind ofservers byt they say there are).
Normally you should not use this option. Do not mess this option with
SOCKSv4a (socks4+).
.br
socks5b - parent is SOCKS5b (broken SOCKSv5 implementation with shortened
server reply. I think you will never find it useful). Never use this option
unless you know exactly you need it.
.br
admin - redirect request to local 'admin' service (with -s parameter).
.br
Use "+" proxy only with "fakeresolve" option
.br
IP and port are ip addres and port of parent proxy server.
If IP is zero, ip is taken from original request, only port is changed.
If port is zero, it's taken from original request, only IP is changed.
If both IP and port are zero - it's a special case of local redirection,
it works only with
.B socks
proxy. In case of local redirection request is redirected to different service,
.B ftp
locally redirects to
.B ftppr
.B pop3
locally redirects to
.B pop3p
.B http
locally redurects to
.B proxy
.B admin
locally redirects to admin -s service.
.br
Main purpose of local redirections is to have requested resource
(URL or POP3 username) logged and protocol-specific filters to be applied.
In case of local redirection ACLs are revied twice: first, by SOCKS proxy up to
'parent' command and then with gateway service connection is
redirected (HTTP, FTP or POP3) after 'parent' command. It means,
additional 'allow' command is required for redirected requests, for
example:
.br
allow * * * 80
.br
parent 1000 http 0.0.0.0 0
.br
allow * * * 80 HTTP_GET,HTTP_POST
.br
socks
.br
redirects all SOCKS requests with target port 80 to local HTTP proxy,
local HTTP proxy parses requests and allows only GET and POST requests.
.br
parent 1000 http 1.2.3.4 0
.br
Changes external address for given connection to 1.2.3.4
(an equivalent to -e1.2.3.4)
Optional username and password are used to authenticate on parent
proxy. Username of '*' means username must be supplied by user.
.br
.B nolog
<n>
extends last allow or deny command to prevent logging, e.g.
.br
allow * * 192.168.1.1
.br
nolog
.br
.B weight
<n>
extends last allow or deny command to set weight for this request
.br
allow * * 192.168.1.1
.br
weight 100
.br
Weight may be used for different purposes.
.br
.B bandlimin
<rate> <userlist> <sourcelist> <targetlist> <targetportlist> <operationlist>
.br
.B nobandlimin
<userlist> <sourcelist> <targetlist> <targetportlist> <operationlist>
.B bandlimout
<rate> <userlist> <sourcelist> <targetlist> <targetportlist> <operationlist>
.br
.B nobandlimout
<userlist> <sourcelist> <targetlist> <targetportlist> <operationlist>
.br
bandlim sets bandwith limitation filter to <rate> bps (bits per second)
(if you want to specife bytes per second - multiply your value to 8).
bandlim rules act in a same manner as allow/deny rules except
one thing: bandwidth limiting is applied to all services, not to some
specific service.
bandlimin and nobandlimin applies to incoming traffic
bandlimout and nobandlimout applies to outgoing traffic
If tou want to ratelimit your clients with ip's 192.168.10.16/30 (4
addresses) to 57600 bps you have to specify 4 rules like
.br
bandlimin 57600 * 192.168.10.16
.br
bandlimin 57600 * 192.168.10.17
.br
bandlimin 57600 * 192.168.10.18
.br
bandlimin 57600 * 192.168.10.19
.br
and every of you clients will have 56K channel. if you specify
.br
bandlimin 57600 * 192.168.10.16/30
.br
you will have 56K channel shared between all clients.
if you want, for example, to limit all speed ecept access to POP3 you can use
.br
nobandlimin * * * 110
.br
before the rest of bandlim rules.
.br
.B counter
<filename> <reporttype> <repotname>
.br
.B countin
<number> <type> <limit> <userlist> <sourcelist> <targetlist> <targetportlist> <operationlist>
.br
.B nocountin
<userlist> <sourcelist> <targetlist> <targetportlist> <operationlist>
.br
.B countout
<number> <type> <limit> <userlist> <sourcelist> <targetlist> <targetportlist> <operationlist>
.br
.B nocountout
<userlist> <sourcelist> <targetlist> <targetportlist> <operationlist>
.br
counter, countin, nocountin, countout, noucountout commands are
used to set traffic limit
in MB for period of time (day, week or month). Filename is a path
to a special file where traffic information is permanently stored.
number is sequential number of record in this file. If number is 0
no traffic information on this counter is saved in file (that is
if proxy restarted all information is loosed) overwise it should be
unique sequential number.
Type specifies a type of counter. Type is one of:
.br
D - counter is resetted daily
.br
W - counter is resetted weekly
.br
M - counter is resetted monthely
.br
reporttype/repotname may be used to generate traffic reports.
Reporttype is one of D,W,M,H(hourly) and repotname specifies filename
template for reports. Report is text file with counter values in
format:
.br
<COUNTERNUMBER> <TRAF*4GB> <TRAF>
.br
The rest of parameters is identical to bandlim/nobandlim.
.br
.B users
username[:pwtype:password] ...
.br
pwtype is one of:
.br
none (empty) - use system authentication
.br
CL - password is cleartext
.br
CR - password is crypt-style password
.br
NT - password is NT password (in hex)
.br
example:
.br
users test1:CL:password1 "test2:CR:$1$lFDGlder$pLRb4cU2D7GAT58YQvY49."
.br
users test3:NT:BD7DFBF29A93F93C63CB84790DA00E63
.br
(note: double quotes are requiered because password contains $ sign).
.br
.B flush
.br
empty active access list. Access list must be flushed avery time you creating
new access list for new service. For example:
.br
allow *
.br
pop3p
.br
flush
.br
allow * 192.168.1.0/24
.br
socks
.br
sets different ACLs for
.B pop3p
and
.B socks
.br
.B system
.br
execute system command
.br
.B pidfile
<filename>
.br
write pid of current process to file. It can be used to manipulate
3proxy with signals under Unix. Currently next signals are available:
.br
.B monitor
<filename>
.br
If file monitored changes in modification time or size, 3proxy reloads
configuration within one minute. Any number of files may be monitored.
.br
.B setuid
<uid>
.br
calls setuid(uid), uid must be numeric. Unix only. Warning: under some Linux
kernels setuid() works onle for current thread. It makes it impossible to suid
for all threads.
.br
.B setgid
<gid>
.br
calls setgid(gid), gid must be numeric. Unix only.
.br
.B chroot
<path>
.br
calls chroot(path). Unix only.
.SH PLUGINS
.br
.B plugin
<path_to_shared_library> <function_to_call> [<arg1> ...]
.br
Loads specified library and calls given export function with given arguments,
as
.br
int functions_to_call(struct pluginlink * pl, int argc, char * argv[]);
.br
function_to_call must return 0 in case of success, value > 0 to indicate error.
.br
.B filtermaxsize
<max_size_of_data_to_filter>
.br
If Content-length (or another data length) is greater than given value, no
data filtering will be performed thorugh filtering plugins to avoid data
corruption and/or Content-Length chaging. Default is 1MB (1048576).
.SH SEE ALSO
3proxy(8), proxy(8), ftppr(8), socks(8), pop3p(8), tcppm(8), udppm(8), syslogd(8),
.br
http://3proxy.ru/
.SH TRIVIA
3APA3A is pronounced as \`\`zaraza\'\'.
.SH AUTHORS
3proxy is designed by 3APA3A
.RI ( 3APA3A@security.nnov.ru ),
Vladimir Dubrovin
.RI ( vlad@sandy.ru )

85
man/ftppr.8 Normal file
View File

@ -0,0 +1,85 @@
.TH ftppr "8" "July 2009" "3proxy 0.7" "Universal proxy server"
.SH NAME
.B ftppr
\- FTP proxy gateway service
.SH SYNOPSIS
.BR "ftppr " [ -d ]
.IB \fR[ -l \fR[ \fR[ @ \fR] logfile \fR]]
.IB \fR[ -p port\fR]
.IB \fR[ -i internal_ip\fR]
.IB \fR[ -e external_ip\fR]
.IB \fR[ -h default_ip[:port]\fR]
.SH DESCRIPTION
.B ftppr
is FTP gateway service to allow internal users to access external FTP
servers.
.SH OPTIONS
.TP
.B -I
Inetd mode. Standalone service only.
.TP
.B -d
Daemonise. Detach service from console and run in the background.
.TP
.B -t
Be silenT. Do not log start/stop/accept error records.
.TP
.B -u
Never look for username authentication.
.TP
.B -e
External address. IP address of interface proxy should initiate connections
from.
By default system will deside which address to use in accordance
with routing table.
.TP
.B -i
Internal address. IP address proxy accepts connections to.
By default connection to any interface is accepted. It\'s usually unsafe.
.TP
.B -h
Default destination. It's used if targed address is not specified by user.
.TP
.B -p
Port. Port proxy listens for incoming connections. Default is 21.
.TP
.B -l
Log. By default logging is to stdout. If
.I logfile
is specified logging is to file. Under Unix, if
.RI \' @ \'
preceeds
.IR logfile ,
syslog is used for logging.
.SH CLIENTS
You can use any FTP client, regardless of FTP proxy support. For client with
FTP proxy support configure
.I internal_ip
and
.IR port
in FTP proxy parameters.
For clients without FTP proxy support use
.I internal_ip
and
.IR port
as FTP server. Address of real FTP server must be configured as a part of
FTP username. Format for username is
.IR username \fB@ server ,
where
.I server
is address of FTP server and
.I username
is user\'s login on this FTP server. Login itself may contain \'@\' sign.
Only cleartext authentication is currently supported.
.SH BUGS
Report all bugs to
.BR 3proxy@security.nnov.ru
.SH SEE ALSO
3proxy(8), proxy(8), pop3p(8), socks(8), tcppm(8), udppm(8), syslogd(8),
.br
http://3proxy.ru/
.SH AUTHORS
3proxy is designed by 3APA3A
.RI ( 3APA3A@security.nnov.ru ),
Vladimir Dubrovin
.RI ( vlad@sandy.ru )

78
man/icqpr.8 Normal file
View File

@ -0,0 +1,78 @@
.TH icqpr "8" "July 2009" "3proxy 0.7" "Universal proxy server"
.SH NAME
.B icqpr
\- ICQ (AOL OSCAR) proxy
.SH SYNOPSIS
.BR "icqpr " [ -d ]
.IB \fR[ -l \fR[ \fR[ @ \fR] logfile \fR]]
.IB \fR[ -i internal_ip\fR]
.IB \fR[ -e external_ip\fR]
.I local_port remote_host remote_port
.SH DESCRIPTION
.B icqpr
forwards ICQ connections from local to remote ICQ host. Most usual is
.B icqpr 5190 login.icq.com 5190
Also, icqpr adds UIN / AOL screen name as a username. It makes it possible
to control user's access to ICQ/AOL by UIN/screen name (use
.B auth useronly
in 3proxy).
.SH OPTIONS
.TP
.B -I
Inetd mode. Standalone service only.
.TP
.B -d
Daemonise. Detach service from console and run in the background.
.TP
.B -t
Be silenT. Do not log start/stop/accept error records.
.TP
.B -e
External address. IP address of interface proxy should initiate connections
from.
By default system will deside which address to use in accordance
with routing table.
.TP
.B -i
Internal address. IP address proxy accepts connections to.
By default connection to any interface is accepted. It\'s usually unsafe.
.TP
.B -l
Log. By default logging is to stdout. If
.I logfile
is specified logging is to file. Under Unix, if
.RI \' @ \'
preceeds
.IR logfile ,
syslog is used for logging.
.SH ARGUMENTS
.TP
.I local_port
- port icqpr accepts connection
.TP
.I remote_host
- IP address of the host connection is forwarded to
.TP
.I remote_port
- remote port connection is forwarded to
.SH CLIENTS
You can use any ICQ/AOL client where server address configuration is supported
or spoof login server name (e.g. login.icq.com) with IP address of proxy server
via DNS record or hosts file. Transparent redirection is also possible. Use
.I internal_ip
and
.I local_port
as a destination in client application. Connection is forwarded to
.IR remote_host : remote_port
.SH BUGS
Report all bugs to
.BR 3proxy@security.nnov.ru
.SH SEE ALSO
3proxy(8), proxy(8), ftppr(8), socks(8), pop3p(8), udppm(8), syslogd(8),
.br
http://3proxy.ru/
.SH AUTHORS
3proxy is designed by 3APA3A
.RI ( 3APA3A@security.nnov.ru ),
Vladimir Dubrovin
.RI ( vlad@sandy.ru )

81
man/pop3p.8 Normal file
View File

@ -0,0 +1,81 @@
.TH pop3p "8" "July 2009" "3proxy 0.7" "Universal proxy server"
.SH NAME
.B pop3p
\- POP3 proxy gateway service
.SH SYNOPSIS
.BR "pop3p " [ -d ]
.IB \fR[ -l \fR[ \fR[ @ \fR] logfile \fR]]
.IB \fR[ -p port\fR]
.IB \fR[ -i internal_ip\fR]
.IB \fR[ -e external_ip\fR]
.IB \fR[ -h default_ip[:port]\fR]
.SH DESCRIPTION
.B pop3p
is POP3 gateway service to allow internal users to access external POP3
servers.
.SH OPTIONS
.TP
.B -I
Inetd mode. Standalone service only.
.TP
.B -d
Daemonise. Detach service from console and run in the background.
.TP
.B -t
Be silenT. Do not log start/stop/accept error records.
.TP
.B -u
Never look for username authentication.
.TP
.B -e
External address. IP address of interface proxy should initiate connections
from.
By default system will deside which address to use in accordance
with routing table.
.TP
.B -i
Internal address. IP address proxy accepts connections to.
By default connection to any interface is accepted. It\'s usually unsafe.
.TP
.B -p
Port. Port proxy listens for incoming connections. Default is 110.
.TP
.B -h
Default destination. It's used if targed address is not specified by user.
.TP
.B -l
Log. By default logging is to stdout. If
.I logfile
is specified logging is to file. Under Unix, if
.RI \' @ \'
preceeds
.IR logfile ,
syslog is used for logging.
.SH CLIENTS
You can use any MUA (Mail User Agent) with POP3 support. Set client to use
.I internal_ip
and
.IR port
as a POP3 server. Address of real POP3 server must be configured as a part of
POP3 username. Format for username is
.IR username \fB@ server ,
where
.I server
is address of POP3 server and
.I username
is user\'s login on this POP3 server. Login itself may contain \'@\' sign.
Only cleartext authentication is supported, because challenge-response
authentication (APOP, CRAM-MD5, etc) requires challenge from server before
we know which server to connect.
.SH BUGS
Report all bugs to
.BR 3proxy@security.nnov.ru
.SH SEE ALSO
3proxy(8), ftppr(8), proxy(8), socks(8), tcppm(8), udppm(8), syslogd(8),
.br
http://3proxy.ru/
.SH AUTHORS
3proxy is designed by 3APA3A
.RI ( 3APA3A@security.nnov.ru ),
Vladimir Dubrovin
.RI ( vlad@sandy.ru )

76
man/proxy.8 Normal file
View File

@ -0,0 +1,76 @@
.TH proxy "8" "July 2009" "3proxy 0.7" "Universal proxy server"
.SH NAME
.B proxy
\- HTTP proxy gateway service
.SH SYNOPSIS
.BR "proxy " [ -d ][ -a ]
.IB \fR[ -l \fR[ \fR[ @ \fR] logfile \fR]]
.IB \fR[ -p port\fR]
.IB \fR[ -i internal_ip\fR]
.IB \fR[ -e external_ip\fR]
.SH DESCRIPTION
.B proxy
is HTTP gateway service with HTTPS and FTP over HTTPS support.
.SH OPTIONS
.TP
.B -I
Inetd mode. Standalone service only.
.TP
.B -d
Daemonise. Detach service from console and run in the background.
.TP
.B -t
Be silenT. Do not log start/stop/accept error records.
.TP
.B -u
Never ask for username authentication
.TP
.B -e
External address. IP address of interface proxy should initiate connections
from.
By default system will deside which address to use in accordance
with routing table.
.TP
.B -i
Internal address. IP address proxy accepts connections to.
By default connection to any interface is accepted. It\'s usually unsafe.
.TP
.B -a
Anonymous. Hide information about client.
.TP
.B -a1
Anonymous. Show fake information about client.
.TP
.B -p
Port. Port proxy listens for incoming connections. Default is 3128.
.TP
.B -l
Log. By default logging is to stdout. If
.I logfile
is specified logging is to file. Under Unix, if
.RI \' @ \'
preceeds
.IR logfile ,
syslog is used for logging.
.SH CLIENTS
You should use client with HTTP proxy support or configure router to redirect
HTTP traffic to proxy (transparent proxy). Configure client to connect to
.I internal_ip
and
.IR port .
HTTPS support allows to use almost any TCP based protocol. If you need to
limit clients, use
.BR 3proxy (8)
instead.
.SH BUGS
Report all bugs to
.BR 3proxy@security.nnov.ru
.SH SEE ALSO
3proxy(8), ftppr(8), socks(8), pop3p(8), tcppm(8), udppm(8), syslogd(8),
.br
http://3proxy.ru/
.SH AUTHORS
3proxy is designed by 3APA3A
.RI ( 3APA3A@security.nnov.ru ),
Vladimir Dubrovin
.RI ( vlad@sandy.ru )

82
man/smtpp.8 Normal file
View File

@ -0,0 +1,82 @@
.TH smtpp "8" "July 2009" "3proxy 0.7" "Universal proxy server"
.SH NAME
.B smtpp
\- SMTP proxy gateway service
.SH SYNOPSIS
.BR "smtpp " [ -d ]
.IB \fR[ -l \fR[ \fR[ @ \fR] logfile \fR]]
.IB \fR[ -p port\fR]
.IB \fR[ -i internal_ip\fR]
.IB \fR[ -e external_ip\fR]
.IB \fR[ -h default_ip[:port]\fR]
.SH DESCRIPTION
.B smtpp
is SMTP gateway service to allow internal users to access external SMTP
servers.
.SH OPTIONS
.TP
.B -I
Inetd mode. Standalone service only.
.TP
.B -d
Daemonise. Detach service from console and run in the background.
.TP
.B -t
Be silenT. Do not log start/stop/accept error records.
.TP
.B -u
Never look for username authentication.
.TP
.B -e
External address. IP address of interface proxy should initiate connections
from.
By default system will deside which address to use in accordance
with routing table.
.TP
.B -i
Internal address. IP address proxy accepts connections to.
By default connection to any interface is accepted. It\'s usually unsafe.
.TP
.B -p
Port. Port proxy listens for incoming connections. Default is 25.
.TP
.B -h
Default destination. It's used if targed address is not specified by user.
.TP
.B -l
Log. By default logging is to stdout. If
.I logfile
is specified logging is to file. Under Unix, if
.RI \' @ \'
preceeds
.IR logfile ,
syslog is used for logging.
.SH CLIENTS
You can use any MUA (Mail User Agent) with SMTP authentication support.
Set client to use
.I internal_ip
and
.IR port
as a SMTP server. Address of real SMTP server must be configured as a part of
SMTP username. Format for username is
.IR username \fB@ server ,
where
.I server
is address of SMTP server and
.I username
is user\'s login on this SMTP server. Login itself may contain \'@\' sign.
Only cleartext authentication is supported, because challenge-response
authentication (CRAM-MD5, SPA, etc) requires challenge from server before
we know which server to connect.
.SH BUGS
Report all bugs to
.BR 3proxy@security.nnov.ru
.SH SEE ALSO
3proxy(8), ftppr(8), proxy(8), socks(8), tcppm(8), udppm(8), syslogd(8),
.br
http://3proxy.ru/
.SH AUTHORS
3proxy is designed by 3APA3A
.RI ( 3APA3A@security.nnov.ru ),
Vladimir Dubrovin
.RI ( vlad@sandy.ru )

77
man/socks.8 Normal file
View File

@ -0,0 +1,77 @@
.TH socks "8" "July 2009" "3proxy 0.7" "Universal proxy server"
.SH NAME
.B socks
\- SOCKS 4/4.5/5 gateway service
.SH SYNOPSIS
.BR "socks " [ -d ]
.IB \fR[ -l \fR[ \fR[ @ \fR] logfile \fR]]
.IB \fR[ -p port\fR]
.IB \fR[ -i internal_ip\fR]
.IB \fR[ -e external_ip\fR]
.SH DESCRIPTION
.B socks
is SOCKS server. It supports SOCKSv4, SOCKSv4.5 (extension to v4 for
server side name resolution) and SOCKSv5. SOCKSv5 specification allows both
outgoing and reverse TCP connections and UDP portmapping.
.SH OPTIONS
.TP
.B -I
Inetd mode. Standalone service only.
.TP
.B -d
Daemonise. Detach service from console and run in the background.
.TP
.B -t
Be silenT. Do not log start/stop/accept error records.
.TP
.B -u
Never ask for username authentication
.TP
.B -e
External address. IP address of interface proxy should initiate connections
from. External IP must be specified if you need incoming connections.
By default system will deside which address to use in accordance
with routing table.
.TP
.B -i
Internal address. IP address proxy accepts connections to.
By default connection to any interface is accepted. It\'s usually unsafe.
.TP
.B -p
Port. Port proxy listens for incoming connections. Default is 1080.
.TP
.B -l
Log. By default logging is to stdout. If
.I logfile
is specified logging is to file. Under Unix, if
.RI \' @ \'
preceeds
.IR logfile ,
syslog is used for logging.
.SH CLIENTS
You should use client with SOCKS support or use some socksification support
(for example
.I SocksCAP
or
.IR FreeCAP ).
Configure client to use
.I internal_ip
and
.IR port .
SOCKS allows to use almost any application protocol without limitation. This
implementation also allows to open priviledged port on server (if socks has
sufficient privileges). If you need to control access use
.BR 3proxy (8)
instead.
.SH BUGS
Report all bugs to
.BR 3proxy@security.nnov.ru
.SH SEE ALSO
3proxy(8), proxy(8), ftppr(8), pop3p(8), tcppm(8), udppm(8), syslogd(8),
.br
http://3proxy.ru/
.SH AUTHORS
3proxy is designed by 3APA3A
.RI ( 3APA3A@security.nnov.ru ),
Vladimir Dubrovin
.RI ( vlad@sandy.ru )

71
man/tcppm.8 Normal file
View File

@ -0,0 +1,71 @@
.TH tcppm "8" "July 2009" "3proxy 0.7" "Universal proxy server"
.SH NAME
.B tcppm
\- TCP port mapper
.SH SYNOPSIS
.BR "tcppm " [ -d ]
.IB \fR[ -l \fR[ \fR[ @ \fR] logfile \fR]]
.IB \fR[ -i internal_ip\fR]
.IB \fR[ -e external_ip\fR]
.I local_port remote_host remote_port
.SH DESCRIPTION
.B tcppm
forwards connections from local to remote TCP port
.SH OPTIONS
.TP
.B -I
Inetd mode. Standalone service only.
.TP
.B -d
Daemonise. Detach service from console and run in the background.
.TP
.B -t
Be silenT. Do not log start/stop/accept error records.
.TP
.B -e
External address. IP address of interface proxy should initiate connections
from.
By default system will deside which address to use in accordance
with routing table.
.TP
.B -i
Internal address. IP address proxy accepts connections to.
By default connection to any interface is accepted. It\'s usually unsafe.
.TP
.B -l
Log. By default logging is to stdout. If
.I logfile
is specified logging is to file. Under Unix, if
.RI \' @ \'
preceeds
.IR logfile ,
syslog is used for logging.
.SH ARGUMENTS
.TP
.I local_port
- port tcppm accepts connection
.TP
.I remote_host
- IP address of the host connection is forwarded to
.TP
.I remote_port
- remote port connection is forwarded to
.SH CLIENTS
Any TCP based application can be used as a client. Use
.I internal_ip
and
.I local_port
as a destination in client application. Connection is forwarded to
.IR remote_host : remote_port
.SH BUGS
Report all bugs to
.BR 3proxy@security.nnov.ru
.SH SEE ALSO
3proxy(8), proxy(8), ftppr(8), socks(8), pop3p(8), udppm(8), syslogd(8),
.br
http://3proxy.ru/
.SH AUTHORS
3proxy is designed by 3APA3A
.RI ( 3APA3A@security.nnov.ru ),
Vladimir Dubrovin
.RI ( vlad@sandy.ru )

77
man/udppm.8 Normal file
View File

@ -0,0 +1,77 @@
.TH udppm "8" "July 2009" "3proxy 0.7" "Universal proxy server"
.SH NAME
.B udppm
\- UDP port mapper
.SH SYNOPSIS
.BR "pop3p " [ -ds ]
.IB \fR[ -l \fR[ \fR[ @ \fR] logfile \fR]]
.IB \fR[ -i internal_ip\fR]
.IB \fR[ -e external_ip\fR]
.I local_port remote_host remote_port
.SH DESCRIPTION
.B udppm
forwards datagrams from local to remote UDP port
.SH OPTIONS
.TP
.B -I
Inetd mode. Standalone service only.
.TP
.B -d
Daemonise. Detach service from console and run in the background.
.TP
.B -t
Be silenT. Do not log start/stop/accept error records.
.TP
.B -e
External address. IP address of interface proxy should initiate datagrams
from.
By default system will deside which address to use in accordance
with routing table.
.TP
.B -i
Internal address. IP address proxy accepts datagrams to.
By default connection to any interface is accepted. It\'s usually unsafe.
.TP
.B -l
Log. By default logging is to stdout. If
.I logfile
is specified logging is to file. Under Unix, if
.RI \' @ \'
preceeds
.IR logfile ,
syslog is used for logging.
.TP
.B -s
Single packet. By default only one client can use udppm service, but
if -s is specified only one packet will be forwarded between client and server.
It allows to share service between multiple clients for single packet services
(for example name lookups).
.SH ARGUMENTS
.TP
.I local_port
- port udppm accepts datagrams
.TP
.I remote_host
- IP address of the host datagrams are forwarded to
.TP
.I remote_port
- remote port datagrams are forwarded to
.SH CLIENTS
Any UDP based application can be used as a client. Use
.I internal_ip
and
.I local_port
as a destination in client application. All datagrams are forwarded to
.IR remote_host : remote_port
.SH BUGS
Report all bugs to
.BR 3proxy@security.nnov.ru
.SH SEE ALSO
3proxy(8), proxy(8), ftppr(8), socks(8), pop3p(8), udppm(8), syslogd(8),
.br
http://3proxy.ru/
.SH AUTHORS
3proxy is designed by 3APA3A
.RI ( 3APA3A@security.nnov.ru ),
Vladimir Dubrovin
.RI ( vlad@sandy.ru )

143
news Normal file
View File

@ -0,0 +1,143 @@
Fixes in 0.5.3g
! Previous fixes were not backported completely from 0.6
! Fixed ident string should not be freed for openlog() to prevent garbage in
syslog().
Fixes in 0.5.3f
! Fixed SOCKSv4 for parent proxy
Fixes in 0.5.3e
! Fixed POST request problem with NTLM authentication
Fixes in 0.5.3d
! Fixed endless loop on 'udppm -s'
Fixes in 0.5.3c
! Fixed aborted download on some requests
Fixes in 0.5.3b
! Fixed double 3xx reply on USER command in ftppr.
Fixes in 0.5.3a
! 64-bit pointer arythnmetics problem fix applied to ntlm.c
(requested by Mike Frysinger)
0.5.3 is bugfix release for 0.5.2:
Fixes backported from 0.6 as 0.5.3:
!! Fixed: NTLM authentication doesn't work for NT-encoded passwords and may
cause account blocking (reported by boris16 at tut.by)
! Fixed: offer NTLM authentication before basic
! Fixed: buffered input may double some data on empty reads
+ FTP diagnostics improved for FTP login problems
! SOCKS BIND/UDPASSOC problems fixed (based on Artem Rebrov's patch)
! Fixed: endless loop on configuration parsing if ACL weekdays are given as
a comma delimited list (reported by Andrey S. Alexeenko).
Known bugs:
Non-reproduced problem reported with poll() implemenration for some 2.4
Linux kernel, may be hardware dependant. As a result 3proxy goes to a loop
with 100% CPU utilization soon after start. Compile 3proxy without
-DWITH_POLL in Makefile(s) if you observe this behaviour.
report to 3proxy@security.nnov.ru
14/10/2006 3[APA3A]tiny proxy 0.5.2
New features since 0.4 are marked with !.
Features:
1. General
+ HTTP/1.1 Proxy with keep-alive client and server support,
transparent proxy support.
! Anonymous and random client emulation HTTP proxy mode
+ FTP over HTTP support.
+ DNS caching with built-in resolver
+ HTTPS (CONNECT) proxy
+ SOCKSv4/4.5 Proxy
+ SOCKSv5 Proxy
! UDP and bind support for SOCKSv5 (fully compatible with
SocksCAP/FreeCAP for UDP)
+ Transparent SOCKS->HTTP redirection
! Transparent SOCKS->FTP redirection
! Transparent SOCKS->POP3 redirection
+ POP3 Proxy
! FTP proxy
! DNS proxy
+ TCP port mapper
+ UDP port mapper
+ Threaded application (no child process).
! Web administration and statistics
2. Proxy chaining
+ Parent proxy support for any type of incoming connection
+ Username/password authentication for parent proxy(s).
+ HTTPS/SOCKS4/SOCKS5 and redirection parent support
+ Random parent selection
+ Chain building (multihop proxing)
3. Logging
+ turnable log format compatible with any log parser
+ stdout logging
+ file logging
+ syslog logging (Unix)
+ ODBC logging (Windows and Unix)
+ log file rotation (hourly, daily, weekly, monthly)
+ automatic log file comperssion with external archiver (for files)
+ automatic removal of older log files
! Character filtering for log files
! different log files for different servces are supported
4. Access control
+ ACL-driven (user/source/destination/protocol/weekday/daytime or
combined) bandwith limitation for incoming and (!)outgoing trafic.
+ ACL-driven (user/source/destination/protocol/weekday/daytime or
combined) traffic limitation per day, week or month
+ User authorization by NetBIOS messanger name
+ Access control by username, source IP, destination IP, destination
port and destination action (POST, PUT, GET, etc), weekday and daytime.
+ Access control by username/password for SOCKSv5 and HTTP/HTTPS/FTP
+ Cleartext or encrypted (crypt/MD5 or NT) passwords.
+ Connection redirection
+ Access control by requested action (CONNECT/BIND,
HTTP GET/POST/PUT/HEAD/OTHER).
! NTLM authentication for HTTP proxy access
! All access controle entries now support weekday and daytime
limitations.
5. Configuration
+ support for configuration files
+ support for includes in configuration files
+ interface binding
+ running as daemon process
+ utility for automated networks list building
! configuration reload on any file change
Unix
+ support for chroot
+ support for setgid
+ support for setuid
! support for signals
Windows NT/2K/XP/2K3
+ support --install as service
+ support --remove as service
+ support for service START, STOP, PAUSE and CONTINUE commands (on
PAUSE no new connection accepted, but active connections still in
progress, on CONTINUE configuration is reloaded)
Windows 95/98/ME
! support --install as service
! support --remove as service
6. Compilation
+ MSVC (msvcrt.dll)
+ Intel Windows Compiler (msvcrt.dll)
+ Windows/gcc (msvcrt.dll)
+ Cygwin/gcc (cygwin.dll)
+ Unix/gcc
+ Unix/ccc
! Solaris
Planned for future (0.6) release:
- External modules API
- Addon URL, antiviral, HTTP cache filters modules, authentication
modules for different protocols (RADIUS, PAM, integrated system, etc).
$Id: news,v 1.2 2007/03/01 16:19:43 vlad Exp $

32
scripts/3proxy.cfg Normal file
View File

@ -0,0 +1,32 @@
#!/usr/local/etc/3proxy/bin/3proxy
daemon
pidfile /usr/local/etc/3proxy/3proxy.pid
nscache 65536
nserver 127.0.0.1
config /usr/local/etc/3proxy/3proxy.cfg
monitor /usr/local/etc/3proxy/3proxy.cfg
monitor /usr/local/etc/3proxy/counters
monitor /usr/local/etc/3proxy/passwd
monitor /usr/local/etc/3proxy/bandlimiters
log /usr/local/etc/3proxy/log/log D
rotate 60
counter /usr/local/etc/3proxy/3proxy.3cf
users $/usr/local/etc/3proxy/passwd
include /usr/local/etc/3proxy/counters
include /usr/local/etc/3proxy/bandlimiters
auth strong
deny * * 127.0.0.1
allow *
proxy -n
socks
flush
allow admin
admin -p8080

10
scripts/add3proxyuser.sh Normal file
View File

@ -0,0 +1,10 @@
#!/bin/sh
if [ $4 ]; then
echo $1:`/usr/local/etc/3proxy/bin/mycrypt $$ $2` >> /usr/local/etc/3proxy/passwd
echo countin \"`wc -l /usr/local/etc/3proxy/counters|awk '{print $1}'`/$1\" D $3 $1 >> /usr/local/etc/3proxy/counters
echo bandlimin $4 $1 >> /usr/local/etc/3proxy/bandlimiters
else
echo usage: $0 username password day_limit bandwidth
echo " "day_limit - traffic limit in MB per day
echo " "bandwidth - bandwith in bits per second 1048576 = 1Mbps
fi

21
scripts/install-unix.sh Normal file
View File

@ -0,0 +1,21 @@
#!/bin/sh
cd ..
cp Makefile.unix Makefile
make
if [ ! -d /usr/local/etc/3proxy/bin ]; then mkdir -p /usr/local/etc/3proxy/bin/; fi
install src/3proxy /usr/local/etc/3proxy/bin/3proxy
install src/mycrypt /usr/local/etc/3proxy/bin/mycrypt
install scripts/rc.d/proxy.sh /usr/local/etc/rc.d/proxy.sh
install scripts/add3proxyuser.sh /usr/local/etc/3proxy/bin/
if [ -s /usr/local/etc/3proxy/3proxy.cfg ]; then
echo /usr/local/etc/3proxy/3proxy.cfg already exists
else
install scripts/3proxy.cfg /usr/local/etc/3proxy/
if [ ! -d /var/log/3proxy/ ]; then
mkdir /var/log/3proxy/
fi
touch /usr/local/etc/3proxy/passwd
touch /usr/local/etc/3proxy/counters
touch /usr/local/etc/3proxy/bandlimiters
echo Run /usr/local/etc/3proxy/bin/add3proxyuser.sh to add \'admin\' user
fi

48
scripts/rc.d/proxy.sh Normal file
View File

@ -0,0 +1,48 @@
#!/bin/sh
#
# chkconfig: 2345 20 80
# description: 3proxy tiny proxy server
#
#
#
#
case "$1" in
start)
echo Starting 3Proxy
/usr/local/etc/3proxy/bin/3proxy /usr/local/etc/3proxy/3proxy.cfg
RETVAL=$?
echo
[ $RETVAL ]
;;
stop)
echo Stopping 3Proxy
if [ /usr/local/etc/3proxy/3proxy.pid ]; then
/bin/kill `cat /usr/local/etc/3proxy/3proxy.pid`
else
/usr/bin/killall 3proxy
fi
RETVAL=$?
echo
[ $RETVAL ]
;;
restart|reload)
echo Reloading 3Proxy
if [ /usr/local/etc/3proxy/3proxy.pid ]; then
/bin/kill -s USR1 `cat /usr/local/etc/3proxy/3proxy.pid`
else
/usr/bin/killall -s USR1 3proxy
fi
;;
*)
echo Usage: $0 "{start|stop|restart}"
exit 1
esac
exit 0

2027
src/3proxy.c Normal file
View File

File diff suppressed because it is too large Load Diff

1
src/Makefile Normal file
View File

@ -0,0 +1 @@
include Makefile.var

181
src/Makefile.inc Normal file
View File

@ -0,0 +1,181 @@
#$Id: Makefile.inc,v 1.19 2008/12/10 13:12:10 vlad Exp $
#
# 3 proxy common Makefile
#
all: pre $(BUILDDIR)3proxy$(EXESUFFICS) $(BUILDDIR)mycrypt$(EXESUFFICS) $(BUILDDIR)dighosts$(EXESUFFICS) $(BUILDDIR)pop3p$(EXESUFFICS) $(BUILDDIR)smtpp$(EXESUFFICS) $(BUILDDIR)ftppr$(EXESUFFICS) $(BUILDDIR)tcppm$(EXESUFFICS) $(BUILDDIR)icqpr$(EXESUFFICS) $(BUILDDIR)msnpr$(EXESUFFICS) $(BUILDDIR)udppm$(EXESUFFICS) $(BUILDDIR)socks$(EXESUFFICS) $(BUILDDIR)proxy$(EXESUFFICS) $(BUILDDIR)countersutil$(EXESUFFICS) allplugins
pre:
-cd .. && $(TYPECOMMAND) copying
$(PREMAKE)
sockmap$(OBJSUFFICS): sockmap.c proxy.h structures.h
$(CC) $(CFLAGS) sockmap.c
common$(OBJSUFFICS): common.c proxy.h structures.h
$(CC) $(CFLAGS) common.c
myalloc$(OBJSUFFICS): myalloc.c proxy.h structures.h
$(CC) $(CFLAGS) myalloc.c
plugins$(OBJSUFFICS): plugins.c proxy.h structures.h
$(CC) $(CFLAGS) plugins.c
base64$(OBJSUFFICS): base64.c
$(CC) $(CFLAGS) base64.c
ftp$(OBJSUFFICS): ftp.c proxy.h structures.h
$(CC) $(CFLAGS) ftp.c
#$(COMPATLIBS):
# $(CC) $(CFLAGS) strncasecmp.c
sockgetchar$(OBJSUFFICS): sockgetchar.c proxy.h structures.h
$(CC) $(CFLAGS) sockgetchar.c
proxy$(OBJSUFFICS): proxy.c proxy.h structures.h proxymain.c
$(CC) $(CFLAGS) $(DEFINEOPTION)WITHMAIN $(DEFINEOPTION)NOPORTMAP $(DEFINEOPTION)ANONYMOUS proxy.c
pop3p$(OBJSUFFICS): pop3p.c proxy.h structures.h proxymain.c
$(CC) $(CFLAGS) $(DEFINEOPTION)WITHMAIN $(DEFINEOPTION)NOPORTMAP pop3p.c
smtpp$(OBJSUFFICS): smtpp.c proxy.h structures.h proxymain.c
$(CC) $(CFLAGS) $(DEFINEOPTION)WITHMAIN $(DEFINEOPTION)NOPORTMAP smtpp.c
ftppr$(OBJSUFFICS): ftppr.c proxy.h structures.h proxymain.c
$(CC) $(CFLAGS) $(DEFINEOPTION)WITHMAIN $(DEFINEOPTION)NOPORTMAP ftppr.c
tcppm$(OBJSUFFICS): tcppm.c proxy.h structures.h proxymain.c
$(CC) $(CFLAGS) $(DEFINEOPTION)WITHMAIN $(DEFINEOPTION)PORTMAP tcppm.c
icqpr$(OBJSUFFICS): icqpr.c proxy.h structures.h proxymain.c
$(CC) $(CFLAGS) $(DEFINEOPTION)WITHMAIN $(DEFINEOPTION)PORTMAP icqpr.c
msnpr$(OBJSUFFICS): msnpr.c proxy.h structures.h proxymain.c
$(CC) $(CFLAGS) $(DEFINEOPTION)WITHMAIN $(DEFINEOPTION)PORTMAP msnpr.c
socks$(OBJSUFFICS): socks.c proxy.h structures.h proxymain.c
$(CC) $(CFLAGS) $(DEFINEOPTION)WITHMAIN $(DEFINEOPTION)NOPORTMAP socks.c
udppm$(OBJSUFFICS): udppm.c proxy.h structures.h proxymain.c
$(CC) $(CFLAGS) $(DEFINEOPTION)WITHMAIN $(DEFINEOPTION)PORTMAP udppm.c
3proxy$(OBJSUFFICS): 3proxy.c proxy.h structures.h
$(CC) $(CFLAGS) 3proxy.c
$(BUILDDIR)proxy$(EXESUFFICS): sockmap$(OBJSUFFICS) proxy$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) myalloc$(OBJSUFFICS) common$(OBJSUFFICS) base64$(OBJSUFFICS) ftp$(OBJSUFFICS) $(COMPATLIBS)
$(LN) $(LNOUT)$(BUILDDIR)proxy$(EXESUFFICS) $(LDFLAGS) $(VERFILE) sockmap$(OBJSUFFICS) proxy$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) myalloc$(OBJSUFFICS) common$(OBJSUFFICS) base64$(OBJSUFFICS) ftp$(OBJSUFFICS) $(COMPATLIBS) $(LIBS)
$(BUILDDIR)pop3p$(EXESUFFICS): sockmap$(OBJSUFFICS) pop3p$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) myalloc$(OBJSUFFICS) common$(OBJSUFFICS) $(COMPATLIBS)
$(LN) $(LNOUT)$(BUILDDIR)pop3p$(EXESUFFICS) $(LDFLAGS) $(VERFILE) sockmap$(OBJSUFFICS) pop3p$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) myalloc$(OBJSUFFICS) common$(OBJSUFFICS) $(COMPATLIBS) $(LIBS)
$(BUILDDIR)smtpp$(EXESUFFICS): sockmap$(OBJSUFFICS) smtpp$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) myalloc$(OBJSUFFICS) common$(OBJSUFFICS) base64$(OBJSUFFICS) $(COMPATLIBS)
$(LN) $(LNOUT)$(BUILDDIR)smtpp$(EXESUFFICS) $(LDFLAGS) $(VERFILE) sockmap$(OBJSUFFICS) smtpp$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) base64$(OBJSUFFICS) myalloc$(OBJSUFFICS) common$(OBJSUFFICS) $(COMPATLIBS) $(LIBS)
$(BUILDDIR)ftppr$(EXESUFFICS): sockmap$(OBJSUFFICS) ftppr$(OBJSUFFICS) ftp$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) myalloc$(OBJSUFFICS) common$(OBJSUFFICS) $(COMPATLIBS)
$(LN) $(LNOUT)$(BUILDDIR)ftppr$(EXESUFFICS) $(LDFLAGS) $(VERFILE) sockmap$(OBJSUFFICS) ftppr$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) myalloc$(OBJSUFFICS) common$(OBJSUFFICS) ftp$(OBJSUFFICS) $(COMPATLIBS) $(LIBS)
$(BUILDDIR)socks$(EXESUFFICS): sockmap$(OBJSUFFICS) socks$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) myalloc$(OBJSUFFICS) common$(OBJSUFFICS)
$(LN) $(LNOUT)$(BUILDDIR)socks$(EXESUFFICS) $(LDFLAGS) $(VERFILE) sockmap$(OBJSUFFICS) socks$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) myalloc$(OBJSUFFICS) common$(OBJSUFFICS) $(LIBS)
$(BUILDDIR)tcppm$(EXESUFFICS): sockmap$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) tcppm$(OBJSUFFICS) myalloc$(OBJSUFFICS) common$(OBJSUFFICS)
$(LN) $(LNOUT)$(BUILDDIR)tcppm$(EXESUFFICS) $(LDFLAGS) $(VERFILE) sockmap$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) tcppm$(OBJSUFFICS) myalloc$(OBJSUFFICS) common$(OBJSUFFICS) $(LIBS)
$(BUILDDIR)icqpr$(EXESUFFICS): sockmap$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) icqpr$(OBJSUFFICS) myalloc$(OBJSUFFICS) common$(OBJSUFFICS)
$(LN) $(LNOUT)$(BUILDDIR)icqpr$(EXESUFFICS) $(LDFLAGS) $(VERFILE) sockmap$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) icqpr$(OBJSUFFICS) myalloc$(OBJSUFFICS) common$(OBJSUFFICS) $(LIBS)
$(BUILDDIR)msnpr$(EXESUFFICS): sockmap$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) msnpr$(OBJSUFFICS) myalloc$(OBJSUFFICS) common$(OBJSUFFICS)
$(LN) $(LNOUT)$(BUILDDIR)msnpr$(EXESUFFICS) $(LDFLAGS) $(VERFILE) sockmap$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) msnpr$(OBJSUFFICS) myalloc$(OBJSUFFICS) common$(OBJSUFFICS) $(LIBS)
$(BUILDDIR)udppm$(EXESUFFICS): sockmap$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) udppm$(OBJSUFFICS) myalloc$(OBJSUFFICS) common$(OBJSUFFICS)
$(LN) $(LNOUT)$(BUILDDIR)udppm$(EXESUFFICS) $(LDFLAGS) $(VERFILE) sockmap$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) udppm$(OBJSUFFICS) myalloc$(OBJSUFFICS) common$(OBJSUFFICS) $(LIBS)
mainfunc$(OBJSUFFICS): proxy.h structures.h proxymain.c
$(CC) $(COUT)mainfunc$(OBJSUFFICS) $(CFLAGS) $(DEFINEOPTION)MODULEMAINFUNC=mainfunc proxymain.c
srvproxy$(OBJSUFFICS): proxy.c proxy.h structures.h
$(CC) $(COUT)srvproxy$(OBJSUFFICS) $(CFLAGS) proxy.c
srvpop3p$(OBJSUFFICS): pop3p.c proxy.h structures.h
$(CC) $(COUT)srvpop3p$(OBJSUFFICS) $(CFLAGS) pop3p.c
srvsmtpp$(OBJSUFFICS): smtpp.c proxy.h structures.h
$(CC) $(COUT)srvsmtpp$(OBJSUFFICS) $(CFLAGS) smtpp.c
srvftppr$(OBJSUFFICS): ftppr.c proxy.h structures.h
$(CC) $(COUT)srvftppr$(OBJSUFFICS) $(CFLAGS) ftppr.c
srvtcppm$(OBJSUFFICS): tcppm.c proxy.h structures.h
$(CC) $(COUT)srvtcppm$(OBJSUFFICS) $(CFLAGS) tcppm.c
srvicqpr$(OBJSUFFICS): icqpr.c proxy.h structures.h
$(CC) $(COUT)srvicqpr$(OBJSUFFICS) $(CFLAGS) icqpr.c
srvmsnpr$(OBJSUFFICS): msnpr.c proxy.h structures.h
$(CC) $(COUT)srvmsnpr$(OBJSUFFICS) $(CFLAGS) msnpr.c
srvsocks$(OBJSUFFICS): socks.c proxy.h structures.h
$(CC) $(COUT)srvsocks$(OBJSUFFICS) $(CFLAGS) socks.c
srvwebadmin$(OBJSUFFICS): webadmin.c proxy.h structures.h
$(CC) $(COUT)srvwebadmin$(OBJSUFFICS) $(CFLAGS) webadmin.c
srvudppm$(OBJSUFFICS): udppm.c proxy.h structures.h
$(CC) $(COUT)srvudppm$(OBJSUFFICS) $(CFLAGS) udppm.c
srvdnspr$(OBJSUFFICS): dnspr.c proxy.h structures.h
$(CC) $(COUT)srvdnspr$(OBJSUFFICS) $(CFLAGS) dnspr.c
auth$(OBJSUFFICS): auth.c proxy.h structures.h
$(CC) $(COUT)auth$(OBJSUFFICS) $(CFLAGS) auth.c
datatypes$(OBJSUFFICS): datatypes.c proxy.h structures.h
$(CC) $(COUT)datatypes$(OBJSUFFICS) $(CFLAGS) datatypes.c
mycrypt$(OBJSUFFICS): mycrypt.c
$(CC) $(COUT)mycrypt$(OBJSUFFICS) $(CFLAGS) mycrypt.c
dighosts$(OBJSUFFICS): dighosts.c
$(CC) $(COUT)dighosts$(OBJSUFFICS) $(CFLAGS) dighosts.c
$(BUILDDIR)dighosts$(EXESUFFICS): dighosts$(OBJSUFFICS) myalloc$(OBJSUFFICS) common$(OBJSUFFICS) $(COMPATLIBS)
$(LN) $(LNOUT)$(BUILDDIR)dighosts$(EXESUFFICS) $(LDFLAGS) $(VERFILE) dighosts$(OBJSUFFICS) myalloc$(OBJSUFFICS) common$(OBJSUFFICS) $(COMPATLIBS) $(LIBS)
countersutil$(OBJSUFFICS): countersutil.c
$(CC) $(COUT)countersutil$(OBJSUFFICS) $(CFLAGS) countersutil.c
$(BUILDDIR)countersutil$(EXESUFFICS): countersutil$(OBJSUFFICS) $(COMPATLIBS)
$(LN) $(LNOUT)$(BUILDDIR)countersutil$(EXESUFFICS) $(LDFLAGS) $(VERFILE) countersutil$(OBJSUFFICS) $(COMPATLIBS) $(LIBS)
mycryptmain$(OBJSUFFICS): mycrypt.c
$(CC) $(COUT)mycryptmain$(OBJSUFFICS) $(CFLAGS) $(DEFINEOPTION)WITHMAIN mycrypt.c
$(BUILDDIR)mycrypt$(EXESUFFICS): md4$(OBJSUFFICS) md5$(OBJSUFFICS) mycryptmain$(OBJSUFFICS) base64$(OBJSUFFICS)
$(LN) $(LNOUT)$(BUILDDIR)mycrypt$(EXESUFFICS) $(VERFILE) $(LDFLAGS) md4$(OBJSUFFICS) md5$(OBJSUFFICS) base64$(OBJSUFFICS) mycryptmain$(OBJSUFFICS)
md4$(OBJSUFFICS): libs/md4.h libs/md4.c
$(CC) $(COUT)md4$(OBJSUFFICS) $(CFLAGS) libs/md4.c
smbdes$(OBJSUFFICS): libs/smbdes.c
$(CC) $(COUT)smbdes$(OBJSUFFICS) $(CFLAGS) libs/smbdes.c
md5$(OBJSUFFICS): libs/md5.h libs/md5.c
$(CC) $(COUT)md5$(OBJSUFFICS) $(CFLAGS) libs/md5.c
ntlm$(OBJSUFFICS): ntlm.c
$(CC) $(COUT)ntlm$(OBJSUFFICS) $(CFLAGS) ntlm.c
stringtable$(OBJSUFFICS): stringtable.c
$(CC) $(COUT)stringtable$(OBJSUFFICS) $(CFLAGS) stringtable.c
$(BUILDDIR)3proxy$(EXESUFFICS): 3proxy$(OBJSUFFICS) mainfunc$(OBJSUFFICS) srvproxy$(OBJSUFFICS) srvpop3p$(OBJSUFFICS) srvsmtpp$(OBJSUFFICS) srvftppr$(OBJSUFFICS) srvsocks$(OBJSUFFICS) srvtcppm$(OBJSUFFICS) srvicqpr$(OBJSUFFICS) srvmsnpr$(OBJSUFFICS) srvudppm$(OBJSUFFICS) sockmap$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) myalloc$(OBJSUFFICS) common$(OBJSUFFICS) auth$(OBJSUFFICS) datatypes$(OBJSUFFICS) md4$(OBJSUFFICS) md5$(OBJSUFFICS) mycrypt$(OBJSUFFICS) base64$(OBJSUFFICS) ftp$(OBJSUFFICS) smbdes$(OBJSUFFICS) ntlm$(OBJSUFFICS) stringtable$(OBJSUFFICS) srvwebadmin$(OBJSUFFICS) srvdnspr$(OBJSUFFICS) plugins$(OBJSUFFICS) $(COMPATLIBS)
$(LN) $(LNOUT)$(BUILDDIR)3proxy$(EXESUFFICS) $(LDFLAGS) $(VERFILE) 3proxy$(OBJSUFFICS) mainfunc$(OBJSUFFICS) auth$(OBJSUFFICS) datatypes$(OBJSUFFICS) srvproxy$(OBJSUFFICS) srvpop3p$(OBJSUFFICS) srvsmtpp$(OBJSUFFICS) srvftppr$(OBJSUFFICS) srvsocks$(OBJSUFFICS) srvtcppm$(OBJSUFFICS) srvicqpr$(OBJSUFFICS) srvmsnpr$(OBJSUFFICS) srvudppm$(OBJSUFFICS) sockmap$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) myalloc$(OBJSUFFICS) common$(OBJSUFFICS) mycrypt$(OBJSUFFICS) md5$(OBJSUFFICS) md4$(OBJSUFFICS) base64$(OBJSUFFICS) ftp$(OBJSUFFICS) smbdes$(OBJSUFFICS) ntlm$(OBJSUFFICS) stringtable$(OBJSUFFICS) srvwebadmin$(OBJSUFFICS) srvdnspr$(OBJSUFFICS) plugins$(OBJSUFFICS) $(COMPATLIBS) $(LIBS)
clean:
@$(REMOVECOMMAND) *$(OBJSUFFICS) $(COMPFILES)

1329
src/auth.c Normal file
View File

File diff suppressed because it is too large Load Diff

104
src/base64.c Normal file
View File

@ -0,0 +1,104 @@
/*
* Copyright (c) 2000-2008 3APA3A
*
* please read License Agreement
*
* $Id: base64.c,v 1.6 2008/01/08 21:46:36 vlad Exp $
*/
#include <string.h>
static const unsigned char base64digits[] =
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
#define BAD 255
static const unsigned char base64val[] = {
BAD,BAD,BAD,BAD, BAD,BAD,BAD,BAD, BAD,BAD,BAD,BAD, BAD,BAD,BAD,BAD,
BAD,BAD,BAD,BAD, BAD,BAD,BAD,BAD, BAD,BAD,BAD,BAD, BAD,BAD,BAD,BAD,
BAD,BAD,BAD,BAD, BAD,BAD,BAD,BAD, BAD,BAD,BAD, 62, BAD,BAD,BAD, 63,
52, 53, 54, 55, 56, 57, 58, 59, 60, 61,BAD,BAD, BAD,BAD,BAD,BAD,
BAD, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14,
15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25,BAD, BAD,BAD,BAD,BAD,
BAD, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40,
41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51,BAD, BAD,BAD,BAD,BAD
};
#define DECODE64(c) ((c > 32 && c<127)? base64val[(int)c] : BAD)
unsigned char* en64 (const unsigned char *in, unsigned char *out, int inlen)
{
for (; inlen > 0; inlen -= 3, in+=3)
{
*out++ = base64digits[in[0] >> 2];
*out++ = base64digits[((in[0]&3)<<4) | ((inlen > 1)?(in[1]>>4):0)];
*out++ = (inlen > 1)? base64digits[((in[1] << 2) & 0x3c) | ((inlen > 2)? (in[2] >> 6) : 0)]: '=';
*out++ = (inlen > 2)? base64digits[in[2] & 0x3f] : '=';
}
*out = '\0';
return out;
}
int de64 (const char *in, char *out, int maxlen)
{
int len = 0;
register unsigned char digit1, digit2, digit3, digit4;
if (in[0] == '+' && in[1] == ' ')
in += 2;
if (*in == '\r')
return(0);
do {
digit1 = in[0];
if (DECODE64(digit1) == BAD)
return(-1);
digit2 = in[1];
if (DECODE64(digit2) == BAD)
return(-1);
digit3 = in[2];
if (digit3 != '=' && DECODE64(digit3) == BAD)
return(-1);
digit4 = in[3];
if (digit4 != '=' && DECODE64(digit4) == BAD)
return(-1);
in += 4;
*out++ = (DECODE64(digit1) << 2) | (DECODE64(digit2) >> 4);
++len;
if (digit3 != '=')
{
*out++ = ((DECODE64(digit2) << 4) & 0xf0) | (DECODE64(digit3) >> 2);
++len;
if (digit4 != '=')
{
*out++ = ((DECODE64(digit3) << 6) & 0xc0) | DECODE64(digit4);
++len;
}
}
} while
(*in && *in != '\r' && digit4 != '=' && (maxlen-=4) >= 4);
return (len);
}
unsigned char hex[] = "0123456789ABCDEF";
void tohex(unsigned char *in, unsigned char *out, int len){
int i;
for (i=0; i<len; i++) {
out[(i<<1)] = hex[(in[i]>>4)];
out[(i<<1) + 1] = hex[(in[i]&0x0F)];
}
out[(i<<1)] = 0;
}
void fromhex(unsigned char *in, unsigned char *out, int len){
char *c1, *c2;
for (; len > 0; len--) {
c1 = strchr((char *)hex, *in++);
c2 = strchr((char *)hex, *in++);
if(c1 && c2){
*out++ = ((unsigned char)((unsigned char *)c1 - hex) << 4) + (unsigned char)((unsigned char *)c2 - hex);
}
}
}

721
src/common.c Normal file
View File

@ -0,0 +1,721 @@
/*
3APA3A simpliest proxy server
(c) 2002-2008 by ZARAZA <3APA3A@security.nnov.ru>
please read License Agreement
$Id: common.c,v 1.94 2014-04-07 21:24:45 vlad Exp $
*/
#include "proxy.h"
char * copyright = COPYRIGHT;
int randomizer = 1;
#ifndef _WIN32
pthread_attr_t pa;
#endif
unsigned char **stringtable = NULL;
int myinet_ntoa(struct in_addr in, char * buf){
unsigned u = ntohl(in.s_addr);
return sprintf(buf, "%u.%u.%u.%u",
((u&0xFF000000)>>24),
((u&0x00FF0000)>>16),
((u&0x0000FF00)>>8),
((u&0x000000FF)));
}
char *rotations[] = {
"",
"/min",
"/hour",
"/day",
"/week",
"/month",
"/year",
"",
};
struct extparam conf = {
{1, 5, 30, 60, 180, 1800, 15, 60, 0, 0},
NULL,
NULL,
NULL, NULL,
NULL,
NULL,
0, -1, 0, 0, 0, 0, 0, 500, 0, 0, 0,
6, 600,
1048576,
NULL, NULL,
NONE, NONE,
NULL,
INADDR_ANY, INADDR_ANY,
0, 0,
NULL,
NULL,
doconnect,
lognone,
NULL,
NULL,
NULL, NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
(time_t)0, (time_t)0,
0,0,
'@'
};
int myrand(void * entropy, int len){
int i;
unsigned short init;
init = randomizer;
for(i=0; i < len/2; i++){
init ^= ((unsigned short *)entropy)[i];
}
srand(init);
randomizer = rand();
return rand();
}
#ifndef WITH_POLL
int
#ifdef _WIN32
WINAPI
#endif
mypoll(struct mypollfd *fds, unsigned int nfds, int timeout){
fd_set readfd;
fd_set writefd;
fd_set oobfd;
struct timeval tv;
unsigned i;
int num;
SOCKET maxfd = 0;
tv.tv_sec = timeout/1000;
tv.tv_usec = (timeout%1000)*1000;
FD_ZERO(&readfd);
FD_ZERO(&writefd);
FD_ZERO(&oobfd);
for(i=0; i<nfds; i++){
if((fds[i].events&POLLIN))FD_SET(fds[i].fd, &readfd);
if((fds[i].events&POLLOUT))FD_SET(fds[i].fd, &writefd);
if((fds[i].events&POLLPRI))FD_SET(fds[i].fd, &oobfd);
fds[i].revents = 0;
if(fds[i].fd > maxfd) maxfd = fds[i].fd;
}
if((num = select(((int)(maxfd))+1, &readfd, &writefd, &oobfd, &tv)) < 1) return num;
for(i=0; i<nfds; i++){
if(FD_ISSET(fds[i].fd, &readfd)) fds[i].revents |= POLLIN;
if(FD_ISSET(fds[i].fd, &writefd)) fds[i].revents |= POLLOUT;
if(FD_ISSET(fds[i].fd, &oobfd)) fds[i].revents |= POLLPRI;
}
return num;
}
#endif
struct sockfuncs so = {
socket,
accept,
bind,
listen,
connect,
getpeername,
getsockname,
getsockopt,
setsockopt,
#ifdef WITH_POLL
poll,
#else
mypoll,
#endif
send,
sendto,
recv,
recvfrom,
shutdown,
#ifdef _WIN32
closesocket
#else
close
#endif
};
#ifdef _WINCE
static char cebuf[1024];
static char ceargbuf[256];
char * ceargv[32];
char * CEToUnicode (const char *str){
int i;
for(i=0; i<510 && str[i]; i++){
cebuf[(i*2)] = str[i];
cebuf[(i*2)+1] = 0;
}
cebuf[(i*2)] = 0;
cebuf[(i*2)+1] = 0;
return cebuf;
};
int cesystem(const char *str){
STARTUPINFO startupInfo = {0};
startupInfo.cb = sizeof(startupInfo);
PROCESS_INFORMATION processInformation;
return CreateProcessW((LPWSTR)CEToUnicode(str), NULL, NULL, NULL, FALSE, NORMAL_PRIORITY_CLASS, NULL, NULL, &startupInfo, &processInformation);
}
int ceparseargs(const char *str){
int argc = 0, i;
int space = 1;
for(i=0; i<250 && argc<30 && str[2*i]; i++){
ceargbuf[i] = str[2*i];
if(space && ceargbuf[i]!=' '&& ceargbuf[i]!='\t'&& ceargbuf[i]!='\r'&& ceargbuf[i]!='\n'){
ceargv[argc++] = ceargbuf + i;
space = 0;
}
else if(!space && (ceargbuf[i]==' ' || ceargbuf[i]=='\t' || ceargbuf[i]=='\r' || ceargbuf[i]=='\n')){
ceargbuf[i] = 0;
space = 1;
}
}
return argc;
}
#endif
int parsehostname(char *hostname, struct clientparam *param, unsigned short port){
char *sp;
if(!hostname || !*hostname)return 1;
if ( (sp = strchr(hostname, ':')) ) *sp = 0;
if(hostname != param->hostname){
if(param->hostname) myfree(param->hostname);
param->hostname = (unsigned char *)mystrdup(hostname);
}
if(sp){
port = atoi(sp+1);
*sp = ':';
}
param->req.sin_port=htons(port);
param->req.sin_addr.s_addr = getip(param->hostname);
param->sins.sin_addr.s_addr = 0;
param->sins.sin_port = 0;
return 0;
}
int parseusername(char *username, struct clientparam *param, int extpasswd){
char *sb = NULL, *se = NULL, *sp = NULL;
if(!username || !*username) return 1;
if(!param->srv->nouser && (sb = strchr(username, ':')) && (se = strchr(sb + 1, ':')) && (!extpasswd || (sp = strchr(se + 1, ':')))){
*sb = 0;
*se = 0;
if(sp) *sp = 0;
if(*(sb+1)) {
if(param->password) myfree(param->password);
param->password = (unsigned char *)mystrdup(sb+1);
}
if(*username) {
if(param->username) myfree(param->username);
param->username = (unsigned char *)mystrdup(username);
}
username = se+1;
}
if(extpasswd){
if(!sp) sp = strchr(username, ':');
if(sp){
*sp = 0;
if(param->extpassword) myfree(param->extpassword);
param->extpassword = (unsigned char *) mystrdup(sp+1);
}
}
if(param->extusername) myfree(param->extusername);
param->extusername = (unsigned char *)mystrdup(username);
if(sb) *sb = ':';
if(se) *se = ':';
if(sp) *sp = ':';
return 0;
}
int parseconnusername(char *username, struct clientparam *param, int extpasswd, unsigned short port){
char *sb, *se;
if(!username || !*username) return 1;
if ((sb=strchr(username, conf.delimchar)) == NULL){
if(!param->hostname && param->remsock == INVALID_SOCKET) return 2;
return parseusername(username, param, extpasswd);
}
while ((se=strchr(sb+1, conf.delimchar)))sb=se;
*(sb) = 0;
if(parseusername(username, param, extpasswd)) return 3;
*(sb) = conf.delimchar;
if(parsehostname(sb+1, param, port)) return 4;
return 0;
}
void clearstat(struct clientparam * param) {
#ifdef _WIN32
struct timeb tb;
ftime(&tb);
param->time_start = (time_t)tb.time;
param->msec_start = (unsigned)tb.millitm;
#else
struct timeval tv;
struct timezone tz;
gettimeofday(&tv, &tz);
param->time_start = (time_t)tv.tv_sec;
param->msec_start = (tv.tv_usec / 1000);
#endif
param->statscli = param->statssrv = param->nreads = param->nwrites =
param->nconnects = 0;
}
char months[12][4] = {
"Jan", "Feb", "Mar", "Apr", "May", "Jun",
"Jul", "Aug", "Sep", "Oct", "Nov", "Dec"
};
int dobuf2(struct clientparam * param, unsigned char * buf, const unsigned char *s, const unsigned char * doublec, struct tm* tm, char * format){
int i, j;
int len;
time_t sec;
unsigned msec;
long timezone;
unsigned delay;
struct in_addr tmpia;
#ifdef _WIN32
struct timeb tb;
ftime(&tb);
sec = (time_t)tb.time;
msec = (unsigned)tb.millitm;
timezone = tm->tm_isdst*60 - tb.timezone;
#else
struct timeval tv;
struct timezone tz;
gettimeofday(&tv, &tz);
sec = (time_t)tv.tv_sec;
msec = tv.tv_usec / 1000;
#ifdef _SOLARIS
timezone = -altzone / 60;
#else
timezone = tm->tm_gmtoff / 60;
#endif
#endif
delay = param->time_start?((unsigned) ((sec - param->time_start))*1000 + msec) - param->msec_start : 0;
*buf = 0;
for(i=0, j=0; format[j] && i < 4040; j++){
if(format[j] == '%' && format[j+1]){
j++;
switch(format[j]){
case '%':
buf[i++] = '%';
break;
case 'y':
sprintf((char *)buf+i, "%.2d", tm->tm_year%100);
i+=2;
break;
case 'Y':
sprintf((char *)buf+i, "%.4d", tm->tm_year+1900);
i+=4;
break;
case 'm':
sprintf((char *)buf+i, "%.2d", tm->tm_mon+1);
i+=2;
break;
case 'o':
sprintf((char *)buf+i, "%s", months[tm->tm_mon]);
i+=3;
break;
case 'd':
sprintf((char *)buf+i, "%.2d", tm->tm_mday);
i+=2;
break;
case 'H':
sprintf((char *)buf+i, "%.2d", tm->tm_hour);
i+=2;
break;
case 'M':
sprintf((char *)buf+i, "%.2d", tm->tm_min);
i+=2;
break;
case 'S':
sprintf((char *)buf+i, "%.2d", tm->tm_sec);
i+=2;
break;
case 't':
sprintf((char *)buf+i, "%.10u", (unsigned)sec);
i+=10;
break;
case 'b':
i+=sprintf((char *)buf+i, "%u", delay?(unsigned)(param->statscli * 1000./delay):0);
break;
case 'B':
i+=sprintf((char *)buf+i, "%u", delay?(unsigned)(param->statssrv * 1000./delay):0);
break;
case 'D':
i+=sprintf((char *)buf+i, "%u", delay);
break;
case '.':
sprintf((char *)buf+i, "%.3u", msec);
i+=3;
break;
case 'z':
sprintf((char *)buf+i, "%+.2ld%.2u", timezone / 60, (unsigned)(timezone%60));
i+=5;
break;
case 'U':
if(param->username && *param->username){
for(len = 0; i< 4000 && param->username[len]; len++){
buf[i] = param->username[len];
if(param->srv->nonprintable && (buf[i] < 0x20 || strchr((char *)param->srv->nonprintable, buf[i]))) buf[i] = param->srv->replace;
if(doublec && strchr((char *)doublec, buf[i])) {
buf[i+1] = buf[i];
i++;
}
i++;
}
}
else {
buf[i++] = '-';
}
break;
case 'n':
len = param->hostname? (int)strlen((char *)param->hostname) : 0;
if (len > 0) for(len = 0; param->hostname[len] && i < 4000; len++, i++){
buf[i] = param->hostname[len];
if(param->srv->nonprintable && (buf[i] < 0x20 || strchr((char *)param->srv->nonprintable, buf[i]))) buf[i] = param->srv->replace;
if(doublec && strchr((char *)doublec, buf[i])) {
buf[i+1] = buf[i];
i++;
}
}
else i += myinet_ntoa(param->sins.sin_addr, (char *)buf + i);
break;
case 'N':
if(param->service >=0 && param->service < 15) {
len = (conf.stringtable)? (int)strlen((char *)conf.stringtable[SERVICES + param->service]) : 0;
if(len > 20) len = 20;
memcpy(buf+i, (len)?conf.stringtable[SERVICES + param->service]:(unsigned char*)"-", (len)?len:1);
i += (len)?len:1;
}
break;
case 'E':
sprintf((char *)buf+i, "%.05d", param->res);
i += 5;
break;
case 'T':
if(s){
for(len = 0; i<4000 && s[len]; len++){
buf[i] = s[len];
if(param->srv->nonprintable && (buf[i] < 0x20 || strchr((char *)param->srv->nonprintable, buf[i]))) buf[i] = param->srv->replace;
if(doublec && strchr((char *)doublec, buf[i])) {
buf[i+1] = buf[i];
i++;
}
i++;
}
}
break;
case 'e':
tmpia.s_addr = param->extip;
i += myinet_ntoa(tmpia, (char *)buf + i);
break;
case 'C':
i += myinet_ntoa(param->sinc.sin_addr, (char *)buf + i);
break;
case 'R':
i += myinet_ntoa(param->sins.sin_addr, (char *)buf + i);
break;
case 'Q':
i += myinet_ntoa(param->req.sin_addr, (char *)buf + i);
break;
case 'p':
sprintf((char *)buf+i, "%hu", ntohs(param->srv->intport));
i += (int)strlen((char *)buf+i);
break;
case 'c':
sprintf((char *)buf+i, "%hu", ntohs(param->sinc.sin_port));
i += (int)strlen((char *)buf+i);
break;
case 'r':
sprintf((char *)buf+i, "%hu", ntohs(param->sins.sin_port));
i += (int)strlen((char *)buf+i);
break;
case 'q':
sprintf((char *)buf+i, "%hu", ntohs(param->req.sin_port));
i += (int)strlen((char *)buf+i);
break;
case 'I':
sprintf((char *)buf+i, "%lu", param->statssrv);
i += (int)strlen((char *)buf+i);
break;
case 'O':
sprintf((char *)buf+i, "%lu", param->statscli);
i += (int)strlen((char *)buf+i);
break;
case 'h':
sprintf((char *)buf+i, "%d", param->redirected);
i += (int)strlen((char *)buf+i);
break;
case '1':
case '2':
case '3':
case '4':
case '5':
case '6':
case '7':
case '8':
case '9':
{
int k, pmin=0, pmax=0;
for (k = j; isnumber(format[k]); k++);
if(format[k] == '-' && isnumber(format[k+1])){
pmin = atoi(format + j) - 1;
k++;
pmax = atoi(format + k) -1;
for (; isnumber(format[k]); k++);
j = k;
}
if(!s || format[k]!='T') break;
for(k = 0, len = 0; s[len] && i < 4000; len++){
if(isspace(s[len])){
k++;
while(isspace(s[len+1]))len++;
if(k == pmin) continue;
}
if(k>=pmin && k<=pmax) {
buf[i] = s[len];
if(param->srv->nonprintable && (buf[i] < 0x20 || strchr((char *)param->srv->nonprintable, buf[i]))) buf[i] = param->srv->replace;
if(doublec && strchr((char *)doublec, buf[i])) {
buf[i+1] = buf[i];
i++;
}
i++;
}
}
break;
}
default:
buf[i++] = format[j];
}
}
else buf[i++] = format[j];
}
buf[i] = 0;
return i;
}
int dobuf(struct clientparam * param, unsigned char * buf, const unsigned char *s, const unsigned char * doublec){
struct tm* tm;
int i;
char * format;
time_t t;
time(&t);
if(!param) return 0;
if(param->trafcountfunc)(*param->trafcountfunc)(param);
format = (char *)param->srv->logformat;
if(!format) format = "G%y%m%d%H%M%S.%. %p %E %U %C:%c %R:%r %O %I %h %T";
tm = (*format == 'G' || *format == 'g')?
gmtime(&t) : localtime(&t);
i = dobuf2(param, buf, s, doublec, tm, format + 1);
clearstat(param);
return i;
}
void lognone(struct clientparam * param, const unsigned char *s) {
if(param->trafcountfunc)(*param->trafcountfunc)(param);
clearstat(param);
}
void logstdout(struct clientparam * param, const unsigned char *s) {
unsigned char buf[4096];
FILE *log;
log = param->srv->stdlog?param->srv->stdlog:conf.stdlog?conf.stdlog:stdout;
dobuf(param, buf, s, NULL);
if(!param->nolog)if(fprintf(log, "%s\n", buf) < 0) {
perror("printf()");
};
if(log != conf.stdlog)fflush(log);
}
#ifndef _WIN32
void logsyslog(struct clientparam * param, const unsigned char *s) {
unsigned char buf[4096];
dobuf(param, buf, s, NULL);
if(!param->nolog)syslog(LOG_INFO, "%s", buf);
}
#endif
int doconnect(struct clientparam * param){
SASIZETYPE size = sizeof(param->sins);
struct sockaddr_in bindsa;
if (param->operation == ADMIN || param->operation == DNSRESOLVE || param->operation == BIND || param->operation == UDPASSOC)
return 0;
if (param->remsock != INVALID_SOCKET){
if(so._getpeername(param->remsock, (struct sockaddr *)&param->sins, &size)==-1) {return (15);}
}
else {
struct linger lg;
if(!param->sins.sin_addr.s_addr)
if(!(param->sins.sin_addr.s_addr = param->req.sin_addr.s_addr)) return 100;
if(!param->sins.sin_port)param->sins.sin_port = param->req.sin_port;
if ((param->remsock=so._socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) == INVALID_SOCKET) {return (11);}
so._setsockopt(param->remsock, SOL_SOCKET, SO_LINGER, (unsigned char *)&lg, sizeof(lg));
memset(&bindsa, 0, sizeof(bindsa));
bindsa.sin_family = AF_INET;
bindsa.sin_port = param->extport;
bindsa.sin_addr.s_addr = param->extip;
if (param->srv->targetport && !bindsa.sin_port && ntohs(param->sinc.sin_port) > 1023) bindsa.sin_port = param->sinc.sin_port;
if(so._bind(param->remsock, (struct sockaddr*)&bindsa, sizeof(bindsa))==-1) {
memset(&bindsa, 0, sizeof(bindsa));
bindsa.sin_family = AF_INET;
bindsa.sin_addr.s_addr = param->extip;
bindsa.sin_port = 0;
if(so._bind(param->remsock, (struct sockaddr*)&bindsa, sizeof(bindsa))==-1) {
return 12;
}
}
param->sins.sin_family = AF_INET;
if(param->operation >= 256 || (param->operation & CONNECT)){
#ifdef _WIN32
unsigned long ul = 1;
#endif
if(so._connect(param->remsock,(struct sockaddr *)&param->sins,sizeof(param->sins))) {return (13);}
param->nconnects++;
#ifdef _WIN32
ioctlsocket(param->remsock, FIONBIO, &ul);
#else
fcntl(param->remsock,F_SETFL,O_NONBLOCK);
#endif
if(so._getsockname(param->remsock, (struct sockaddr *)&bindsa, &size)==-1) {return (15);}
param->extip = bindsa.sin_addr.s_addr;
}
else {
if(so._getsockname(param->remsock, (struct sockaddr *)&param->sins, &size)==-1) {return (15);}
}
}
return 0;
}
int scanaddr(const unsigned char *s, unsigned long * ip, unsigned long * mask) {
unsigned d1, d2, d3, d4, m;
int res;
if ((res = sscanf((char *)s, "%u.%u.%u.%u/%u", &d1, &d2, &d3, &d4, &m)) < 4) return 0;
if(mask && res == 4) *mask = 0xFFFFFFFF;
else if (mask) *mask = htonl(0xFFFFFFFF << (32 - m));
*ip = htonl ((d1<<24) ^ (d2<<16) ^ (d3<<8) ^ d4);
return res;
}
RESOLVFUNC resolvfunc = NULL;
#ifndef _WIN32
pthread_mutex_t gethostbyname_mutex;
int ghbn_init = 0;
#endif
#ifdef GETHOSTBYNAME_R
struct hostent * my_gethostbyname(char *name, char *buf, struct hostent *hp){
struct hostent *result;
int gherrno;
#ifdef _SOLARIS
return gethostbyname_r(name, hp, buf, 1024, &gherrno);
#else
if(gethostbyname_r(name, hp, buf, 1024, &result, &gherrno) != 0)
return NULL;
return result;
#endif
}
#endif
unsigned long getip(unsigned char *name){
unsigned long retval;
int i;
int ndots = 0;
struct hostent *hp=NULL;
#ifdef GETHOSTBYNAME_R
struct hostent he;
char ghbuf[1024];
#define gethostbyname(NAME) my_gethostbyname(NAME, ghbuf, &he)
#endif
if(strlen((char *)name)>255)name[255] = 0;
for(i=0; name[i]; i++){
if(name[i] == '.'){
if(++ndots > 3) break;
continue;
}
if(name[i] <'0' || name[i] >'9') break;
}
if(!name[i] && ndots == 3){
unsigned long ip;
if(scanaddr(name, &ip, NULL) == 4){
return ip;
}
}
if(resolvfunc){
if((retval = (*resolvfunc)(name))) return retval;
if(conf.demanddialprog) system(conf.demanddialprog);
return (*resolvfunc)(name);
}
#if !defined(_WIN32) && !defined(GETHOSTBYNAME_R)
if(!ghbn_init){
pthread_mutex_init(&gethostbyname_mutex, NULL);
ghbn_init++;
}
pthread_mutex_lock(&gethostbyname_mutex);
#endif
hp=gethostbyname((char *)name);
if (!hp && conf.demanddialprog) {
system(conf.demanddialprog);
hp=gethostbyname((char *)name);
}
retval = hp?*(unsigned long *)hp->h_addr:0;
#if !defined(_WIN32) && !defined(GETHOSTBYNAME_R)
pthread_mutex_unlock(&gethostbyname_mutex);
#endif
#ifdef GETHOSTBYNAME_R
#undef gethostbyname
#endif
return retval;
}

145
src/countersutil.c Normal file
View File

@ -0,0 +1,145 @@
/*
3APA3A simpliest proxy server
(c) 2002-2008 by ZARAZA <3APA3A@security.nnov.ru>
please read License Agreement
$Id: common.c,v 1.81 2007/12/18 09:26:44 vlad Exp $
*/
#include "proxy.h"
struct counter_header {
unsigned char sig[4];
time_t updated;
} cheader = {"3CF", (time_t)0};
struct counter_record {
unsigned long traf;
unsigned long trafgb;
time_t cleared;
time_t updated;
} crecord;
#ifdef _WIN32
struct counter_header_old {
unsigned char sig[4];
DWORD updated;
} cheader_old = {"3CF", (time_t)0};
struct counter_record_old {
unsigned long traf;
unsigned long trafgb;
DWORD cleared;
DWORD updated;
} crecord_old;
#endif
int main(int argc, char *argv[]){
FILE *txt;
int bin;
int i;
long unsigned lu1, lu2;
char buf[256];
if(argc!=4){
fprintf(stderr, "Usage: %s command binary_file text_file\n"
" commands are:\n"
"\texport - dump counterfile to text\n"
#ifdef _WIN32
"\toldexport - export counterfile from older 3proxy version\n"
#endif
"\timport- import counterfile from text\n"
"Examples:\n"
#ifdef _WIN32
" %s oldexport counterfile.3cf tmpfile\n"
#else
" %s export counterfilenew.3cf tmpfile\n"
#endif
" %s import counterfilenew.3cf tmpfile\n"
"text file record format:\n"
"%%d %%10lu %%10lu %%lu %%lu\n"
" 1 - counter number\n"
" 2 - traffic (Bytes)\n"
" 3 - traffic (GB)\n"
" 4 - time counter reset (time_t)\n"
" 5 - time counter updated (time_t)\n"
,argv[0] , argv[0], argv[0]);
return 1;
}
if(!strcmp(argv[1], "export")){
bin = open((char *)argv[2], O_BINARY|O_RDONLY, 0660);
if(bin < 0){
fprintf(stderr, "Failed to open %s\n", argv[2]);
return 2;
}
if(read(bin, &cheader, sizeof(cheader)) != sizeof(cheader) ||
memcmp(&cheader, "3CF", 4)){
fprintf(stderr, "Invalid counter file\n");
return 3;
}
txt = fopen(argv[3], "w");
if(!txt) txt = stdout;
for(i=1; read(bin, &crecord, sizeof(crecord))==sizeof(crecord); i++)
fprintf(txt,"%d %10lu %10lu %lu %lu\n", i,
crecord.trafgb,
crecord.traf,
(unsigned long) crecord.cleared,
(unsigned long) crecord.updated);
}
#ifdef _WIN32
else if(!strcmp(argv[1], "oldexport")){
bin = open((char *)argv[2], O_BINARY|O_RDONLY, 0660);
if(bin < 0){
fprintf(stderr, "Failed to open %s\n", argv[2]);
return 2;
}
if(read(bin, &cheader_old, sizeof(cheader_old)) != sizeof(cheader_old) ||
memcmp(&cheader, "3CF", 4)){
fprintf(stderr, "Invalid counter file\n");
return 3;
}
txt = fopen(argv[3], "w");
if(!txt) txt = stdout;
for(i=1; read(bin, &crecord_old, sizeof(crecord_old))==sizeof(crecord_old); i++)
fprintf(txt, "%d %10lu %10lu %lu %lu\n", i,
crecord_old.trafgb,
crecord_old.traf,
(unsigned long) crecord_old.cleared,
(unsigned long) crecord_old.updated);
}
#endif
else if(!strcmp(argv[1], "import")){
bin = open((char *)argv[2], O_BINARY|O_WRONLY|O_CREAT|O_EXCL, 0660);
if(bin < 0){
fprintf(stderr, "Failed to open %s\n", argv[2]);
return 2;
}
txt = fopen(argv[3], "r");
if(!txt) {
fprintf(stderr, "Failed to open %s\n", argv[3]);
return 3;
}
cheader.updated = time(0);
write(bin, &cheader, sizeof(cheader));
while(fgets(buf, 256, txt) &&
sscanf(buf, "%d %10lu %10lu %lu %lu\n",
&i, &crecord.trafgb, &crecord.traf,
&lu1, &lu2) == 5){
crecord.cleared = (time_t) lu1;
crecord.updated = (time_t) lu1;
lseek(bin,
sizeof(struct counter_header) + (i-1) * sizeof(crecord),
SEEK_SET);
write(bin, &crecord, sizeof(crecord));
}
}
else {
fprintf(stderr, "Unknown command: %s\n", argv[1]);
return 5;
}
return 0;
}

834
src/datatypes.c Normal file
View File

@ -0,0 +1,834 @@
/*
* Copyright (c) 2000-2008 3APA3A
*
* please read License Agreement
*
* $Id: datatypes.c,v 1.28 2009/08/14 09:56:21 v.dubrovin Exp $
*/
#include "proxy.h"
static void pr_integer(struct node *node, CBFUNC cbf, void*cb){
char buf[16];
if(node->value)(*cbf)(cb, buf, sprintf(buf, "%d", *(int *)node->value));
}
static void pr_short(struct node *node, CBFUNC cbf, void*cb){
char buf[8];
if(node->value)(*cbf)(cb, buf, sprintf(buf, "%hu", *(unsigned short*)node->value));
}
static void pr_char(struct node *node, CBFUNC cbf, void*cb){
if(node->value)(*cbf)(cb, (char *)node->value, 1);
}
static void pr_unsigned(struct node *node, CBFUNC cbf, void*cb){
char buf[16];
if(node->value)(*cbf)(cb, buf, sprintf(buf, "%u", *(unsigned *)node->value));
}
static void pr_traffic(struct node *node, CBFUNC cbf, void*cb){
char buf[16];
unsigned long u1, u2;
if(node->value){
u1 = ((unsigned long *)node->value)[0];
u2 = ((unsigned long *)node->value)[0];
(*cbf)(cb, buf, sprintf(buf, "%lu", (u1>>20) + (u2<<10)));
}
}
static void pr_port(struct node *node, CBFUNC cbf, void*cb){
char buf[8];
if(node->value)(*cbf)(cb, buf, sprintf(buf, "%hu", ntohs(*(unsigned short*)node->value)));
}
static void pr_datetime(struct node *node, CBFUNC cbf, void*cb){
char *s;
if(node->value){
s = ctime((time_t *)node->value);
(*cbf)(cb, s, (int)strlen(s)-1);
}
}
int ipprint(char *buf, unsigned uu){
unsigned u = ntohl(uu);
return sprintf(buf, "%u.%u.%u.%u",
((u&0xFF000000)>>24),
((u&0x00FF0000)>>16),
((u&0x0000FF00)>>8),
((u&0x000000FF)));
}
static void pr_ip(struct node *node, CBFUNC cbf, void*cb){
char buf[16];
if(node->value)(*cbf)(cb, buf, ipprint(buf, *(unsigned *)node -> value));
}
static void pr_wdays(struct node *node, CBFUNC cbf, void*cb){
char buf[16];
int i, found = 0;
if(node -> value)for(i = 0; i<8; i++){
if( (1<<i) & *(int *)node -> value ) {
sprintf(buf, "%s%d", found?",":"", i);
(*cbf)(cb, buf, found? 2:1);
found = 1;
}
}
}
static void pr_time(struct node *node, CBFUNC cbf, void*cb){
char buf[16];
int t = *(int *)node;
(*cbf)(cb, buf, sprintf(buf, "%02d:%02d:%02d", (t/3600)%24, (t/60)%60, t%60));
}
int cidrprint(char *buf, unsigned long u){
unsigned long u1 = 0xffffffff;
int i;
u = ntohl(u);
for(i = 32; i && (u1!=u); i--){
u1 = (u1 << 1);
}
if (i == 32) {
return 0;
}
return sprintf(buf, "/%d", i);
}
static void pr_cidr(struct node *node, CBFUNC cbf, void*cb){
char buf[4];
int i;
if(node->value){
if ((i = cidrprint(buf, *(unsigned *)node -> value)))
(*cbf)(cb, buf, i);
else (*cbf)(cb, "/32", 3);
}
}
static void pr_string(struct node *node, CBFUNC cbf, void*cb){
if(node->value){
(*cbf)(cb, (char*)node->value, (int)strlen((char*)node->value));
}
else (*cbf)(cb, "(NULL)", 6);
}
static void pr_rotation(struct node *node, CBFUNC cbf, void*cb){
char * lstrings[] = {
"N", "C", "H", "D", "W", "M", "Y", "N"
};
int i;
if(node->value && (i = *(int*)node->value) > 1 && i < 6){
(*cbf)(cb, lstrings[i], 1);
}
}
static void pr_operations(struct node *node, CBFUNC cbf, void*cb){
char buf[64];
int operation;
int delim = 0;
*buf = 0;
if(!node->value || !(operation = *(int*)node->value)){
(*cbf)(cb, "*", 1);
return;
}
if(operation & HTTP){
if((operation & HTTP) == HTTP)
(*cbf)(cb, buf, sprintf(buf, "HTTP"));
else
(*cbf)(cb, buf, sprintf(buf, "%s%s%s%s%s%s%s%s%s",
(operation & HTTP_GET)? "HTTP_GET" : "",
((operation & HTTP_GET) && (operation & (HTTP_PUT|HTTP_POST|HTTP_HEAD|HTTP_OTHER)))? "," : "",
(operation & HTTP_PUT)? "HTTP_PUT" : "",
((operation & HTTP_PUT) && (operation & (HTTP_POST|HTTP_HEAD|HTTP_OTHER)))? "," : "",
(operation & HTTP_POST)? "HTTP_POST" : "",
((operation & HTTP_POST) && (operation & (HTTP_HEAD|HTTP_OTHER)))? "," : "",
(operation & HTTP_HEAD)? "HTTP_HEAD" : "",
((operation & HTTP_HEAD) && (operation & HTTP_OTHER))? "," : "",
(operation & HTTP_OTHER)? "HTTP_OTHER" : ""));
delim = 1;
}
if(operation & HTTP_CONNECT){
(*cbf)(cb, buf, sprintf(buf, "%s%s", delim?",":"", "HTTP_CONNECT"));
delim = 1;
}
if(operation & FTP) {
if((operation & FTP) == FTP)
(*cbf)(cb, buf, sprintf(buf, "%s%s", delim?",":"", "FTP"));
else
(*cbf)(cb, buf, sprintf(buf, "%s%s%s%s%s%s",
delim? ",":"",
(operation & FTP_GET)? "FTP_GET" : "",
((operation & FTP_GET) && (operation & (FTP_PUT|FTP_LIST)))? ",":"",
(operation & FTP_PUT)? "FTP_PUT" : "",
((operation & FTP_PUT) && (operation & FTP_LIST))? ",":"",
(operation & FTP_LIST)? "FTP_LIST" : ""));
delim = 1;
}
if(operation & CONNECT){
(*cbf)(cb, buf, sprintf(buf, "%s%s", delim?",":"", "CONNECT"));
delim = 1;
}
if(operation & BIND){
(*cbf)(cb, buf, sprintf(buf, "%s%s", delim?",":"", "BIND"));
delim = 1;
}
if(operation & UDPASSOC){
(*cbf)(cb, buf, sprintf(buf, "%s%s", delim?",":"", "UDPASSOC"));
delim = 1;
}
if(operation & ICMPASSOC){
(*cbf)(cb, buf, sprintf(buf, "%s%s", delim?",":"", "ICMPASSOC"));
delim = 1;
}
if(operation & DNSRESOLVE){
(*cbf)(cb, buf, sprintf(buf, "%s%s", delim?",":"", "DNSRESOLVE"));
delim = 1;
}
if(operation & ADMIN){
(*cbf)(cb, buf, sprintf(buf, "%s%s", delim?",":"", "ADMIN"));
}
}
static void pr_portlist(struct node *node, CBFUNC cbf, void*cb){
struct portlist *pl= (struct portlist *)node->value;
char buf[16];
if(!pl) {
(*cbf)(cb, "*", 1);
return;
}
for(; pl; pl = pl->next) {
if(pl->startport == pl->endport)
(*cbf)(cb, buf, sprintf(buf, "%hu", pl->startport));
else
(*cbf)(cb, buf, sprintf(buf, "%hu-%hu", pl->startport, pl->endport));
if(pl->next)(*cbf)(cb, ",", 1);
}
}
static void pr_userlist(struct node *node, CBFUNC cbf, void*cb){
struct userlist *ul= (struct userlist *)node->value;
if(!ul) {
(*cbf)(cb, "*", 1);
return;
}
for(; ul; ul = ul->next){
(*cbf)(cb, (char *)ul->user, (int)strlen((char *)ul->user));
if(ul->next)(*cbf)(cb, ",", 1);
}
}
static void pr_iplist(struct node *node, CBFUNC cbf, void*cb){
char buf[20];
int i;
struct iplist *il = (struct iplist *)node->value;
if(!il) {
(*cbf)(cb, "*", 1);
return;
}
for(; il; il = il->next){
i = ipprint(buf, il->ip);
i += cidrprint(buf+i, il->mask);
if(il->next)buf[i++] = ',';
(*cbf)(cb, buf, i);
}
}
static void * ef_portlist_next(struct node *node){
return (((struct portlist *)node->value) -> next);
}
static void * ef_portlist_start(struct node *node){
return &(((struct portlist *)node->value) -> startport);
}
static void * ef_portlist_end(struct node *node){
return &(((struct portlist *)node->value) -> endport);
}
static void * ef_iplist_next(struct node *node){
return (((struct iplist *)node->value) -> next);
}
static void * ef_iplist_ip(struct node *node){
return &(((struct iplist *)node->value) -> ip);
}
static void * ef_iplist_cidr(struct node *node){
return &(((struct iplist *)node->value) -> mask);
}
static void * ef_iplist_mask(struct node *node){
return &(((struct iplist *)node->value) -> mask);
}
static void * ef_userlist_next(struct node * node){
return (((struct userlist *)node->value) -> next);
}
static void * ef_userlist_user(struct node * node){
return (((struct userlist *)node->value) -> user);
}
static void * ef_pwlist_next(struct node * node){
return (((struct passwords *)node->value) -> next);
}
static void * ef_pwlist_user(struct node * node){
return (((struct passwords *)node->value) -> user);
}
static void * ef_pwlist_password(struct node * node){
return (((struct passwords *)node->value) -> password);
}
static void * ef_pwlist_type(struct node * node){
switch (((struct passwords *)node->value) -> pwtype) {
case SYS:
return "SYS";
case CL:
return "CL";
case CR:
return "CR";
case NT:
return "NT";
case LM:
return "LM";
default:
return "UNKNOWN";
}
}
static void * ef_chain_next(struct node * node){
return ((struct chain *)node->value) -> next;
}
static void * ef_chain_type(struct node * node){
switch (((struct chain *)node->value) -> type) {
case R_TCP:
return "tcp";
case R_CONNECT:
return "connect";
case R_SOCKS4:
return "socks4";
case R_SOCKS5:
return "socks5";
case R_HTTP:
return "http";
case R_FTP:
return "ftp";
case R_POP3:
return "pop3";
default:
return "";
}
}
static void * ef_chain_ip(struct node * node){
return &((struct chain *)node->value) -> redirip;
}
static void * ef_chain_port(struct node * node){
return &((struct chain *)node->value) -> redirport;
}
static void * ef_chain_weight(struct node * node){
return &((struct chain *)node->value) -> weight;
}
static void * ef_chain_user(struct node * node){
return ((struct chain *)node->value) -> extuser;
}
static void * ef_chain_password(struct node * node){
return ((struct chain *)node->value) -> extpass;
}
static void * ef_ace_next(struct node * node){
return ((struct ace *)node->value) -> next;
}
static void * ef_ace_type(struct node * node){
switch (((struct ace *)node->value) -> action) {
case ALLOW:
case REDIRECT:
return "allow";
case DENY:
return "deny";
case BANDLIM:
return "bandlim";
case NOBANDLIM:
return "nobandlim";
case COUNTIN:
return "countin";
case NOCOUNTIN:
return "nocountin";
case COUNTOUT:
return "countout";
case NOCOUNTOUT:
return "nocountout";
default:
return "unknown";
}
}
static void * ef_ace_operations(struct node * node){
if(!((struct ace *)node->value) -> operation) return NULL;
return &((struct ace *)node->value) -> operation;
}
static void * ef_ace_users(struct node * node){
return ((struct ace *)node->value) -> users;
}
static void * ef_ace_src(struct node * node){
return ((struct ace *)node->value) -> src;
}
static void * ef_ace_dst(struct node * node){
return ((struct ace *)node->value) -> dst;
}
static void * ef_ace_ports(struct node * node){
return ((struct ace *)node->value) -> ports;
}
static void * ef_ace_chain(struct node * node){
return ((struct ace *)node->value) -> chains;
}
static void * ef_ace_weekdays(struct node * node){
return (((struct ace *)node->value) -> wdays) ? &((struct ace *)node->value) -> wdays : NULL;
}
static void * ef_ace_period(struct node * node){
return ((struct ace *)node->value) -> periods;
}
static void * ef_bandlimit_next(struct node * node){
return ((struct bandlim *)node->value) -> next;
}
static void * ef_bandlimit_ace(struct node * node){
return ((struct bandlim *)node->value) -> ace;
}
static void * ef_bandlimit_rate(struct node * node){
return &((struct bandlim *)node->value) -> rate;
}
static void * ef_trafcounter_next(struct node * node){
return ((struct trafcount *)node->value) -> next;
}
static void * ef_trafcounter_ace(struct node * node){
return ((struct trafcount *)node->value) -> ace;
}
static void * ef_trafcounter_number(struct node * node){
return &((struct trafcount *)node->value) -> number;
}
static void * ef_trafcounter_type(struct node * node){
return &((struct trafcount *)node->value) -> type;
}
static void * ef_trafcounter_traffic(struct node * node){
return &((struct trafcount *)node->value) -> traf;
}
static void * ef_trafcounter_limit(struct node * node){
return &((struct trafcount *)node->value) -> traflim;
}
static void * ef_trafcounter_cleared(struct node * node){
return &((struct trafcount *)node->value) -> cleared;
}
static void * ef_trafcounter_updated(struct node * node){
return &((struct trafcount *)node->value) -> updated;
}
static void * ef_trafcounter_comment(struct node * node){
return ((struct trafcount *)node->value) -> comment;
}
static void * ef_trafcounter_disabled(struct node * node){
return &((struct trafcount *)node->value) -> disabled;
}
static void * ef_server_next(struct node * node){
return ((struct srvparam *)node->value) -> next;
}
static void * ef_server_type(struct node * node){
int service = ((struct srvparam *)node->value) -> service;
return (service>=0 && service < 15)? (void *)conf.stringtable[SERVICES + service] : (void *)"unknown";
}
static void * ef_server_child(struct node * node){
return ((struct srvparam *)node->value) -> child;
}
static void * ef_server_auth(struct node * node){
AUTHFUNC af = ((struct srvparam *)node->value) -> authfunc;
if(af == alwaysauth) return "none";
if(af == nbnameauth) return "nbname";
if(af == ipauth) return "iponly";
if(af == strongauth) return "strong";
return "uknown";
}
static void * ef_server_childcount(struct node * node){
return &((struct srvparam *)node->value) -> childcount;
}
static void * ef_server_log(struct node * node){
if(((struct srvparam *)node->value) -> logfunc == lognone) return "none";
else if(((struct srvparam *)node->value) -> logfunc == logstdout)
return (((struct srvparam *)node->value) -> logtarget)?"file":"stdout";
#ifndef _WIN32
else if(((struct srvparam *)node->value) -> logfunc == logsyslog) return "syslog";
#endif
#ifndef NOODBC
else if(((struct srvparam *)node->value) -> logfunc == logsql) return "odbc";
#endif
return NULL;
}
static void * ef_server_logformat(struct node * node){
return ((struct srvparam *)node->value) -> logformat;
}
static void * ef_server_nonprintable(struct node * node){
return ((struct srvparam *)node->value) -> nonprintable;
}
static void * ef_server_replacement(struct node * node){
if(((struct srvparam *)node->value) -> nonprintable)return &((struct srvparam *)node->value) -> replace;
return NULL;
}
static void * ef_server_logtarget(struct node * node){
return ((struct srvparam *)node->value) -> logtarget;
}
static void * ef_server_target(struct node * node){
return ((struct srvparam *)node->value) -> target;
}
static void * ef_server_targetport(struct node * node){
return &((struct srvparam *)node->value) -> targetport;
}
static void * ef_server_intip(struct node * node){
return &((struct srvparam *)node->value) -> intip;
}
static void * ef_server_extip(struct node * node){
return &((struct srvparam *)node->value) -> extip;
}
static void * ef_server_intport(struct node * node){
return &((struct srvparam *)node->value) -> intport;
}
static void * ef_server_extport(struct node * node){
return &((struct srvparam *)node->value) -> extport;
}
static void * ef_server_acl(struct node * node){
return ((struct srvparam *)node->value) -> acl;
}
static void * ef_server_singlepacket(struct node * node){
return &((struct srvparam *)node->value) -> singlepacket;
}
static void * ef_server_usentlm(struct node * node){
return &((struct srvparam *)node->value) -> usentlm;
}
static void * ef_server_starttime(struct node * node){
return &((struct srvparam *)node->value) -> time_start;
}
static void * ef_client_next(struct node * node){
return ((struct clientparam *)node->value) -> next;
}
static void * ef_client_maxtrafin(struct node * node){
return &((struct clientparam *)node->value) -> maxtrafin;
}
static void * ef_client_maxtrafout(struct node * node){
return &((struct clientparam *)node->value) -> maxtrafout;
}
static void * ef_client_type(struct node * node){
int service = ((struct clientparam *)node->value) -> service;
return (service>=0 && service < 15)? (void *)conf.stringtable[SERVICES + service] : (void *)"unknown";
}
static void * ef_client_operation(struct node * node){
if(!((struct clientparam *)node->value) -> operation) return NULL;
return &((struct clientparam *)node->value) -> operation;
}
static void * ef_client_redirected(struct node * node){
return &((struct clientparam *)node->value) -> redirected;
}
static void * ef_client_hostname(struct node * node){
return ((struct clientparam *)node->value) -> hostname;
}
static void * ef_client_username(struct node * node){
return ((struct clientparam *)node->value) -> username;
}
static void * ef_client_password(struct node * node){
return ((struct clientparam *)node->value) -> password;
}
static void * ef_client_extusername(struct node * node){
return ((struct clientparam *)node->value) -> extusername;
}
static void * ef_client_extpassword(struct node * node){
return ((struct clientparam *)node->value) -> extpassword;
}
static void * ef_client_cliip(struct node * node){
return &((struct clientparam *)node->value) -> sinc.sin_addr.s_addr;
}
static void * ef_client_srvip(struct node * node){
return &((struct clientparam *)node->value) -> sins.sin_addr.s_addr;
}
static void * ef_client_reqip(struct node * node){
return &((struct clientparam *)node->value) -> req.sin_addr.s_addr;
}
static void * ef_client_reqport(struct node * node){
return &((struct clientparam *)node->value) -> req.sin_port;
}
static void * ef_client_srvport(struct node * node){
return &((struct clientparam *)node->value) -> sins.sin_port;
}
static void * ef_client_cliport(struct node * node){
return &((struct clientparam *)node->value) -> sinc.sin_port;
}
static void * ef_client_bytesin(struct node * node){
return &((struct clientparam *)node->value) -> statssrv;
}
static void * ef_client_bytesout(struct node * node){
return &((struct clientparam *)node->value) -> statscli;
}
static void * ef_client_pwtype(struct node * node){
return &((struct clientparam *)node->value) -> pwtype;
}
static void * ef_client_threadid(struct node * node){
return &((struct clientparam *)node->value) -> threadid;
}
static void * ef_client_starttime(struct node * node){
return &((struct clientparam *)node->value) -> time_start;
}
static void * ef_client_starttime_msec(struct node * node){
return &((struct clientparam *)node->value) -> msec_start;
}
static void * ef_period_fromtime(struct node * node){
return &((struct period *)node->value) -> fromtime;
}
static void * ef_period_totime(struct node * node){
return &((struct period *)node->value) -> totime;
}
static void * ef_period_next(struct node * node){
return ((struct period *)node->value) -> next;
}
static struct property prop_portlist[] = {
{prop_portlist + 1, "start", ef_portlist_start, TYPE_PORT, "port range start"},
{prop_portlist + 2, "end", ef_portlist_end, TYPE_PORT, "port range end"},
{NULL, "next", ef_portlist_next, TYPE_PORTLIST, "next"}
};
static struct property prop_userlist[] = {
{prop_userlist+1, "user", ef_userlist_user, TYPE_STRING, "user name"},
{NULL, "next", ef_userlist_next, TYPE_USERLIST, "next"}
};
static struct property prop_pwlist[] = {
{prop_pwlist + 1, "user", ef_pwlist_user, TYPE_STRING, "user name"},
{prop_pwlist + 2, "password", ef_pwlist_password, TYPE_STRING, "password string"},
{prop_pwlist + 3, "type", ef_pwlist_type, TYPE_STRING, "password type"},
{NULL, "next", ef_pwlist_next, TYPE_PWLIST, "next"}
};
static struct property prop_iplist[] = {
{prop_iplist + 1, "ip", ef_iplist_ip, TYPE_IP, "ip address"},
{prop_iplist + 2, "cidr", ef_iplist_cidr, TYPE_CIDR, "ip mask length"},
{prop_iplist + 3, "mask", ef_iplist_mask, TYPE_IP, "ip mask"},
{NULL, "next", ef_iplist_next, TYPE_IPLIST, "next"}
};
static struct property prop_chain[] = {
{prop_chain + 1, "ip", ef_chain_ip, TYPE_IP, "parent ip address"},
{prop_chain + 2, "port", ef_chain_port, TYPE_PORT, "parent port"},
{prop_chain + 3, "type", ef_chain_type, TYPE_STRING, "parent type"},
{prop_chain + 4, "weight", ef_chain_weight, TYPE_SHORT, "parent weight 0-1000"},
{prop_chain + 5, "user", ef_chain_user, TYPE_STRING, "parent login"},
{prop_chain + 6, "password", ef_chain_password, TYPE_STRING, "parent password"},
{NULL, "next", ef_chain_next, TYPE_CHAIN, "next"}
};
static struct property prop_period[] = {
{prop_period + 1, "fromtime", ef_period_fromtime, TYPE_TIME, "from time" },
{prop_period + 2, "totime", ef_period_totime, TYPE_TIME, "to time" },
{NULL, "next", ef_period_next, TYPE_PERIOD, "next"}
};
static struct property prop_ace[] = {
{prop_ace + 1, "type", ef_ace_type, TYPE_STRING, "ace action"},
{prop_ace + 2, "operations", ef_ace_operations, TYPE_OPERATIONS, "request type"},
{prop_ace + 3, "users", ef_ace_users, TYPE_USERLIST, "list of users"},
{prop_ace + 4, "src", ef_ace_src, TYPE_IPLIST, "list of source ips"},
{prop_ace + 5, "dst", ef_ace_dst, TYPE_IPLIST, "list of destination ips"},
{prop_ace + 6, "ports", ef_ace_ports, TYPE_PORTLIST, "list of destination ports"},
{prop_ace + 7, "chain", ef_ace_chain, TYPE_CHAIN, "redirect to parent(s)"},
{prop_ace + 8, "wdays", ef_ace_weekdays, TYPE_WEEKDAYS, "days of week"},
{prop_ace + 9, "periods", ef_ace_period, TYPE_PERIOD, "time of the day"},
{NULL, "next", ef_ace_next, TYPE_ACE, "next"}
};
static struct property prop_bandlimit[] = {
{prop_bandlimit + 1, "ace", ef_bandlimit_ace, TYPE_ACE, "acl to apply"},
{prop_bandlimit + 2, "rate", ef_bandlimit_rate, TYPE_UNSIGNED, "max allowed bandwidth"},
{NULL, "next", ef_bandlimit_next, TYPE_BANDLIMIT, "next"}
};
static struct property prop_trafcounter[] = {
{prop_trafcounter + 1, "disabled", ef_trafcounter_disabled, TYPE_INTEGER, "counter status"},
{prop_trafcounter + 2, "ace", ef_trafcounter_ace, TYPE_ACE, "traffic to count"},
{prop_trafcounter + 3, "number", ef_trafcounter_number, TYPE_UNSIGNED, "counter number"},
{prop_trafcounter + 4, "type", ef_trafcounter_type, TYPE_ROTATION, "rotation type"},
{prop_trafcounter + 5, "traffic", ef_trafcounter_traffic, TYPE_TRAFFIC, "counter value"},
{prop_trafcounter + 6, "limit", ef_trafcounter_limit, TYPE_TRAFFIC, "counter limit"},
{prop_trafcounter + 7, "cleared", ef_trafcounter_cleared, TYPE_DATETIME, "last rotated"},
{prop_trafcounter + 8, "updated", ef_trafcounter_updated, TYPE_DATETIME, "last updated"},
{prop_trafcounter + 9, "comment", ef_trafcounter_comment, TYPE_STRING, "counter comment"},
{NULL, "next", ef_trafcounter_next, TYPE_TRAFCOUNTER}
};
/*
*/
static struct property prop_server[] = {
{prop_server + 1, "servicetype", ef_server_type, TYPE_STRING, "type of the service/client"},
{prop_server + 2, "target", ef_server_target, TYPE_STRING, "portmapper target ip"},
{prop_server + 3, "targetport", ef_server_targetport, TYPE_PORT, "portmapper target port"},
{prop_server + 4, "starttime", ef_server_starttime, TYPE_DATETIME, "service started seconds"},
{prop_server + 5, "intip", ef_server_intip, TYPE_IP, "ip address of internal interface"},
{prop_server + 6, "extip", ef_server_extip, TYPE_IP, "ip address of external interface"},
{prop_server + 7, "intport", ef_server_intport, TYPE_PORT, "port to listen"},
{prop_server + 8, "extport", ef_server_extport, TYPE_PORT, "port to use for outgoing connection"},
{prop_server + 9, "auth", ef_server_auth, TYPE_STRING, "service authentication type"},
{prop_server + 10, "acl", ef_server_acl, TYPE_ACE, "access control list"},
{prop_server + 11, "singlepacket", ef_server_singlepacket, TYPE_INTEGER, "is single packet redirection"},
{prop_server + 12, "usentlm", ef_server_usentlm, TYPE_INTEGER, "allow NTLM authentication"},
{prop_server + 13, "log", ef_server_log, TYPE_STRING, "type of logging"},
{prop_server + 14, "logtarget", ef_server_logtarget, TYPE_STRING, "log target options"},
{prop_server + 15, "logformat", ef_server_logformat, TYPE_STRING, "logging format string"},
{prop_server + 16, "nonprintable", ef_server_nonprintable, TYPE_STRING, "non printable characters"},
{prop_server + 17, "replacement", ef_server_replacement, TYPE_CHAR, "replacement character"},
{prop_server + 18, "childcount", ef_server_childcount, TYPE_INTEGER, "number of servers connected"},
{prop_server + 19, "child", ef_server_child, TYPE_CLIENT, "connected clients"},
{NULL, "next", ef_server_next, TYPE_SERVER, "next"}
};
static struct property prop_client[] = {
{prop_client + 1, "servicetype", ef_client_type, TYPE_STRING, "type of the client"},
{prop_client + 2, "threadid", ef_client_threadid, TYPE_INTEGER, "process thread id"},
{prop_client + 3, "starttime", ef_client_starttime, TYPE_DATETIME, "client started seconds"},
{prop_client + 4, "starttime_msec", ef_client_starttime_msec, TYPE_UNSIGNED, "client started milliseconds"},
{prop_client + 5, "redirected", ef_client_redirected, TYPE_INTEGER, "number of redirections"},
{prop_client + 6, "operation", ef_client_operation, TYPE_OPERATIONS, "action requested by client"},
{prop_client + 7, "hostname", ef_client_hostname, TYPE_STRING, "name of the requested host"},
{prop_client + 8, "extusername", ef_client_extusername, TYPE_STRING, "username for requested host"},
{prop_client + 9, "extpassword", ef_client_extpassword, TYPE_STRING, "password for requested host"},
{prop_client + 10, "username", ef_client_username, TYPE_STRING, "client username"},
{prop_client + 11, "password", ef_client_password, TYPE_STRING, "client password"},
{prop_client + 12, "cliip", ef_client_cliip, TYPE_IP, "client ip"},
{prop_client + 13, "cliport", ef_client_cliport, TYPE_PORT, "client port"},
{prop_client + 14, "srvip", ef_client_srvip, TYPE_IP, "target server ip"},
{prop_client + 15, "srvport", ef_client_srvport, TYPE_PORT, "target server port"},
{prop_client + 16, "reqip", ef_client_reqip, TYPE_IP, "requested server ip"},
{prop_client + 17, "reqport", ef_client_reqport, TYPE_PORT, "requested server port"},
{prop_client + 18, "bytesin", ef_client_bytesin, TYPE_UNSIGNED, "bytes from server to client"},
{prop_client + 19, "bytesout", ef_client_bytesout, TYPE_UNSIGNED, "bytes from client to server"},
{prop_client + 20, "pwtype", ef_client_pwtype, TYPE_INTEGER, "type of client password"},
{prop_client + 21, "maxtrafin", ef_client_maxtrafin, TYPE_UNSIGNED, "maximum traffic allowed for download"},
{prop_client + 22, "maxtrafout", ef_client_maxtrafout, TYPE_UNSIGNED, "maximum traffic allowed for upload"},
{NULL, "next", ef_client_next, TYPE_CLIENT, "next"}
};
struct datatype datatypes[64] = {
{"integer", NULL, pr_integer, NULL},
{"short", NULL, pr_short, NULL},
{"char", NULL, pr_char, NULL},
{"unsigned", NULL, pr_unsigned, NULL},
{"traffic", NULL, pr_traffic, NULL},
{"port", NULL, pr_port, NULL},
{"ip", NULL, pr_ip, NULL},
{"cidr", NULL, pr_cidr, NULL},
{"string", NULL, pr_string, NULL},
{"datetime", NULL, pr_datetime, NULL},
{"operations", NULL, pr_operations, NULL},
{"rotation", NULL, pr_rotation, NULL},
{"portlist", ef_portlist_next, pr_portlist, prop_portlist},
{"iplist", ef_iplist_next, pr_iplist, prop_iplist},
{"userlist", ef_userlist_next, pr_userlist, prop_userlist},
{"pwlist", ef_pwlist_next, NULL, prop_pwlist},
{"chain", ef_chain_next, NULL, prop_chain},
{"ace", ef_ace_next, NULL, prop_ace},
{"bandlimit", ef_bandlimit_next, NULL, prop_bandlimit},
{"trafcounter", ef_trafcounter_next, NULL, prop_trafcounter},
{"client", ef_client_next, NULL, prop_client},
{"weekdays", NULL, pr_wdays, NULL},
{"time", NULL, pr_time, NULL},
{"period", ef_period_next, NULL, prop_period},
{"server", ef_server_next, NULL, prop_server}
};

142
src/dighosts.c Normal file
View File

@ -0,0 +1,142 @@
/*
* Copyright (c) 2000-2008 3APA3A
*
* please read License Agreement
*
* $Id: dighosts.c,v 1.10 2009/10/06 08:38:00 v.dubrovin Exp $
*/
#include "proxy.h"
int sockgetchar(SOCKET sock, int timeosec, int timeousec){
unsigned char buf;
fd_set fds;
struct timeval tv;
tv.tv_sec = timeosec;
tv.tv_usec = timeousec;
FD_ZERO(&fds);
FD_SET(sock, &fds);
if (select (((int)sock)+1, &fds, NULL, NULL, &tv)!=1) return EOF;
if (recv(sock, &buf, 1, 0)!=1) return EOF;
return((int)buf);
}
int sockgetline(SOCKET sock, unsigned char * buf, int bufsize, int delim, int to){
int c;
int i=0, tos, tou;
if(bufsize<2) return 0;
c = sockgetchar(sock, to, 0);
if (c == EOF) {
return 0;
}
tos = to/16;
tou = ((to * 1000) / bufsize)%1000;
do {
buf[i++] = c;
if(delim != EOF && c == delim) break;
}while(i < bufsize && (c = sockgetchar(sock, tos, tou)) != EOF);
return i;
}
unsigned char request[] = "GET %.1024s HTTP/1.0\r\nHost: %.256s\r\n\r\n";
int main(int argc, char *argv[]){
unsigned char *host, *hostend;
SOCKET sock;
struct sockaddr_in sa;
FILE *fp;
unsigned char buf[16000];
int i;
unsigned x,y,z,w,cidr, x1,y1,z1,w1, mask;
int first = 1;
#ifdef _WIN32
WSADATA wd;
WSAStartup(MAKEWORD( 1, 1 ), &wd);
#endif
if(argc < 3 || argc > 4 || (argc == 4 && (argv[1][0] != '-' || argv[1][1] != 'm'))) {
fprintf(stderr, "Usage: %s [-m] <URL> <FILE>\n"
" program retrieves requested <URL> and builds comma delimited list of networks\n"
" list than stored in <FILE>\n"
" networks are searched in xxx.yyy.zzz.www/cidr format\n"
" switches:\n"
" -m networks are searched in xxx.yyy.zzz.www mmm.mmm.mmm.mmm format\n"
"\n(c)2002 by 3APA3A\n",
argv[0]);
return 1;
}
if(strncasecmp(argv[argc-2], "http://", 7)) {
fprintf(stderr, "URL must be HTTP://\n");
return 2;
}
hostend = (unsigned char *)strchr((char *)argv[argc-2] + 7, '/');
if(!hostend) {
fprintf(stderr, "Wrong URL syntaxis\n");
return 3;
}
*hostend = 0;
if(!(host = (unsigned char *)strdup((char *)argv[argc-2] + 7))) {
return 4;
}
*hostend = '/';
if(!(sa.sin_addr.s_addr = getip(host))) {
fprintf(stderr, "Unable to resolve %s\n", host);
return 5;
}
sa.sin_port = htons(80);
sa.sin_family = AF_INET;
if((sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) == INVALID_SOCKET) return 6;
sprintf((char *)buf, (char *)request, hostend, host);
if(connect(sock,(struct sockaddr *)&sa,sizeof(sa))) {
fprintf(stderr, "Unable to connect: %s\n", host);
return 8;
}
if(send(sock, buf, (int)strlen((char *)buf), 0) != (int)strlen((char *)buf)) return 9;
while( (i = sockgetline(sock, buf, sizeof(buf) - 1, '\n', 30)) > 2);
if(i<1) return 9;
if(!(fp = fopen(argv[argc-1], "w"))) {
fprintf(stderr, "Unable to open: %s\n", argv[2]);
return 7;
}
while( (i = sockgetline(sock, buf, sizeof(buf) - 1, '\n', 30)) > 0){
buf[i] = 0;
for(i = 0; buf[i]; i++){
if((buf[i]<'0' || buf[i] > '9') && buf[i] != '.' && buf[i] != '/')buf[i] = ' ';
}
if(argc == 3){
if((i=sscanf((char *)buf, "%u.%u.%u.%u/%u", &x, &y, &z, &w, &cidr)) == 5 &&
x<256 && y<256 && z<256 && w<256 &&
cidr <= 32){
if(!first)fprintf(fp, ",");
fprintf(fp, "%u.%u.%u.%u/%u", x, y, z, w, cidr);
first = 0;
}
}
else{
if((i = sscanf((char *)buf, "%u.%u.%u.%u %u.%u.%u.%u", &x, &y, &z, &w, &x1, &y1, &z1, &w1)) == 8 &&
x<256 && y<256 && z<256 && w<256 &&
x1<256 && y1<256 && z1<256 && w1<256
){
mask = (x1<<24)|(y1<<16)|(z1<<8)|w1;
for(cidr = 0; cidr <= 32; cidr++)if((((unsigned long)(0xFFFFFFFF))<<(32-cidr)) == mask) break;
if(cidr > 32) continue;
if(!first)fprintf(fp, ",");
fprintf(fp, "%u.%u.%u.%u/%u", x, y, z, w, cidr);
first = 0;
}
}
}
shutdown(sock, SHUT_RDWR);
#ifdef _WIN32
closesocket(sock);
#else
close(sock);
#endif
fclose(fp);
return 0;
}

196
src/dnspr.c Normal file
View File

@ -0,0 +1,196 @@
/*
3APA3A simpliest proxy server
(c) 2002-2008 by ZARAZA <3APA3A@security.nnov.ru>
please read License Agreement
$Id: dnspr.c,v 1.22 2009/09/17 12:21:05 v.dubrovin Exp $
*/
#include "proxy.h"
#ifndef UDP
#define UDP
#endif
#define RETURN(xxx) { param->res = xxx; goto CLEANRET; }
#define BUFSIZE 4096
void * dnsprchild(struct clientparam* param) {
unsigned long ip = 0;
unsigned char *buf, *s1, *s2;
char * host = NULL;
unsigned char c;
SASIZETYPE size;
int res, i;
int len;
unsigned type=0;
unsigned ttl;
#ifdef _WIN32
unsigned long ul = 1;
#endif
if(!(buf = myalloc(BUFSIZE))){
param->srv->fds.events = POLLIN;
RETURN (21);
}
size = sizeof(struct sockaddr_in);
i = so._recvfrom(param->srv->srvsock, buf, BUFSIZE, 0, (struct sockaddr *)&param->sinc, &size);
#ifdef _WIN32
if((param->clisock=so._socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) == INVALID_SOCKET) {
RETURN(818);
}
ioctlsocket(param->clisock, FIONBIO, &ul);
size = sizeof(struct sockaddr_in);
if(so._getsockname(param->srv->srvsock, (struct sockaddr *)&param->sins, &size)) {RETURN(21);};
if(so._setsockopt(param->clisock, SOL_SOCKET, SO_REUSEADDR, (unsigned char *)&ul, sizeof(int))) {RETURN(820);};
if(so._bind(param->clisock,(struct sockaddr *)&param->sins,sizeof(struct sockaddr_in))) {
RETURN(822);
}
#else
param->clisock = param->srv->srvsock;
#endif
param->srv->fds.events = POLLIN;
if(i < 0) {
RETURN(813);
}
buf[BUFSIZE - 1] = 0;
if(i<=13 || i>1000){
RETURN (814);
}
param->operation = DNSRESOLVE;
if((res = (*param->srv->authfunc)(param))) {RETURN(res);}
if(buf[4]!=0 || buf[5]!=1) RETURN(816);
for(len = 12; len<i; len+=(c+1)){
c = buf[len];
if(!c)break;
buf[len] = '.';
}
if(len > (i-4)) {RETURN(817);}
host = mystrdup((char *)buf+13);
if(!host) {RETURN(21);}
for(s2 = buf + 12; (s1 = (unsigned char *)strchr((char *)s2 + 1, '.')); s2 = s1)*s2 = (unsigned char)((s1 - s2) - 1);
*s2 = (len - (int)(s2 - buf)) - 1;
type = ((unsigned)buf[len+1])*256 + (unsigned)buf[len+2];
if(type==1){
ip = udpresolve((unsigned char *)host, &ttl, param, 0);
}
len+=5;
if(ip){
buf[2] = 0x85;
buf[3] = 0x80;
buf[6] = 0;
buf[7] = 1;
buf[8] = buf[9] = buf[10] = buf[11] = 0;
memset(buf+len, 0, 16);
buf[len] = 0xc0;
buf[len+1] = 0x0c;
buf[len+3] = 1;
buf[len+5] = 1;
ttl = htonl(ttl);
memcpy(buf + len + 6, &ttl, 4);
buf[len+11] = 4;
memcpy(buf+len+12,(void *)&ip,4);
len+=16;
}
if(type == 0x0c) {
unsigned a, b, c, d;
sscanf(host, "%u.%u.%u.%u", &a, &b, &c, &d);
ip = htonl((d<<24) ^ (c<<16) ^ (b<<8) ^ a);
if(ip == param->srv->intip){
buf[2] = 0x85;
buf[3] = 0x80;
buf[6] = 0;
buf[7] = 1;
buf[8] = buf[9] = buf[10] = buf[11] = 0;
memset(buf+len, 0, 20);
buf[len] = 0xc0;
buf[len+1] = 0x0c;
buf[len+3] = 0x0c;
buf[len+5] = 1;
ttl = htonl(3600);
memcpy(buf + len + 6, &ttl, 4);
buf[len+11] = 7;
buf[len+12] = 6;
memcpy(buf+len+13,(void *)"3proxy",6);
len+=20;
}
else ip = 0;
}
if(!ip && nservers[0] && type!=1){
if((param->remsock=so._socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) == INVALID_SOCKET) {
RETURN(818);
}
#ifdef _WIN32
ioctlsocket(param->remsock, FIONBIO, &ul);
#else
fcntl(param->remsock,F_SETFL,O_NONBLOCK);
#endif
param->sins.sin_family = AF_INET;
param->sins.sin_port = htons(0);
param->sins.sin_addr.s_addr = htonl(0);
if(so._bind(param->remsock,(struct sockaddr *)&param->sins,sizeof(struct sockaddr_in))) {
RETURN(819);
}
param->sins.sin_addr.s_addr = nservers[0];
param->sins.sin_port = htons(53);
if(socksendto(param->remsock, &param->sins, buf, i, conf.timeouts[SINGLEBYTE_L]*1000) != i){
RETURN(820);
}
param->statscli += i;
param->nwrites++;
len = sockrecvfrom(param->remsock, &param->sins, buf, BUFSIZE, 15000);
if(len <= 13) {
RETURN(821);
}
param->statssrv += len;
param->nreads++;
if(buf[6] || buf[7]){
if(socksendto(param->clisock, &param->sinc, buf, len, conf.timeouts[SINGLEBYTE_L]*1000) != len){
RETURN(822);
}
RETURN(0);
}
}
if(!ip) {
buf[2] = 0x85;
buf[3] = 0x83;
}
usleep(SLEEPTIME);
res = socksendto(param->clisock, &param->sinc, buf, len, conf.timeouts[SINGLEBYTE_L]*1000);
if(res != len){RETURN(819);}
if(!ip) {RETURN(888);}
CLEANRET:
if(param->res!=813){
sprintf((char *)buf, "%04x/%s(%u.%u.%u.%u)",
(unsigned)type,
host?host:"",
(unsigned)(ntohl(ip)&0xff000000)>>24,
(unsigned)(ntohl(ip)&0x00ff0000)>>16,
(unsigned)(ntohl(ip)&0x0000ff00)>>8,
(unsigned)(ntohl(ip)&0x000000ff)
);
(*param->srv->logfunc)(param, buf);
}
if(buf)myfree(buf);
if(host)myfree(host);
#ifndef _WIN32
param->clisock = INVALID_SOCKET;
#endif
freeparam(param);
return (NULL);
}

233
src/ftp.c Normal file
View File

@ -0,0 +1,233 @@
/*
* Copyright (c) 2002-2008 3APA3A
*
* please read License Agreement
*
* $Id: ftp.c,v 1.34 2009/09/17 12:21:06 v.dubrovin Exp $
*/
#include "proxy.h"
int ftplogin(struct clientparam *param, char *nbuf, int *innbuf) {
char tbuf[1024];
int i;
char *buf;
int len;
int res;
buf = nbuf?nbuf:tbuf;
len = nbuf?*innbuf:1024;
if(innbuf)*innbuf = 0;
if(len < 48) return 707;
while((i = sockgetlinebuf(param, SERVER, (unsigned char *)buf, len - 1, '\n', conf.timeouts[STRING_L])) > 0 && (i < 3 || !isnumber(*buf) || buf[3] == '-')){
}
if(i < 3) return 706;
buf[i] = 0;
if(atoi(buf)/100 != 2) {
*innbuf = i;
return 702;
}
sprintf(buf, "USER %.32s\r\n", param->extusername?param->extusername:(unsigned char *)"anonymous");
if((int)socksend(param->remsock, (unsigned char *)buf, (int)strlen(buf), conf.timeouts[STRING_S]) != (int)strlen(buf)){
return 703;
}
param->statscli += (int)strlen(buf);
param->nwrites++;
while((i = sockgetlinebuf(param, SERVER, (unsigned char *)buf, len - 1, '\n', conf.timeouts[STRING_L])) > 0 && (i < 3 || !isnumber(*buf) || buf[3] == '-')){
}
if(i < 3) return 704;
buf[i] = 0;
res = atoi(buf)/100;
if(res == 3){
sprintf(buf, "PASS %.32s\r\n",
param->extusername?
(param->extpassword?
param->extpassword:(unsigned char *)"")
:(unsigned char *)"3proxy@");
res = (int)strlen(buf);
if((int)socksend(param->remsock, (unsigned char *)buf, res, conf.timeouts[STRING_S]) != (int)strlen(buf)){
return 705;
}
param->statscli += res;
param->nwrites++;
while((i = sockgetlinebuf(param, SERVER, (unsigned char *)buf, len - 1, '\n', conf.timeouts[STRING_L])) > 0){
buf[i] = 0;
res = (i>3 && buf[3] != '-')? atoi(buf)/100 : 0;
if(res || (nbuf && (len-i) > 256 && i > 3)) {
buf += i;
len -= i;
if(innbuf)*innbuf += i;
}
if(res) break;
}
if(i < 3) {
return 701;
}
}
if(res != 2) {
return 700;
}
return 0;
}
int ftpcd(struct clientparam *param, unsigned char* path, char *nbuf, int *innbuf){
char buf[1024];
int i;
int inbuf = 0;
sprintf(buf, "CWD %.512s\r\n", path);
if((int)socksend(param->remsock, (unsigned char *)buf, (int)strlen(buf), conf.timeouts[STRING_S]) != (int)strlen(buf)){
return 711;
}
param->statscli += (int)strlen(buf);
param->nwrites++;
while((i = sockgetlinebuf(param, SERVER, (unsigned char *)buf, sizeof(buf) - 1, '\n', conf.timeouts[STRING_L])) > 0 && (i < 3 || !isnumber(*buf) || buf[3] == '-')){
if(nbuf && innbuf && inbuf + i < *innbuf && i > 6) {
memcpy(nbuf + inbuf, buf, i);
inbuf += i;
}
}
if(innbuf)*innbuf = inbuf;
if(i < 3) return 712;
buf[3] = 0;
if(buf[0] != '2') return 710;
return 0;
}
int ftpres(struct clientparam *param, unsigned char * buf, int l){
int i;
if (l < 16) return 755;
while((i = sockgetlinebuf(param, SERVER, buf, l - 1, '\n', conf.timeouts[STRING_L])) > 0 && (i < 3 || !isnumber(*buf) || buf[3] == '-')){
}
buf[i] = 0;
if(i < 3) return 751;
if(buf[0] != '2' && buf[0] != '1') return 750;
return 0;
}
int ftpsyst(struct clientparam *param, unsigned char *buf, unsigned len){
int i;
if(socksend(param->remsock, (unsigned char *)"SYST\r\n", 6, conf.timeouts[STRING_S]) != 6){
return 721;
}
param->statscli+=6;
param->nwrites++;
while((i = sockgetlinebuf(param, SERVER, buf, len - 1, '\n', conf.timeouts[STRING_L])) > 0 && (i < 3 || !isnumber(*buf) || buf[3] == '-')){
}
if(i < 7) return 722;
buf[3] = 0;
if(atoi((char *)buf)/100 != 2) return 723;
buf[i-2] = 0;
strcpy((char *)buf, (char *)buf+4);
return 0;
}
int ftppwd(struct clientparam *param, unsigned char *buf, unsigned len){
int i;
char *b, *e;
if(socksend(param->remsock, (unsigned char *)"PWD\r\n", 5, conf.timeouts[STRING_S]) != 5){
return 731;
}
param->statscli += 5;
param->nwrites++;
while((i = sockgetlinebuf(param, SERVER, buf, len - 1, '\n', conf.timeouts[STRING_L])) > 0 && (i < 3 || !isnumber(*buf) || buf[3] == '-')){
}
if(i < 7) return 732;
buf[3] = 0;
if(atoi((char *)buf)/100 != 2) return 733;
buf[i-2] = 0;
b = (char *)buf+4;
if(*b == '\"' && (e = strchr(b+1, '\"'))){
b++;
*e = 0;
}
strcpy((char *)buf, b);
return 0;
}
int ftptype(struct clientparam *param, unsigned char* f_type){
char buf[1024];
int i;
sprintf(buf, "TYPE %.512s\r\n", f_type);
if((int)socksend(param->remsock, (unsigned char *)buf, (int)strlen(buf), conf.timeouts[STRING_S]) != (int)strlen(buf)){
return 741;
}
param->statscli += (int)strlen(buf);
param->nwrites++;
while((i = sockgetlinebuf(param, SERVER, (unsigned char *)buf, sizeof(buf) - 1, '\n', conf.timeouts[STRING_L])) > 0 && (i < 3 || !isnumber(*buf) || buf[3] == '-')){
}
if(i < 3) return 742;
if(buf[0] != '2') return 740;
return 0;
}
SOCKET ftpdata(struct clientparam *param){
char buf[1024];
int i;
char *sb, *se;
SOCKET s = INVALID_SOCKET, rem;
unsigned long b1, b2, b3, b4;
unsigned short b5, b6;
if(socksend(param->remsock, (unsigned char *)"PASV\r\n", 6, conf.timeouts[STRING_S]) != 6){
return INVALID_SOCKET;
}
param->statscli+=6;
param->nwrites++;
while((i = sockgetlinebuf(param, SERVER, (unsigned char *)buf, sizeof(buf) - 1, '\n', conf.timeouts[STRING_L])) > 0 && (i < 3 || !isnumber(*buf) || buf[3] == '-')){
}
if(i < 7) return INVALID_SOCKET;
if(buf[0] != '2') return INVALID_SOCKET;
buf[i-2] = 0;
if(!(sb = strchr(buf+4, '(')) || !(se= strchr(sb, ')'))) return INVALID_SOCKET;
if(sscanf(sb+1, "%lu,%lu,%lu,%lu,%hu,%hu", &b1, &b2, &b3, &b4, &b5, &b6)!=6) return INVALID_SOCKET;
rem = param->remsock;
param->remsock = INVALID_SOCKET;
param->req.sin_family = AF_INET;
param->req.sin_port = param->sins.sin_port = htons((unsigned short)((b5<<8)^b6));
param->req.sin_addr.s_addr = param->sins.sin_addr.s_addr = htonl((b1<<24)^(b2<<16)^(b3<<8)^b4);
i = param->operation;
param->operation = FTP_DATA;
if((param->res = (*param->srv->authfunc)(param))) return INVALID_SOCKET;
param->operation = i;
s = param->remsock;
param->remsock = rem;
return s;
}
SOCKET ftpcommand(struct clientparam *param, unsigned char * command, unsigned char *arg) {
char buf[1024];
int i;
SOCKET s;
s = ftpdata(param);
if(s==INVALID_SOCKET) return INVALID_SOCKET;
sprintf(buf, "%.15s%s%.512s\r\n", command, arg?
(unsigned char *)" ":(unsigned char *)"",
arg?arg:(unsigned char *)"");
if((int)socksend(param->remsock, (unsigned char *)buf, (int)strlen(buf), conf.timeouts[STRING_S]) != (int)strlen(buf)){
so._closesocket(s);
return INVALID_SOCKET;
}
param->statscli += (int)strlen(buf);
param->nwrites++;
while((i = sockgetlinebuf(param, SERVER, (unsigned char *)buf, sizeof(buf) - 1, '\n', conf.timeouts[STRING_L])) > 0 && (i < 3 || !isnumber(*buf) || buf[3] == '-')){
}
if(i < 3) {
so._closesocket(s);
return INVALID_SOCKET;
}
if(buf[0] != '1') {
so._closesocket(s);
return INVALID_SOCKET;
}
return s;
}

329
src/ftppr.c Normal file
View File

@ -0,0 +1,329 @@
/*
3APA3A simpliest proxy server
(c) 2002-2008 by ZARAZA <3APA3A@security.nnov.ru>
please read License Agreement
$Id: ftppr.c,v 1.45 2011-08-15 19:52:27 vlad Exp $
*/
#include "proxy.h"
#define RETURN(xxx) { param->res = xxx; goto CLEANRET; }
#define BUFSIZE 2048
void * ftpprchild(struct clientparam* param) {
int i=0, res;
unsigned char *buf;
unsigned char *se;
int status = 0;
int inbuf;
int pasv = 0;
SOCKET sc = INVALID_SOCKET, ss = INVALID_SOCKET, clidatasock = INVALID_SOCKET;
SASIZETYPE sasize;
char * req = NULL;
struct linger lg;
struct pollfd fds;
if(!(buf = myalloc(BUFSIZE))) RETURN(876);
param->ctrlsock = param->clisock;
param->operation = CONNECT;
lg.l_onoff = 1;
lg.l_linger = conf.timeouts[STRING_L];;
if(socksend(param->ctrlsock, (unsigned char *)"220 Ready\r\n", 11, conf.timeouts[STRING_S])!=11) {RETURN (801);}
for(;;){
i = sockgetlinebuf(param, CLIENT, buf, BUFSIZE - 10, '\n', conf.timeouts[CONNECTION_S]);
if(!i) {
RETURN(0);
}
if(i<4) {RETURN(802);}
buf[i] = 0;
if ((se=(unsigned char *)strchr((char *)buf, '\r'))) *se = 0;
if (req) myfree (req);
req = NULL;
(*param->srv->logfunc)(param, buf);
if (!strncasecmp((char *)buf, "OPEN ", 5)){
if(parsehostname((char *)buf+5, param, 21)){RETURN(803);}
if(param->remsock != INVALID_SOCKET) {
so._shutdown(param->remsock, SHUT_RDWR);
so._closesocket(param->remsock);
param->remsock = INVALID_SOCKET;
}
if((res = (*param->srv->authfunc)(param))) {RETURN(res);}
param->ctrlsocksrv = param->remsock;
if(socksend(param->ctrlsock, (unsigned char *)"220 Ready\r\n", 11, conf.timeouts[STRING_S])!=11) {RETURN (801);}
status = 1;
}
else if (!strncasecmp((char *)buf, "USER ", 5)){
if(parseconnusername((char *)buf +5, param, 0, 21)){RETURN(804);}
if(!status){
if((res = (*param->srv->authfunc)(param))) {RETURN(res);}
param->ctrlsocksrv = param->remsock;
}
if(socksend(param->ctrlsock, (unsigned char *)"331 ok\r\n", 8, conf.timeouts[STRING_S])!=8) {RETURN (807);}
status = 2;
}
else if (!strncasecmp((char *)buf, "PASS ", 5)){
param->extpassword = (unsigned char *)mystrdup((char *)buf+5);
inbuf = BUFSIZE;
res = ftplogin(param, (char *)buf, &inbuf);
param->res = res;
if(inbuf && inbuf != BUFSIZE && socksend(param->ctrlsock, buf, inbuf, conf.timeouts[STRING_S])!=inbuf) {RETURN (807);}
if(!res) status = 3;
sprintf((char *)buf, "%.64s@%.128s%c%hu", param->extusername, param->hostname, (ntohs(param->sins.sin_port)==21)?0:':', ntohs(param->sins.sin_port));
req = mystrdup((char *)buf);
#ifndef WITHMAIN
{
int action, reqbufsize, reqsize;
reqbufsize = BUFSIZE;
reqsize = (int)strlen(buf) + 1;
action = handlereqfilters(param, &buf, &reqbufsize, 0, &reqsize);
if(action == HANDLED){
RETURN(0);
}
if(action != PASS) RETURN(877);
}
#endif
}
else if (status >= 3 && (
(!strncasecmp((char *)buf, "PASV", 4) && (pasv = 1)) ||
(!strncasecmp((char *)buf, "PORT ", 5) && !(pasv = 0))
)){
#ifndef WITHMAIN
{
int action, reqbufsize, reqsize;
reqbufsize = BUFSIZE;
reqsize = (int)strlen(buf) + 1;
action = handlehdrfilterscli(param, &buf, &reqbufsize, 0, &reqsize);
if(action == HANDLED){
RETURN(0);
}
if(action != PASS) RETURN(878);
}
#endif
if(sc != INVALID_SOCKET) {
so._shutdown(sc, SHUT_RDWR);
so._closesocket(sc);
sc = INVALID_SOCKET;
}
if(ss != INVALID_SOCKET) {
so._shutdown(ss, SHUT_RDWR);
so._closesocket(ss);
ss = INVALID_SOCKET;
}
if(clidatasock != INVALID_SOCKET) {
so._shutdown(clidatasock, SHUT_RDWR);
so._closesocket(clidatasock);
clidatasock = INVALID_SOCKET;
}
if ((clidatasock=socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) == INVALID_SOCKET) {RETURN(821);}
sasize = sizeof(struct sockaddr_in);
if (pasv) {
if(so._getsockname(param->ctrlsock, (struct sockaddr *)&param->sinc, &sasize)){RETURN(824);}
param->sinc.sin_port = 0;
if(so._bind(clidatasock, (struct sockaddr *)&param->sinc, sasize)){RETURN(822);}
if(so._listen(clidatasock, 1)) {RETURN(823);}
if(so._getsockname(clidatasock, (struct sockaddr *)&param->sinc, &sasize)){RETURN(824);}
sprintf((char *)buf, "227 OK (%u,%u,%u,%u,%u,%u)\r\n",
(unsigned)(((unsigned char *)(&param->sinc.sin_addr.s_addr))[0]),
(unsigned)(((unsigned char *)(&param->sinc.sin_addr.s_addr))[1]),
(unsigned)(((unsigned char *)(&param->sinc.sin_addr.s_addr))[2]),
(unsigned)(((unsigned char *)(&param->sinc.sin_addr.s_addr))[3]),
(unsigned)(((unsigned char *)(&param->sinc.sin_port))[0]),
(unsigned)(((unsigned char *)(&param->sinc.sin_port))[1])
);
param->srv->logfunc(param,buf);
}
else {
unsigned long b1, b2, b3, b4;
unsigned short b5, b6;
if(sscanf((char *)buf+5, "%lu,%lu,%lu,%lu,%hu,%hu", &b1, &b2, &b3, &b4, &b5, &b6)!=6) {RETURN(828);}
param->sinc.sin_family = AF_INET;
param->sinc.sin_port = htons((unsigned short)((b5<<8)^b6));
param->sinc.sin_addr.s_addr = htonl((b1<<24)^(b2<<16)^(b3<<8)^b4);
if(so._connect(clidatasock, (struct sockaddr *)&param->sinc, sasize)) {
so._closesocket(clidatasock);
clidatasock = INVALID_SOCKET;
RETURN(826);
}
sprintf(buf, "200 OK\r\n");
}
#ifndef WITHMAIN
{
int action, reqbufsize, reqsize;
reqbufsize = BUFSIZE;
reqsize = (int)strlen(buf) + 1;
action = handlehdrfilterssrv(param, &buf, &reqbufsize, 0, &reqsize);
if(action == HANDLED){
RETURN(0);
}
if(action != PASS) RETURN(879);
}
#endif
if(socksend(param->ctrlsock, buf, (int)strlen((char *)buf), conf.timeouts[STRING_S])!=(int)strlen((char *)buf)) {RETURN (825);}
status = 4;
}
else if (status == 4 && (
!(strncasecmp((char *)buf, "RETR ", 5) && (param->operation = FTP_GET)) ||
!(strncasecmp((char *)buf, "LIST", 4) && (param->operation = FTP_LIST))||
!(strncasecmp((char *)buf, "NLST ", 5) && (param->operation = FTP_LIST)) ||
!(strncasecmp((char *)buf, "APPE ", 5) && (param->operation = FTP_PUT)) ||
!(strncasecmp((char *)buf, "STOR ", 5) && (param->operation = FTP_PUT))
)){
int arg = (buf[4] && buf[5])? 1:0;
int ressent = 0;
#ifndef WITHMAIN
{
int action, reqbufsize, reqsize;
reqbufsize = BUFSIZE;
reqsize = (int)strlen(buf) + 1;
action = handlehdrfilterscli(param, &buf, &reqbufsize, 0, &reqsize);
if(action == HANDLED){
RETURN(0);
}
if(action != PASS) RETURN(880);
}
#endif
if(clidatasock == INVALID_SOCKET) { RETURN (829);}
if(pasv){
memset(&fds, 0, sizeof(fds));
fds.fd = clidatasock;
fds.events = POLLIN;
res = so._poll (&fds, 1, conf.timeouts[STRING_L]*1000);
if(res != 1) {
RETURN(857);
}
sasize = sizeof(struct sockaddr_in);
ss = so._accept(clidatasock, (struct sockaddr *)&param->sinc, &sasize);
if (ss == INVALID_SOCKET) { RETURN (858);}
so._shutdown(clidatasock, SHUT_RDWR);
so._closesocket(clidatasock);
clidatasock = ss;
ss = INVALID_SOCKET;
}
if(clidatasock == INVALID_SOCKET){RETURN(828);}
req = mystrdup((char *)buf);
buf[4] = 0;
status = 3;
ss = ftpcommand(param, buf, arg? buf+5 : NULL);
if (ss == INVALID_SOCKET) {
so._shutdown(clidatasock, SHUT_RDWR);
so._closesocket(clidatasock);
clidatasock = INVALID_SOCKET;
if(socksend(param->ctrlsock, (unsigned char *)"550 err\r\n", 9, conf.timeouts[STRING_S])!=9) {RETURN (831);}
continue;
}
if(socksend(param->ctrlsock, (unsigned char *)"125 data\r\n", 10, conf.timeouts[STRING_S]) != 10) {
param->remsock = INVALID_SOCKET;
RETURN (832);
}
if(param->srvoffset < param->srvinbuf)while((i = sockgetlinebuf(param, SERVER, buf, BUFSIZE, '\n', 0)) > 3){
if(socksend(param->ctrlsock, buf, i, conf.timeouts[STRING_S])!=i) {RETURN(833);}
if(isnumber(*buf) && buf[3] != '-') {
ressent = 1;
break;
}
}
sc = param->remsock;
param->remsock = ss;
so._setsockopt(param->remsock, SOL_SOCKET, SO_LINGER, (unsigned char *)&lg, sizeof(lg));
so._setsockopt(clidatasock, SOL_SOCKET, SO_LINGER, (unsigned char *)&lg, sizeof(lg));
param->clisock = clidatasock;
res = sockmap(param, conf.timeouts[CONNECTION_S]);
if(param->remsock != INVALID_SOCKET) {
so._shutdown (param->remsock, SHUT_RDWR);
so._closesocket(param->remsock);
}
if(param->clisock != INVALID_SOCKET) {
so._shutdown (param->clisock, SHUT_RDWR);
so._closesocket(param->clisock);
}
param->clisock = param->ctrlsock;
param->remsock = sc;
sc = INVALID_SOCKET;
ss = INVALID_SOCKET;
clidatasock = INVALID_SOCKET;
if(!ressent){
while((i = sockgetlinebuf(param, SERVER, buf, BUFSIZE, '\n', conf.timeouts[STRING_L])) > 3){
if(socksend(param->ctrlsock, buf, i, conf.timeouts[STRING_S])!=i) {RETURN(833);}
if(isnumber(*buf) && buf[3] != '-') break;
}
if(i < 3) {RETURN(834);}
}
}
else {
if(status < 3) {
if(socksend(param->remsock, (unsigned char *)"530 login\r\n", 11, conf.timeouts[STRING_S])!=1) {RETURN (810);}
continue;
}
if(!strncasecmp((char *)buf, "QUIT", 4)) status = 5;
if(!strncasecmp((char *)buf, "CWD ", 4)) req = mystrdup((char *)buf);
i = (int)strlen((char *)buf);
buf[i++] = '\r';
buf[i++] = '\n';
if(socksend(param->remsock, buf, i, conf.timeouts[STRING_S])!=i) {RETURN (811);}
param->statscli += i;
param->nwrites++;
while((i = sockgetlinebuf(param, SERVER, buf, BUFSIZE, '\n', conf.timeouts[STRING_L])) > 0){
if(socksend(param->ctrlsock, buf, i, conf.timeouts[STRING_S])!=i) {RETURN (812);}
if(i > 4 && isnumber(*buf) && buf[3] != '-') break;
}
if(status == 5) {RETURN (0);}
if(i < 3) {RETURN (813);}
}
sasize = sizeof(struct sockaddr_in);
if(so._getpeername(param->ctrlsock, (struct sockaddr *)&param->sinc, &sasize)){RETURN(819);}
if(req && (param->statscli || param->statssrv)){
(*param->srv->logfunc)(param, (unsigned char *)req);
}
}
CLEANRET:
if(sc != INVALID_SOCKET) {
so._shutdown(sc, SHUT_RDWR);
so._closesocket(sc);
}
if(ss != INVALID_SOCKET) {
so._shutdown(ss, SHUT_RDWR);
so._closesocket(ss);
}
if(clidatasock != INVALID_SOCKET) {
so._shutdown(clidatasock, SHUT_RDWR);
so._closesocket(clidatasock);
}
sasize = sizeof(struct sockaddr_in);
so._getpeername(param->ctrlsock, (struct sockaddr *)&param->sinc, &sasize);
if(param->res != 0 || param->statscli || param->statssrv ){
(*param->srv->logfunc)(param, (unsigned char *)((req && (param->res > 802))? req:NULL));
}
if(req) myfree(req);
if(buf) myfree(buf);
freeparam(param);
return (NULL);
}
#ifdef WITHMAIN
struct proxydef childdef = {
ftpprchild,
21,
0,
S_FTPPR,
" -hdefault_host[:port] - use this host and port as default if no host specified\n"
};
#include "proxymain.c"
#endif

533
src/icqpr.c Normal file
View File

@ -0,0 +1,533 @@
/*
3APA3A simpliest proxy server
(c) 2002-2008 by ZARAZA <3APA3A@security.nnov.ru>
please read License Agreement
$Id: icqpr.c,v 1.30 2012-04-11 23:01:19 vlad Exp $
*/
#include "proxy.h"
#ifndef PORTMAP
#define PORTMAP
#endif
#define RETURN(xxx) { param->res = xxx; goto CLEANRET; }
static void hexdump(unsigned char *data, int len){
for(; len; data++, len--){
printf("%02x", (unsigned)*data);
}
printf("\n");
}
struct flap_header {
unsigned char id;
unsigned char chan;
unsigned short seq;
unsigned short size;
char data[0];
};
struct snack_header {
unsigned family;
unsigned short flags;
unsigned id;
char data[0];
};
struct tlv_header {
unsigned short type;
unsigned short size;
char data[0];
};
typedef enum {
ONBEGIN = 0,
ONCHAN,
ONSEQ1,
ONSEQ2,
ONSIZE1,
ONSIZE2,
ONDATA
} ICQSTATE;
struct icqstate {
ICQSTATE state;
int leftinstate;
unsigned short seq;
unsigned short srvseq;
unsigned short gotseq;
unsigned short resyncseq;
char channel;
};
typedef enum {
ICQUNKNOWN,
ICQCLEAR,
ICQMD5,
ICQCOOKIE
} LOGINTYPE;
struct icq_cookie {
struct icq_cookie *next;
char *id;
int size;
char * cookie;
char * connectstring;
};
static struct icq_cookie *icq_cookies = NULL;
pthread_mutex_t icq_cookie_mutex;
int icq_cookie_mutex_init = 0;
static void icq_clear(void *fo){
};
static void addbuffer(int increment, struct clientparam * param, unsigned char ** buf_p, int * bufsize_p, int * length_p){
int bufsize = *length_p + increment + 40;
unsigned char *newbuf;
int len = 0;
if(bufsize > *bufsize_p){
newbuf = myalloc(bufsize);
if(!newbuf) return;
memcpy(newbuf, *buf_p, *length_p);
myfree(*buf_p);
*buf_p = newbuf;
*bufsize_p = bufsize;
}
if(increment) len = sockrecvfrom(param->remsock, &param->sins, *buf_p + *length_p, increment, conf.timeouts[STRING_S]*1000);
if(len > 0) {
*length_p += len;
param->nreads++;
param->statssrv += len;
}
return;
}
static int searchcookie(struct clientparam *param, struct flap_header * flap, int len, int * dif, struct tlv_header *tlv, int extra){
struct icq_cookie *ic;
char smallbuf[32];
struct tlv_header *bostlv = NULL;
struct sockaddr_in sa;
SASIZETYPE size = sizeof(sa);
int movelen = 0;
if(!icq_cookie_mutex_init){
pthread_mutex_init(&icq_cookie_mutex, NULL);
icq_cookie_mutex_init = 1;
}
pthread_mutex_lock(&icq_cookie_mutex);
for(ic = icq_cookies; ic; ic = ic->next)if(!strcmp(param->username, ic->id))break;
if(!ic){
ic = myalloc(sizeof(struct icq_cookie));
memset(ic, 0, sizeof(struct icq_cookie));
ic->id = mystrdup(param->username);
ic->next = icq_cookies;
icq_cookies = ic;
}
for(; ntohs(tlv->size) < 65500 && len >= (ntohs(tlv->size) + 4); len -= (ntohs(tlv->size) + 4), tlv = (struct tlv_header *)(tlv->data + ntohs(tlv->size))){
if(ntohs(tlv->type) == 0x0006){
if(ic->cookie)myfree(ic->cookie);
ic->cookie = myalloc(ntohs(tlv->size));
memcpy(ic->cookie, tlv->data, ntohs(tlv->size));
ic->size = tlv->size;
}
else if(ntohs(tlv->type) == 0x0005){
if(ic->connectstring)myfree(ic->connectstring);
ic->connectstring = myalloc(ntohs(tlv->size)+1);
memcpy(ic->connectstring, tlv->data, ntohs(tlv->size));
ic->connectstring[ntohs(tlv->size)] = 0;
bostlv = tlv;
movelen = extra + (len - 4) - ntohs(bostlv->size);
}
}
if(!ic->connectstring || !ic->cookie){
if(ic->cookie)myfree(ic->cookie);
if(ic->connectstring)myfree(ic->connectstring);
ic->cookie = NULL;
ic->connectstring = NULL;
ic->size = 0;
bostlv = NULL;
}
pthread_mutex_unlock(&icq_cookie_mutex);
if(bostlv){
if(so._getsockname(param->clisock, (struct sockaddr *)&sa, &size)==-1) return 1;
len = myinet_ntoa(sa.sin_addr, smallbuf);
if(strchr(ic->connectstring, ':'))sprintf(smallbuf+len, ":%hu", ntohs(sa.sin_port));
len = (int)strlen(smallbuf);
*dif = len - (int)ntohs(bostlv->size);
if(*dif != 0 && movelen > 0){
memmove(bostlv->data + len, bostlv->data + ntohs(bostlv->size), movelen);
}
memcpy(bostlv->data, smallbuf, len);
bostlv->size = htons(len);
len = ((int)ntohs(flap->size)) + *dif;
flap->size = htons(len);
}
return 0;
}
static FILTER_ACTION icq_srv(void *fc, struct clientparam * param, unsigned char ** buf_p, int * bufsize_p, int ioffset, int * length_p){
unsigned char * start = *buf_p + ioffset;
int len = *length_p - ioffset;
struct icqstate *state = (struct icqstate *)fc;
int size;
int offset;
while (len > 0){
switch(state->state){
case ONBEGIN:
if((*start) == 0x2A) {
if(len < 6){
offset = (int)(start - *buf_p);
addbuffer(6-len, param, buf_p, bufsize_p, length_p);
start = *buf_p + offset;
len = (int)(*buf_p + *length_p - start);
}
state->state = ONCHAN;
}
else {
if(!state->leftinstate)param->srv->logfunc(param, "Warning: need resync");
state->leftinstate++;
if(state->leftinstate > 65535){
param->srv->logfunc(param, "Out of Sync");
return REJECT;
}
}
start++;
len--;
break;
case ONCHAN:
if (*start >= 10){
param->srv->logfunc(param, "Warning: Wrong channel");
state->state = ONBEGIN;
}
else {
state->state = ONSEQ1;
state->channel = *start;
start++;
len--;
}
break;
case ONSEQ1:
state->gotseq = (((unsigned)*start) << 8);
state->state = ONSEQ2;
*(start) = (state->seq>>8);
start++;
len--;
break;
case ONSEQ2:
state->gotseq += *start;
if(state->gotseq != state->srvseq){
char smallbuf[64];
if(((state->gotseq < state->srvseq) || ((state->gotseq - state->srvseq) > 10 )) && (!state->resyncseq || state->gotseq != state->resyncseq)){
sprintf(smallbuf, "Warning: Wrong sequence, expected: %04hx got: %04hx", state->srvseq, state->gotseq);
param->srv->logfunc(param, smallbuf);
state->state = ONBEGIN;
state->resyncseq = state->gotseq;
break;
}
sprintf(smallbuf, "Warning: %hu flaps are lost on resync", state->gotseq - state->srvseq );
param->srv->logfunc(param, smallbuf);
state->srvseq = state->gotseq;
*(start-1) = (state->seq>>8);
}
*start = (state->seq & 0x00FF);
state->srvseq = state->srvseq + 1;
state->seq = state->seq + 1;
state->state = ONSIZE1;
start++;
len--;
break;
case ONSIZE1:
state->leftinstate = (((unsigned)(*start))<<8);
state->state = ONSIZE2;
start++;
len--;
break;
case ONSIZE2:
state->leftinstate += *start;
state->state = (state->leftinstate)?ONDATA:ONBEGIN;
start++;
len--;
if(state->leftinstate > 30 && state->channel == 2) {
if(len < state->leftinstate) {
offset = (int)(start - *buf_p);
addbuffer(state->leftinstate - len, param, buf_p, bufsize_p, length_p);
start = *buf_p + offset;
len = (int)(*length_p - offset);
}
size = 0;
if ((start[4] & 0x80)) {
size = htons(*(unsigned short *)(start+10)) + 2;
if(size > 8) size = 0;
}
if (start[0] == 0 && start[1] == 1 &&
((start[2] == 0 && start[3] == 5) || (start[2] == 1 && start[3] == 2))){
int dif = 0;
offset = (int)(start - *buf_p);
addbuffer(0, param, buf_p, bufsize_p, length_p);
start = *buf_p + offset;
searchcookie(param, (struct flap_header *) (start-6), state->leftinstate-(size+10), &dif, (struct tlv_header *) (start + size + 10), len - state->leftinstate);
*length_p += dif;
start += (state->leftinstate + dif);
len -= state->leftinstate;
state->leftinstate = 0;
state->state = ONBEGIN;
}
}
break;
case ONDATA:
size = (state->leftinstate > len)? len : state->leftinstate;
start += size;
len -= size;
state->leftinstate -= size;
if(!state->leftinstate) {
state->state = ONBEGIN;
}
break;
}
}
return CONTINUE;
}
static struct filter icqfilter = {
NULL,
"icqfilter",
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
*icq_srv,
*icq_clear,
NULL
};
static int readflap(struct clientparam * param, int direction, unsigned char *buf, int buflen){
int i, len;
struct flap_header *flap = (struct flap_header *)buf;
i = sockgetlinebuf(param, direction, buf, 6, EOF, conf.timeouts[STRING_L]);
if(i!=6) return 1;
if(flap->id != 0x2a) return 2;
len = ntohs(flap->size);
if(len > buflen-6) return 3;
i = sockgetlinebuf(param, direction, flap->data, len, EOF, conf.timeouts[STRING_S]);
if(len != i) return 4;
return 0;
}
#define flap ((struct flap_header *)buf)
#define snack ((struct snack_header *)(buf+6))
void * icqprchild(struct clientparam* param) {
int res;
unsigned char tmpsend[1024];
unsigned char *buf;
int i,j,len,len1;
int offset = 0;
int buflen = 16384;
LOGINTYPE logintype = ICQUNKNOWN;
int greet = 0;
struct icq_cookie *ic;
struct tlv_header *tlv;
struct icqstate mystate = {
ONBEGIN,
0, 0, 0,
0
};
struct filterp icqfilterp = {
&icqfilter,
(void *)&mystate
};
struct filterp **newfilters;
char handshake[] = {'\052', '\001', '\000', '\000', '\000', '\004', '\000', '\000', '\000', '\001'};
memcpy(tmpsend, handshake, 10);
if(socksend(param->clisock, tmpsend, 10, conf.timeouts[STRING_S])!=10) {RETURN (1101);}
buf = myalloc(65600);
if((res = readflap(param, CLIENT, buf, 1000))) {RETURN (1180 + res);}
if(ntohs(flap->size) == 4 || ntohs(flap->size) == 12){
tmpsend[2] = buf[2];
tmpsend[3] = buf[3];
greet = 1;
if(readflap(param, CLIENT, buf, 65550)) {RETURN (110);}
}
if(flap->chan != 1 && (flap->chan != 2 || snack->family != htonl(0x00170006))){
RETURN(1104);
}
len = ntohs(flap->size);
if(flap->chan == 1){
tlv = (struct tlv_header *)(flap->data + 4);
len -= 4;
}
else {
tlv = (struct tlv_header *)(flap->data + 10);
len -= 10;
}
for(; len >= (ntohs(tlv->size) + 4); len -= (ntohs(tlv->size) + 4), tlv = (struct tlv_header *)(tlv->data + ntohs(tlv->size))){
switch(ntohs(tlv->type)){
case 0x0001:
if(flap->chan == 2 && !logintype)logintype = ICQMD5;
if(!param->username){
param->username = myalloc(ntohs(tlv->size) + 1);
for(i=0, j=0; i < ntohs(tlv->size); i++){
if(!isspace(tlv->data[i]))param->username[j++]=tolower(tlv->data[i]);
}
param->username[j] = 0;
}
break;
case 0x0002:
logintype = ICQCLEAR;
break;
case 0x0006:
logintype = ICQCOOKIE;
for(ic = icq_cookies; ic; ic=ic->next){
if(ic->size && ic->size == tlv->size && !memcmp(ic->cookie, tlv->data, ntohs(tlv->size))){
parsehostname((char *)ic->connectstring, param, ntohs(param->srv->targetport));
if(!param->username && ic->id) param->username = mystrdup(ic->id);
break;
}
}
if(!ic) RETURN(1132);
break;
}
}
if(!logintype) RETURN(1133);
if(logintype != ICQCOOKIE) {
parsehostname((char *)param->srv->target, param, ntohs(param->srv->targetport));
}
param->operation = CONNECT;
res = (*param->srv->authfunc)(param);
if(res) {RETURN(res);}
if(greet){
if(socksend(param->remsock, tmpsend, 10, conf.timeouts[STRING_S])!=10) {RETURN (1105);}
param->statscli += 10;
}
if(readflap(param, SERVER, tmpsend, 1024)) {RETURN (1111);}
param->statssrv += (ntohs(((struct flap_header *)tmpsend)->size) + 6);
mystate.srvseq = ntohs(((struct flap_header *)tmpsend)->seq) + 1;
mystate.seq = 1;
len = ntohs(flap->size) + 6;
if((res=handledatfltcli(param, &buf, &buflen, offset, &len))!=PASS) RETURN(res);
if(socksend(param->remsock, buf+offset, len, conf.timeouts[STRING_S])!=(ntohs(flap->size)+6)) {RETURN (1106);}
offset = 0;
param->statscli += len;
if(logintype == ICQMD5) {
if(readflap(param, SERVER, buf, 65550)) {RETURN (1112);}
mystate.srvseq = ntohs(flap->seq) + 1;
flap->seq = htons(mystate.seq);
mystate.seq++;
len = ntohs(flap->size) + 6;
if((res=handledatfltsrv(param, &buf, &buflen, offset, &len))!=PASS) RETURN(res);
if(socksend(param->clisock, buf+offset, len, conf.timeouts[STRING_S])!=len) {RETURN (1113);}
offset = 0;
if(readflap(param, CLIENT, buf, 65550)) {RETURN (1114);}
len = ntohs(flap->size) + 6;
if((res=handledatfltcli(param, &buf, &buflen, offset, &len))!=PASS) RETURN(res);
if(socksend(param->remsock, buf+offset, len, conf.timeouts[STRING_S])!=len) {RETURN (1115);}
param->statscli += len;
offset = 0;
}
if(logintype != ICQCOOKIE) {
if(readflap(param, SERVER, buf, 65550)) {RETURN (1116);}
mystate.srvseq = ntohs(flap->seq) + 1;
flap->seq = htons(mystate.seq);
mystate.seq++;
len = ntohs(flap->size);
if(!param->username) {RETURN (1117);}
if(flap->chan == 1 || flap->chan == 4){
if(flap->data[0] == 0 && flap->data[1] == 0 && flap->data[2] == 0 && flap->data[3] == 1){
tlv = (struct tlv_header *)(flap->data + 4);
len -= 4;
}
else
tlv = (struct tlv_header *)(flap->data);
}
else {
tlv = (struct tlv_header *)(flap->data + 10);
len -= 10;
}
len1 = ntohs(flap->size);
if(searchcookie(param, flap, len, &len1, tlv, 0)){RETURN (1118);}
len = ntohs(flap->size) + 6;
if((res=handledatfltsrv(param, &buf, &buflen, offset, &len))!=PASS) RETURN(res);
if(socksend(param->clisock, buf+offset, len, conf.timeouts[STRING_S])!=len) {RETURN (1117);}
offset = 0;
}
param->ndatfilterssrv++;
newfilters = myalloc(param->ndatfilterssrv * sizeof(struct filterp *));
if(param->ndatfilterssrv > 1){
memcpy(newfilters, param->datfilterssrv, (param->ndatfilterssrv - 1) * sizeof(struct filterp *));
myfree(param->datfilterssrv);
}
param->datfilterssrv = newfilters;
newfilters[param->ndatfilterssrv - 1] = &icqfilterp;
param->res = sockmap(param, conf.timeouts[CONNECTION_L]);
param->ndatfilterssrv--;
CLEANRET:
(*param->srv->logfunc)(param, NULL);
freeparam(param);
if(buf) myfree(buf);
return (NULL);
}
#ifdef WITHMAIN
struct proxydef childdef = {
icqprchild,
0,
0,
S_ICQPR,
""
};
#include "proxymain.c"
#endif

315
src/libs/md4.c Normal file
View File

@ -0,0 +1,315 @@
/*
* md4c.c MD4 message-digest algorithm
*
* Version: $Id: md4.c,v 1.1 2010-11-11 11:32:32 v.dubrovin Exp $
*
* License to copy and use this software is granted provided that it
* is identified as the "RSA Data Security, Inc. MD4 Message-Digest
* Algorithm" in all material mentioning or referencing this software
* or this function.
*
* License is also granted to make and use derivative works provided
* that such works are identified as "derived from the RSA Data
* Security, Inc. MD4 Message-Digest Algorithm" in all material
* mentioning or referencing the derived work.
*
* RSA Data Security, Inc. makes no representations concerning either
* the merchantability of this software or the suitability of this
* software for any particular purpose. It is provided "as is"
* without express or implied warranty of any kind.
*
* These notices must be retained in any copies of any part of this
* documentation and/or software.
*
* Copyright 1990,1991,1992 RSA Data Security, Inc.
*/
#include "md4.h"
/* Constants for MD4Transform routine.
*/
#define S11 3
#define S12 7
#define S13 11
#define S14 19
#define S21 3
#define S22 5
#define S23 9
#define S24 13
#define S31 3
#define S32 9
#define S33 11
#define S34 15
static void MD4Transform PROTO_LIST ((UINT4 [4], unsigned char [64]));
static void Encode PROTO_LIST
((unsigned char *, UINT4 *, unsigned int));
static void Decode PROTO_LIST
((UINT4 *, unsigned char *, unsigned int));
static void MD4_memcpy PROTO_LIST ((POINTER, POINTER, unsigned int));
static void MD4_memset PROTO_LIST ((POINTER, int, unsigned int));
static unsigned char PADDING[64] = {
0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
};
/* F, G and H are basic MD4 functions.
*/
#define F(x, y, z) (((x) & (y)) | ((~x) & (z)))
#define G(x, y, z) (((x) & (y)) | ((x) & (z)) | ((y) & (z)))
#define H(x, y, z) ((x) ^ (y) ^ (z))
/* ROTATE_LEFT rotates x left n bits.
*/
#define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n))))
/* FF, GG and HH are transformations for rounds 1, 2 and 3 */
/* Rotation is separate from addition to prevent recomputation */
#define FF(a, b, c, d, x, s) { \
(a) += F ((b), (c), (d)) + (x); \
(a) = ROTATE_LEFT ((a), (s)); \
}
#define GG(a, b, c, d, x, s) { \
(a) += G ((b), (c), (d)) + (x) + (UINT4)0x5a827999; \
(a) = ROTATE_LEFT ((a), (s)); \
}
#define HH(a, b, c, d, x, s) { \
(a) += H ((b), (c), (d)) + (x) + (UINT4)0x6ed9eba1; \
(a) = ROTATE_LEFT ((a), (s)); \
}
void md4_calc(output, input, inlen)
unsigned char *output;
unsigned char *input; /* input block */
unsigned int inlen; /* length of input block */
{
MD4_CTX context;
MD4Init(&context);
MD4Update(&context, input, inlen);
MD4Final(output, &context);
}
/* MD4 initialization. Begins an MD4 operation, writing a new context.
*/
void MD4Init (context)
MD4_CTX *context; /* context */
{
context->count[0] = context->count[1] = 0;
/* Load magic initialization constants.
*/
context->state[0] = 0x67452301;
context->state[1] = 0xefcdab89;
context->state[2] = 0x98badcfe;
context->state[3] = 0x10325476;
}
/* MD4 block update operation. Continues an MD4 message-digest
operation, processing another message block, and updating the
context.
*/
void MD4Update (context, input, inputLen)
MD4_CTX *context; /* context */
unsigned char *input; /* input block */
unsigned int inputLen; /* length of input block */
{
unsigned int i, index, partLen;
/* Compute number of bytes mod 64 */
index = (unsigned int)((context->count[0] >> 3) & 0x3F);
/* Update number of bits */
if ((context->count[0] += ((UINT4)inputLen << 3))
< ((UINT4)inputLen << 3))
context->count[1]++;
context->count[1] += ((UINT4)inputLen >> 29);
partLen = 64 - index;
/* Transform as many times as possible.
*/
if (inputLen >= partLen) {
MD4_memcpy
((POINTER)&context->buffer[index], (POINTER)input, partLen);
MD4Transform (context->state, context->buffer);
for (i = partLen; i + 63 < inputLen; i += 64)
MD4Transform (context->state, &input[i]);
index = 0;
}
else
i = 0;
/* Buffer remaining input */
MD4_memcpy
((POINTER)&context->buffer[index], (POINTER)&input[i],
inputLen-i);
}
/* MD4 finalization. Ends an MD4 message-digest operation, writing the
the message digest and zeroizing the context.
*/
void MD4Final (digest, context)
unsigned char digest[16]; /* message digest */
MD4_CTX *context; /* context */
{
unsigned char bits[8];
unsigned int index, padLen;
/* Save number of bits */
Encode (bits, context->count, 8);
/* Pad out to 56 mod 64.
*/
index = (unsigned int)((context->count[0] >> 3) & 0x3f);
padLen = (index < 56) ? (56 - index) : (120 - index);
MD4Update (context, PADDING, padLen);
/* Append length (before padding) */
MD4Update (context, bits, 8);
/* Store state in digest */
Encode (digest, context->state, 16);
/* Zeroize sensitive information.
*/
MD4_memset ((POINTER)context, 0, sizeof (*context));
}
/* MD4 basic transformation. Transforms state based on block.
*/
static void MD4Transform (state, block)
UINT4 state[4];
unsigned char block[64];
{
UINT4 a = state[0], b = state[1], c = state[2], d = state[3], x[16];
Decode (x, block, 64);
/* Round 1 */
FF (a, b, c, d, x[ 0], S11); /* 1 */
FF (d, a, b, c, x[ 1], S12); /* 2 */
FF (c, d, a, b, x[ 2], S13); /* 3 */
FF (b, c, d, a, x[ 3], S14); /* 4 */
FF (a, b, c, d, x[ 4], S11); /* 5 */
FF (d, a, b, c, x[ 5], S12); /* 6 */
FF (c, d, a, b, x[ 6], S13); /* 7 */
FF (b, c, d, a, x[ 7], S14); /* 8 */
FF (a, b, c, d, x[ 8], S11); /* 9 */
FF (d, a, b, c, x[ 9], S12); /* 10 */
FF (c, d, a, b, x[10], S13); /* 11 */
FF (b, c, d, a, x[11], S14); /* 12 */
FF (a, b, c, d, x[12], S11); /* 13 */
FF (d, a, b, c, x[13], S12); /* 14 */
FF (c, d, a, b, x[14], S13); /* 15 */
FF (b, c, d, a, x[15], S14); /* 16 */
/* Round 2 */
GG (a, b, c, d, x[ 0], S21); /* 17 */
GG (d, a, b, c, x[ 4], S22); /* 18 */
GG (c, d, a, b, x[ 8], S23); /* 19 */
GG (b, c, d, a, x[12], S24); /* 20 */
GG (a, b, c, d, x[ 1], S21); /* 21 */
GG (d, a, b, c, x[ 5], S22); /* 22 */
GG (c, d, a, b, x[ 9], S23); /* 23 */
GG (b, c, d, a, x[13], S24); /* 24 */
GG (a, b, c, d, x[ 2], S21); /* 25 */
GG (d, a, b, c, x[ 6], S22); /* 26 */
GG (c, d, a, b, x[10], S23); /* 27 */
GG (b, c, d, a, x[14], S24); /* 28 */
GG (a, b, c, d, x[ 3], S21); /* 29 */
GG (d, a, b, c, x[ 7], S22); /* 30 */
GG (c, d, a, b, x[11], S23); /* 31 */
GG (b, c, d, a, x[15], S24); /* 32 */
/* Round 3 */
HH (a, b, c, d, x[ 0], S31); /* 33 */
HH (d, a, b, c, x[ 8], S32); /* 34 */
HH (c, d, a, b, x[ 4], S33); /* 35 */
HH (b, c, d, a, x[12], S34); /* 36 */
HH (a, b, c, d, x[ 2], S31); /* 37 */
HH (d, a, b, c, x[10], S32); /* 38 */
HH (c, d, a, b, x[ 6], S33); /* 39 */
HH (b, c, d, a, x[14], S34); /* 40 */
HH (a, b, c, d, x[ 1], S31); /* 41 */
HH (d, a, b, c, x[ 9], S32); /* 42 */
HH (c, d, a, b, x[ 5], S33); /* 43 */
HH (b, c, d, a, x[13], S34); /* 44 */
HH (a, b, c, d, x[ 3], S31); /* 45 */
HH (d, a, b, c, x[11], S32); /* 46 */
HH (c, d, a, b, x[ 7], S33); /* 47 */
HH (b, c, d, a, x[15], S34); /* 48 */
state[0] += a;
state[1] += b;
state[2] += c;
state[3] += d;
/* Zeroize sensitive information.
*/
MD4_memset ((POINTER)x, 0, sizeof (x));
}
/* Encodes input (UINT4) into output (unsigned char). Assumes len is
a multiple of 4.
*/
static void Encode (output, input, len)
unsigned char *output;
UINT4 *input;
unsigned int len;
{
unsigned int i, j;
for (i = 0, j = 0; j < len; i++, j += 4) {
output[j] = (unsigned char)(input[i] & 0xff);
output[j+1] = (unsigned char)((input[i] >> 8) & 0xff);
output[j+2] = (unsigned char)((input[i] >> 16) & 0xff);
output[j+3] = (unsigned char)((input[i] >> 24) & 0xff);
}
}
/* Decodes input (unsigned char) into output (UINT4). Assumes len is
a multiple of 4.
*/
static void Decode (output, input, len)
UINT4 *output;
unsigned char *input;
unsigned int len;
{
unsigned int i, j;
for (i = 0, j = 0; j < len; i++, j += 4)
output[i] = ((UINT4)input[j]) | (((UINT4)input[j+1]) << 8) |
(((UINT4)input[j+2]) << 16) | (((UINT4)input[j+3]) << 24);
}
/* Note: Replace "for loop" with standard memcpy if possible.
*/
static void MD4_memcpy (output, input, len)
POINTER output;
POINTER input;
unsigned int len;
{
unsigned int i;
for (i = 0; i < len; i++)
output[i] = input[i];
}
/* Note: Replace "for loop" with standard memset if possible.
*/
static void MD4_memset (output, value, len)
POINTER output;
int value;
unsigned int len;
{
unsigned int i;
for (i = 0; i < len; i++)
((char *)output)[i] = (char)value;
}

83
src/libs/md4.h Normal file
View File

@ -0,0 +1,83 @@
#ifndef _LRAD_MD4_H
#define _LRAD_MD4_H
#ifndef _LRAD_PROTO_H
#define _LRAD_PROTO_H
/* GLOBAL.H - RSAREF types and constants
*/
/* PROTOTYPES should be set to one if and only if the compiler supports
function argument prototyping.
The following makes PROTOTYPES default to 0 if it has not already
been defined with C compiler flags.
*/
#ifndef PROTOTYPES
# if __STDC__
# define PROTOTYPES 1
# else
# define PROTOTYPES 0
# endif
#endif
/* POINTER defines a generic pointer type */
typedef unsigned char *POINTER;
#define _POINTER_T
/* UINT2 defines a two byte word */
typedef unsigned short int UINT2;
#define _UINT2_T
/* UINT4 defines a four byte word */
typedef unsigned int UINT4;
#define _UINT4_T
/* PROTO_LIST is defined depending on how PROTOTYPES is defined above.
If using PROTOTYPES, then PROTO_LIST returns the list, otherwise it
returns an empty list.
*/
#if PROTOTYPES
#define PROTO_LIST(list) list
#else
#define PROTO_LIST(list) ()
#endif
#endif /* _LRAD_PROTO_H */
/* MD4.H - header file for MD4C.C
*/
/* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All
rights reserved.
License to copy and use this software is granted provided that it
is identified as the "RSA Data Security, Inc. MD4 Message-Digest
Algorithm" in all material mentioning or referencing this software
or this function.
License is also granted to make and use derivative works provided
that such works are identified as "derived from the RSA Data
Security, Inc. MD4 Message-Digest Algorithm" in all material
mentioning or referencing the derived work.
RSA Data Security, Inc. makes no representations concerning either
the merchantability of this software or the suitability of this
software for any particular purpose. It is provided "as is"
without express or implied warranty of any kind.
These notices must be retained in any copies of any part of this
documentation and/or software.
*/
/* MD4 context. */
typedef struct {
UINT4 state[4]; /* state (ABCD) */
UINT4 count[2]; /* number of bits, modulo 2^64 (lsb first) */
unsigned char buffer[64]; /* input buffer */
} MD4_CTX;
void md4_calc (unsigned char *, unsigned char *, unsigned int);
void MD4Init PROTO_LIST ((MD4_CTX *));
void MD4Update PROTO_LIST
((MD4_CTX *, unsigned char *, unsigned int));
void MD4Final PROTO_LIST ((unsigned char [16], MD4_CTX *));
#endif /* _LRAD_MD4_H */

345
src/libs/md5.c Normal file
View File

@ -0,0 +1,345 @@
/* MD5C.C - RSA Data Security, Inc., MD5 message-digest algorithm
*/
/* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All
rights reserved.
License to copy and use this software is granted provided that it
is identified as the "RSA Data Security, Inc. MD5 Message-Digest
Algorithm" in all material mentioning or referencing this software
or this function.
License is also granted to make and use derivative works provided
that such works are identified as "derived from the RSA Data
Security, Inc. MD5 Message-Digest Algorithm" in all material
mentioning or referencing the derived work.
RSA Data Security, Inc. makes no representations concerning either
the merchantability of this software or the suitability of this
software for any particular purpose. It is provided "as is"
without express or implied warranty of any kind.
These notices must be retained in any copies of any part of this
documentation and/or software.
*/
#include "md5.h"
/* Constants for MD5Transform routine.
*/
#define S11 7
#define S12 12
#define S13 17
#define S14 22
#define S21 5
#define S22 9
#define S23 14
#define S24 20
#define S31 4
#define S32 11
#define S33 16
#define S34 23
#define S41 6
#define S42 10
#define S43 15
#define S44 21
void librad_md5_calc(unsigned char *output, unsigned char *input,
unsigned int inputlen);
static void MD5Transform PROTO_LIST ((UINT4 [4], const unsigned char [64]));
static void Encode PROTO_LIST
((unsigned char *, UINT4 *, unsigned int));
static void Decode PROTO_LIST
((UINT4 *, const unsigned char *, unsigned int));
static void MD5_memcpy PROTO_LIST ((POINTER, CONSTPOINTER, unsigned int));
static void MD5_memset PROTO_LIST ((POINTER, int, unsigned int));
static const unsigned char PADDING[64] = {
0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
};
/* F, G, H and I are basic MD5 functions.
*/
#define F(x, y, z) (((x) & (y)) | ((~x) & (z)))
#define G(x, y, z) (((x) & (z)) | ((y) & (~z)))
#define H(x, y, z) ((x) ^ (y) ^ (z))
#define I(x, y, z) ((y) ^ ((x) | (~z)))
/* ROTATE_LEFT rotates x left n bits.
*/
#define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n))))
/* FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4.
Rotation is separate from addition to prevent recomputation.
*/
#define FF(a, b, c, d, x, s, ac) { \
(a) += F ((b), (c), (d)) + (x) + (UINT4)(ac); \
(a) = ROTATE_LEFT ((a), (s)); \
(a) += (b); \
}
#define GG(a, b, c, d, x, s, ac) { \
(a) += G ((b), (c), (d)) + (x) + (UINT4)(ac); \
(a) = ROTATE_LEFT ((a), (s)); \
(a) += (b); \
}
#define HH(a, b, c, d, x, s, ac) { \
(a) += H ((b), (c), (d)) + (x) + (UINT4)(ac); \
(a) = ROTATE_LEFT ((a), (s)); \
(a) += (b); \
}
#define II(a, b, c, d, x, s, ac) { \
(a) += I ((b), (c), (d)) + (x) + (UINT4)(ac); \
(a) = ROTATE_LEFT ((a), (s)); \
(a) += (b); \
}
void librad_md5_calc(unsigned char *output, unsigned char *input,
unsigned int inlen)
{
MD5_CTX context;
MD5Init(&context);
MD5Update(&context, input, inlen);
MD5Final(output, &context);
}
/* MD5 initialization. Begins an MD5 operation, writing a new context.
*/
void MD5Init (context)
MD5_CTX *context; /* context */
{
context->count[0] = context->count[1] = 0;
/* Load magic initialization constants.
*/
context->state[0] = 0x67452301;
context->state[1] = 0xefcdab89;
context->state[2] = 0x98badcfe;
context->state[3] = 0x10325476;
}
/* MD5 block update operation. Continues an MD5 message-digest
operation, processing another message block, and updating the
context.
*/
void MD5Update (context, input, inputLen)
MD5_CTX *context; /* context */
const unsigned char *input; /* input block */
unsigned int inputLen; /* length of input block */
{
unsigned int i, index, partLen;
/* Compute number of bytes mod 64 */
index = (unsigned int)((context->count[0] >> 3) & 0x3F);
/* Update number of bits */
if ((context->count[0] += ((UINT4)inputLen << 3))
< ((UINT4)inputLen << 3))
context->count[1]++;
context->count[1] += ((UINT4)inputLen >> 29);
partLen = 64 - index;
/* Transform as many times as possible.
*/
if (inputLen >= partLen) {
MD5_memcpy
((POINTER)&context->buffer[index], (CONSTPOINTER)input, partLen);
MD5Transform (context->state, context->buffer);
for (i = partLen; i + 63 < inputLen; i += 64)
MD5Transform (context->state, &input[i]);
index = 0;
}
else
i = 0;
/* Buffer remaining input */
MD5_memcpy
((POINTER)&context->buffer[index], (CONSTPOINTER)&input[i],
inputLen-i);
}
/* MD5 finalization. Ends an MD5 message-digest operation, writing the
the message digest and zeroizing the context.
*/
void MD5Final (digest, context)
unsigned char digest[16]; /* message digest */
MD5_CTX *context; /* context */
{
unsigned char bits[8];
unsigned int index, padLen;
/* Save number of bits */
Encode (bits, context->count, 8);
/* Pad out to 56 mod 64.
*/
index = (unsigned int)((context->count[0] >> 3) & 0x3f);
padLen = (index < 56) ? (56 - index) : (120 - index);
MD5Update (context, PADDING, padLen);
/* Append length (before padding) */
MD5Update (context, bits, 8);
/* Store state in digest */
Encode (digest, context->state, 16);
/* Zeroize sensitive information.
*/
MD5_memset ((POINTER)context, 0, sizeof (*context));
}
/* MD5 basic transformation. Transforms state based on block.
*/
static void MD5Transform (state, block)
UINT4 state[4];
const unsigned char block[64];
{
UINT4 a = state[0], b = state[1], c = state[2], d = state[3], x[16];
Decode (x, block, 64);
/* Round 1 */
FF (a, b, c, d, x[ 0], S11, 0xd76aa478); /* 1 */
FF (d, a, b, c, x[ 1], S12, 0xe8c7b756); /* 2 */
FF (c, d, a, b, x[ 2], S13, 0x242070db); /* 3 */
FF (b, c, d, a, x[ 3], S14, 0xc1bdceee); /* 4 */
FF (a, b, c, d, x[ 4], S11, 0xf57c0faf); /* 5 */
FF (d, a, b, c, x[ 5], S12, 0x4787c62a); /* 6 */
FF (c, d, a, b, x[ 6], S13, 0xa8304613); /* 7 */
FF (b, c, d, a, x[ 7], S14, 0xfd469501); /* 8 */
FF (a, b, c, d, x[ 8], S11, 0x698098d8); /* 9 */
FF (d, a, b, c, x[ 9], S12, 0x8b44f7af); /* 10 */
FF (c, d, a, b, x[10], S13, 0xffff5bb1); /* 11 */
FF (b, c, d, a, x[11], S14, 0x895cd7be); /* 12 */
FF (a, b, c, d, x[12], S11, 0x6b901122); /* 13 */
FF (d, a, b, c, x[13], S12, 0xfd987193); /* 14 */
FF (c, d, a, b, x[14], S13, 0xa679438e); /* 15 */
FF (b, c, d, a, x[15], S14, 0x49b40821); /* 16 */
/* Round 2 */
GG (a, b, c, d, x[ 1], S21, 0xf61e2562); /* 17 */
GG (d, a, b, c, x[ 6], S22, 0xc040b340); /* 18 */
GG (c, d, a, b, x[11], S23, 0x265e5a51); /* 19 */
GG (b, c, d, a, x[ 0], S24, 0xe9b6c7aa); /* 20 */
GG (a, b, c, d, x[ 5], S21, 0xd62f105d); /* 21 */
GG (d, a, b, c, x[10], S22, 0x2441453); /* 22 */
GG (c, d, a, b, x[15], S23, 0xd8a1e681); /* 23 */
GG (b, c, d, a, x[ 4], S24, 0xe7d3fbc8); /* 24 */
GG (a, b, c, d, x[ 9], S21, 0x21e1cde6); /* 25 */
GG (d, a, b, c, x[14], S22, 0xc33707d6); /* 26 */
GG (c, d, a, b, x[ 3], S23, 0xf4d50d87); /* 27 */
GG (b, c, d, a, x[ 8], S24, 0x455a14ed); /* 28 */
GG (a, b, c, d, x[13], S21, 0xa9e3e905); /* 29 */
GG (d, a, b, c, x[ 2], S22, 0xfcefa3f8); /* 30 */
GG (c, d, a, b, x[ 7], S23, 0x676f02d9); /* 31 */
GG (b, c, d, a, x[12], S24, 0x8d2a4c8a); /* 32 */
/* Round 3 */
HH (a, b, c, d, x[ 5], S31, 0xfffa3942); /* 33 */
HH (d, a, b, c, x[ 8], S32, 0x8771f681); /* 34 */
HH (c, d, a, b, x[11], S33, 0x6d9d6122); /* 35 */
HH (b, c, d, a, x[14], S34, 0xfde5380c); /* 36 */
HH (a, b, c, d, x[ 1], S31, 0xa4beea44); /* 37 */
HH (d, a, b, c, x[ 4], S32, 0x4bdecfa9); /* 38 */
HH (c, d, a, b, x[ 7], S33, 0xf6bb4b60); /* 39 */
HH (b, c, d, a, x[10], S34, 0xbebfbc70); /* 40 */
HH (a, b, c, d, x[13], S31, 0x289b7ec6); /* 41 */
HH (d, a, b, c, x[ 0], S32, 0xeaa127fa); /* 42 */
HH (c, d, a, b, x[ 3], S33, 0xd4ef3085); /* 43 */
HH (b, c, d, a, x[ 6], S34, 0x4881d05); /* 44 */
HH (a, b, c, d, x[ 9], S31, 0xd9d4d039); /* 45 */
HH (d, a, b, c, x[12], S32, 0xe6db99e5); /* 46 */
HH (c, d, a, b, x[15], S33, 0x1fa27cf8); /* 47 */
HH (b, c, d, a, x[ 2], S34, 0xc4ac5665); /* 48 */
/* Round 4 */
II (a, b, c, d, x[ 0], S41, 0xf4292244); /* 49 */
II (d, a, b, c, x[ 7], S42, 0x432aff97); /* 50 */
II (c, d, a, b, x[14], S43, 0xab9423a7); /* 51 */
II (b, c, d, a, x[ 5], S44, 0xfc93a039); /* 52 */
II (a, b, c, d, x[12], S41, 0x655b59c3); /* 53 */
II (d, a, b, c, x[ 3], S42, 0x8f0ccc92); /* 54 */
II (c, d, a, b, x[10], S43, 0xffeff47d); /* 55 */
II (b, c, d, a, x[ 1], S44, 0x85845dd1); /* 56 */
II (a, b, c, d, x[ 8], S41, 0x6fa87e4f); /* 57 */
II (d, a, b, c, x[15], S42, 0xfe2ce6e0); /* 58 */
II (c, d, a, b, x[ 6], S43, 0xa3014314); /* 59 */
II (b, c, d, a, x[13], S44, 0x4e0811a1); /* 60 */
II (a, b, c, d, x[ 4], S41, 0xf7537e82); /* 61 */
II (d, a, b, c, x[11], S42, 0xbd3af235); /* 62 */
II (c, d, a, b, x[ 2], S43, 0x2ad7d2bb); /* 63 */
II (b, c, d, a, x[ 9], S44, 0xeb86d391); /* 64 */
state[0] += a;
state[1] += b;
state[2] += c;
state[3] += d;
/* Zeroize sensitive information.
*/
MD5_memset ((POINTER)x, 0, sizeof (x));
}
/* Encodes input (UINT4) into output (unsigned char). Assumes len is
a multiple of 4.
*/
static void Encode (output, input, len)
unsigned char *output;
UINT4 *input;
unsigned int len;
{
unsigned int i, j;
for (i = 0, j = 0; j < len; i++, j += 4) {
output[j] = (unsigned char)(input[i] & 0xff);
output[j+1] = (unsigned char)((input[i] >> 8) & 0xff);
output[j+2] = (unsigned char)((input[i] >> 16) & 0xff);
output[j+3] = (unsigned char)((input[i] >> 24) & 0xff);
}
}
/* Decodes input (unsigned char) into output (UINT4). Assumes len is
a multiple of 4.
*/
static void Decode (output, input, len)
UINT4 *output;
const unsigned char *input;
unsigned int len;
{
unsigned int i, j;
for (i = 0, j = 0; j < len; i++, j += 4)
output[i] = ((UINT4)input[j]) | (((UINT4)input[j+1]) << 8) |
(((UINT4)input[j+2]) << 16) | (((UINT4)input[j+3]) << 24);
}
/* Note: Replace "for loop" with standard memcpy if possible.
*/
static void MD5_memcpy (output, input, len)
POINTER output;
CONSTPOINTER input;
unsigned int len;
{
unsigned int i;
for (i = 0; i < len; i++)
output[i] = input[i];
}
/* Note: Replace "for loop" with standard memset if possible.
*/
static void MD5_memset (output, value, len)
POINTER output;
int value;
unsigned int len;
{
unsigned int i;
for (i = 0; i < len; i++)
((char *)output)[i] = (char)value;
}

94
src/libs/md5.h Normal file
View File

@ -0,0 +1,94 @@
#ifndef _LRAD_MD5_H
#define _LRAD_MD5_H
#ifndef _LRAD_PROTO_H
#define _LRAD_PROTO_H
/* GLOBAL.H - RSAREF types and constants
*/
/* PROTOTYPES should be set to one if and only if the compiler supports
function argument prototyping.
The following makes PROTOTYPES default to 0 if it has not already
been defined with C compiler flags.
*/
#ifndef PROTOTYPES
# if __STDC__
# define PROTOTYPES 1
# else
# define PROTOTYPES 0
# endif
#endif
/* POINTER defines a generic pointer type */
#ifndef _POINTER_T
typedef unsigned char *POINTER;
#endif
typedef const unsigned char *CONSTPOINTER;
/* UINT2 defines a two byte word */
#ifndef _UINT2_T
typedef unsigned short int UINT2;
#endif
/* UINT4 defines a four byte word */
#ifndef _UINT4_T
typedef unsigned int UINT4;
#endif
/* PROTO_LIST is defined depending on how PROTOTYPES is defined above.
If using PROTOTYPES, then PROTO_LIST returns the list, otherwise it
returns an empty list.
*/
#if PROTOTYPES
#define PROTO_LIST(list) list
#else
#define PROTO_LIST(list) ()
#endif
#endif /* _LRAD_PROTO_H */
/*
* FreeRADIUS defines to ensure globally unique MD5 function names,
* so that we don't pick up vendor-specific broken MD5 libraries.
*/
#define MD5_CTX librad_MD5_CTX
#define MD5Init librad_MD5Init
#define MD5Update librad_MD5Update
#define MD5Final librad_MD5Final
/* MD5.H - header file for MD5C.C
*/
/* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All
rights reserved.
License to copy and use this software is granted provided that it
is identified as the "RSA Data Security, Inc. MD5 Message-Digest
Algorithm" in all material mentioning or referencing this software
or this function.
License is also granted to make and use derivative works provided
that such works are identified as "derived from the RSA Data
Security, Inc. MD5 Message-Digest Algorithm" in all material
mentioning or referencing the derived work.
RSA Data Security, Inc. makes no representations concerning either
the merchantability of this software or the suitability of this
software for any particular purpose. It is provided "as is"
without express or implied warranty of any kind.
These notices must be retained in any copies of any part of this
documentation and/or software.
*/
/* MD5 context. */
typedef struct {
UINT4 state[4]; /* state (ABCD) */
UINT4 count[2]; /* number of bits, modulo 2^64 (lsb first) */
unsigned char buffer[64]; /* input buffer */
} MD5_CTX;
void MD5Init PROTO_LIST ((MD5_CTX *));
void MD5Update PROTO_LIST
((MD5_CTX *, const unsigned char *, unsigned int));
void MD5Final PROTO_LIST ((unsigned char [16], MD5_CTX *));
#endif /* _LRAD_MD5_H */

3821
src/libs/regex.c Normal file
View File

File diff suppressed because it is too large Load Diff

74
src/libs/regex.h Normal file
View File

@ -0,0 +1,74 @@
/*
Minimal version of Henry Spencer's regex library
with minor modifications
*/
#ifndef _REGEX_H_
#define _REGEX_H_
#ifdef __cplusplus
extern "C" {
#endif
typedef off_t regoff_t;
typedef struct {
int re_magic;
size_t re_nsub; /* number of parenthesized subexpressions */
const char *re_endp; /* end pointer for REG_PEND */
struct re_guts *re_g; /* none of your business :-) */
} regex_t;
typedef struct {
regoff_t rm_so; /* start of match */
regoff_t rm_eo; /* end of match */
} regmatch_t;
extern int regcomp(regex_t *, const char *, int);
#define REG_BASIC 0000
#define REG_EXTENDED 0001
#define REG_ICASE 0002
#define REG_NOSUB 0004
#define REG_NEWLINE 0010
#define REG_NOSPEC 0020
#define REG_PEND 0040
#define REG_DUMP 0200
#define REG_OKAY 0
#define REG_NOMATCH 1
#define REG_BADPAT 2
#define REG_ECOLLATE 3
#define REG_ECTYPE 4
#define REG_EESCAPE 5
#define REG_ESUBREG 6
#define REG_EBRACK 7
#define REG_EPAREN 8
#define REG_EBRACE 9
#define REG_BADBR 10
#define REG_ERANGE 11
#define REG_ESPACE 12
#define REG_BADRPT 13
#define REG_EMPTY 14
#define REG_ASSERT 15
#define REG_INVARG 16
#define REG_ATOI 255 /* convert name to number (!) */
#define REG_ITOA 0400 /* convert number to name (!) */
extern int regexec(const regex_t *, const char *, size_t, regmatch_t [], int);
#define REG_NOTBOL 00001
#define REG_NOTEOL 00002
#define REG_STARTEND 00004
#define REG_TRACE 00400 /* tracing of execution */
#define REG_LARGE 01000 /* force large representation */
#define REG_BACKR 02000 /* force use of backref code */
extern void regfree(regex_t *);
#ifdef __cplusplus
}
#endif
#endif

321
src/libs/smbdes.c Normal file
View File

@ -0,0 +1,321 @@
/*
Unix SMB/CIFS implementation.
a partial implementation of DES designed for use in the
SMB authentication protocol
Copyright (C) Andrew Tridgell 1998
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
#include <string.h>
#include <ctype.h>
#define uchar unsigned char
static const uchar perm1[56] = {57, 49, 41, 33, 25, 17, 9,
1, 58, 50, 42, 34, 26, 18,
10, 2, 59, 51, 43, 35, 27,
19, 11, 3, 60, 52, 44, 36,
63, 55, 47, 39, 31, 23, 15,
7, 62, 54, 46, 38, 30, 22,
14, 6, 61, 53, 45, 37, 29,
21, 13, 5, 28, 20, 12, 4};
static const uchar perm2[48] = {14, 17, 11, 24, 1, 5,
3, 28, 15, 6, 21, 10,
23, 19, 12, 4, 26, 8,
16, 7, 27, 20, 13, 2,
41, 52, 31, 37, 47, 55,
30, 40, 51, 45, 33, 48,
44, 49, 39, 56, 34, 53,
46, 42, 50, 36, 29, 32};
static const uchar perm3[64] = {58, 50, 42, 34, 26, 18, 10, 2,
60, 52, 44, 36, 28, 20, 12, 4,
62, 54, 46, 38, 30, 22, 14, 6,
64, 56, 48, 40, 32, 24, 16, 8,
57, 49, 41, 33, 25, 17, 9, 1,
59, 51, 43, 35, 27, 19, 11, 3,
61, 53, 45, 37, 29, 21, 13, 5,
63, 55, 47, 39, 31, 23, 15, 7};
static const uchar perm4[48] = { 32, 1, 2, 3, 4, 5,
4, 5, 6, 7, 8, 9,
8, 9, 10, 11, 12, 13,
12, 13, 14, 15, 16, 17,
16, 17, 18, 19, 20, 21,
20, 21, 22, 23, 24, 25,
24, 25, 26, 27, 28, 29,
28, 29, 30, 31, 32, 1};
static const uchar perm5[32] = { 16, 7, 20, 21,
29, 12, 28, 17,
1, 15, 23, 26,
5, 18, 31, 10,
2, 8, 24, 14,
32, 27, 3, 9,
19, 13, 30, 6,
22, 11, 4, 25};
static const uchar perm6[64] ={ 40, 8, 48, 16, 56, 24, 64, 32,
39, 7, 47, 15, 55, 23, 63, 31,
38, 6, 46, 14, 54, 22, 62, 30,
37, 5, 45, 13, 53, 21, 61, 29,
36, 4, 44, 12, 52, 20, 60, 28,
35, 3, 43, 11, 51, 19, 59, 27,
34, 2, 42, 10, 50, 18, 58, 26,
33, 1, 41, 9, 49, 17, 57, 25};
static const uchar sc[16] = {1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1};
static const uchar sbox[8][4][16] = {
{{14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7},
{0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8},
{4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0},
{15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13}},
{{15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10},
{3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5},
{0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15},
{13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9}},
{{10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8},
{13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1},
{13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7},
{1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12}},
{{7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15},
{13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9},
{10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4},
{3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14}},
{{2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9},
{14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6},
{4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14},
{11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3}},
{{12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11},
{10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8},
{9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6},
{4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13}},
{{4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1},
{13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6},
{1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2},
{6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12}},
{{13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7},
{1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2},
{7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8},
{2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11}}};
static void permute(char *out, const char *in, const uchar *p, int n)
{
int i;
for (i=0;i<n;i++)
out[i] = in[p[i]-1];
}
static void lshift(char *d, int count, int n)
{
char out[64];
int i;
for (i=0;i<n;i++)
out[i] = d[(i+count)%n];
for (i=0;i<n;i++)
d[i] = out[i];
}
static void concat(char *out, char *in1, char *in2, int l1, int l2)
{
while (l1--)
*out++ = *in1++;
while (l2--)
*out++ = *in2++;
}
static void xor(char *out, char *in1, char *in2, int n)
{
int i;
for (i=0;i<n;i++)
out[i] = in1[i] ^ in2[i];
}
static void dohash(char *out, char *in, char *key)
{
int i, j, k;
char pk1[56];
char c[28];
char d[28];
char cd[56];
char ki[16][48];
char pd1[64];
char l[32], r[32];
char rl[64];
permute(pk1, key, perm1, 56);
for (i=0;i<28;i++)
c[i] = pk1[i];
for (i=0;i<28;i++)
d[i] = pk1[i+28];
for (i=0;i<16;i++) {
lshift(c, sc[i], 28);
lshift(d, sc[i], 28);
concat(cd, c, d, 28, 28);
permute(ki[i], cd, perm2, 48);
}
permute(pd1, in, perm3, 64);
for (j=0;j<32;j++) {
l[j] = pd1[j];
r[j] = pd1[j+32];
}
for (i=0;i<16;i++) {
char er[48];
char erk[48];
char b[8][6];
char cb[32];
char pcb[32];
char r2[32];
permute(er, r, perm4, 48);
xor(erk, er, ki[i], 48);
for (j=0;j<8;j++)
for (k=0;k<6;k++)
b[j][k] = erk[j*6 + k];
for (j=0;j<8;j++) {
int m, n;
m = (b[j][0]<<1) | b[j][5];
n = (b[j][1]<<3) | (b[j][2]<<2) | (b[j][3]<<1) | b[j][4];
for (k=0;k<4;k++)
b[j][k] = (sbox[j][m][n] & (1<<(3-k)))?1:0;
}
for (j=0;j<8;j++)
for (k=0;k<4;k++)
cb[j*4+k] = b[j][k];
permute(pcb, cb, perm5, 32);
xor(r2, l, pcb, 32);
for (j=0;j<32;j++)
l[j] = r[j];
for (j=0;j<32;j++)
r[j] = r2[j];
}
concat(rl, r, l, 32, 32);
permute(out, rl, perm6, 64);
}
static void str_to_key(unsigned char *str,unsigned char *key)
{
int i;
key[0] = str[0]>>1;
key[1] = ((str[0]&0x01)<<6) | (str[1]>>2);
key[2] = ((str[1]&0x03)<<5) | (str[2]>>3);
key[3] = ((str[2]&0x07)<<4) | (str[3]>>4);
key[4] = ((str[3]&0x0F)<<3) | (str[4]>>5);
key[5] = ((str[4]&0x1F)<<2) | (str[5]>>6);
key[6] = ((str[5]&0x3F)<<1) | (str[6]>>7);
key[7] = str[6]&0x7F;
for (i=0;i<8;i++) {
key[i] = (key[i]<<1);
}
}
static void smbhash(unsigned char *out, const unsigned char *in, unsigned char *key)
{
int i;
char outb[64];
char inb[64];
char keyb[64];
unsigned char key2[8];
str_to_key(key, key2);
for (i=0;i<64;i++) {
inb[i] = (in[i/8] & (1<<(7-(i%8)))) ? 1 : 0;
keyb[i] = (key2[i/8] & (1<<(7-(i%8)))) ? 1 : 0;
outb[i] = 0;
}
dohash(outb, inb, keyb);
for (i=0;i<8;i++) {
out[i] = 0;
}
for (i=0;i<64;i++) {
if (outb[i])
out[i/8] |= (1<<(7-(i%8)));
}
}
/*
* Converts the password to uppercase, and creates the LM
* password hash.
*/
void lmpwdhash(const unsigned char *password,unsigned char *lmhash)
{
int i;
unsigned char p14[14];
static unsigned char sp8[8] = {0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25};
memset(p14, 0, sizeof(p14));
for (i = 0; i < 14 && password[i]; i++) {
p14[i] = toupper((int) password[i]);
}
smbhash(lmhash, sp8, p14);
smbhash(lmhash+8, sp8, p14+7);
}
/*
* Take the NT or LM password, and return the MSCHAP response
*
* The win_password MUST be exactly 16 bytes long.
*/
void mschap(const unsigned char *win_password,
const unsigned char *challenge, unsigned char *response)
{
unsigned char p21[21];
memset(p21, 0, sizeof(p21));
memcpy(p21, win_password, 16);
smbhash(response, challenge, p21);
smbhash(response+8, challenge, p21+7);
smbhash(response+16, challenge, p21+14);
}

234
src/msnpr.c Normal file
View File

@ -0,0 +1,234 @@
/*
3APA3A simpliest proxy server
(c) 2002-2008 by ZARAZA <3APA3A@security.nnov.ru>
please read License Agreement
$Id: msnpr.c,v 1.3 2012-04-11 23:01:19 vlad Exp $
*/
#include "proxy.h"
#ifndef PORTMAP
#define PORTMAP
#endif
#define RETURN(xxx) { param->res = xxx; goto CLEANRET; }
struct msn_cookie {
struct msn_cookie *next;
unsigned char *userid;
char * connectstring;
};
static struct msn_cookie *msn_cookies = NULL;
pthread_mutex_t msn_cookie_mutex;
int msn_cookie_mutex_init = 0;
static void msn_clear(void *fo){
};
static FILTER_ACTION msn_srv(void *fc, struct clientparam * param, unsigned char ** buf_p, int * bufsize_p, int offset, int * length_p){
unsigned char *data = *buf_p + offset;
int len = (int)(*length_p - offset);
struct sockaddr_in sa;
SASIZETYPE size = sizeof(sa);
struct msn_cookie *cookie;
char tmpbuf[256];
char *sp1, *sp2, *sp3;
if(*bufsize_p - *length_p < 32) return CONTINUE;
if(len < 10 || len > 220) return CONTINUE;
data[len] = 0;
sp1 = data + 3;
if(data[0] == 'X' && data[1] == 'F' && data[2] == 'R' && data[3] == ' '){
if(!(sp2 = strchr(sp1 + 1, ' ')) || !(sp2 = strchr(sp2 + 1, ' '))|| !(sp3 = strchr(sp2 + 1, ' '))) return CONTINUE;
}
else if(data[0] == 'R' && data[1] == 'N' && data[2] == 'G' && data[3] == ' '){
if(!(sp2 = strchr(sp1 + 1, ' ')) || !(sp3 = strchr(sp2 + 1, ' '))) return CONTINUE;
}
else return CONTINUE;
*sp2 = 0;
*sp3 = 0;
if(getsockname(param->clisock, (struct sockaddr *)&sa, &size)==-1) {
return CONTINUE;
};
cookie = myalloc(sizeof(struct msn_cookie));
cookie->connectstring = mystrdup(sp2 + 1);
cookie->userid = mystrdup(param->username);
pthread_mutex_lock(&msn_cookie_mutex);
cookie->next = msn_cookies;
msn_cookies = cookie;
pthread_mutex_unlock(&msn_cookie_mutex);
strcpy(tmpbuf, data);
len = (int)strlen(tmpbuf);
tmpbuf[len++] = ' ';
len+=myinet_ntoa(sa.sin_addr, tmpbuf+len);
sprintf(tmpbuf+len, ":%hu %s", ntohs(sa.sin_port), sp3 + 1);
len = (int)strlen(tmpbuf);
memcpy(*buf_p + offset, tmpbuf, len);
*length_p = offset + len;
return CONTINUE;
}
static struct filter msnfilter = {
NULL,
"msnfilter",
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
*msn_srv,
*msn_clear,
NULL
};
void * msnprchild(struct clientparam* param) {
int res, len;
unsigned char *buf;
int buflen = 256;
char *sp1, *sp2, *sp3;
char *verstr = NULL;
int id;
struct msn_cookie *cookie, *prevcookie=NULL;
int sec = 0;
struct filterp **newfilters;
int skip = 0;
struct filterp msnfilterp = {
&msnfilter,
(void *)&skip
};
if(!msn_cookie_mutex_init){
msn_cookie_mutex_init = 1;
pthread_mutex_init(&msn_cookie_mutex, NULL);
}
buf = myalloc(buflen);
res = sockgetlinebuf(param, CLIENT, buf, 240, '\n', conf.timeouts[STRING_S]);
if(res < 10) RETURN(1201);
buf[res] = 0;
if(!(sp1 = strchr(buf, ' ')) || !(sp2 = strchr(sp1 + 1, ' ')) || !(sp3 = strchr(sp2 + 1, ' ')) || ((int)(sp3-sp2)) < 6) RETURN(1202);
if((buf[0] == 'U' && buf[1] == 'S' && buf[2] == 'R') ||
(buf[0] == 'A' && buf[1] == 'N' && buf[2] == 'S')){
len = 1 + (int)(sp3 - sp2);
param->username = myalloc(len - 1);
memcpy(param->username, sp2 + 1, len - 2);
sec = 1;
}
else if(buf[0] != 'V' || buf[1] != 'E' || buf[2] != 'R') {RETURN(1203);}
else {
id = atoi(sp1 + 1);
verstr = mystrdup(buf);
if(socksend(param->clisock, buf, res, conf.timeouts[STRING_S])!=res) {RETURN (1204);}
res = sockgetlinebuf(param, CLIENT, buf, 240, '\n', conf.timeouts[STRING_S]);
if(res < 10) RETURN(1205);
buf[res] = 0;
if(buf[0] != 'C' || buf[1] != 'V' || buf[2] != 'R' || !(sp1=strrchr(buf,' ')) || (len = (int)strlen(sp1+1)) < 3) RETURN(1206);
param->username = myalloc(len - 1);
memcpy(param->username, sp1 + 1, len - 2);
}
param->username[len - 2] = 0;
param->operation = CONNECT;
pthread_mutex_lock(&msn_cookie_mutex);
for(cookie = msn_cookies; cookie; cookie = cookie->next){
if(!strcmp(param->username, cookie->userid)){
parsehostname(cookie->connectstring, param, ntohs(param->srv->targetport));
if(prevcookie)prevcookie->next = cookie->next;
else msn_cookies = cookie->next;
myfree(cookie->connectstring);
myfree(cookie->userid);
myfree(cookie);
break;
}
prevcookie = cookie;
}
pthread_mutex_unlock(&msn_cookie_mutex);
if(!cookie) {
if(sec) RETURN(1233);
parsehostname((char *)param->srv->target, param, ntohs(param->srv->targetport));
}
res = (*param->srv->authfunc)(param);
if(res) {RETURN(res);}
if(!sec){
len = (int)strlen(verstr);
if(socksend(param->remsock, verstr, len, conf.timeouts[STRING_S])!= len) {RETURN (1207);}
param->statscli += len;
myfree(verstr);
verstr = mystrdup(buf);
len = sockgetlinebuf(param, SERVER, buf, 240, '\n', conf.timeouts[STRING_S]);
if(len < 10) RETURN(1208);
param->statssrv += len;
strcpy(buf, verstr);
}
len = (int)strlen(buf);
if((res=handledatfltcli(param, &buf, &buflen, 0, &len))!=PASS) RETURN(res);
if(socksend(param->remsock, buf, len, conf.timeouts[STRING_S])!= len) {RETURN (1207);}
param->statscli += len;
if(sec){
RETURN(sockmap(param, conf.timeouts[CONNECTION_L]));
}
param->ndatfilterssrv++;
newfilters = myalloc(param->ndatfilterssrv * sizeof(struct filterp *));
if(param->ndatfilterssrv > 1){
memcpy(newfilters, param->datfilterssrv, (param->ndatfilterssrv - 1) * sizeof(struct filterp *));
myfree(param->datfilterssrv);
}
param->datfilterssrv = newfilters;
newfilters[param->ndatfilterssrv - 1] = &msnfilterp;
param->res = sockmap(param, conf.timeouts[CONNECTION_L]);
param->ndatfilterssrv--;
CLEANRET:
if(verstr)myfree(verstr);
if(buf)myfree(buf);
(*param->srv->logfunc)(param, NULL);
freeparam(param);
return (NULL);
}
#ifdef WITHMAIN
struct proxydef childdef = {
msnprchild,
0,
0,
S_MSNPR,
""
};
#include "proxymain.c"
#endif

367
src/myalloc.c Normal file
View File

@ -0,0 +1,367 @@
/*
3APA3A simpliest proxy server
(c) 2002-2008 by ZARAZA <3APA3A@security.nnov.ru>
please read License Agreement
$Id: myalloc.c,v 1.5 2008/01/08 21:46:38 vlad Exp $
*/
#include "proxy.h"
#ifndef WITH_STD_MALLOC
#include "proxy.h"
#define MEM64K 65536
#define MEM16K 16384
#define MEM4K 4096
#define MEM1K 1024
#define MEM256 256
#define DEBUGLEVEL 1
struct mempage{
struct mempage *next;
unsigned usable;
unsigned char bitmap[32];
unsigned char data[MEM64K];
} * pages[] = {NULL, NULL, NULL, NULL, NULL, NULL};
unsigned memsizes[] = {MEM64K, MEM16K, MEM4K, MEM1K, MEM256, 0};
enum pagesizes {
p64k,
p16k,
p4k,
p1k,
p256,
nomem,
};
pthread_mutex_t mem_mutex;
int mem_init = 0;
#ifdef _WIN32
HANDLE myheap;
#define malloc(x) HeapAlloc(myheap, 0, x)
#define free(x) HeapFree(myheap, 0, x)
#endif
void init_mem(void) {
mem_init++;
pthread_mutex_init(&mem_mutex, NULL);
#if DEBUGLEVEL > 2
fprintf(stderr, "Memory initialized\n");
fflush(stderr);
#endif
#ifdef _WIN32
myheap = HeapCreate(0, MEM64K*16, 0);
#endif
}
void * myalloc64k(){
struct mempage *newpage;
if(!mem_init)init_mem();
if(!(newpage = (struct mempage *)malloc(sizeof(struct mempage)))){
#if DEBUGLEVEL > 0
fprintf(stderr, "Failed to allocate p64k\n");
fflush(stderr);
#endif
return NULL;
}
memset(newpage->bitmap, 0, 32);
newpage->usable = 0;
pthread_mutex_lock(&mem_mutex);
newpage->next = pages[p64k];
pages[p64k] = newpage;
pthread_mutex_unlock(&mem_mutex);
#if DEBUGLEVEL > 2
fprintf(stderr, "New p64k created, address %X region: %X\n", newpage, newpage->data);
fflush(stderr);
#endif
#if DEBUGLEVEL == 2
fprintf(stderr, "myalloc64 %p\n", newpage->data);
fflush(stderr);
#endif
return newpage->data;
}
int alloced = 0;
void * myalloc(size_t size){
struct mempage *newpage, *page;
unsigned pagesize;
unsigned i=0, j, k=0;
int p;
alloced++;
if(!mem_init)init_mem();
for(p = nomem; ; ) {
if(!p){
#if DEBUGLEVEL > 2
fprintf(stderr, "Page is too large (%u), requesting malloc instead\n", size);
fflush(stderr);
#endif
return malloc(size);
}
p--;
if(size<memsizes[p]){
break;
}
}
if(p == p64k){
#if DEBUGLEVEL > 2
fprintf(stderr, "Page will p64k\n");
fflush(stderr);
#endif
return myalloc64k();
}
pagesize = memsizes[p];
#if DEBUGLEVEL > 2
fprintf(stderr, "Calculated pagesize: %u\n", pagesize);
fflush(stderr);
#endif
pthread_mutex_lock(&mem_mutex);
newpage = pages[p];
if(newpage && newpage->usable){
#if DEBUGLEVEL > 2
fprintf(stderr, "Useful page found: %X,", newpage);
fflush(stderr);
#endif
for(j=0; j<32; j++){
register unsigned c = newpage->bitmap[j];
if(c){
for(k=0; ;k++)if(c & (1<<k))break;
i = (j<<11) + (k<<8);
#if DEBUGLEVEL > 2
fprintf(stderr, "region: %X, offset %u, byte %u, %u, %u\n", newpage->data + i, i, j, k, newpage->bitmap[j]);
fflush(stderr);
#endif
break;
}
}
}
else{
if(!(newpage = (struct mempage *)malloc(sizeof(struct mempage)))){
pthread_mutex_unlock(&mem_mutex);
#if DEBUGLEVEL > 0
fprintf(stderr, "Failed to allocate p64k\n");
fflush(stderr);
#endif
return NULL;
}
#if DEBUGLEVEL > 2
fprintf(stderr, "New page used: %X,", newpage);
fflush(stderr);
#endif
memset(newpage->bitmap, 0, 32);
for(i = 0; i<MEM64K; i+=pagesize){
j = (i >> 11);
k = ((i & 0x000007FF) >> 8);
newpage->bitmap[j] |= (1<<k);
}
i-=pagesize;
newpage->next = pages[p];
newpage->usable = MEM64K;
pages[p] = newpage;
}
#if DEBUGLEVEL > 2
fprintf(stderr, "Byte was %d/%d/%d\n", j, k, newpage->bitmap[j]);
fflush(stderr);
#endif
newpage->bitmap[j] ^= (1<<k);
#if DEBUGLEVEL > 2
fprintf(stderr, "Byte set %d/%d/%d\n", j, k, newpage->bitmap[j]);
fflush(stderr);
#endif
newpage->usable -= pagesize;
#if DEBUGLEVEL > 2
fprintf(stderr, "usable amount after allocation: %u\n", newpage->usable);
fflush(stderr);
#endif
if(!newpage->usable){
#if DEBUGLEVEL > 2
fprintf(stderr, "No usable amount left\n", newpage->usable);
fflush(stderr);
#endif
if((page = newpage->next) && page->usable){
#if DEBUGLEVEL > 2
fprintf(stderr, "Moving to end of list\n", newpage->usable);
fflush(stderr);
#endif
pages[p] = page;
while(page->next && page->next->usable)page = page->next;
newpage->next = page->next;
page->next = newpage;
}
}
pthread_mutex_unlock(&mem_mutex);
#if DEBUGLEVEL > 2
fprintf(stderr, "All done, returning: %x\n", newpage->data + i);
fflush(stderr);
#endif
#if DEBUGLEVEL == 2
fprintf(stderr, "malloc %p\n", (void *)(newpage->data + i));
fflush(stderr);
#endif
return (void *)(newpage->data + i);
}
int myfindsize(void * p, struct mempage ***prevpagep, struct mempage **pagep){
int i;
struct mempage *prevpage, *page;
for (i=0; i<nomem; i++){
for(page = pages[i], prevpage = NULL; page; page=page->next){
if( p >= (void *)page->data && p < (void *)(page->data + MEM64K))break;
prevpage = page;
}
if(page){
if(pagep)*pagep = page;
if(prevpagep)*prevpagep = prevpage?&prevpage->next:&pages[i];
#if DEBUGLEVEL > 2
fprintf(stderr, "%x belongs to page: %x with data %x\n", p, page, page->data);
fflush(stderr);
#endif
break;
}
}
return i;
}
void myfree(void *p){
struct mempage **prevpage, *page;
int i;
unsigned pagesize;
unsigned size, j, k;
alloced--;
#if DEBUGLEVEL == 2
fprintf(stderr, "free %p\n", p);
fflush(stderr);
#endif
pthread_mutex_lock(&mem_mutex);
i = myfindsize(p, &prevpage, &page);
if (i == nomem) {
#if DEBUGLEVEL > 2
fprintf(stderr, "Page does not exists, trying free()\n");
fflush(stderr);
#endif
pthread_mutex_unlock(&mem_mutex);
free(p);
return;
}
pagesize = memsizes[i];
#if DEBUGLEVEL > 2
fprintf(stderr, "Calculated pagesize: %u\n", pagesize);
fflush(stderr);
#endif
size = (unsigned)((unsigned char*)p - page->data);
if(size%pagesize) {
#if DEBUGLEVEL > 0
write(2, p, 4);
fprintf(stderr, "\nGiven address is not block aligned, ignoring\n");
fflush(stderr);
#endif
pthread_mutex_unlock(&mem_mutex);
return; /* Hmmmmm */
}
*prevpage = page->next;
page->usable += pagesize;
#if DEBUGLEVEL > 2
fprintf(stderr, "New usable space: %u\n", page->usable);
fflush(stderr);
#endif
if(page->usable >= MEM64K && ((pagesize == MEM64K) || (pages[i] && pages[i]->usable))) {
#if DEBUGLEVEL > 2
fprintf(stderr, "Free this page\n");
fflush(stderr);
#endif
free(page);
}
else {
j = (size>>11);
k = ((size & 0x000007FF) >> 8);
k = ('\01'<<k);
if(page->bitmap[j] & k) {
#if DEBUGLEVEL > 0
fprintf(stderr, "Error: double free() %d/%d/%d\n", j, k, page->bitmap[j]);
fflush(stderr);
#endif
page->usable += pagesize;
}
page->bitmap[j] |= k;
page->next = pages[i];
pages[i] = page;
#if DEBUGLEVEL > 2
fprintf(stderr, "This page will be reused next time\n");
fflush(stderr);
#endif
}
pthread_mutex_unlock(&mem_mutex);
}
char * mystrdup(const char *str){
unsigned l;
char *p;
if(!str) return NULL;
l = ((unsigned)strlen(str))+1;
p = myalloc(l);
if(p)memcpy(p, str, l);
#if DEBUGLEVEL == 2
fprintf(stderr, "strdup %p\n", p);
fflush(stderr);
#endif
return p;
}
void *myrealloc(void *ptr, size_t size){
unsigned l;
void * p;
l = myfindsize(ptr, NULL, NULL);
if(size <= memsizes[l]) return ptr;
p = myalloc(size);
if(p){
memcpy(p,ptr,size);
myfree(ptr);
}
return p;
}
#ifdef WITH_MAIN
int main(){
void *p1, *p2, *p3, *p4, *p5, *p6, *p7, *p8, *p9, *p10, *p11, *p12, *p13;
p1 = myalloc(5000);
p2 = myalloc(5000);
p3 = myalloc(5000);
p4 = myalloc(5000);
p5 = myalloc(5000);
p6 = myalloc(5000);
p7 = myalloc(5000);
p8 = myalloc(5000);
p9 = myalloc(5000);
p10 = myalloc(5000);
myfree(p2);
myfree(p8);
p11 = myalloc(5000);
p12 = myalloc(5000);
p13 = myalloc(5000);
p2 = myalloc(5000);
p8 = myalloc(5000);
myalloc(5000);
}
#endif
#endif

200
src/mycrypt.c Normal file
View File

@ -0,0 +1,200 @@
/*
3APA3A simpliest proxy server
(c) 2002-2008 by ZARAZA <3APA3A@security.nnov.ru>
please read License Agreement
$Id: mycrypt.c,v 1.8 2008/01/08 21:46:38 vlad Exp $
*/
#include "libs/md5.h"
#include "libs/md4.h"
#include <string.h>
#define MD5_SIZE 16
#ifdef _WIN32
#pragma warning (disable : 4996)
#endif
void tohex(unsigned char *in, unsigned char *out, int len);
static unsigned char itoa64[] =
"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
void
_crypt_to64(unsigned char *s, unsigned long v, int n)
{
while (--n >= 0) {
*s++ = itoa64[v&0x3f];
v >>= 6;
}
}
unsigned char * ntpwdhash (unsigned char *szHash, const unsigned char *szPassword, int ctohex)
{
unsigned char szUnicodePass[513];
unsigned int nPasswordLen;
MD4_CTX ctx;
unsigned int i;
/*
* NT passwords are unicode. Convert plain text password
* to unicode by inserting a zero every other byte
*/
nPasswordLen = (int)strlen((char *)szPassword);
if(nPasswordLen > 255)nPasswordLen = 255;
for (i = 0; i < nPasswordLen; i++) {
szUnicodePass[i << 1] = szPassword[i];
szUnicodePass[(i << 1) + 1] = 0;
}
/* Encrypt Unicode password to a 16-byte MD4 hash */
MD4Init(&ctx);
MD4Update(&ctx, szUnicodePass, (nPasswordLen<<1));
MD4Final(szUnicodePass, &ctx);
if (ctohex){
tohex(szUnicodePass, szHash, 16);
}
else memcpy(szHash, szUnicodePass, 16);
return szHash;
}
unsigned char * mycrypt(const unsigned char *pw, const unsigned char *salt, unsigned char *passwd){
const unsigned char *ep;
if(salt[0] == '$' && salt[1] == '1' && salt[2] == '$' && (ep = (unsigned char *)strchr((char *)salt+3, '$'))) {
static unsigned char *magic = (unsigned char *)"$1$";
unsigned char *p;
const unsigned char *sp;
unsigned char final[MD5_SIZE];
int sl,pl,i;
MD5_CTX ctx,ctx1;
unsigned long l;
/* Refine the Salt first */
sp = salt +3;
/* get the length of the true salt */
sl = (int)(ep - sp);
MD5Init(&ctx);
/* The password first, since that is what is most unknown */
MD5Update(&ctx,pw,strlen((char *)pw));
/* Then our magic string */
MD5Update(&ctx,magic,strlen((char *)magic));
/* Then the raw salt */
MD5Update(&ctx,sp,sl);
/* Then just as many unsigned characters of the MD5(pw,salt,pw) */
MD5Init(&ctx1);
MD5Update(&ctx1,pw,strlen((char *)pw));
MD5Update(&ctx1,sp,sl);
MD5Update(&ctx1,pw,strlen((char *)pw));
MD5Final(final,&ctx1);
for(pl = (int)strlen((char *)pw); pl > 0; pl -= MD5_SIZE)
MD5Update(&ctx,final,pl>MD5_SIZE ? MD5_SIZE : pl);
/* Don't leave anything around in vm they could use. */
memset(final,0,sizeof final);
/* Then something really weird... */
for (i = (int)strlen((char *)pw); i ; i >>= 1)
if(i&1)
MD5Update(&ctx, final, 1);
else
MD5Update(&ctx, pw, 1);
/* Now make the output string */
strcpy((char *)passwd,(char *)magic);
strncat((char *)passwd,(char *)sp,sl);
strcat((char *)passwd,"$");
MD5Final(final,&ctx);
/*
* and now, just to make sure things don't run too fast
* On a 60 Mhz Pentium this takes 34 msec, so you would
* need 30 seconds to build a 1000 entry dictionary...
*/
for(i=0;i<1000;i++) {
MD5Init(&ctx1);
if(i & 1)
MD5Update(&ctx1,pw,strlen((char *)pw));
else
MD5Update(&ctx1,final,MD5_SIZE);
if(i % 3)
MD5Update(&ctx1,sp,sl);
if(i % 7)
MD5Update(&ctx1,pw,strlen((char *)pw));
if(i & 1)
MD5Update(&ctx1,final,MD5_SIZE);
else
MD5Update(&ctx1,pw,strlen((char *)pw));
MD5Final(final,&ctx1);
}
p = passwd + strlen((char *)passwd);
l = (final[ 0]<<16) | (final[ 6]<<8) | final[12];
_crypt_to64(p,l,4); p += 4;
l = (final[ 1]<<16) | (final[ 7]<<8) | final[13];
_crypt_to64(p,l,4); p += 4;
l = (final[ 2]<<16) | (final[ 8]<<8) | final[14];
_crypt_to64(p,l,4); p += 4;
l = (final[ 3]<<16) | (final[ 9]<<8) | final[15];
_crypt_to64(p,l,4); p += 4;
l = (final[ 4]<<16) | (final[10]<<8) | final[ 5];
_crypt_to64(p,l,4); p += 4;
l = final[11] ;
_crypt_to64(p,l,2); p += 2;
*p = '\0';
/* Don't leave anything around in vm they could use. */
memset(final,0,sizeof final);
}
else {
*passwd = 0;
}
return passwd;
}
#ifdef WITHMAIN
#include <stdio.h>
int main(int argc, char* argv[]){
unsigned char buf[1024];
unsigned i;
if(argc < 2 || argc > 3) {
fprintf(stderr, "usage: \n"
"\t%s <password>\n"
"\t%s <salt> <password>\n"
"Performs NT crypt if no salt specified, MD5 crypt with salt\n"
"This software uses:\n"
" RSA Data Security, Inc. MD4 Message-Digest Algorithm\n"
" RSA Data Security, Inc. MD5 Message-Digest Algorithm\n",
argv[0],
argv[0]);
return 1;
}
if(argc == 2) {
printf("NT:%s\n", ntpwdhash(buf, (unsigned char *)argv[1], 1));
}
else {
i = (int)strlen((char *)argv[1]);
if (i > 64) argv[1][64] = 0;
sprintf((char *)buf, "$1$%s$", argv[1]);
printf("CR:%s\n", mycrypt((unsigned char *)argv[2], buf, buf+256));
}
return 0;
}
#endif

89
src/ntlm.c Normal file
View File

@ -0,0 +1,89 @@
/*
3APA3A simpliest proxy server
(c) 2002-2008 by ZARAZA <3APA3A@security.nnov.ru>
please read License Agreement
$Id: ntlm.c,v 1.9 2008/01/08 21:46:38 vlad Exp $
*/
#include "proxy.h"
struct ntlmchal {
unsigned char sig[8];
unsigned char messtype[4];
unsigned char dom_len[2];
unsigned char dom_max_len[2];
unsigned char dom_offset[4];
unsigned char flags[4];
unsigned char challenge[8];
unsigned char reserved[8];
unsigned char addr_len[2];
unsigned char addr_max_len[2];
unsigned char addr_offset[4];
unsigned char data[1];
};
struct ntlmreq {
unsigned char sig[8];
unsigned char messtype[4];
unsigned char flags[4];
unsigned char dom_len[2];
unsigned char dom_max_len[2];
unsigned char dom_offset[4];
unsigned char pad1[2];
unsigned char host_len[2];
unsigned char host_max_len[2];
unsigned char host_offset[4];
unsigned char pad2[2];
unsigned char data[1];
};
int text2unicode(const char * text, char * buf, int buflen){
int count = 0;
buflen = ((buflen>>1)<<1);
if(!text || !buflen) return 0;
do {
buf[count++] = toupper(*text++);
buf[count++] = '\0';
} while (*text && count < buflen);
return count;
}
void unicode2text(const char *unicode, char * buf, int len){
int i;
if(!unicode || !len) return;
for(i=0; i<len; i++){
buf[i] = unicode[(i<<1)];
}
buf[i] = 0;
}
void genchallenge(struct clientparam *param, char * challenge, char *buf){
struct ntlmchal *chal;
char tmpbuf[1024];
char hostname[128];
int len, i;
chal = (struct ntlmchal *)tmpbuf;
memset(chal, 0, 1024);
memcpy(chal->sig, "NTLMSSP", 8);
chal->messtype[0] = 2;
gethostname(hostname, 128);
hostname[15] = 0;
len = (((int)strlen(hostname)) << 1);
chal->dom_len[0] = len;
chal->dom_max_len[0] = len;
chal->dom_offset[0] = (unsigned char)((unsigned char *)chal->data - (unsigned char *)chal);
chal->flags[0] = 0x03;
chal->flags[1] = 0x82;
chal->flags[2] = 0x81;
chal->flags[3] = 0xA0;
text2unicode(hostname, (char *)chal->data, 64);
time((time_t *)challenge);
memcpy(challenge+4, &param->sinc.sin_addr.s_addr, 4);
challenge[1]^=param->sinc.sin_port;
for(i = 0; i < 8; i++) challenge[i] ^= myrand(challenge, 8);
memcpy(chal->challenge, challenge, 8);
en64((unsigned char *)tmpbuf, (unsigned char *)buf, (int)((unsigned char *)chal->data - (unsigned char *)chal) + len);
}

142
src/plugins.c Normal file
View File

@ -0,0 +1,142 @@
/*
3APA3A simpliest proxy server
(c) 2002-2008 by ZARAZA <3APA3A@security.nnov.ru>
please read License Agreement
$Id: ntlm.c,v 1.8 2007/12/27 13:20:04 vlad Exp $
*/
#include "proxy.h"
unsigned bandlimitfunc(struct clientparam *param, unsigned nbytesin, unsigned nbytesout);
void trafcountfunc(struct clientparam *param);
int checkACL(struct clientparam * param);
void nametohash(const unsigned char * name, unsigned char *hash);
unsigned hashindex(const unsigned char* hash);
void decodeurl(unsigned char *s, int allowcr);
int parsestr (unsigned char *str, unsigned char **argm, int nitems, unsigned char ** buff, int *inbuf, int *bufsize);
struct ace * make_ace (int argc, unsigned char ** argv);
extern char * proxy_stringtable[];
extern char * admin_stringtable[];
extern struct schedule * schedule;
int start_proxy_thread(struct child * chp);
extern int linenum;
extern char *conffile;
struct symbol symbols[] = {
{symbols+1, "conf", (void *) &conf},
{symbols+2, "socksend", (void *) socksend},
{symbols+3, "socksendto", (void *) socksendto},
{symbols+4, "sockrecvfrom", (void *) sockrecvfrom},
{symbols+5, "sockgetcharcli", (void *) sockgetcharcli},
{symbols+6, "sockgetcharsrv", (void *) sockgetcharsrv},
{symbols+7, "sockgetlinebuf", (void *) sockgetlinebuf},
{symbols+8, "myinet_ntoa", (void *) myinet_ntoa},
{symbols+9, "dobuf", (void *) dobuf},
{symbols+10, "scanaddr", (void *) scanaddr},
{symbols+11, "getip", (void *) getip},
{symbols+12, "sockmap", (void *) sockmap},
{symbols+13, "sockfuncs", (void *) &so},
{symbols+14, "ACLmatches", (void *) ACLmatches},
{symbols+15, "bandlimitfunc", (void *) bandlimitfunc},
{symbols+16, "trafcountfunc", (void *) trafcountfunc},
{symbols+17, "alwaysauth", (void *) alwaysauth},
{symbols+18, "ipauth", (void *) ipauth},
{symbols+19, "nbnameauth", (void *) nbnameauth},
{symbols+20, "strongauth", (void *) strongauth},
{symbols+21, "checkACL", (void *) checkACL},
{symbols+22, "nametohash", (void *) nametohash},
{symbols+23, "hashindex", (void *) hashindex},
{symbols+24, "nservers", (void *) nservers},
{symbols+25, "udpresolve", (void *) udpresolve},
{symbols+26, "bandlim_mutex", (void *) &bandlim_mutex},
{symbols+27, "tc_mutex", (void *) &tc_mutex},
{symbols+28, "hash_mutex", (void *) &hash_mutex},
{symbols+29, "pwl_mutex", (void *) &pwl_mutex},
{symbols+30, "linenum", (void *) &linenum},
{symbols+31, "proxy_stringtable", (void *) proxy_stringtable},
{symbols+32, "en64", (void *) en64},
{symbols+33, "de64", (void *) de64},
{symbols+34, "tohex", (void *) tohex},
{symbols+35, "fromhex", (void *) fromhex},
{symbols+36, "dnspr", (void *) dnsprchild},
{symbols+37, "pop3p", (void *) pop3pchild},
{symbols+38, "proxy", (void *) proxychild},
{symbols+39, "socks", (void *) sockschild},
{symbols+40, "tcppm", (void *) tcppmchild},
{symbols+41, "udppm", (void *) udppmchild},
{symbols+42, "admin", (void *) adminchild},
{symbols+43, "ftppr", (void *) ftpprchild},
{symbols+44, "smtpp", (void *) smtppchild},
{symbols+45, "icqpr", (void *) icqprchild},
{symbols+46, "msnpr", (void *) msnprchild},
{symbols+47, "authfuncs", (void *) &authfuncs},
{symbols+48, "commandhandlers", (void *) &commandhandlers},
{symbols+49, "decodeurl", (void *) decodeurl},
{symbols+50, "parsestr", (void *) parsestr},
{symbols+51, "make_ace", (void *) make_ace},
{symbols+52, "freeacl", (void *) freeacl},
{NULL, "", NULL}
};
static void * findbyname(const char *name){
struct symbol * symbols;
for(symbols = &pluginlink.symbols; symbols; symbols=symbols->next)
if(!strcmp(symbols->name, name)) return symbols->value;
return NULL;
}
struct pluginlink pluginlink = {
{symbols, "", NULL},
&conf,
nservers,
&linenum,
authfuncs,
commandhandlers,
findbyname,
socksend,
socksendto,
sockrecvfrom,
sockgetcharcli,
sockgetcharsrv,
sockgetlinebuf,
myinet_ntoa,
dobuf,
dobuf2,
scanaddr,
getip,
sockmap,
ACLmatches,
alwaysauth,
checkACL,
nametohash,
hashindex,
en64,
de64,
tohex,
fromhex,
decodeurl,
parsestr,
make_ace,
myalloc,
myfree,
myrealloc,
mystrdup,
trafcountfunc,
proxy_stringtable,
&schedule,
freeacl,
admin_stringtable,
&childdef,
start_proxy_thread,
freeparam,
parsehostname,
parseusername,
parseconnusername,
&so,
dologname
};

7
src/plugins/CVS/Entries Normal file
View File

@ -0,0 +1,7 @@
D/WindowsAuthentication////
D/TrafficPlugin////
D/PCREPlugin////
D/FilePlugin////
D/TransparentPlugin////
D/utf8tocp1251////
D/SSLPlugin////

1
src/plugins/CVS/Repository Normal file
View File

@ -0,0 +1 @@
3proxy-0.5a/src/plugins

1
src/plugins/CVS/Root Normal file
View File

@ -0,0 +1 @@
/cygdrive/m/MEDIA/H/CVS

4
src/plugins/FilePlugin/CVS/Entries Normal file
View File

@ -0,0 +1,4 @@
/Makefile.inc/1.1/Sun Sep 20 17:13:29 2009//
/FilePlugin.h/1.4/Fri Oct 9 11:36:00 2009//
/FilePlugin.c/1.8/Wed Apr 11 23:01:22 2012//
D

1
src/plugins/FilePlugin/CVS/Repository Normal file
View File

@ -0,0 +1 @@
3proxy-0.5a/src/plugins/FilePlugin

1
src/plugins/FilePlugin/CVS/Root Normal file
View File

@ -0,0 +1 @@
/cygdrive/m/MEDIA/H/CVS

895
src/plugins/FilePlugin/FilePlugin.c Normal file
View File

@ -0,0 +1,895 @@
/*
3APA3A simpliest proxy server
(c) 2007-2008 by ZARAZA <3APA3A@security.nnov.ru>
please read License Agreement
$Id: FilePlugin.c,v 1.8 2012-04-11 23:01:22 vlad Exp $
*/
#include "../../structures.h"
#include "FilePlugin.h"
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <ctype.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/timeb.h>
#include <fcntl.h>
#include <time.h>
#ifdef _WIN32
#ifndef _WINCE
#include <io.h>
#else
#include <sys/unistd.h>
#endif
#else
#include <unistd.h>
#ifndef O_BINARY
#define O_BINARY (0)
#endif
#endif
#ifdef __cplusplus
extern "C" {
#endif
#ifndef _WIN32
#define WINAPI
#define fp_size_t size_t
#else
#define fp_size_t int
#endif
static struct pluginlink * pl;
static pthread_mutex_t file_mutex;
unsigned long preview = 0;
char path[256];
static int counter = 0;
static int timeo = 0;
static char * fp_stringtable[] = {
/* 0 */ "HTTP/1.0 503 Service Unavailable\r\n"
"Proxy-Connection: close\r\n"
"Content-type: text/html; charset=us-ascii\r\n"
"\r\n"
"<html><head><title>503 Service Unavailable</title></head>\r\n"
"<body><h2>503 Service Unavailable</h2><h3>HTTP policy violation: you have no permission to perform this action. Please conatct helpdesk or Administrator.</h3></body></html>\r\n",
/* 1 */ "421 SMTP policy violation: you have no permission to perform this action. Please conatct helpdesk or Administrator.\r\n",
/* 2 */ "421 FTP policy violation: you have no permission to perform this action. Please conatct helpdesk or Administrator.\r\n",
NULL
};
enum states {
STATE_INITIAL = 0,
GOT_HTTP_REQUEST,
GOT_HTTP_CLI_HDR,
GOT_HTTP_SRV_HDR,
GOT_HTTP_CLI_HDR2,
GOT_HTTP_SRV_HDR2,
GOT_HTTP_CLIDATA,
GOT_HTTP_SRVDATA,
GOT_SMTP_REQ,
GOT_SMTP_DATA,
GOT_FTP_REQ,
GOT_FTP_CLIDATA,
GOT_FTP_SRVDATA,
FLUSH_DATA
};
struct fp_callback {
struct fp_callback *next;
FP_CALLBACK callback;
void * data;
int what;
int preview_size;
int max_size;
};
struct fp_stream {
struct fp_stream *next;
char * buf;
int state;
int what;
int needsrvconnect;
int preview_size;
long bufsize;
unsigned long clihdrwritten, clientwritten, clientsent, srvhdrwritten, serverwritten, serversent;
struct fp_callback *callbacks;
struct fp_filedata fpd;
} *fp_streams = NULL;
struct sockfuncs sso;
static void genpaths(struct fp_stream *fps){
if(fps->what & (FP_CLIDATA|FP_CLIHEADER)){
if(fps->fpd.path_cli) free(fps->fpd.path_cli);
fps->fpd.path_cli = malloc(strlen(path) + 10);
sprintf(fps->fpd.path_cli, path, counter++);
}
if(fps->what & (FP_SRVDATA|FP_SRVHEADER)){
if(fps->fpd.path_srv) free(fps->fpd.path_srv);
fps->fpd.path_srv = malloc(strlen(path) + 10);
sprintf(fps->fpd.path_srv, path, counter++);
}
}
static
#ifdef _WIN32
HANDLE
#else
int
#endif
initclientfile(struct fp_stream *fps){
fps->clientwritten = fps->clientsent = 0;
#ifdef _WIN32
if(fps->fpd.h_cli != INVALID_HANDLE_VALUE){
CloseHandle(fps->fpd.h_cli);
}
fps->fpd.h_cli = CreateFile(fps->fpd.path_cli, GENERIC_READ | GENERIC_WRITE, (fps->what & FP_SHAREFILE)? FILE_SHARE_DELETE|FILE_SHARE_READ|FILE_SHARE_WRITE:0, NULL, CREATE_ALWAYS, (fps->what & (FP_KEEPFILE|FP_SHAREFILE))? FILE_ATTRIBUTE_TEMPORARY : FILE_ATTRIBUTE_TEMPORARY | FILE_FLAG_DELETE_ON_CLOSE, NULL);
return fps->fpd.h_cli;
#else
if(fps->fpd.fd_cli != -1) close(fps->fpd.fd_cli);
fps->fpd.fd_cli = open(fps->fpd.path_cli, O_BINARY|O_RDWR|O_CREAT|O_TRUNC, 0600);
return fps->fpd.fd_cli;
#endif
}
static
#ifdef _WIN32
HANDLE
#else
int
#endif
initserverfile(struct fp_stream *fps){
fps->serverwritten = fps->serversent = 0;
#ifdef _WIN32
if(fps->fpd.h_srv != INVALID_HANDLE_VALUE){
CloseHandle(fps->fpd.h_srv);
}
fps->fpd.h_srv = CreateFile(fps->fpd.path_srv, GENERIC_READ | GENERIC_WRITE, (fps->what & FP_SHAREFILE)? FILE_SHARE_DELETE|FILE_SHARE_READ|FILE_SHARE_WRITE:0, NULL, CREATE_ALWAYS, (fps->what & (FP_KEEPFILE|FP_SHAREFILE))? FILE_ATTRIBUTE_TEMPORARY : FILE_ATTRIBUTE_TEMPORARY | FILE_FLAG_DELETE_ON_CLOSE, NULL);
return fps->fpd.h_srv;
#else
if(fps->fpd.fd_srv != -1) close(fps->fpd.fd_srv);
fps->fpd.fd_srv = open(fps->fpd.path_srv, O_BINARY|O_RDWR|O_CREAT|O_TRUNC, 0600);
return fps->fpd.fd_srv;
#endif
}
static void closefiles(struct fp_stream *fps){
#ifdef _WIN32
if(fps->fpd.h_cli != INVALID_HANDLE_VALUE) {
CloseHandle(fps->fpd.h_cli);
fps->fpd.h_cli = INVALID_HANDLE_VALUE;
if((fps->what & FP_SHAREFILE) && !(fps->what & FP_KEEPFILE)) DeleteFile(fps->fpd.path_cli);
}
if(fps->fpd.h_srv != INVALID_HANDLE_VALUE) {
CloseHandle(fps->fpd.h_srv);
fps->fpd.h_srv = INVALID_HANDLE_VALUE;
if((fps->what & FP_SHAREFILE) && !(fps->what & FP_KEEPFILE)) DeleteFile(fps->fpd.path_cli);
}
#else
if(fps->fpd.fd_cli != -1) {
close(fps->fpd.fd_cli);
fps->fpd.fd_cli = -1;
if(!(fps->what & FP_KEEPFILE)) unlink(fps->fpd.path_cli);
}
if(fps->fpd.fd_srv != -1) {
close(fps->fpd.fd_srv);
fps->fpd.fd_srv = -1;
if(!(fps->what & FP_KEEPFILE)) unlink(fps->fpd.path_srv);
}
#endif
if(fps->fpd.path_cli) {
free(fps->fpd.path_cli);
fps->fpd.path_cli = NULL;
}
if(fps->fpd.path_srv) {
free(fps->fpd.path_srv);
fps->fpd.path_srv = NULL;
}
fps->clihdrwritten = fps->clientwritten = fps->clientsent = fps->srvhdrwritten = fps->serverwritten = fps->serversent = 0;
}
static int searchsocket(SOCKET s, struct fp_stream **pfps){
struct fp_stream *fps = NULL;
int ret = 0;
pthread_mutex_lock(&file_mutex);
for(fps = fp_streams; fps; fps = fps->next){
if(fps->fpd.cp->clisock == s) {
ret = 1;
break;
}
if(fps->fpd.cp->remsock == s) {
ret = 2;
break;
}
if(fps->fpd.cp->ctrlsock == s) {
ret = 3;
break;
}
}
pthread_mutex_unlock(&file_mutex);
*pfps = fps;
return ret;
}
static void freecallback(struct fp_stream * fps, struct fp_callback * fpc){
if(fpc->next) freecallback(fps, fpc->next);
if(fpc->what & FP_CALLONREMOVE) (*fpc->callback)(FP_CALLONREMOVE, fpc->data, &fps->fpd, NULL, 0);
free(fpc);
}
static void removefps(struct fp_stream * fps){
if(!fp_streams) return;
pthread_mutex_lock(&file_mutex);
if(fp_streams == fps)fp_streams = fps->next;
else {
struct fp_stream *fps2;
for(fps2 = fp_streams; fps2->next; fps2 = fps2->next){
if(fps2->next == fps){
fps2->next = fps->next;
break;
}
}
}
pthread_mutex_unlock(&file_mutex);
if(fps->callbacks){
freecallback(fps, fps->callbacks);
fps->callbacks = 0;
}
closefiles(fps);
if(fps->buf) {
free(fps->buf);
fps->buf = NULL;
}
fps->state = 0;
}
static int WINAPI fp_connect(SOCKET s, const struct sockaddr *name, fp_size_t namelen){
return sso._connect(s, name, namelen);
}
void processcallbacks(struct fp_stream *fps, int what, char *msg, int size){
struct fp_callback *cb;
int state;
state = fps->state;
if(fps->what & what) {
fps->what = 0;
for(cb = fps->callbacks; cb; cb=cb->next){
if(cb->what & what){
cb->what = (*cb->callback)(what, cb->data, &(fps->fpd), msg, size);
}
fps->what |= cb->what;
}
}
if(fps->what & FP_REJECT){
switch(state){
/*
Fixme: handle different states
*/
case GOT_SMTP_REQ:
case GOT_SMTP_DATA:
fps->state = FLUSH_DATA;
pl->socksend(fps->fpd.cp->clisock, fp_stringtable[1], (int)strlen(fp_stringtable[1]), pl->conf->timeouts[STRING_S]);
fps->state = state;
break;
case GOT_HTTP_REQUEST:
case GOT_HTTP_CLI_HDR:
case GOT_HTTP_SRV_HDR:
case GOT_HTTP_CLI_HDR2:
case GOT_HTTP_SRV_HDR2:
case GOT_HTTP_CLIDATA:
case GOT_HTTP_SRVDATA:
if(!fps->serversent){
fps->state = FLUSH_DATA;
pl->socksend(fps->fpd.cp->clisock, fp_stringtable[0], (int)strlen(fp_stringtable[0]), pl->conf->timeouts[STRING_S]);
fps->state = state;
}
break;
case GOT_FTP_CLIDATA:
case GOT_FTP_REQ:
case GOT_FTP_SRVDATA:
fps->state = FLUSH_DATA;
pl->socksend(fps->fpd.cp->ctrlsock, fp_stringtable[1], (int)strlen(fp_stringtable[1]), pl->conf->timeouts[STRING_S]);
fps->state = state;
break;
default:
break;
}
if(fps->fpd.cp->remsock != INVALID_SOCKET)sso._closesocket(fps->fpd.cp->remsock);
fps->fpd.cp->remsock = INVALID_SOCKET;
if(fps->fpd.cp->clisock != INVALID_SOCKET)sso._closesocket(fps->fpd.cp->clisock);
fps->fpd.cp->clisock = INVALID_SOCKET;
}
}
static int copyfdtosock(struct fp_stream * fps, DIRECTION which, long len){
int res;
long toread;
int state;
#ifdef _WIN32
HANDLE h;
#else
int fd;
#endif
SOCKET sock;
long offset;
int sendchunk = 0;
state = fps->state;
fps->state = FLUSH_DATA;
if(!fps->buf){
fps->buf = malloc(2048);
if(!fps->buf) return -2;
fps->bufsize = 2048;
}
if(which == SERVER){
offset = fps->clientsent;
fps->clientsent += len;
#ifdef _WIN32
h = fps->fpd.h_cli;
#else
fd = fps->fpd.fd_cli;
#endif
sock = fps->fpd.cp->remsock;
}
else {
if(fps->fpd.cp->chunked){
if(fps->serversent < fps->srvhdrwritten && (fps->serversent + len) > fps->srvhdrwritten){
len -= fps->srvhdrwritten - fps->serversent;
if ((res = copyfdtosock(fps, which, fps->srvhdrwritten - fps->serversent))) return res;
}
if(fps->serversent >= fps->srvhdrwritten){
sprintf(fps->buf, "%lx\r\n", len);
sendchunk = (int)strlen(fps->buf);
if(pl->socksend(fps->fpd.cp->clisock, fps->buf, sendchunk, pl->conf->timeouts[STRING_S]) != sendchunk){
return -4;
}
}
}
offset = fps->serversent;
fps->serversent += len;
#ifdef _WIN32
h = fps->fpd.h_srv;
#else
fd = fps->fpd.fd_srv;
#endif
sock = fps->fpd.cp->clisock;
}
#ifdef _WIN32
if(SetFilePointer(h,offset,0,FILE_BEGIN)!=offset){
return -1;
}
#else
if(lseek(fd, offset, SEEK_SET) < 0) {
return -1;
}
#endif
while(len > 0){
/*
Fixme: prevent client/server timeouts
*/
toread = (len > fps->bufsize)? fps->bufsize:len;
#ifdef _WIN32
if(!ReadFile(h, fps->buf, (DWORD)toread,(DWORD *)&res,NULL)) {
#else
if((res = read(fd, fps->buf, toread)) <= 0) {
#endif
return -3;
}
if(pl->socksend(sock, fps->buf, res, pl->conf->timeouts[STRING_S]) != res) {
return -4;
}
len -= res;
}
if(sendchunk){
if(pl->socksend(sock, "\r\n", 2, pl->conf->timeouts[STRING_S]) != 2)
return -4;
}
fps->state = state;
return 0;
}
static int WINAPI fp_poll(struct pollfd *fds, unsigned int nfds, int timeout){
struct fp_stream *fps = NULL;
int res;
unsigned i;
int to;
for(i = 0; i<nfds; i++){
res = searchsocket(fds[i].fd, &fps);
if(res == 2 && fps->state == GOT_SMTP_DATA){
if(fds[i].events & POLLOUT){
fds[i].revents = POLLOUT;
return 1;
}
}
else if(res == 2 && (((fps->what & FP_CLIHEADER) && (fps->state == GOT_HTTP_REQUEST || fps->state == GOT_HTTP_CLI_HDR2)) || ((fps->what & FP_CLIDATA) && fps->state == GOT_HTTP_CLIDATA))){
if(fds[i].events & POLLIN){
processcallbacks(fps, (fps->state == GOT_HTTP_CLIDATA)?FP_CLIDATA:FP_CALLAFTERCLIHEADERS, NULL, 0);
if(fps->clihdrwritten + fps->clientwritten > fps->clientsent) {
if(copyfdtosock(fps, SERVER, (fps->clihdrwritten + fps->clientwritten) - fps->clientsent))
return -2;
}
if(fps->state) {
if(fps->what & FP_SRVHEADER) initserverfile(fps);
fps->state = GOT_HTTP_SRV_HDR;
}
}
else if(fds[i].events & POLLOUT){
fds[i].revents = POLLOUT;
return 1;
}
}
else if(res == 1 && (fps->state == GOT_HTTP_SRVDATA || fps->state == GOT_HTTP_SRV_HDR || fps->state == GOT_HTTP_SRV_HDR2)&& (fds[i].events & POLLIN)){
processcallbacks(fps, (fps->state == GOT_HTTP_SRVDATA)? FP_SRVDATA:FP_CALLAFTERSRVHEADERS, NULL, 0);
if(fps->srvhdrwritten + fps->serverwritten > fps->serversent) {
if(copyfdtosock(fps, CLIENT, (fps->srvhdrwritten + fps->serverwritten) - fps->serversent))
return -2;
}
closefiles(fps);
fps->state = 0;
}
}
return sso._poll(fds, nfds, timeout);
}
static int WINAPI fp_send(SOCKET s, const char *msg, fp_size_t len, int flags){
struct fp_stream *fps = NULL;
int res;
res = searchsocket(s, &fps);
if(res == 2){
if(fps->state == GOT_SMTP_DATA) {
if(fps->clihdrwritten + fps->clientwritten > fps->clientsent) {
processcallbacks(fps, FP_CLIDATA, NULL, 0);
if(copyfdtosock(fps, SERVER, (fps->clihdrwritten + fps->clientwritten) - fps->clientsent)) {
return -1;
}
fps->state = 0;
}
closefiles(fps);
fps->state = 0;
return sso._send(s, msg, len, flags);
}
if((((fps->what & FP_CLIHEADER) && (fps->state == GOT_HTTP_REQUEST || fps->state == GOT_HTTP_CLI_HDR2)) || ((fps->what & FP_CLIDATA) && fps->state == GOT_HTTP_CLIDATA))){
#ifdef _WIN32
if(SetFilePointer(fps->fpd.h_cli, fps->clientwritten + fps->clihdrwritten, 0, FILE_BEGIN) != (fps->clientwritten + fps->clihdrwritten)){
return -1;
}
if(!WriteFile(fps->fpd.h_cli, msg, (DWORD)len,(DWORD *)&res,NULL) || res != len){
return -1;
}
#else
if(lseek(fps->fpd.fd_cli, fps->clientwritten + fps->clihdrwritten, SEEK_SET) < 0) {
return -1;
}
if((res = write(fps->fpd.fd_cli, msg, len) != len)) return -1;
#endif
if(fps->state == GOT_HTTP_CLIDATA)fps->clientwritten += res;
else fps->clihdrwritten += res;
return res;
}
}
if(res == 1){
if(((fps->what & FP_SRVDATA) && (fps->state == GOT_HTTP_SRVDATA || fps->state == GOT_HTTP_SRV_HDR) && fps->fpd.cp->chunked && len < 16 )){
int hasnonzero = 0, i;
for(i=0; i < len; i++){
char c = msg[i];
if(c == '\r' || c == '\n') continue;
if((c<'0'|| c>'9') && (c<'A' || c>'F') && (c<'a' || c>'f')) {
return sso._send(s, msg, len, flags);
}
if(c != '0') hasnonzero = 1;
}
if(i>2 && !hasnonzero){
if(fps->srvhdrwritten + fps->serverwritten > fps->serversent) {
processcallbacks(fps, FP_SRVDATA, NULL, 0);
if(copyfdtosock(fps, CLIENT, (fps->srvhdrwritten + fps->serverwritten) - fps->serversent)) {
return -1;
}
fps->state = 0;
}
closefiles(fps);
fps->state = 0;
return sso._send(s, msg, len, flags);
}
return len;
}
if(((fps->what & FP_SRVHEADER) && (fps->state == GOT_HTTP_SRV_HDR || fps->state == GOT_HTTP_SRV_HDR2))){
#ifdef _WIN32
if(SetFilePointer(fps->fpd.h_srv, fps->serverwritten + fps->srvhdrwritten, 0, FILE_BEGIN) != (fps->serverwritten + fps->srvhdrwritten)){
return -1;
}
if(!WriteFile(fps->fpd.h_srv, msg, (DWORD)len,(DWORD *)&res,NULL) || res !=len){
return -1;
}
#else
if(lseek(fps->fpd.fd_srv, fps->serverwritten + fps->srvhdrwritten, SEEK_SET) < 0) {
return -1;
}
if((res = write(fps->fpd.fd_srv, msg, len) != len)) return -1;
#endif
fps->srvhdrwritten += res;
return res;
}
}
return sso._send(s, msg, len, flags);
}
static int WINAPI fp_sendto(SOCKET s, const void *msg, int len, int flags, const struct sockaddr *to, fp_size_t tolen){
struct fp_stream *fps = NULL;
int res;
res = searchsocket(s, &fps);
if(res == 2) {
switch(fps->state){
case GOT_SMTP_REQ:
if(!(fps->what & FP_CLIDATA)) break;
fps->state = GOT_SMTP_DATA;
initclientfile(fps);
case GOT_FTP_REQ:
if(fps->state == GOT_FTP_REQ){
if(!(fps->what & FP_CLIDATA)) break;
fps->state = GOT_FTP_CLIDATA;
initclientfile(fps);
}
case GOT_HTTP_CLI_HDR2:
if(fps->state == GOT_HTTP_CLI_HDR2){
processcallbacks(fps, FP_CALLAFTERCLIHEADERS, NULL, 0);
if ((fps->what & FP_REJECT)) return -1;
if((fps->what & FP_CLIDATA) && !(fps->what & FP_CLIHEADER)) initclientfile(fps);
else if(!(fps->what & FP_CLIDATA) && (fps->what & FP_CLIHEADER)){
if(fps->clihdrwritten + fps->clientwritten > fps->clientsent) {
if(copyfdtosock(fps, SERVER, (fps->clihdrwritten + fps->clientwritten) - fps->clientsent))
return -2;
}
}
fps->state = GOT_HTTP_CLIDATA;
}
case GOT_HTTP_REQUEST:
if(fps->state == GOT_HTTP_REQUEST && !(fps->what & FP_CLIHEADER)) break;
case GOT_SMTP_DATA:
case GOT_FTP_CLIDATA:
case GOT_FTP_SRVDATA:
case GOT_HTTP_CLIDATA:
if((!fps->what & FP_CLIDATA)) break;
#ifdef _WIN32
if(SetFilePointer(fps->fpd.h_cli, fps->clientwritten + fps->clihdrwritten, 0, FILE_BEGIN) != (fps->clientwritten + fps->clihdrwritten)){
return -1;
}
if(!WriteFile(fps->fpd.h_cli, msg, (DWORD)len,(DWORD *)&res,NULL) || res != len) {
return -1;
}
#else
if(lseek(fps->fpd.fd_cli, fps->clientwritten + fps->clihdrwritten, SEEK_SET) < 0) {
return -1;
}
if((res = write(fps->fpd.fd_cli, msg, len) != len)) return -1;
#endif
if(fps->state == GOT_HTTP_REQUEST)fps->clihdrwritten += res;
else fps->clientwritten += res;
if(fps->preview_size && ((fps->clihdrwritten + fps->clientwritten) > (fps->clientsent + fps->preview_size))){
if(!fps->clientsent){
processcallbacks(fps, FP_PREVIEWCLI, NULL, 0);
if ((fps->what & FP_REJECT)) return -1;
}
if(copyfdtosock(fps, SERVER, (fps->clihdrwritten + fps->clientwritten) - (fps->clientsent + fps->preview_size)))
return -1;
}
return res;
}
}
else if(res == 1){
switch(fps->state){
case GOT_HTTP_SRV_HDR2:
processcallbacks(fps, FP_CALLAFTERSRVHEADERS, NULL, 0);
if ((fps->what & FP_REJECT)) return REJECT;
if((fps->what & FP_SRVDATA) && !(fps->what & FP_SRVHEADER)) initserverfile(fps);
else if(!(fps->what & FP_SRVDATA) && (fps->what & FP_SRVHEADER)){
if(fps->srvhdrwritten + fps->serverwritten > fps->serversent) {
if(copyfdtosock(fps, CLIENT, (fps->srvhdrwritten + fps->serverwritten) - fps->serversent))
return -2;
}
}
fps->state = GOT_HTTP_SRVDATA;
case GOT_FTP_REQ:
if(fps->state == GOT_FTP_REQ){
if(!(fps->what & FP_SRVDATA)) break;
fps->state = GOT_FTP_SRVDATA;
initserverfile(fps);
}
case GOT_HTTP_SRV_HDR:
if(fps->state == GOT_HTTP_SRV_HDR && !(fps->what & FP_SRVHEADER)) break;
case GOT_HTTP_SRVDATA:
case GOT_FTP_SRVDATA:
case GOT_FTP_CLIDATA:
if(!(fps->what & FP_SRVDATA)) break;
#ifdef _WIN32
if(SetFilePointer(fps->fpd.h_srv, fps->serverwritten + fps->srvhdrwritten, 0, FILE_BEGIN) != (fps->serverwritten + fps->srvhdrwritten)){
return -1;
}
if(!WriteFile(fps->fpd.h_srv, msg, (DWORD)len,(DWORD *)&res,NULL) || res != len){
return -1;
}
#else
if(lseek(fps->fpd.fd_srv, fps->serverwritten + fps->srvhdrwritten, SEEK_SET) < 0) {
return -1;
}
if((res = write(fps->fpd.fd_srv, msg, len) != len)) return -1;
#endif
if(fps->state == GOT_HTTP_SRV_HDR)fps->srvhdrwritten += res;
else fps->serverwritten += res;
if(fps->preview_size && ((fps->srvhdrwritten + fps->serverwritten) > (fps->serversent + fps->preview_size))){
if(!fps->serversent){
processcallbacks(fps, FP_PREVIEWSRV, NULL, 0);
if ((fps->what & FP_REJECT)) return -1;
}
if(copyfdtosock(fps, CLIENT, (fps->srvhdrwritten + fps->serverwritten) - (fps->serversent + fps->preview_size)))
return -1;
}
return res;
}
}
return sso._sendto(s, msg, len, flags, to, tolen);
}
static int WINAPI fp_recv(SOCKET s, void *buf, fp_size_t len, int flags){
return sso._recv(s, buf, len, flags);
}
static int WINAPI fp_recvfrom(SOCKET s, void * buf, fp_size_t len, int flags, struct sockaddr * from, fp_size_t * fromlen){
return sso._recvfrom(s, buf, len, flags, from, fromlen);
}
static int WINAPI fp_shutdown(SOCKET s, int how){
struct fp_stream *fps = NULL;
int res;
res = searchsocket(s, &fps);
if(res){
if(fps->state == GOT_HTTP_SRV_HDR || fps->state == GOT_HTTP_SRVDATA || fps->state == GOT_FTP_SRVDATA){
if(fps->srvhdrwritten + fps->serverwritten > fps->serversent) {
processcallbacks(fps, FP_SRVDATA, NULL, 0);
copyfdtosock(fps, CLIENT, (fps->srvhdrwritten + fps->serverwritten) - fps->serversent);
}
closefiles(fps);
fps->state = 0;
}
else if(fps->state == GOT_FTP_CLIDATA){
if(fps->clihdrwritten + fps->clientwritten > fps->clientsent) {
processcallbacks(fps, FP_CLIDATA, NULL, 0);
copyfdtosock(fps, SERVER, (fps->clihdrwritten + fps->clientwritten) - fps->clientsent);
}
closefiles(fps);
fps->state = 0;
}
}
return sso._shutdown(s, how);
}
static int WINAPI fp_closesocket(SOCKET s){
return sso._closesocket(s);
}
struct fp_stream * addfps(struct clientparam *cp){
struct fp_stream *fps;
for(fps = fp_streams; fps && fps->fpd.cp != cp; fps = fps->next);
if(!fps) {
fps = malloc(sizeof(struct fp_stream));
if(!fps){
return NULL;
}
memset(fps, 0, sizeof(struct fp_stream));
fps->fpd.cp = cp;
fps->next = fp_streams;
fp_streams = fps;
#ifdef _WIN32
fps->fpd.h_cli = fps->fpd.h_srv = INVALID_HANDLE_VALUE;
#else
fps->fpd.fd_cli = fps->fpd.fd_srv = -1;
#endif
}
return fps;
}
static int fp_registercallback (int what, int max_size, int preview_size, struct clientparam *cp, FP_CALLBACK cb, void *data){
struct fp_callback * fpc;
struct fp_stream *fps;
fpc = malloc(sizeof(struct fp_callback));
if(!fpc) return 0;
fpc->what = what;
fpc->preview_size = preview_size;
fpc->max_size = max_size;
fpc->data = data;
fpc->callback = cb;
pthread_mutex_lock(&file_mutex);
fps = addfps(cp);
if(fps){
fpc->next = fps->callbacks;
fps->callbacks = fpc;
fps->what |= fpc->what;
if(preview_size > fps->preview_size) fps->preview_size = preview_size;
}
else free(fpc);
pthread_mutex_unlock(&file_mutex);
return fps?1:0;
}
static void * fp_open(void * idata, struct srvparam * param){
return idata;
}
#define FC ((struct fp_stream *)fc)
static FILTER_ACTION fp_client(void *fo, struct clientparam * param, void** fc){
pthread_mutex_lock(&file_mutex);
(*fc) = (void *)addfps(param);
pthread_mutex_unlock(&file_mutex);
return CONTINUE;
}
static FILTER_ACTION fp_request(void *fc, struct clientparam * param, unsigned char ** buf_p, int * bufsize_p, int offset, int * length_p){
if(fc && (param->service == S_PROXY)){
if(FC->state) {
closefiles(FC);
FC->state = 0;
}
processcallbacks(FC, FP_CALLONREQUEST, *buf_p + offset, *length_p - offset);
if(FC->what &FP_REJECT) return REJECT;
FC->state = GOT_HTTP_REQUEST;
genpaths(FC);
if(FC->what & FP_CLIHEADER) initclientfile(FC);
}
return CONTINUE;
}
static FILTER_ACTION fp_hcli(void *fc, struct clientparam * param, unsigned char ** buf_p, int * bufsize_p, int offset, int * length_p){
if(fc && param->service == S_SMTPP) {
processcallbacks(FC, FP_CALLONREQUEST, *buf_p + offset, *length_p - offset);
if(FC->what & FP_REJECT) return REJECT;
if(!FC->state)genpaths(FC);
FC->state = GOT_SMTP_REQ;
}
if(fc && param->service == S_FTPPR) {
processcallbacks(FC, FP_CALLONREQUEST, *buf_p + offset, *length_p - offset);
if(FC->what & FP_REJECT) return REJECT;
genpaths(FC);
FC->state = GOT_FTP_REQ;
}
return CONTINUE;
}
static FILTER_ACTION fp_hsrv(void *fc, struct clientparam * param, unsigned char ** buf_p, int * bufsize_p, int offset, int * length_p){
if(fc && param->service == S_PROXY && (FC->state == GOT_HTTP_REQUEST || FC->state == GOT_HTTP_CLI_HDR || FC->state == GOT_HTTP_CLIDATA)){
if(FC->what & FP_SRVHEADER) initserverfile(FC);
FC->state = GOT_HTTP_SRV_HDR;
}
return CONTINUE;
}
static FILTER_ACTION fp_dcli(void *fc, struct clientparam * param, unsigned char ** buf_p, int * bufsize_p, int offset, int * length_p){
if(fc && FC->state == GOT_HTTP_REQUEST){
FC->state = GOT_HTTP_CLI_HDR2;
}
return CONTINUE;
}
static FILTER_ACTION fp_dsrv(void *fc, struct clientparam * param, unsigned char ** buf_p, int * bufsize_p, int offset, int * length_p){
if(fc && (FC->state == GOT_HTTP_REQUEST || FC->state == GOT_HTTP_CLI_HDR || FC->state == GOT_HTTP_CLIDATA || FC->state == GOT_HTTP_CLIDATA || FC->state == GOT_HTTP_SRV_HDR)){
FC->state = GOT_HTTP_SRV_HDR2;
}
return CONTINUE;
}
static void fp_clear(void *fc){
removefps(FC);
free(fc);
}
static void fp_close(void *fo){
}
static struct filter fp_filter = {
NULL,
"filefilter",
"filefilter",
fp_open,
fp_client,
fp_request,
fp_hcli,
fp_hsrv,
NULL,
fp_dcli,
fp_dsrv,
fp_clear,
fp_close,
};
static struct symbol fp_symbols[] = {
{fp_symbols + 1, "fp_registercallback", (void*) fp_registercallback},
{NULL, "fp_stringtable", (void*) fp_stringtable}
};
static int file_loaded=0;
#ifdef _WIN32
__declspec(dllexport)
#endif
int file_plugin (struct pluginlink * pluginlink,
int argc, char** argv){
char * dirp;
if(!file_loaded){
pthread_mutex_init(&file_mutex, NULL);
file_loaded = 1;
pl = pluginlink;
memcpy(&sso, pl->so, sizeof(struct sockfuncs));
pl->so->_poll = fp_poll;
pl->so->_send = fp_send;
pl->so->_sendto = fp_sendto;
pl->so->_recv = fp_recv;
pl->so->_recvfrom = fp_recvfrom;
pl->so->_shutdown = fp_shutdown;
pl->so->_closesocket = fp_closesocket;
fp_filter.next = pl->conf->filters;
pl->conf->filters = &fp_filter;
fp_symbols[1].next = pl->symbols.next;
pl->symbols.next = fp_symbols;
}
if(path) free(path);
dirp = (argc > 1)? argv[1] : getenv("TEMP");
if(strlen(dirp) > 200 || strchr(dirp, '%')) return (13001);
#ifdef _WIN32
sprintf(path, "%s\\%%d.tmp", dirp);
#else
sprintf(path, "%s/%%d.tmp", dirp);
#endif
if(argc > 2) preview = atoi(argv[2]);
if(!preview) preview = 32768;
return 0;
}
#ifdef __cplusplus
}
#endif

Some files were not shown because too many files have changed in this diff Show More