bughz/3proxy
1
0
Fork 0
mirror of https://github.com/3proxy/3proxy.git synced 2025-04-21 11:42:09 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Compare commits

base: bughz:master
Branches Tags
bughz:master
bughz:workflow-test
bughz:devel
bughz:0.8
bughz:0.7
bughz:0.9.5
bughz:0.9.4
bughz:0.9.3
bughz:0.9.2
bughz:0.9.1
bughz:0.9.0
bughz:0.9.0-rc
bughz:0.8.13
bughz:0.8.12
bughz:0.8.11
bughz:0.8.10
bughz:0.8.9
bughz:3proxy-0.8.8
bughz:0.8.8
bughz:3proxy-0.8.7
bughz:3proxy-0.8.6
bughz:3proxy-0.8.5
bughz:3proxy-0.8.4
bughz:3proxy-0.8.3
bughz:3proxy-0.8.2
bughz:3proxy-0.7.1.4
bughz:3proxy-0.8.1
bughz:3proxy-0.8.0
bughz:3proxy-0.8-pre
bughz:3proxy-0.7.1.3
bughz:3proxy-0.7.1.2
bughz:v0.7.1.2
bughz:v0.7.1.1
bughz:v0.7.1
bughz:v0.7
..
compare: bughz:0.9.5
Branches Tags
bughz:master
bughz:workflow-test
bughz:devel
bughz:0.8
bughz:0.7
bughz:0.9.5
bughz:0.9.4
bughz:0.9.3
bughz:0.9.2
bughz:0.9.1
bughz:0.9.0
bughz:0.9.0-rc
bughz:0.8.13
bughz:0.8.12
bughz:0.8.11
bughz:0.8.10
bughz:0.8.9
bughz:3proxy-0.8.8
bughz:0.8.8
bughz:3proxy-0.8.7
bughz:3proxy-0.8.6
bughz:3proxy-0.8.5
bughz:3proxy-0.8.4
bughz:3proxy-0.8.3
bughz:3proxy-0.8.2
bughz:3proxy-0.7.1.4
bughz:3proxy-0.8.1
bughz:3proxy-0.8.0
bughz:3proxy-0.8-pre
bughz:3proxy-0.7.1.3
bughz:3proxy-0.7.1.2
bughz:v0.7.1.2
bughz:v0.7.1.1
bughz:v0.7.1
bughz:v0.7

No commits in common. "master" and "0.9.5" have entirely different histories.
master ... 0.9.5

23 changed files with 4604 additions and 595 deletions
Show Stats Expand all files Collapse all files

50
.github/workflows/c-cpp.yml vendored
View File

@ -1,50 +0,0 @@
name: C/C++ CI
on:
push:
branches: [ "master" ]
paths: [ '**.c', '**.h', 'Makefile.**', '.github/configs', '.github/workflows/c-cpp.yml' ]
pull_request:
branches: [ "master" ]
paths: [ '**.c', '**.h', 'Makefile.**', '.github/configs', '.github/workflows/c-cpp.yml' ]
jobs:
ci:
name: "${{ matrix.target }}"
strategy:
matrix:
target:
- ubuntu-latest
- ubuntu-24.04-arm
- macos-15
- windows-2022
runs-on: ${{ matrix.target }}
steps:
- uses: actions/checkout@v4
# - name: configure
# run: ./configure
- name: ln Linux
if: ${{ startsWith(matrix.target, 'ubuntu') }}
run: ln -s Makefile.Linux Makefile
- name: ln Mac
if: ${{ startsWith(matrix.target, 'macos') }}
run: ln -s Makefile.FreeBSD Makefile
- name: ln Windows
if: ${{ startsWith(matrix.target, 'windows') }}
run: copy Makefile.win Makefile
- name: dirs Windows
if: ${{ startsWith(matrix.target, 'windows') }}
run: cmd /C 'echo LIBS := -L "c:/program files/openssl/lib" $(LIBS) >>Makefile.win && echo CFLAGS := -I "c:/program files/openssl/include" $(CFLAGS) >>Makefile.win && type Makefile.win'
- name: SSLPlugin Linux
if: ${{ startsWith(matrix.target, 'ubuntu') }}
run: 'echo PLUGINS := $(PLUGINS) SSLPlugin >>Makefile & echo LIBS := $(LIBS) -lcrypto -lssl >>Makefile'
- name: make
run: make
- name: mkdir
if: ${{ startsWith(matrix.target, 'ubuntu') }}
run: mkdir ~/3proxy
- name: make install
if: ${{ startsWith(matrix.target, 'ubuntu') }}
run: make DESTDIR=~/3proxy install
- name: make clean
run: make clean

21
Makefile.llvm
View File

@ -10,13 +10,13 @@
BUILDDIR = ../bin/
CC = clang
CFLAGS = -O2 -fno-strict-aliasing -c -pthread -DWITH_STD_MALLOC -DWITH_WSAPOLL
CFLAGS = -O2 -fno-strict-aliasing -c -pthread -static -DWITH_STD_MALLOC -DNOIPV6
COUT = -o
LN = $(CC)
LDFLAGS = -O2 -fno-strict-aliasing -s
LDFLAGS = -O2 -fno-strict-aliasing -static -s
DLFLAGS = -shared
DLSUFFICS = .dll
LIBS = -lws2_32 -lodbc32 -ladvapi32 -luser32 -lcrypto -lssl
LIBS = -lws2_32 -lodbc32 -ladvapi32
LIBSPREFIX = -l
LIBSSUFFIX =
LNOUT = -o
@ -28,19 +28,10 @@ REMOVECOMMAND = rm -f
AFTERCLEAN = find src/ -type f -name "*.o" -delete && find src/ -type f -name "Makefile.var" -delete && find bin/ -type f -executable -delete
TYPECOMMAND = cat
COMPATLIBS =
MAKEFILE = Makefile.llvm
PLUGINS = utf8tocp1251 WindowsAuthentication TrafficPlugin StringsPlugin PCREPlugin SSLPlugin
VERFILE := 3proxy.res $(VERFILE)
VERSION := $(VERSION)
VERSIONDEP := 3proxy.res $(VERSIONDEP)
BUILDDATE := $(BUILDDATE)
AFTERCLEAN = (find . -type f -name "*.o" -delete && find . -type f -name "*.res" -delete && find src/ -type f -name "Makefile.var" -delete && find bin/ -type f -executable -delete) || true
MAKEFILE = Makefile.win
PLUGINS = utf8tocp1251 WindowsAuthentication TrafficPlugin StringsPlugin PCREPlugin
include Makefile.inc
3proxy.res:
llvm-rc 3proxy.rc
allplugins:
@list='$(PLUGINS)'; for p in $$list; do cp Makefile Makefile.var plugins/$$p; cd plugins/$$p ; make ; cd ../.. ; done
for /D %%i in ($(PLUGINS)) do (copy Makefile plugins\%%i && copy Makefile.var plugins\%%i && cd plugins\%%i && nmake && del *.o &&cd ..\..)

17
Makefile.win
View File

@ -10,13 +10,13 @@
BUILDDIR = ../bin/
CC = gcc
CFLAGS = -O2 -s -c -mthreads -DWITH_STD_MALLOC -DWITH_WSAPOLL
CFLAGS = -O2 -s -c -mthreads -DWITH_STD_MALLOC -DNOIPV6 -DNORADIUS
COUT = -o
LN = gcc
LDFLAGS = -O2 -s -mthreads
DLFLAGS = -shared
DLSUFFICS = .dll
LIBS = -lws2_32 -lodbc32 -ladvapi32 -luser32 -lcrypto -lssl
LIBS = -lws2_32 -lodbc32 -ladvapi32
LIBSPREFIX = -l
LIBSSUFFIX =
LNOUT = -o
@ -28,18 +28,9 @@ REMOVECOMMAND = rm -f
TYPECOMMAND = cat
COMPATLIBS =
MAKEFILE = Makefile.win
PLUGINS = utf8tocp1251 WindowsAuthentication TrafficPlugin StringsPlugin PCREPlugin SSLPLugin
VERFILE := 3proxyres.o $(VERFILE)
VERSION := $(VERSION)
VERSIONDEP := 3proxyres.o $(VERSIONDEP)
BUILDDATE := $(BUILDDATE)
AFTERCLEAN = (find . -type f -name "*.o" -delete && find . -type f -name "*.res" -delete && find src/ -type f -name "Makefile.var" -delete && find bin/ -type f -executable -delete) || true
PLUGINS = utf8tocp1251 WindowsAuthentication TrafficPlugin StringsPlugin PCREPlugin
include Makefile.inc
3proxyres.o:
windres 3proxy.rc -o 3proxyres.o
allplugins:
@list='$(PLUGINS)'; for p in $$list; do cp Makefile Makefile.var plugins/$$p; cd plugins/$$p ; make ; cd ../.. ; done
@list='$(PLUGINS)'; for p in $$list; do cp Makefile Makefile.var plugins/$$p; cd plugins/$$p ; make ; rm *.o ; cd ../.. ; done

29
README
View File

@ -4,22 +4,20 @@
Branches:
Master (stable) branch - 3proxy 0.9
Devel branch - 3proxy 10 (don't use it)
Devel branch - 3proxy 10
* Download
Binaries and sources for released (master) versions (Windows, Linux):
Download:
Binaries for released (master) versions (Windows, Linux):
https://github.com/z3APA3A/3proxy/releases
Binaries for devel version (Windows, Linux):
https://3proxy.org/download/devel/
Docker images:
https://hub.docker.com/repository/docker/3proxy/3proxy
Archive of old versions: https://github.com/z3APA3A/3proxy-archive
Archive of old versions: https://github.com/z3APA3A/3proxy-archive
* Documentation
Documentation (man pages and HTML) available with download, on https://3proxy.org/
and in github wiki https://github.com/3proxy/3proxy/wiki
* Windows installation
Windows installation:
3proxy --install
@ -31,9 +29,7 @@ Devel branch - 3proxy 10 (don't use it)
removes the service (should be stopped before via
'net stop 3proxy').
* To build in Linux
install git and build-essential packages, use
To build in Linux install git and build-essential packages, use
git clone https://github.com/z3apa3a/3proxy
cd 3proxy
@ -58,14 +54,7 @@ usage: /etc/3proxy/conf/add3proxyuser.sh username password [day_limit] [bandwidt
or modify /etc/3proxy/conf/ files directly.
* For MacOS X / FreeBSD / *BSD
git clone https://github.com/z3apa3a/3proxy
cd 3proxy
ln -s Makefile.FreeBSD Makefile
make
(binaries are in bin/ directory)
Please read doc/html/index.html and man pages.
Features:
1. General

8
src/3proxy.c
View File

@ -521,14 +521,6 @@ int WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPWSTR lpCmdLine, int
#ifndef NORADIUS
pthread_mutex_init(&rad_mutex, NULL);
#endif
#ifdef _WIN32
if(!CreatePipe(&conf.threadinit[0], &conf.threadinit[1], NULL, 1)){
#else
if(pipe(conf.threadinit)) {
#endif
fprintf(stderr, "CreatePipe failed\n");
return 1;
};
freeconf(&conf);
res = readconfig(fp);

10
src/Makefile.inc
View File

@ -144,12 +144,18 @@ $(BUILDDIR)mycrypt$(EXESUFFICS): md4$(OBJSUFFICS) md5$(OBJSUFFICS) mycryptmain$(
md4$(OBJSUFFICS): libs/md4.h libs/md4.c
$(CC) $(COUT)md4$(OBJSUFFICS) $(CFLAGS) libs/md4.c
smbdes$(OBJSUFFICS): libs/smbdes.c
$(CC) $(COUT)smbdes$(OBJSUFFICS) $(CFLAGS) libs/smbdes.c
md5$(OBJSUFFICS): libs/md5.h libs/md5.c
$(CC) $(COUT)md5$(OBJSUFFICS) $(CFLAGS) libs/md5.c
ntlm$(OBJSUFFICS): ntlm.c
$(CC) $(COUT)ntlm$(OBJSUFFICS) $(CFLAGS) ntlm.c
stringtable$(OBJSUFFICS): stringtable.c
$(CC) $(COUT)stringtable$(OBJSUFFICS) $(CFLAGS) stringtable.c
$(BUILDDIR)3proxy$(EXESUFFICS): 3proxy$(OBJSUFFICS) mainfunc$(OBJSUFFICS) srvproxy$(OBJSUFFICS) srvpop3p$(OBJSUFFICS) srvsmtpp$(OBJSUFFICS) srvftppr$(OBJSUFFICS) srvsocks$(OBJSUFFICS) srvtcppm$(OBJSUFFICS) srvtlspr$(OBJSUFFICS) srvauto$(OBJSUFFICS) srvudppm$(OBJSUFFICS) sockmap$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) common$(OBJSUFFICS) auth$(OBJSUFFICS) authradius$(OBJSUFFICS) conf$(OBJSUFFICS) log$(OBJSUFFICS) datatypes$(OBJSUFFICS) md4$(OBJSUFFICS) md5$(OBJSUFFICS) mycrypt$(OBJSUFFICS) base64$(OBJSUFFICS) ftp$(OBJSUFFICS) stringtable$(OBJSUFFICS) srvwebadmin$(OBJSUFFICS) srvdnspr$(OBJSUFFICS) plugins$(OBJSUFFICS) $(COMPATLIBS) $(VERSIONDEP)
$(LN) $(LNOUT)$(BUILDDIR)3proxy$(EXESUFFICS) $(LDFLAGS) $(VERFILE) 3proxy$(OBJSUFFICS) mainfunc$(OBJSUFFICS) auth$(OBJSUFFICS) authradius$(OBJSUFFICS) conf$(OBJSUFFICS) datatypes$(OBJSUFFICS) srvauto$(OBJSUFFICS) srvproxy$(OBJSUFFICS) srvpop3p$(OBJSUFFICS) srvsmtpp$(OBJSUFFICS) srvftppr$(OBJSUFFICS) srvsocks$(OBJSUFFICS) srvtcppm$(OBJSUFFICS) srvtlspr$(OBJSUFFICS) srvudppm$(OBJSUFFICS) sockmap$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) common$(OBJSUFFICS) log$(OBJSUFFICS) mycrypt$(OBJSUFFICS) md5$(OBJSUFFICS) md4$(OBJSUFFICS) base64$(OBJSUFFICS) ftp$(OBJSUFFICS) stringtable$(OBJSUFFICS) srvwebadmin$(OBJSUFFICS) srvdnspr$(OBJSUFFICS) plugins$(OBJSUFFICS) $(COMPATLIBS) $(LIBS)
$(BUILDDIR)3proxy$(EXESUFFICS): 3proxy$(OBJSUFFICS) mainfunc$(OBJSUFFICS) srvproxy$(OBJSUFFICS) srvpop3p$(OBJSUFFICS) srvsmtpp$(OBJSUFFICS) srvftppr$(OBJSUFFICS) srvsocks$(OBJSUFFICS) srvtcppm$(OBJSUFFICS) srvtlspr$(OBJSUFFICS) srvauto$(OBJSUFFICS) srvudppm$(OBJSUFFICS) sockmap$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) common$(OBJSUFFICS) auth$(OBJSUFFICS) authradius$(OBJSUFFICS) conf$(OBJSUFFICS) log$(OBJSUFFICS) datatypes$(OBJSUFFICS) md4$(OBJSUFFICS) md5$(OBJSUFFICS) mycrypt$(OBJSUFFICS) base64$(OBJSUFFICS) ftp$(OBJSUFFICS) smbdes$(OBJSUFFICS) ntlm$(OBJSUFFICS) stringtable$(OBJSUFFICS) srvwebadmin$(OBJSUFFICS) srvdnspr$(OBJSUFFICS) plugins$(OBJSUFFICS) $(COMPATLIBS) $(VERSIONDEP)
$(LN) $(LNOUT)$(BUILDDIR)3proxy$(EXESUFFICS) $(LDFLAGS) $(VERFILE) 3proxy$(OBJSUFFICS) mainfunc$(OBJSUFFICS) auth$(OBJSUFFICS) authradius$(OBJSUFFICS) conf$(OBJSUFFICS) datatypes$(OBJSUFFICS) srvauto$(OBJSUFFICS) srvproxy$(OBJSUFFICS) srvpop3p$(OBJSUFFICS) srvsmtpp$(OBJSUFFICS) srvftppr$(OBJSUFFICS) srvsocks$(OBJSUFFICS) srvtcppm$(OBJSUFFICS) srvtlspr$(OBJSUFFICS) srvudppm$(OBJSUFFICS) sockmap$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) common$(OBJSUFFICS) log$(OBJSUFFICS) mycrypt$(OBJSUFFICS) md5$(OBJSUFFICS) md4$(OBJSUFFICS) base64$(OBJSUFFICS) ftp$(OBJSUFFICS) smbdes$(OBJSUFFICS) ntlm$(OBJSUFFICS) stringtable$(OBJSUFFICS) srvwebadmin$(OBJSUFFICS) srvdnspr$(OBJSUFFICS) plugins$(OBJSUFFICS) $(COMPATLIBS) $(LIBS)

60
src/auth.c
View File

@ -222,7 +222,6 @@ int handleredirect(struct clientparam * param, struct ace * acentry){
int weight = 1000;
int res;
int done = 0;
int ha = 0;
struct chain * cur;
struct chain * redir = NULL;
int r2;
@ -279,7 +278,6 @@ int handleredirect(struct clientparam * param, struct ace * acentry){
return 0;
}
else if(SAISNULL(&cur->addr) && !*SAPORT(&cur->addr)){
int i;
if(cur->extuser){
if(param->extusername)
myfree(param->extusername);
@ -291,18 +289,27 @@ int handleredirect(struct clientparam * param, struct ace * acentry){
}
if(*cur->extuser == '*' && !param->username) return 4;
}
for(i=0; redirs[i].name; i++){
if(cur->type == redirs[i].redir) {
param->redirectfunc = redirs[i].func;
switch(cur->type){
case R_POP3:
param->redirectfunc = pop3pchild;
break;
}
}
if(cur->type == R_HA){
ha = 1;
case R_FTP:
param->redirectfunc = ftpprchild;
break;
case R_ADMIN:
param->redirectfunc = adminchild;
break;
case R_SMTP:
param->redirectfunc = smtppchild;
break;
case R_TLS:
param->redirectfunc = tlsprchild;
break;
default:
param->redirectfunc = proxychild;
}
if(cur->next)continue;
if(!ha) return 0;
return 0;
}
else if(!*SAPORT(&cur->addr) && !SAISNULL(&cur->addr)) {
unsigned short port = *SAPORT(&param->sinsr);
@ -317,21 +324,6 @@ int handleredirect(struct clientparam * param, struct ace * acentry){
if((res = alwaysauth(param))){
return (res >= 10)? res : 60+res;
}
if(ha) {
char buf[128];
int len;
len = sprintf(buf, "PROXY %s ",
*SAFAMILY(&param->sincr) == AF_INET6 ? "TCP6" : "TCP4");
len += myinet_ntop(*SAFAMILY(&param->sincr), SAADDR(&param->sincr), buf+len, sizeof(param->sincr));
buf[len++] = ' ';
len += myinet_ntop(*SAFAMILY(&param->sincl), SAADDR(&param->sincl), buf+len, sizeof(param->sincl));
len += sprintf(buf + len, " %hu %hu\r\n",
ntohs(*SAPORT(&param->sincr)),
ntohs(*SAPORT(&param->sincl))
);
if(socksend(param, param->remsock, (unsigned char *)buf, len, conf.timeouts[CHAIN_TO])!=len) return 39;
return 0;
}
}
else {
res = (redir)?clientnegotiate(redir, param, (struct sockaddr *)&cur->addr, cur->exthost):0;
@ -971,6 +963,15 @@ int strongauth(struct clientparam * param){
else if (!param->pwtype && param->password && !strcmp((char *)param->password, (char *)pwl->password)){
break;
}
#ifndef NOCRYPT
else if (param->pwtype == 2 && param->password) {
ntpwdhash(buf, pwl->password, 0);
mschap(buf, param->password, buf + 16);
if(!memcmp(buf+16, param->password+8, 24)) {
break;
}
}
#endif
pthread_mutex_unlock(&pwl_mutex);
return 6;
#ifndef NOCRYPT
@ -984,6 +985,13 @@ int strongauth(struct clientparam * param){
if(param->password && !param->pwtype && !memcmp(pwl->password, ntpwdhash(buf,param->password, 1), 32)) {
break;
}
else if (param->pwtype == 2){
fromhex(pwl->password, buf, 16);
mschap(buf, param->password, buf + 16);
if(!memcmp(buf + 16, param->password+8, 24)) {
break;
}
}
pthread_mutex_unlock(&pwl_mutex);
return 8;
#endif

1
src/auto.c
View File

@ -23,7 +23,6 @@ void * autochild(struct clientparam* param) {
dolog(param, (unsigned char *)"");
}
if(*param->clibuf == 4 || *param->clibuf == 5) return sockschild(param);
if(*param->clibuf == 22) return tlsprchild(param);
return proxychild(param);
}

3
src/common.c
View File

@ -93,7 +93,6 @@ char *rotations[] = {
struct extparam conf = {
{0, 0},
{1, 5, 30, 60, 180, 1800, 15, 60, 15, 5, 0, 0},
NULL,
NULL,
@ -102,7 +101,7 @@ struct extparam conf = {
NULL,
NULL,
0,
-1, 0, 0, 0, 0,
0, -1, 0, 0, 0, 0,
0, 500, 0, 0, 0, 0, 0, 0, 2,
0, 0, 0,
6, 600,

59
src/conf.c
View File

@ -150,8 +150,8 @@ int start_proxy_thread(struct child * chp){
#ifdef _WIN32
HANDLE h;
#endif
char r[1];
conf.threadinit = 1;
#ifdef _WIN32
#ifndef _WINCE
h = (HANDLE)_beginthreadex((LPSECURITY_ATTRIBUTES )NULL, 16384+conf.stacksize, (void *)startsrv, (void *) chp, (DWORD)0, &thread);
@ -166,14 +166,7 @@ int start_proxy_thread(struct child * chp){
pthread_create(&thread, &pa, startsrv, (void *)chp);
pthread_attr_destroy(&pa);
#endif
#ifdef _WIN32
ReadFile(conf.threadinit[0], r, 1, NULL, NULL);
#else
while(read(conf.threadinit[0], r, 1) !=1) if(errno != EINTR) {
fprintf(stderr, "pipe failed\n");
return 40;
}
#endif
while(conf.threadinit)usleep(SLEEPTIME);
if(haveerror) {
fprintf(stderr, "Service not started on line: %d%s\n", linenum, haveerror == 2? ": insufficient memory":"");
return(40);
@ -736,34 +729,10 @@ static int h_monitor(int argc, unsigned char **argv){
return 0;
}
struct redirdesc redirs[] = {
{R_TCP, "tcp", tcppmchild},
{R_CONNECT, "connect", proxychild},
{R_SOCKS4, "socks4", sockschild},
{R_SOCKS5, "socks5", sockschild},
{R_HTTP, "http", proxychild},
{R_POP3, "pop3", pop3pchild},
{R_SMTP, "smtp", smtppchild},
{R_FTP, "ftp", ftpprchild},
{R_CONNECTP, "connect+", proxychild},
{R_SOCKS4P, "socks4+", sockschild},
{R_SOCKS5P, "socks5+", sockschild},
{R_SOCKS4B, "socks4b", sockschild},
{R_SOCKS5B, "socks5b", sockschild},
{R_ADMIN, "admin", adminchild},
{R_EXTIP, "extip", NULL},
{R_TLS, "tls", tlsprchild},
{R_HA, "ha", NULL},
{R_DNS, "dns", dnsprchild},
{0, NULL, NULL}
};
static int h_parent(int argc, unsigned char **argv){
struct ace *acl = NULL;
struct chain *chains;
char * cidr;
int i;
acl = conf.acl;
while(acl && acl->next) acl = acl->next;
@ -783,13 +752,23 @@ static int h_parent(int argc, unsigned char **argv){
fprintf(stderr, "Chaining error: bad chain weight %u line %d\n", chains->weight, linenum);
return(3);
}
for(i = 0; redirs[i].name ; i++){
if(!strcmp((char *)argv[2], redirs[i].name)) {
chains->type = redirs[i].redir;
break;
}
}
if(!redirs[i].name) {
if(!strcmp((char *)argv[2], "tcp"))chains->type = R_TCP;
else if(!strcmp((char *)argv[2], "http"))chains->type = R_HTTP;
else if(!strcmp((char *)argv[2], "connect"))chains->type = R_CONNECT;
else if(!strcmp((char *)argv[2], "socks4"))chains->type = R_SOCKS4;
else if(!strcmp((char *)argv[2], "socks5"))chains->type = R_SOCKS5;
else if(!strcmp((char *)argv[2], "connect+"))chains->type = R_CONNECTP;
else if(!strcmp((char *)argv[2], "socks4+"))chains->type = R_SOCKS4P;
else if(!strcmp((char *)argv[2], "socks5+"))chains->type = R_SOCKS5P;
else if(!strcmp((char *)argv[2], "socks4b"))chains->type = R_SOCKS4B;
else if(!strcmp((char *)argv[2], "socks5b"))chains->type = R_SOCKS5B;
else if(!strcmp((char *)argv[2], "pop3"))chains->type = R_POP3;
else if(!strcmp((char *)argv[2], "tls"))chains->type = R_TLS;
else if(!strcmp((char *)argv[2], "ftp"))chains->type = R_FTP;
else if(!strcmp((char *)argv[2], "admin"))chains->type = R_ADMIN;
else if(!strcmp((char *)argv[2], "extip"))chains->type = R_EXTIP;
else if(!strcmp((char *)argv[2], "smtp"))chains->type = R_SMTP;
else {
fprintf(stderr, "Chaining error: bad chain type (%s)\n", argv[2]);
return(4);
}

22
src/datatypes.c
View File

@ -325,12 +325,24 @@ static void * ef_chain_next(struct node * node){
}
static void * ef_chain_type(struct node * node){
int i;
for(i=0; redirs[i].name; i++){
if(((struct chain *)node->value) -> type == redirs[i].redir) return redirs[i].name;
}
switch (((struct chain *)node->value) -> type) {
case R_TCP:
return "tcp";
case R_CONNECT:
return "connect";
case R_SOCKS4:
return "socks4";
case R_SOCKS5:
return "socks5";
case R_HTTP:
return "http";
case R_FTP:
return "ftp";
case R_POP3:
return "pop3";
default:
return "";
}
}
static void * ef_chain_addr(struct node * node){

3821
src/libs/regex.c Normal file
View File

File diff suppressed because it is too large Load Diff

74
src/libs/regex.h Normal file
View File

@ -0,0 +1,74 @@
/*
Minimal version of Henry Spencer's regex library
with minor modifications
*/
#ifndef _REGEX_H_
#define _REGEX_H_
#ifdef __cplusplus
extern "C" {
#endif
typedef off_t regoff_t;
typedef struct {
int re_magic;
size_t re_nsub; /* number of parenthesized subexpressions */
const char *re_endp; /* end pointer for REG_PEND */
struct re_guts *re_g; /* none of your business :-) */
} regex_t;
typedef struct {
regoff_t rm_so; /* start of match */
regoff_t rm_eo; /* end of match */
} regmatch_t;
extern int regcomp(regex_t *, const char *, int);
#define REG_BASIC 0000
#define REG_EXTENDED 0001
#define REG_ICASE 0002
#define REG_NOSUB 0004
#define REG_NEWLINE 0010
#define REG_NOSPEC 0020
#define REG_PEND 0040
#define REG_DUMP 0200
#define REG_OKAY 0
#define REG_NOMATCH 1
#define REG_BADPAT 2
#define REG_ECOLLATE 3
#define REG_ECTYPE 4
#define REG_EESCAPE 5
#define REG_ESUBREG 6
#define REG_EBRACK 7
#define REG_EPAREN 8
#define REG_EBRACE 9
#define REG_BADBR 10
#define REG_ERANGE 11
#define REG_ESPACE 12
#define REG_BADRPT 13
#define REG_EMPTY 14
#define REG_ASSERT 15
#define REG_INVARG 16
#define REG_ATOI 255 /* convert name to number (!) */
#define REG_ITOA 0400 /* convert number to name (!) */
extern int regexec(const regex_t *, const char *, size_t, regmatch_t [], int);
#define REG_NOTBOL 00001
#define REG_NOTEOL 00002
#define REG_STARTEND 00004
#define REG_TRACE 00400 /* tracing of execution */
#define REG_LARGE 01000 /* force large representation */
#define REG_BACKR 02000 /* force use of backref code */
extern void regfree(regex_t *);
#ifdef __cplusplus
}
#endif
#endif

321
src/libs/smbdes.c Normal file
View File

@ -0,0 +1,321 @@
/*
Unix SMB/CIFS implementation.
a partial implementation of DES designed for use in the
SMB authentication protocol
Copyright (C) Andrew Tridgell 1998
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
#include <string.h>
#include <ctype.h>
#define uchar unsigned char
static const uchar perm1[56] = {57, 49, 41, 33, 25, 17, 9,
1, 58, 50, 42, 34, 26, 18,
10, 2, 59, 51, 43, 35, 27,
19, 11, 3, 60, 52, 44, 36,
63, 55, 47, 39, 31, 23, 15,
7, 62, 54, 46, 38, 30, 22,
14, 6, 61, 53, 45, 37, 29,
21, 13, 5, 28, 20, 12, 4};
static const uchar perm2[48] = {14, 17, 11, 24, 1, 5,
3, 28, 15, 6, 21, 10,
23, 19, 12, 4, 26, 8,
16, 7, 27, 20, 13, 2,
41, 52, 31, 37, 47, 55,
30, 40, 51, 45, 33, 48,
44, 49, 39, 56, 34, 53,
46, 42, 50, 36, 29, 32};
static const uchar perm3[64] = {58, 50, 42, 34, 26, 18, 10, 2,
60, 52, 44, 36, 28, 20, 12, 4,
62, 54, 46, 38, 30, 22, 14, 6,
64, 56, 48, 40, 32, 24, 16, 8,
57, 49, 41, 33, 25, 17, 9, 1,
59, 51, 43, 35, 27, 19, 11, 3,
61, 53, 45, 37, 29, 21, 13, 5,
63, 55, 47, 39, 31, 23, 15, 7};
static const uchar perm4[48] = { 32, 1, 2, 3, 4, 5,
4, 5, 6, 7, 8, 9,
8, 9, 10, 11, 12, 13,
12, 13, 14, 15, 16, 17,
16, 17, 18, 19, 20, 21,
20, 21, 22, 23, 24, 25,
24, 25, 26, 27, 28, 29,
28, 29, 30, 31, 32, 1};
static const uchar perm5[32] = { 16, 7, 20, 21,
29, 12, 28, 17,
1, 15, 23, 26,
5, 18, 31, 10,
2, 8, 24, 14,
32, 27, 3, 9,
19, 13, 30, 6,
22, 11, 4, 25};
static const uchar perm6[64] ={ 40, 8, 48, 16, 56, 24, 64, 32,
39, 7, 47, 15, 55, 23, 63, 31,
38, 6, 46, 14, 54, 22, 62, 30,
37, 5, 45, 13, 53, 21, 61, 29,
36, 4, 44, 12, 52, 20, 60, 28,
35, 3, 43, 11, 51, 19, 59, 27,
34, 2, 42, 10, 50, 18, 58, 26,
33, 1, 41, 9, 49, 17, 57, 25};
static const uchar sc[16] = {1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1};
static const uchar sbox[8][4][16] = {
{{14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7},
{0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8},
{4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0},
{15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13}},
{{15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10},
{3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5},
{0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15},
{13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9}},
{{10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8},
{13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1},
{13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7},
{1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12}},
{{7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15},
{13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9},
{10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4},
{3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14}},
{{2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9},
{14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6},
{4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14},
{11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3}},
{{12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11},
{10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8},
{9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6},
{4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13}},
{{4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1},
{13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6},
{1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2},
{6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12}},
{{13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7},
{1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2},
{7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8},
{2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11}}};
static void permute(char *out, const char *in, const uchar *p, int n)
{
int i;
for (i=0;i<n;i++)
out[i] = in[p[i]-1];
}
static void lshift(char *d, int count, int n)
{
char out[64];
int i;
for (i=0;i<n;i++)
out[i] = d[(i+count)%n];
for (i=0;i<n;i++)
d[i] = out[i];
}
static void concat(char *out, char *in1, char *in2, int l1, int l2)
{
while (l1--)
*out++ = *in1++;
while (l2--)
*out++ = *in2++;
}
static void xor(char *out, char *in1, char *in2, int n)
{
int i;
for (i=0;i<n;i++)
out[i] = in1[i] ^ in2[i];
}
static void dohash(char *out, char *in, char *key)
{
int i, j, k;
char pk1[56];
char c[28];
char d[28];
char cd[56];
char ki[16][48];
char pd1[64];
char l[32], r[32];
char rl[64];
permute(pk1, key, perm1, 56);
for (i=0;i<28;i++)
c[i] = pk1[i];
for (i=0;i<28;i++)
d[i] = pk1[i+28];
for (i=0;i<16;i++) {
lshift(c, sc[i], 28);
lshift(d, sc[i], 28);
concat(cd, c, d, 28, 28);
permute(ki[i], cd, perm2, 48);
}
permute(pd1, in, perm3, 64);
for (j=0;j<32;j++) {
l[j] = pd1[j];
r[j] = pd1[j+32];
}
for (i=0;i<16;i++) {
char er[48];
char erk[48];
char b[8][6];
char cb[32];
char pcb[32];
char r2[32];
permute(er, r, perm4, 48);
xor(erk, er, ki[i], 48);
for (j=0;j<8;j++)
for (k=0;k<6;k++)
b[j][k] = erk[j*6 + k];
for (j=0;j<8;j++) {
int m, n;
m = (b[j][0]<<1) | b[j][5];
n = (b[j][1]<<3) | (b[j][2]<<2) | (b[j][3]<<1) | b[j][4];
for (k=0;k<4;k++)
b[j][k] = (sbox[j][m][n] & (1<<(3-k)))?1:0;
}
for (j=0;j<8;j++)
for (k=0;k<4;k++)
cb[j*4+k] = b[j][k];
permute(pcb, cb, perm5, 32);
xor(r2, l, pcb, 32);
for (j=0;j<32;j++)
l[j] = r[j];
for (j=0;j<32;j++)
r[j] = r2[j];
}
concat(rl, r, l, 32, 32);
permute(out, rl, perm6, 64);
}
static void str_to_key(unsigned char *str,unsigned char *key)
{
int i;
key[0] = str[0]>>1;
key[1] = ((str[0]&0x01)<<6) | (str[1]>>2);
key[2] = ((str[1]&0x03)<<5) | (str[2]>>3);
key[3] = ((str[2]&0x07)<<4) | (str[3]>>4);
key[4] = ((str[3]&0x0F)<<3) | (str[4]>>5);
key[5] = ((str[4]&0x1F)<<2) | (str[5]>>6);
key[6] = ((str[5]&0x3F)<<1) | (str[6]>>7);
key[7] = str[6]&0x7F;
for (i=0;i<8;i++) {
key[i] = (key[i]<<1);
}
}
static void smbhash(unsigned char *out, const unsigned char *in, unsigned char *key)
{
int i;
char outb[64];
char inb[64];
char keyb[64];
unsigned char key2[8];
str_to_key(key, key2);
for (i=0;i<64;i++) {
inb[i] = (in[i/8] & (1<<(7-(i%8)))) ? 1 : 0;
keyb[i] = (key2[i/8] & (1<<(7-(i%8)))) ? 1 : 0;
outb[i] = 0;
}
dohash(outb, inb, keyb);
for (i=0;i<8;i++) {
out[i] = 0;
}
for (i=0;i<64;i++) {
if (outb[i])
out[i/8] |= (1<<(7-(i%8)));
}
}
/*
* Converts the password to uppercase, and creates the LM
* password hash.
*/
void lmpwdhash(const unsigned char *password,unsigned char *lmhash)
{
int i;
unsigned char p14[14];
static unsigned char sp8[8] = {0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25};
memset(p14, 0, sizeof(p14));
for (i = 0; i < 14 && password[i]; i++) {
p14[i] = toupper((int) password[i]);
}
smbhash(lmhash, sp8, p14);
smbhash(lmhash+8, sp8, p14+7);
}
/*
* Take the NT or LM password, and return the MSCHAP response
*
* The win_password MUST be exactly 16 bytes long.
*/
void mschap(const unsigned char *win_password,
const unsigned char *challenge, unsigned char *response)
{
unsigned char p21[21];
memset(p21, 0, sizeof(p21));
memcpy(p21, win_password, 16);
smbhash(response, challenge, p21);
smbhash(response+8, challenge, p21+7);
smbhash(response+16, challenge, p21+14);
}

88
src/ntlm.c Normal file
View File

@ -0,0 +1,88 @@
/*
3APA3A simpliest proxy server
(c) 2002-2021 by Vladimir Dubrovin <3proxy@3proxy.org>
please read License Agreement
*/
#include "proxy.h"
struct ntlmchal {
unsigned char sig[8];
unsigned char messtype[4];
unsigned char dom_len[2];
unsigned char dom_max_len[2];
unsigned char dom_offset[4];
unsigned char flags[4];
unsigned char challenge[8];
unsigned char reserved[8];
unsigned char addr_len[2];
unsigned char addr_max_len[2];
unsigned char addr_offset[4];
unsigned char data[1];
};
struct ntlmreq {
unsigned char sig[8];
unsigned char messtype[4];
unsigned char flags[4];
unsigned char dom_len[2];
unsigned char dom_max_len[2];
unsigned char dom_offset[4];
unsigned char pad1[2];
unsigned char host_len[2];
unsigned char host_max_len[2];
unsigned char host_offset[4];
unsigned char pad2[2];
unsigned char data[1];
};
int text2unicode(const char * text, char * buf, int buflen){
int count = 0;
buflen = ((buflen>>1)<<1);
if(!text || !buflen) return 0;
do {
buf[count++] = toupper(*text++);
buf[count++] = '\0';
} while (*text && count < buflen);
return count;
}
void unicode2text(const char *unicode, char * buf, int len){
int i;
if(!unicode || !len) return;
for(i=0; i<len; i++){
buf[i] = unicode[(i<<1)];
}
buf[i] = 0;
}
void genchallenge(struct clientparam *param, char * challenge, char *buf){
struct ntlmchal *chal;
char tmpbuf[1024];
char hostname[128];
int len, i;
chal = (struct ntlmchal *)tmpbuf;
memset(chal, 0, 1024);
memcpy(chal->sig, "NTLMSSP", 8);
chal->messtype[0] = 2;
gethostname(hostname, 128);
hostname[15] = 0;
len = (((int)strlen(hostname)) << 1);
chal->dom_len[0] = len;
chal->dom_max_len[0] = len;
chal->dom_offset[0] = (unsigned char)((unsigned char *)chal->data - (unsigned char *)chal);
chal->flags[0] = 0x03;
chal->flags[1] = 0x82;
chal->flags[2] = 0x81;
chal->flags[3] = 0xA0;
text2unicode(hostname, (char *)chal->data, 64);
time((time_t *)challenge);
memcpy(challenge+4, SAADDR(&param->sincr), 4);
challenge[1]^=*SAPORT(&param->sincr);
for(i = 0; i < 8; i++) challenge[i] ^= myrand(challenge, 8);
memcpy(chal->challenge, challenge, 8);
en64((unsigned char *)tmpbuf, (unsigned char *)buf, (int)((unsigned char *)chal->data - (unsigned char *)chal) + len);
}

1
src/plugins/PCREPlugin/pcre_plugin.c
View File

@ -7,7 +7,6 @@
#include "../../structures.h"
#include <string.h>
#define PCRE_STATIC
#include "pcre.h"
#ifdef __cplusplus

90
src/plugins/SSLPlugin/my_ssl.c
View File

@ -45,11 +45,6 @@ static char hexMap[] = {
static BIO *bio_err=NULL;
char * getSSLErr(){
return ERR_error_string(ERR_get_error(), errbuf);
}
static size_t bin2hex (const unsigned char* bin, size_t bin_length, char* str, size_t str_length)
{
char *p;
@ -191,19 +186,11 @@ SSL_CERT ssl_copy_cert(SSL_CERT cert, SSL_CONFIG *config)
SSL_CONN ssl_handshake_to_server(SOCKET s, char * hostname, SSL_CONFIG *config, SSL_CERT *server_cert, char **errSSL)
{
int err = 0;
X509 *cert;
ssl_conn *conn;
unsigned long ul;
*errSSL = NULL;
/*FIXME: support SSL_ERROR_WANT_(READ|WRITE) */
#ifdef _WIN32
ul = 0;
ioctlsocket(s, FIONBIO, &ul);
#else
fcntl(s,F_SETFL,0);
#endif
conn = (ssl_conn *)malloc(sizeof(ssl_conn));
if ( conn == NULL ){
return NULL;
@ -214,7 +201,7 @@ SSL_CONN ssl_handshake_to_server(SOCKET s, char * hostname, SSL_CONFIG *config,
free(conn);
return NULL;
}
if(hostname && *hostname && config->client_verify){
if(config->client_verify){
X509_VERIFY_PARAM *param;
param = SSL_get0_param(conn->ssl);
@ -223,53 +210,70 @@ SSL_CONN ssl_handshake_to_server(SOCKET s, char * hostname, SSL_CONFIG *config,
if(!SSL_set_fd(conn->ssl, s)){
ssl_conn_free(conn);
*errSSL = getSSLErr();
*errSSL = ERR_error_string(ERR_get_error(), errbuf);
return NULL;
}
if(hostname && *hostname)SSL_set_tlsext_host_name(conn->ssl, hostname);
err = SSL_connect(conn->ssl);
if ( err == -1 ) {
*errSSL = getSSLErr();
*errSSL = ERR_error_string(ERR_get_error(), errbuf);
ssl_conn_free(conn);
return NULL;
}
if(server_cert){
X509 *cert;
cert = SSL_get_peer_certificate(conn->ssl);
if(!cert) {
ssl_conn_free(conn);
return NULL;
}
*server_cert = cert;
}
/* TODO: Verify certificate */
*server_cert = cert;
#ifdef _WIN32
ul = 1;
ioctlsocket(s, FIONBIO, &ul);
#else
fcntl(s,F_SETFL,O_NONBLOCK);
#endif
return conn;
}
SSL_CTX * ssl_cli_ctx(SSL_CONFIG *config, X509 *server_cert, EVP_PKEY *server_key, char** errSSL){
SSL_CTX *ctx;
int err = 0;
#if OPENSSL_VERSION_NUMBER < 0x10100000L
ctx = SSL_CTX_new(SSLv23_server_method());
#else
ctx = SSL_CTX_new(TLS_server_method());
#endif
if (!ctx) {
*errSSL = ERR_error_string(ERR_get_error(), errbuf);
return NULL;
}
err = SSL_CTX_use_certificate(ctx, (X509 *) server_cert);
if ( err <= 0 ) {
*errSSL = ERR_error_string(ERR_get_error(), errbuf);
SSL_CTX_free(ctx);
return NULL;
}
err = SSL_CTX_use_PrivateKey(ctx, server_key);
if ( err <= 0 ) {
*errSSL = ERR_error_string(ERR_get_error(), errbuf);
SSL_CTX_free(ctx);
return NULL;
}
if(config->server_min_proto_version)SSL_CTX_set_min_proto_version(ctx, config->server_min_proto_version);
if(config->server_max_proto_version)SSL_CTX_set_max_proto_version(ctx, config->server_max_proto_version);
if(config->server_cipher_list)SSL_CTX_set_cipher_list(ctx, config->server_cipher_list);
if(config->server_ciphersuites)SSL_CTX_set_ciphersuites(ctx, config->server_ciphersuites);
return ctx;
}
SSL_CONN ssl_handshake_to_client(SOCKET s, SSL_CONFIG *config, X509 *server_cert, EVP_PKEY *server_key, char** errSSL){
int err = 0;
X509 *cert;
ssl_conn *conn;
unsigned long ul;
/*FIXME: support SSL_ERROR_WANT_(READ|WRITE)*/
#ifdef _WIN32
ul = 0;
ioctlsocket(s, FIONBIO, &ul);
#else
fcntl(s,F_SETFL,0);
#endif
*errSSL = NULL;
@ -289,7 +293,7 @@ SSL_CONN ssl_handshake_to_client(SOCKET s, SSL_CONFIG *config, X509 *server_cert
conn->ssl = SSL_new(config->cli_ctx?config->cli_ctx : conn->ctx);
if ( conn->ssl == NULL ) {
*errSSL = getSSLErr();
*errSSL = ERR_error_string(ERR_get_error(), errbuf);
if(conn->ctx)SSL_CTX_free(conn->ctx);
free(conn);
return NULL;
@ -298,7 +302,7 @@ SSL_CONN ssl_handshake_to_client(SOCKET s, SSL_CONFIG *config, X509 *server_cert
SSL_set_fd(conn->ssl, s);
err = SSL_accept(conn->ssl);
if ( err <= 0 ) {
*errSSL = getSSLErr();
*errSSL = ERR_error_string(ERR_get_error(), errbuf);
ssl_conn_free(conn);
return NULL;
}
@ -312,12 +316,6 @@ SSL_CONN ssl_handshake_to_client(SOCKET s, SSL_CONFIG *config, X509 *server_cert
if ( cert != NULL )
X509_free(cert);
#ifdef _WIN32
ul = 1;
ioctlsocket(s, FIONBIO, &ul);
#else
fcntl(s,F_SETFL,O_NONBLOCK);
#endif
return conn;
}

24
src/plugins/SSLPlugin/my_ssl.h
View File

@ -11,15 +11,20 @@ typedef void *SSL_CONN;
typedef void *SSL_CERT;
struct ssl_config {
int mitm;
int serv;
char *certcache;
X509 *CA_cert;
X509 *server_cert;
X509 *client_cert;
EVP_PKEY *CA_key;
EVP_PKEY *server_key;
EVP_PKEY *client_key;
SSL_CTX *cli_ctx;
SSL_CTX *srv_ctx;
char *certcache;
int client_min_proto_version;
int client_max_proto_version;
int server_min_proto_version;
int server_max_proto_version;
int client_verify;
char * client_ciphersuites;
char * server_ciphersuites;
char * client_cipher_list;
@ -27,18 +32,6 @@ struct ssl_config {
char * client_ca_file;
char * client_ca_dir;
char * client_ca_store;
char * server_ca_file;
char * server_ca_dir;
char * server_ca_store;
int mitm;
int serv;
int cli;
int client_min_proto_version;
int client_max_proto_version;
int server_min_proto_version;
int server_max_proto_version;
int client_verify;
int server_verify;
};
typedef struct ssl_config SSL_CONFIG;
@ -73,7 +66,6 @@ void _ssl_cert_free(SSL_CERT cert);
// Global (de)initialization
//
void ssl_init(void);
char * getSSLErr(void);
#endif // __my_ssl_h__

332
src/plugins/SSLPlugin/ssl_plugin.c
View File

@ -6,6 +6,7 @@
*/
#include "../../structures.h"
#include <openssl/rsa.h> /* SSLeay stuff */
#include <openssl/crypto.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
@ -35,25 +36,19 @@ static int ssl_connect_timeout = 0;
char *certcache = NULL;
char *srvcert = NULL;
char *srvkey = NULL;
char *clicert = NULL;
char *clikey = NULL;
char *server_ca_file = NULL;
char *server_ca_dir = NULL;
char *server_ca_store = NULL;
char *server_ca_key = NULL;
char *client_ca_file = NULL;
char *client_ca_dir = NULL;
char *client_ca_store = NULL;
int mitm = 0;
int serv = 0;
int cli = 0;
int ssl_inited = 0;
int client_min_proto_version = 0;
int client_max_proto_version = 0;
int server_min_proto_version = 0;
int server_max_proto_version = 0;
int client_verify = 0;
int server_verify = 0;
char * client_ciphersuites = NULL;
char * server_ciphersuites = NULL;
char * client_cipher_list = NULL;
@ -239,42 +234,38 @@ static int ssl_poll(void *state, struct pollfd *fds, nfds_t nfds, int timeout){
#define PCONF (((struct SSLstate *)param->sostate)->config)
SSL_CONN dosrvcon(struct clientparam* param, SSL_CERT* cert){
SSL_CONN ServerConn;
int domitm(struct clientparam* param){
SSL_CERT ServerCert=NULL, FakeCert=NULL;
SSL_CONN ServerConn, ClientConn;
char *errSSL=NULL;
unsigned long ul;
#ifdef _WIN32
ul = 0;
ioctlsocket(param->remsock, FIONBIO, &ul);
ul = 0;
ioctlsocket(param->clisock, FIONBIO, &ul);
#else
fcntl(param->remsock,F_SETFL,0);
fcntl(param->clisock,F_SETFL,0);
#endif
if(ssl_connect_timeout){
ul = ((unsigned long)ssl_connect_timeout)*1000;
setsockopt(param->remsock, SOL_SOCKET, SO_RCVTIMEO, (char *)&ul, 4);
ul = ((unsigned long)ssl_connect_timeout)*1000;
setsockopt(param->remsock, SOL_SOCKET, SO_SNDTIMEO, (char *)&ul, 4);
}
ServerConn = ssl_handshake_to_server(param->remsock, (char *)param->hostname, PCONF, cert, &errSSL);
if ( ServerConn == NULL) {
ServerConn = ssl_handshake_to_server(param->remsock, (char *)param->hostname, PCONF, &ServerCert, &errSSL);
if ( ServerConn == NULL || ServerCert == NULL ) {
if(ServerConn) ssl_conn_free(ServerConn);
param->res = 8011;
param->srv->logfunc(param, (unsigned char *)"SSL handshake to server failed");
if(ServerConn == NULL) param->srv->logfunc(param, (unsigned char *)"ServerConn is NULL");
if(cert && *cert == NULL) param->srv->logfunc(param, (unsigned char *)"ServerCert is NULL");
if(ServerCert == NULL) param->srv->logfunc(param, (unsigned char *)"ServerCert is NULL");
if(errSSL)param->srv->logfunc(param, (unsigned char *)errSSL);
return NULL;
return 1;
}
SSL_set_mode((SSL *)((ssl_conn *)ServerConn)->ssl, SSL_MODE_ENABLE_PARTIAL_WRITE|SSL_MODE_AUTO_RETRY);
SSL_set_read_ahead((SSL *)((ssl_conn *)ServerConn)->ssl, 0);
return ServerConn;
}
int domitm(struct clientparam* param){
SSL_CERT ServerCert=NULL, FakeCert=NULL;
SSL_CONN ServerConn, ClientConn;
char *errSSL=NULL;
ServerConn = dosrvcon(param, &ServerCert);
if(!ServerConn) return 1;
FakeCert = ssl_copy_cert(ServerCert, PCONF);
_ssl_cert_free(ServerCert);
if ( FakeCert == NULL ) {
@ -295,28 +286,26 @@ int domitm(struct clientparam* param){
return 3;
}
SSL_set_mode((SSL *)((ssl_conn *)ClientConn)->ssl, SSL_MODE_ENABLE_PARTIAL_WRITE|SSL_MODE_AUTO_RETRY);
SSL_set_read_ahead((SSL *)((ssl_conn *)ClientConn)->ssl, 0);
#ifdef _WIN32
ul = 1;
ioctlsocket(param->remsock, FIONBIO, &ul);
ul = 1;
ioctlsocket(param->clisock, FIONBIO, &ul);
#else
fcntl(param->remsock,F_SETFL,O_NONBLOCK);
fcntl(param->clisock,F_SETFL,O_NONBLOCK);
#endif
SSL_set_mode((SSL *)((ssl_conn *)ServerConn)->ssl, SSL_MODE_ENABLE_PARTIAL_WRITE|SSL_MODE_AUTO_RETRY);
SSL_set_mode((SSL *)((ssl_conn *)ClientConn)->ssl, SSL_MODE_ENABLE_PARTIAL_WRITE|SSL_MODE_AUTO_RETRY);
SSL_set_read_ahead((SSL *)((ssl_conn *)ServerConn)->ssl, 0);
SSL_set_read_ahead((SSL *)((ssl_conn *)ClientConn)->ssl, 0);
addSSL(param->clisock, ClientConn, param->remsock, ServerConn, param);
return 0;
}
int docli(struct clientparam* param){
SSL_CONN ServerConn;
SSL_CERT ServerCert=NULL;
ServerConn = dosrvcon(param, &ServerCert);
_ssl_cert_free(ServerCert);
if(!ServerConn) return 1;
addSSL(INVALID_SOCKET, NULL, param->remsock, ServerConn, param);
return 0;
}
X509 * getCert (const char *fname){
BIO *f;
X509 *CA_cert;
@ -344,64 +333,10 @@ static int verify_callback(int preverify_ok, X509_STORE_CTX *ctx){
return preverify_ok;
}
SSL_CTX * ssl_cli_ctx(SSL_CONFIG *config, X509 *server_cert, EVP_PKEY *server_key, char** errSSL){
SSL_CTX *ctx;
int err = 0;
#if OPENSSL_VERSION_NUMBER < 0x10100000L
ctx = SSL_CTX_new(SSLv23_server_method());
#else
ctx = SSL_CTX_new(TLS_server_method());
#endif
if (!ctx) {
*errSSL = getSSLErr();
return NULL;
}
err = SSL_CTX_use_certificate(ctx, (X509 *) server_cert);
if ( err <= 0 ) {
*errSSL = getSSLErr();
SSL_CTX_free(ctx);
return NULL;
}
err = SSL_CTX_use_PrivateKey(ctx, server_key);
if ( err <= 0 ) {
*errSSL = getSSLErr();
SSL_CTX_free(ctx);
return NULL;
}
if(config->server_min_proto_version)SSL_CTX_set_min_proto_version(ctx, config->server_min_proto_version);
if(config->server_max_proto_version)SSL_CTX_set_max_proto_version(ctx, config->server_max_proto_version);
if(config->server_cipher_list)SSL_CTX_set_cipher_list(ctx, config->server_cipher_list);
if(config->server_ciphersuites)SSL_CTX_set_ciphersuites(ctx, config->server_ciphersuites);
if(config->server_verify){
fprintf(stderr, "server verify\n");
fflush(stderr);
if(config->server_ca_file || config->server_ca_dir){
SSL_CTX_load_verify_locations(ctx, config->server_ca_file, config->server_ca_dir);
}
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
else if(config->server_ca_store){
SSL_CTX_load_verify_store(ctx, config->server_ca_store);
}
#endif
else
SSL_CTX_set_default_verify_paths(ctx);
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT|SSL_VERIFY_CLIENT_ONCE, NULL);
}
return ctx;
}
static void* ssl_filter_open(void * idata, struct srvparam * srv){
char fname[256];
char *errSSL;
struct ssl_config *sc;
sc = malloc(sizeof(struct ssl_config));
if(!sc) return NULL;
memset(sc, 0, sizeof(struct ssl_config));
@ -411,7 +346,6 @@ static void* ssl_filter_open(void * idata, struct srvparam * srv){
sc->server_min_proto_version = server_min_proto_version;
sc->server_max_proto_version = server_max_proto_version;
sc->client_verify = client_verify;
sc->server_verify = server_verify;
if(client_ciphersuites) sc->client_ciphersuites = strdup(client_ciphersuites);
if(server_ciphersuites) sc->server_ciphersuites = strdup(server_ciphersuites);
if(client_cipher_list) sc->client_cipher_list = strdup(client_cipher_list);
@ -423,19 +357,9 @@ static void* ssl_filter_open(void * idata, struct srvparam * srv){
return sc;
}
}
if(clikey){
sc->client_key = getKey(clikey);
if(!sc->client_key){
fprintf(stderr, "failed to read: %s\n", clikey);
return sc;
}
}
if(client_ca_file)sc->client_ca_file=client_ca_file;
if(client_ca_dir)sc->client_ca_dir=client_ca_dir;
if(client_ca_store)sc->client_ca_store=client_ca_store;
if(server_ca_file)sc->server_ca_file=server_ca_file;
if(server_ca_dir)sc->server_ca_dir=server_ca_dir;
if(server_ca_store)sc->server_ca_store=server_ca_store;
if(client_ca_store)sc->client_ca_dir=client_ca_store;
if(mitm){
@ -466,20 +390,15 @@ static void* ssl_filter_open(void * idata, struct srvparam * srv){
sc->server_key = getKey(fname);
}
sc->mitm = 1;
}
if(cli){
if(clicert){
sc->client_cert = getCert(clicert);
if(!sc->client_cert){
fprintf(stderr, "failed to read client cert from: %s\n", clicert);
return sc;
}
if(!sc->client_key){
fprintf(stderr, "no client key\n");
return sc;
}
}
sc->cli = 1;
srv->so._send = ssl_send;
srv->so._recv = ssl_recv;
srv->so._sendto = ssl_sendto;
srv->so._recvfrom = ssl_recvfrom;
srv->so._closesocket = ssl_closesocket;
srv->so._poll = ssl_poll;
#ifdef WIWHSPLICE
srv->usesplice = 0;
#endif
}
if(serv){
if(!srvcert || !srvkey) return sc;
@ -496,50 +415,47 @@ static void* ssl_filter_open(void * idata, struct srvparam * srv){
return sc;
}
sc->serv = 1;
}
if(mitm || cli || serv){
srv->so._send = ssl_send;
srv->so._recv = ssl_recv;
srv->so._sendto = ssl_sendto;
srv->so._recvfrom = ssl_recvfrom;
srv->so._closesocket = ssl_closesocket;
srv->so._poll = ssl_poll;
#ifdef WIWHSPLICE
srv->usesplice = 0;
#endif
}
if(sc && (sc->mitm || sc->cli)){
if(sc && sc->mitm){
#if OPENSSL_VERSION_NUMBER < 0x10100000L
sc->srv_ctx = SSL_CTX_new(SSLv23_client_method());
#else
sc->srv_ctx = SSL_CTX_new(TLS_client_method());
#endif
if ( sc->srv_ctx == NULL ) {
fprintf(stderr, "failed to set client context\n");
sc->mitm = sc->cli = 0;
}
if(sc->client_cert){
SSL_CTX_use_certificate(sc->srv_ctx, (X509 *) sc->client_cert);
SSL_CTX_use_PrivateKey(sc->srv_ctx, sc->client_key);
sc->mitm = 0;
}
if(sc->client_min_proto_version)SSL_CTX_set_min_proto_version(sc->srv_ctx, sc->client_min_proto_version);
if(sc->client_max_proto_version)SSL_CTX_set_max_proto_version(sc->srv_ctx, sc->client_max_proto_version);
if(sc->client_cipher_list)SSL_CTX_set_cipher_list(sc->srv_ctx, sc->client_cipher_list);
if(sc->client_ciphersuites)SSL_CTX_set_ciphersuites(sc->srv_ctx, sc->client_ciphersuites);
if(sc->client_verify){
if(sc->client_ca_file || sc->client_ca_dir){
if(sc->client_ca_file && sc->client_ca_dir){
SSL_CTX_load_verify_locations(sc->srv_ctx, sc->client_ca_file, sc->client_ca_dir);
}
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
else if(sc->client_ca_file){
SSL_CTX_load_verify_file(sc->srv_ctx, sc->client_ca_file);
}
else if(sc->client_ca_dir){
SSL_CTX_load_verify_dir(sc->srv_ctx, sc->client_ca_dir);
}
else if(sc->client_ca_store){
SSL_CTX_load_verify_store(sc->srv_ctx, sc->client_ca_store);
}
#endif
else
SSL_CTX_set_default_verify_paths(sc->srv_ctx);
SSL_CTX_set_verify(sc->srv_ctx, SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL);
SSL_CTX_set_verify(sc->srv_ctx, SSL_VERIFY_PEER, verify_callback);
}
}
#ifdef WIWHSPLICE
srv->usesplice = 0;
#endif
return sc;
}
@ -558,6 +474,13 @@ static FILTER_ACTION ssl_filter_client(void *fo, struct clientparam * param, voi
SSL_CONN ClientConn;
char *err;
#ifdef _WIN32
unsigned long ul = 0;
ioctlsocket(param->clisock, FIONBIO, &ul);
#else
fcntl(param->clisock,F_SETFL,0);
#endif
ClientConn = ssl_handshake_to_client(param->clisock, ssls->config, NULL, NULL, &err);
if ( ClientConn == NULL ) {
param->res = 8013;
@ -565,6 +488,16 @@ static FILTER_ACTION ssl_filter_client(void *fo, struct clientparam * param, voi
if(err)param->srv->logfunc(param, (unsigned char *)err);
return REJECT;
}
#ifdef _WIN32
{
unsigned long ul = 1;
ioctlsocket(param->clisock, FIONBIO, &ul);
}
#else
fcntl(param->clisock,F_SETFL,O_NONBLOCK);
#endif
SSL_set_mode((SSL *)((ssl_conn *)ClientConn)->ssl, SSL_MODE_ENABLE_PARTIAL_WRITE|SSL_MODE_AUTO_RETRY);
SSL_set_read_ahead((SSL *)((ssl_conn *)ClientConn)->ssl, 0);
addSSL(param->clisock, ClientConn, INVALID_SOCKET, NULL, param);
@ -573,21 +506,13 @@ static FILTER_ACTION ssl_filter_client(void *fo, struct clientparam * param, voi
}
static FILTER_ACTION ssl_filter_predata(void *fc, struct clientparam * param){
if(param->operation != HTTP_CONNECT && param->operation != CONNECT) return PASS;
if(PCONF->mitm){
if(!PCONF->mitm) return PASS;
if(domitm(param)) {
return REJECT;
}
if(!param->redirectfunc) param->redirectfunc = proxyfunc;
return CONTINUE;
}
else if(PCONF->cli) {
if(docli(param)) {
return REJECT;
}
}
return PASS;
}
@ -605,18 +530,12 @@ static void ssl_filter_close(void *fo){
if ( CONFIG->server_cert != NULL ) {
X509_free(CONFIG->server_cert);
}
if ( CONFIG->client_cert != NULL ) {
X509_free(CONFIG->server_cert);
}
if ( CONFIG->CA_key != NULL ) {
EVP_PKEY_free(CONFIG->CA_key);
}
if ( CONFIG->server_key != NULL ) {
EVP_PKEY_free(CONFIG->server_key);
}
if ( CONFIG->client_key != NULL ) {
EVP_PKEY_free(CONFIG->server_key);
}
if ( CONFIG->srv_ctx != NULL ) {
SSL_CTX_free(CONFIG->srv_ctx);
}
@ -693,8 +612,7 @@ static int h_serv(int argc, unsigned char **argv){
static int h_noserv(int argc, unsigned char **argv){
struct filter * sf;
if(!serv) return 1;
serv = 0;
if(!mitm) return 1;
if(pl->conf->filters == &ssl_filter_serv) pl->conf->filters = ssl_filter_serv.next;
else for(sf = pl->conf->filters; sf && sf->next; sf=sf->next){
if(sf->next == &ssl_filter_serv) {
@ -702,46 +620,10 @@ static int h_noserv(int argc, unsigned char **argv){
break;
}
}
serv = 0;
return 0;
}
static struct filter ssl_filter_cli = {
NULL,
"ssl filter",
"cli",
ssl_filter_open,
ssl_filter_client,
NULL, NULL, NULL, ssl_filter_predata, NULL, NULL,
ssl_filter_clear,
ssl_filter_close
};
static int h_cli(int argc, unsigned char **argv){
if(mitm) return 1;
if(cli) return 2;
ssl_filter_cli.next = pl->conf->filters;
pl->conf->filters = &ssl_filter_cli;
sso = *pl->so;
cli = 1;
return 0;
}
static int h_nocli(int argc, unsigned char **argv){
struct filter * sf;
if(!cli) return 1;
cli = 0;
if(pl->conf->filters == &ssl_filter_cli) pl->conf->filters = ssl_filter_cli.next;
else for(sf = pl->conf->filters; sf && sf->next; sf=sf->next){
if(sf->next == &ssl_filter_cli) {
sf->next = ssl_filter_cli.next;
break;
}
}
return 0;
}
static int h_certcache(int argc, unsigned char **argv){
size_t len;
len = strlen((char *)argv[1]);
@ -763,19 +645,6 @@ static int h_srvkey(int argc, unsigned char **argv){
return 0;
}
static int h_clicert(int argc, unsigned char **argv){
free(clicert);
clicert = argc > 1? strdup((char *)argv[1]) : NULL;
return 0;
}
static int h_clikey(int argc, unsigned char **argv){
free(clikey);
clikey = argc > 1? strdup((char *)argv[1]) : NULL;
return 0;
}
static int h_client_cipher_list(int argc, unsigned char **argv){
free(client_cipher_list);
client_cipher_list = argc > 1? strdup((char *)argv[1]) : NULL;
@ -830,18 +699,6 @@ static int h_client_ca_store(int argc, unsigned char **argv){
return 0;
}
static int h_server_ca_dir(int argc, unsigned char **argv){
free(server_ca_dir);
server_ca_dir = argc > 1? strdup((char *)argv[1]) : NULL;
return 0;
}
static int h_server_ca_store(int argc, unsigned char **argv){
free(server_ca_store);
server_ca_store = argc > 1? strdup((char *)argv[1]) : NULL;
return 0;
}
struct vermap{
char *sver;
int iver;
@ -908,20 +765,11 @@ static int h_no_client_verify(int argc, unsigned char **argv){
return 0;
}
static int h_server_verify(int argc, unsigned char **argv){
server_verify = 1;
return 0;
}
static int h_no_server_verify(int argc, unsigned char **argv){
server_verify = 0;
return 0;
}
static struct commands ssl_commandhandlers[] = {
{ssl_commandhandlers+1, "ssl_mitm", h_mitm, 1, 1},
{ssl_commandhandlers+2, "ssl_nomitm", h_nomitm, 1, 1},
{ssl_commandhandlers+3, "ssl_serv", h_serv, 1, 1},
{ssl_commandhandlers+4, "ssl_noserv", h_noserv, 1, 1},
{ssl_commandhandlers+4, "ssl_noserv", h_serv, 1, 1},
{ssl_commandhandlers+5, "ssl_server_cert", h_srvcert, 1, 2},
{ssl_commandhandlers+6, "ssl_server_key", h_srvkey, 1, 2},
{ssl_commandhandlers+7, "ssl_server_ca_file", h_server_ca_file, 1, 2},
@ -939,18 +787,6 @@ static struct commands ssl_commandhandlers[] = {
{ssl_commandhandlers+19, "ssl_server_max_proto_version", h_server_max_proto_version, 1, 2},
{ssl_commandhandlers+20, "ssl_client_verify", h_client_verify, 1, 1},
{ssl_commandhandlers+21, "ssl_client_no_verify", h_no_client_verify, 1, 1},
{ssl_commandhandlers+22, "ssl_cli", h_cli, 1, 1},
{ssl_commandhandlers+23, "ssl_nocli", h_nocli, 1, 1},
{ssl_commandhandlers+24, "ssl_client_cert", h_clicert, 1, 2},
{ssl_commandhandlers+25, "ssl_client_key", h_clikey, 1, 2},
{ssl_commandhandlers+26, "ssl_server", h_serv, 1, 1},
{ssl_commandhandlers+27, "ssl_noserver", h_noserv, 1, 1},
{ssl_commandhandlers+28, "ssl_client", h_cli, 1, 1},
{ssl_commandhandlers+29, "ssl_noclient", h_nocli, 1, 1},
{ssl_commandhandlers+30, "ssl_server_verify", h_server_verify, 1, 1},
{ssl_commandhandlers+31, "ssl_server_no_verify", h_no_server_verify, 1, 1},
{ssl_commandhandlers+32, "ssl_server_ca_dir", h_server_ca_dir, 1, 2},
{ssl_commandhandlers+33, "ssl_server_ca_store", h_server_ca_store, 1, 2},
{NULL, "ssl_certcache", h_certcache, 2, 2},
};
@ -964,30 +800,22 @@ static struct commands ssl_commandhandlers[] = {
PLUGINAPI int PLUGINCALL ssl_plugin (struct pluginlink * pluginlink,
int argc, char** argv){
mitm = 0;
serv = 0;
cli = 0;
pl = pluginlink;
ssl_connect_timeout = 0;
free(certcache);
certcache = NULL;
free(srvcert);
srvcert = NULL;
free(srvkey);
srvkey = NULL;
free(clicert);
clicert = NULL;
free(clikey);
clikey = NULL;
mitm = 0;
serv = 0;
client_min_proto_version = 0;
client_max_proto_version = 0;
server_min_proto_version = 0;
server_max_proto_version = 0;
client_verify = 0;
server_verify = 0;
free(client_ciphersuites);
client_ciphersuites = NULL;
free(server_ciphersuites);
@ -1006,10 +834,6 @@ PLUGINAPI int PLUGINCALL ssl_plugin (struct pluginlink * pluginlink,
client_ca_dir = NULL;
free(client_ca_store);
client_ca_store = NULL;
free(server_ca_dir);
server_ca_dir = NULL;
free(server_ca_store);
server_ca_store = NULL;
if(!ssl_loaded){

48
src/proxy.c
View File

@ -381,6 +381,54 @@ for(;;){
param->username = (unsigned char *)mystrdup((char *)username);
continue;
}
#ifndef NOCRYPT
if(param->srv->usentlm && !strncasecmp((char *)sb, "ntlm", 4)){
sb+=4;
while(isspace(*sb))sb++;
i = de64(sb, username, 1023);
if(i<=16)continue;
username[i] = 0;
if(strncasecmp((char *)username, "NTLMSSP", 8)) continue;
if(username[8] == 1) {
while( (i = sockgetlinebuf(param, CLIENT, buf, BUFSIZE - 1, '\n', conf.timeouts[STRING_S])) > 2){
if(i> 15 && (!strncasecmp((char *)(buf), "content-length", 14))){
buf[i]=0;
sscanf((char *)buf + 15, "%"PRINTF_INT64_MODIFIER"u", &contentlength64);
}
}
while( contentlength64 > 0 && (i = sockgetlinebuf(param, CLIENT, buf, (BUFSIZE < contentlength64)? BUFSIZE - 1:(int)contentlength64, '\n', conf.timeouts[STRING_S])) > 0){
if ((uint64_t)i > contentlength64) break;
contentlength64-=i;
}
contentlength64 = 0;
if(param->password)myfree(param->password);
param->password = myalloc(32);
param->pwtype = 2;
i = (int)strlen(proxy_stringtable[13]);
memcpy(buf, proxy_stringtable[13], i);
genchallenge(param, (char *)param->password, (char *)buf + i);
memcpy(buf + strlen((char *)buf), "\r\n\r\n", 5);
socksend(param, param->clisock, buf, (int)strlen((char *)buf), conf.timeouts[STRING_S]);
ckeepalive = keepalive = 1;
goto REQUESTEND;
}
if(username[8] == 3 && param->pwtype == 2 && i>=80) {
unsigned offset, len;
len = username[20] + (((unsigned)username[21]) << 8);
offset = username[24] + (((unsigned)username[25]) << 8);
if(len != 24 || len + offset > (unsigned)i) continue;
memcpy(param->password + 8, username + offset, 24);
len = username[36] + (((unsigned)username[37]) << 8);
offset = username[40] + (((unsigned)username[41]) << 8);
if(len> 255 || len + offset > (unsigned)i) continue;
if(param->username) myfree(param->username);
unicode2text((char *)username+offset, (char *)username+offset, (len>>1));
param->username = (unsigned char *)mystrdup((char *)username+offset);
}
continue;
}
#endif
}
#endif
if(!isconnect && (

51
src/proxymain.c
View File

@ -74,37 +74,6 @@ void * threadfunc (void *p) {
#endif
#endif
if(param->srv->haproxy){
char buf[128];
int i;
i = sockgetlinebuf(param, CLIENT, (unsigned char *)buf, sizeof(buf)-1, '\n', conf.timeouts[STRING_S]);
if(i > 12 && !strncasecmp(buf, "PROXY TCP", 9)){
char *token, *token2=NULL;
unsigned short u1=0, u2=0;
buf[i] = 0;
token = strchr(buf, ' ');
if(token) token = strchr(token+1, ' ');
if(token) token++;
if(token) token2 = strchr(token+1, ' ');
if(token2) {
*token2 = 0;
getip46(46, (unsigned char*) token, (struct sockaddr *)&param->sincr);
token = token2+1;
token2 = strchr(token, ' ');
}
if(token2) {
*token2 = 0;
getip46(46, (unsigned char *) token, (struct sockaddr *)&param->sincl);
token = token2+1;
token2 = strchr(token, ' ');
}
if(token){
sscanf(token,"%hu%hu", &u1, &u2);
if(u1) *SAPORT(&param->sincr) = htons(u1);
if(u2) *SAPORT(&param->sincl) = htons(u1);
}
}
}
((struct clientparam *) p)->srv->pf((struct clientparam *)p);
}
#ifdef _WIN32
@ -115,15 +84,6 @@ void * threadfunc (void *p) {
}
#undef param
int pushthreadinit(){
return
#ifdef _WIN32
WriteFile(conf.threadinit[1], "1", 1, NULL, NULL);
#else
write(conf.threadinit[1], "1", 1);
#endif
}
struct socketoptions sockopts[] = {
#ifdef TCP_NODELAY
@ -457,9 +417,6 @@ int MODULEMAINFUNC (int argc, char** argv){
case 'h':
hostname = argv[i] + 2;
break;
case 'H':
srv.haproxy=1;
break;
case 'c':
srv.requirecert = 1;
if(isdigit(argv[i][2])) srv.requirecert = atoi(argv[i]+2);
@ -535,7 +492,7 @@ int MODULEMAINFUNC (int argc, char** argv){
if (error || i!=argc) {
#ifndef STDMAIN
haveerror = 1;
pushthreadinit();
conf.threadinit = 0;
#endif
fprintf(stderr, "%s of %s\n"
"Usage: %s options\n"
@ -567,7 +524,7 @@ int MODULEMAINFUNC (int argc, char** argv){
if (error || argc != i+3 || *argv[i]=='-'|| (*SAPORT(&srv.intsa) = htons((unsigned short)atoi(argv[i])))==0 || (srv.targetport = htons((unsigned short)atoi(argv[i+2])))==0) {
#ifndef STDMAIN
haveerror = 1;
pushthreadinit();
conf.threadinit = 0;
#endif
fprintf(stderr, "%s of %s\n"
"Usage: %s options"
@ -633,7 +590,7 @@ int MODULEMAINFUNC (int argc, char** argv){
#ifndef STDMAIN
copyfilter(conf.filters, &srv);
pushthreadinit();
conf.threadinit = 0;
#endif
@ -1423,8 +1380,6 @@ FILTER_ACTION handlepredatflt(struct clientparam *cparam){
FILTER_ACTION action;
int i;
if(cparam->predatdone) return PASS;
cparam->predatdone = 1;
for(i=0; i<cparam->npredatfilters ;i++){
action = (*cparam->predatfilters[i]->filter->filter_predata)(cparam->predatfilters[i]->data, cparam);
if(action!=CONTINUE) return action;

25
src/socks.c
View File

@ -15,11 +15,6 @@ unsigned char * commands[] = {(unsigned char *)"UNKNOWN", (unsigned char *)"CONN
#define BUFSIZE 1024
#define LARGEBUFSIZE 67000
#if SOCKSTRACE > 0
char tracebuf[256];
#endif
static void printcommand(unsigned char * buf, int command, struct clientparam *param){
sprintf((char *)buf, "%s ", commands[command]);
if(param->hostname){
@ -239,7 +234,7 @@ void * sockschild(struct clientparam* param) {
*SAPORT(&param->sinsl) = 0;
if(param->srv->so._bind(param->sostate, param->remsock,(struct sockaddr *)&param->sinsl,SASIZE(&param->sinsl)))RETURN (12);
#if SOCKSTRACE > 0
fprintf(stderr, "%hu bound to communicate with server\n", *SAPORT(&param->sinsl));
fprintf(stderr, "%hu bound to communicate with server\n", *SAPORT(&param->sins));
fflush(stderr);
#endif
}
@ -276,12 +271,11 @@ CLEANRET:
if(command != 3 && param->remsock != INVALID_SOCKET) param->srv->so._getsockname(param->sostate, param->remsock, (struct sockaddr *)&sin, &sasize);
else param->srv->so._getsockname(param->sostate, param->clisock, (struct sockaddr *)&sin, &sasize);
#if SOCKSTRACE > 0
myinet_ntop(*SAFAMILY(&sin), &sin, tracebuf, SASIZE(&sin));
fprintf(stderr, "Sending confirmation to client with code %d for %s with %s:%hu\n",
param->res,
commands[command],
tracebuf,
ntohs(*SAPORT(&sin))
inet_ntoa(sin.sin_addr),
ntohs(sin.sin_port)
);
fflush(stderr);
#endif
@ -368,7 +362,7 @@ fflush(stderr);
fprintf(stderr, "Sending incoming connection to client with code %d for %s with %hu\n",
param->res,
commands[command],
*SAPORT(&param->sinsr)
*SAPORT(param->sins);
);
fflush(stderr);
#endif
@ -451,18 +445,15 @@ fflush(stderr);
param->statscli64+=(len - i);
param->nwrites++;
#if SOCKSTRACE > 1
myinet_ntop(*SAFAMILY(&param->sinsr), &param->sinsr, tracebuf, SASIZE(&param->sinsr));
fprintf(stderr, "UDP packet relayed from client to %s:%hu size %d, header %d\n",
tracebuf,
ntohs(*SAPORT(&param->sinsr)),
inet_ntoa(param->sins.sin_addr),
ntohs(param->sins.sin_port),
(len - i),
i
);
myinet_ntop(*SAFAMILY(&sin), &sin, tracebuf, SASIZE(&sin));
fprintf(stderr, "client address is assumed to be %s:%hu\n",
tracebuf,
ntohs(*SAPORT(&sin))
inet_ntoa(sin.sin_addr),
ntohs(sin.sin_port)
);
fflush(stderr);
#endif

26
src/structures.h
View File

@ -266,7 +266,7 @@ struct passwords {
};
typedef enum {
R_TCP = 1,
R_TCP,
R_CONNECT,
R_SOCKS4,
R_SOCKS5,
@ -281,20 +281,9 @@ typedef enum {
R_SOCKS5B,
R_ADMIN,
R_EXTIP,
R_TLS,
R_HA,
R_DNS
R_TLS
} REDIRTYPE;
struct redirdesc {
REDIRTYPE redir;
char * name;
void * (*func)(struct clientparam *);
};
extern struct redirdesc redirs[];
struct chain {
struct chain * next;
int type;
@ -501,7 +490,6 @@ struct srvparam {
int clisockopts, srvsockopts, lissockopts, cbcsockopts, cbssockopts;
int gracetraf, gracenum, gracedelay;
int requirecert;
int haproxy;
#ifdef WITHSPLICE
int usesplice;
#endif
@ -584,8 +572,7 @@ struct clientparam {
chunked,
paused,
version,
connlim,
predatdone;
connlim;
unsigned char *hostname,
*username,
@ -632,11 +619,6 @@ struct filemon {
struct extparam {
#ifdef _WIN32
HANDLE threadinit[2];
#else
int threadinit[2];
#endif
int timeouts[12];
struct ace * acl;
char * conffile;
@ -645,7 +627,7 @@ struct extparam {
struct trafcount * trafcounter;
struct srvparam *services;
int stacksize,
counterd, haveerror, rotate, paused, archiverc,
threadinit, counterd, haveerror, rotate, paused, archiverc,
demon, maxchild, backlog, needreload, timetoexit, version, noforce, bandlimver, parentretries;
int authcachetype, authcachetime;
int filtermaxsize;