Integrate unfix.org's IPv6 patches up to level 10, with rather a lot

[u/mdw/putty] / proxy.c

diff --git a/proxy.c b/proxy.c
index 59f2abb..f21c17b 100644 (file)
--- a/proxy.c
+++ b/proxy.c
@@ -16,7 +16,9 @@
 
 #define do_proxy_dns(cfg) \
     (cfg->proxy_dns == FORCE_ON || \
-        (cfg->proxy_dns == AUTO && cfg->proxy_type != PROXY_SOCKS))
+        (cfg->proxy_dns == AUTO && \
+              cfg->proxy_type != PROXY_SOCKS4 && \
+              cfg->proxy_type != PROXY_SOCKS5))
 
 /*
  * Call this when proxy negotiation is complete, so that this
@@ -88,6 +90,7 @@ static void sk_proxy_close (Socket s)
     Proxy_Socket ps = (Proxy_Socket) s;
 
     sk_close(ps->sub_socket);
+    sk_addr_free(ps->remote_addr);
     sfree(ps);
 }
 
@@ -158,10 +161,14 @@ static void sk_proxy_set_frozen (Socket s, int is_frozen)
         */
         while (!ps->freeze && bufchain_size(&ps->pending_input_data) > 0) {
            void *data;
+           char databuf[512];
            int len;
            bufchain_prefix(&ps->pending_input_data, &data, &len);
-           plug_receive(ps->plug, 0, data, len);
+           if (len > lenof(databuf))
+               len = lenof(databuf);
+           memcpy(databuf, data, len);
            bufchain_consume(&ps->pending_input_data, len);
+           plug_receive(ps->plug, 0, databuf, len);
        }
 
        /* if we're still frozen, we'll have to wait for another
@@ -232,7 +239,7 @@ static void plug_proxy_sent (Plug p, int bufsize)
     plug_sent(ps->plug, bufsize);
 }
 
-static int plug_proxy_accepting (Plug p, void *sock)
+static int plug_proxy_accepting (Plug p, OSSocket sock)
 {
     Proxy_Plug pp = (Proxy_Plug) p;
     Proxy_Socket ps = pp->proxy_socket;
@@ -316,9 +323,9 @@ static int proxy_for_destination (SockAddr addr, char *hostname, int port,
             * match (ie. a specific IP)
             */
 
-           if (addr && stricmp(hostip, exclude_list + s) == 0)
+           if (addr && strnicmp(hostip, exclude_list + s, e - s) == 0)
                return 0; /* IP/hostname excluded. do not use proxy. */
-           if (stricmp(hostname, exclude_list + s) == 0)
+           if (strnicmp(hostname, exclude_list + s, e - s) == 0)
                return 0; /* IP/hostname excluded. do not use proxy. */
        }
 
@@ -335,7 +342,7 @@ static int proxy_for_destination (SockAddr addr, char *hostname, int port,
 }
 
 SockAddr name_lookup(char *host, int port, char **canonicalname,
-                    const Config *cfg)
+                    const Config *cfg, int addressfamily)
 {
     if (cfg->proxy_type != PROXY_NONE &&
        do_proxy_dns(cfg) &&
@@ -344,18 +351,13 @@ SockAddr name_lookup(char *host, int port, char **canonicalname,
        return sk_nonamelookup(host);
     }
 
-    return sk_namelookup(host, canonicalname);
+    return sk_namelookup(host, canonicalname, addressfamily);
 }
 
-Socket platform_new_connection(SockAddr addr, char *hostname,
-                              int port, int privport,
-                              int oobinline, int nodelay, Plug plug,
-                              const Config *cfg);
-
 Socket new_connection(SockAddr addr, char *hostname,
                      int port, int privport,
-                     int oobinline, int nodelay, Plug plug,
-                     const Config *cfg)
+                     int oobinline, int nodelay, int keepalive,
+                     Plug plug, const Config *cfg)
 {
     static const struct socket_function_table socket_fn_table = {
        sk_proxy_plug,
@@ -385,15 +387,17 @@ Socket new_connection(SockAddr addr, char *hostname,
        char *proxy_canonical_name;
        Socket sret;
 
-       if ( (sret = platform_new_connection(addr, hostname, port, privport,
-                                            oobinline, nodelay, plug, cfg)) )
+       if ((sret = platform_new_connection(addr, hostname, port, privport,
+                                           oobinline, nodelay, keepalive,
+                                           plug, cfg)) !=
+           NULL)
            return sret;
 
        ret = snew(struct Socket_proxy_tag);
        ret->fn = &socket_fn_table;
        ret->cfg = *cfg;               /* STRUCTURE COPY */
        ret->plug = plug;
-       ret->remote_addr = addr;
+       ret->remote_addr = addr;       /* will need to be freed on close */
        ret->remote_port = port;
 
        ret->error = NULL;
@@ -410,11 +414,10 @@ Socket new_connection(SockAddr addr, char *hostname,
        
        if (cfg->proxy_type == PROXY_HTTP) {
            ret->negotiate = proxy_http_negotiate;
-       } else if (cfg->proxy_type == PROXY_SOCKS) {
-           if (cfg->proxy_socks_version == 4)
-               ret->negotiate = proxy_socks4_negotiate;
-           else
-               ret->negotiate = proxy_socks5_negotiate;
+       } else if (cfg->proxy_type == PROXY_SOCKS4) {
+            ret->negotiate = proxy_socks4_negotiate;
+       } else if (cfg->proxy_type == PROXY_SOCKS5) {
+            ret->negotiate = proxy_socks5_negotiate;
        } else if (cfg->proxy_type == PROXY_TELNET) {
            ret->negotiate = proxy_telnet_negotiate;
        } else {
@@ -430,7 +433,7 @@ Socket new_connection(SockAddr addr, char *hostname,
 
        /* look-up proxy */
        proxy_addr = sk_namelookup(cfg->proxy_host,
-                                  &proxy_canonical_name);
+                                  &proxy_canonical_name, cfg->addressfamily);
        if (sk_addr_error(proxy_addr) != NULL) {
            ret->error = "Proxy error: Unable to resolve proxy host name";
            return (Socket)ret;
@@ -442,12 +445,10 @@ Socket new_connection(SockAddr addr, char *hostname,
         */
        ret->sub_socket = sk_new(proxy_addr, cfg->proxy_port,
                                 privport, oobinline,
-                                nodelay, (Plug) pplug);
+                                nodelay, keepalive, (Plug) pplug);
        if (sk_socket_error(ret->sub_socket) != NULL)
            return (Socket) ret;
 
-       sk_addr_free(proxy_addr);
-
        /* start the proxy negotiation process... */
        sk_set_frozen(ret->sub_socket, 0);
        ret->negotiate(ret, PROXY_CHANGE_NEW);
@@ -456,17 +457,17 @@ Socket new_connection(SockAddr addr, char *hostname,
     }
 
     /* no proxy, so just return the direct socket */
-    return sk_new(addr, port, privport, oobinline, nodelay, plug);
+    return sk_new(addr, port, privport, oobinline, nodelay, keepalive, plug);
 }
 
 Socket new_listener(char *srcaddr, int port, Plug plug, int local_host_only,
-                   const Config *cfg)
+                   const Config *cfg, int addressfamily)
 {
     /* TODO: SOCKS (and potentially others) support inbound
      * TODO: connections via the proxy. support them.
      */
 
-    return sk_newlistener(srcaddr, port, plug, local_host_only);
+    return sk_newlistener(srcaddr, port, plug, local_host_only, addressfamily);
 }
 
 /* ----------------------------------------------------------------------
@@ -590,8 +591,14 @@ int proxy_http_negotiate (Proxy_Socket p, int change)
            /* get the status line */
            len = bufchain_size(&p->pending_input_data);
            assert(len > 0);           /* or we wouldn't be here */
-           data = snewn(len, char);
+           data = snewn(len+1, char);
            bufchain_fetch(&p->pending_input_data, data, len);
+           /*
+            * We must NUL-terminate this data, because Windows
+            * sscanf appears to require a NUL at the end of the
+            * string because it strlens it _first_. Sigh.
+            */
+           data[len] = '\0';
 
            eol = get_line_end(data, len);
            if (eol < 0) {
@@ -852,15 +859,16 @@ int proxy_socks5_negotiate (Proxy_Socket p, int change)
         *     0x03 = CHAP
         */
 
-       char command[4];
+       char command[5];
        int len;
 
        command[0] = 5; /* version 5 */
        if (p->cfg.proxy_username[0] || p->cfg.proxy_password[0]) {
-           command[1] = 2;            /* two methods supported: */
            command[2] = 0x00;         /* no authentication */
-           command[3] = 0x02;         /* username/password */
-           len = 4;
+           len = 3;
+           proxy_socks5_offerencryptedauth (command, &len);
+           command[len++] = 0x02;             /* username/password */
+           command[1] = len - 2;       /* Number of methods supported */
        } else {
            command[1] = 1;            /* one methods supported: */
            command[2] = 0x00;         /* no authentication */
@@ -916,7 +924,7 @@ int proxy_socks5_negotiate (Proxy_Socket p, int change)
             *    authentication methods:
             *     0x00 = no authentication
             *     0x01 = GSSAPI
-            *     0x02 = username/password 
+            *     0x02 = username/password
             *     0x03 = CHAP
             *     0xff = no acceptable methods
             */
@@ -981,6 +989,12 @@ int proxy_socks5_negotiate (Proxy_Socket p, int change)
            p->state = 2;              /* now proceed as authenticated */
        }
 
+       if (p->state == 8) {
+           int ret;
+           ret = proxy_socks5_handlechap(p);
+           if (ret) return ret;
+       }
+
        if (p->state == 2) {
 
            /* request format:
@@ -1149,10 +1163,9 @@ int proxy_socks5_negotiate (Proxy_Socket p, int change)
        }
 
        if (p->state == 6) {
-           /* TODO: Handle CHAP authentication */
-           plug_closing(p->plug, "Proxy error: We don't support CHAP authentication",
-                        PROXY_ERROR_GENERAL, 0);
-           return 1;
+           int ret;
+           ret = proxy_socks5_selectchap(p);
+           if (ret) return ret;
        }
 
     }