#include <poll.h>
+/* Maximum line of the request line. Longer request lines are aborted with an
+ * error. The standard doesn't specify a maximum line length but this should
+ * be a good limit to make processing simpler. */
+#define MAX_REQUEST_LINE 4096
+
+
+/* Proxy hostname and port if specified on the command line. */
+static char *use_proxy_host;
+static char *use_proxy_port;
+
+
static void handle_connection(int socket);
+static int read_http_request(FILE *client_fd, char *request, size_t length);
static void send_close_bad_request(FILE *client_fd);
static void send_close_forwarding_failure(FILE *client_fd);
int client_socket, server_socket;
struct sockaddr_in6 server_in;
- if (2 != argc) {
- printf("Usage: %s port\n", argv[0]);
+ if (2 != argc && 5 != argc) {
+ printf("Usage: %s [-proxy hostname port] port\n", argv[0]);
return EXIT_FAILURE;
}
- port = atoi(argv[1]);
+ port = atoi(argv[5 == argc ? 4 : 1]);
if (0 >= port || 0xffff < port) {
- printf("Usage: %s port\n", argv[0]);
+ printf("Usage: %s [-proxy hostname port] port\n", argv[0]);
printf("\n");
- printf("Invalid port: %s!\n", argv[1]);
+ printf("Invalid port: %s!\n", argv[5 == argc ? 4 : 1]);
return EXIT_FAILURE;
}
+ if (5 == argc) {
+ use_proxy_host = strdup(argv[2]);
+ use_proxy_port = strdup(argv[3]);
+ if (NULL == use_proxy_host || NULL == use_proxy_port) {
+ perror("strdup()");
+ return EXIT_FAILURE;
+ }
+#ifdef DEBUG
+ printf("Using proxy: %s:%s.\n", use_proxy_host, use_proxy_port);
+#endif
+ }
+
server_socket = socket(PF_INET6, SOCK_STREAM, 0);
if (-1 == server_socket) {
perror("socket()");
int server_socket;
FILE *client_fd, *server_fd;
- char buffer[4096];
- char host[4096];
+ char buffer[MAX_REQUEST_LINE];
+ char host[MAX_REQUEST_LINE];
char port[5 + 1];
int version_minor;
+ int result;
client_fd = fdopen(client_socket, "a+");
if (NULL == client_fd) {
printf("New connection:\n");
#endif
- if (NULL == fgets(buffer, sizeof(buffer), client_fd)) {
- if (ferror(client_fd)) {
- perror("fgets(), request");
- fclose(client_fd);
- return;
- }
-
+ /* Read request line (CONNECT ..) and headers (they are discarded). */
+ result = read_http_request(client_fd, buffer, sizeof(buffer));
+ if (result == -1) {
+ /* Read error. */
+ return;
+ } else if (result == -2) {
+ /* EOF */
send_close_bad_request(client_fd);
return;
}
return;
}
- while (NULL != fgets(buffer, sizeof(buffer), client_fd)) {
- /* End of header. */
- if (0 == strcmp(buffer, "\n") || 0 == strcmp(buffer, "\r\n")) {
- break;
- }
- }
- if (ferror(client_fd)) {
- perror("fgets(), header");
- fclose(client_fd);
- return;
- }
-
#ifdef DEBUG
printf(" %s:%s (HTTP 1.%d)\n", host, port, version_minor);
#endif
- server_socket = connect_to_host(host, port);
+ /* Connect to proxy server or directly to server. */
+ if (NULL != use_proxy_host && NULL != use_proxy_port) {
+ server_socket = connect_to_host(use_proxy_host, use_proxy_port);
+ } else {
+ server_socket = connect_to_host(host, port);
+ }
+
if (-1 == server_socket) {
send_close_forwarding_failure(client_fd);
return;
return;
}
+ /* Connect to proxy if requested (command line option). */
+ if (NULL != use_proxy_host && NULL != use_proxy_port) {
+ fprintf(server_fd, "CONNECT %s:%s HTTP/1.0\r\n", host, port);
+ fprintf(server_fd, "\r\n");
+
+ /* Read response line from proxy server. */
+ result = read_http_request(server_fd, buffer, sizeof(buffer));
+ if (result == -1) {
+ /* Read error. */
+ send_close_forwarding_failure(client_fd);
+ return;
+ } else if (result == -2) {
+ /* EOF */
+ fclose(server_fd);
+ send_close_forwarding_failure(client_fd);
+ return;
+ }
+
+ /* Check response of proxy server. */
+ if (0 != strncmp(buffer, "HTTP/1.0 200", 12)) {
+#ifdef DEBUG
+ printf(" bad proxy response\n");
+#endif
+ fclose(server_fd);
+ send_close_forwarding_failure(client_fd);
+ return;
+ }
+ }
+
+#ifdef DEBUG
+ printf(" connection to server established\n");
+#endif
+
/* We've established a connection, tell the client. */
fprintf(client_fd, "HTTP/1.0 200 Connection established\r\n");
fprintf(client_fd, "\r\n");
fclose(server_fd);
}
+/* Read HTTP request line and headers (ignored).
+ *
+ * On success 0 is returned, -1 on client error (we close client descriptor in
+ * this case), -2 on unexpected EOF.
+ */
+static int read_http_request(FILE *client_fd, char *request, size_t length) {
+ char buffer[MAX_REQUEST_LINE];
+
+ if (NULL == fgets(request, (int)length, client_fd)) {
+ if (ferror(client_fd)) {
+ perror("fgets(), request");
+ fclose(client_fd);
+ return -1;
+ }
+
+ return -2;
+ }
+
+ while (NULL != fgets(buffer, MAX_REQUEST_LINE, client_fd)) {
+ /* End of header. */
+ if (0 == strcmp(buffer, "\n") || 0 == strcmp(buffer, "\r\n")) {
+ break;
+ }
+ }
+ if (ferror(client_fd)) {
+ perror("fgets(), header");
+ fclose(client_fd);
+ return -1;
+ }
+
+ return 0;
+}
+
static void send_close_bad_request(FILE *client_fd) {
fprintf(client_fd, "HTTP/1.0 400 Bad Request\r\n");
fprintf(client_fd, "\r\n");
ruderich.org/simon / tlsproxy / tlsproxy.git / blobdiff