123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336 |
- /***************************************************************************
- * _ _ ____ _
- * Project ___| | | | _ \| |
- * / __| | | | |_) | |
- * | (__| |_| | _ <| |___
- * \___|\___/|_| \_\_____|
- *
- * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at https://curl.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- * SPDX-License-Identifier: curl
- *
- ***************************************************************************/
- #include "curl_setup.h"
- #include "http_proxy.h"
- #if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_PROXY)
- #include <curl/curl.h>
- #ifdef USE_HYPER
- #error #include <hyper.h>
- #endif
- #include "sendf.h"
- #include "http.h"
- #include "url.h"
- #include "select.h"
- #include "progress.h"
- #include "cfilters.h"
- #include "cf-h1-proxy.h"
- #include "cf-h2-proxy.h"
- #include "connect.h"
- #include "curlx.h"
- #include "vtls/vtls.h"
- #include "transfer.h"
- #include "multiif.h"
- /* The last 3 #include files should be in this order */
- #include "curl_printf.h"
- #include "curl_memory.h"
- #include "memdebug.h"
- CURLcode Curl_http_proxy_get_destination(struct Curl_cfilter *cf,
- const char **phostname,
- int *pport, bool *pipv6_ip)
- {
- DEBUGASSERT(cf);
- DEBUGASSERT(cf->conn);
- if(cf->conn->bits.conn_to_host)
- *phostname = cf->conn->conn_to_host.name;
- else if(cf->sockindex == SECONDARYSOCKET)
- *phostname = cf->conn->secondaryhostname;
- else
- *phostname = cf->conn->host.name;
- if(cf->sockindex == SECONDARYSOCKET)
- *pport = cf->conn->secondary_port;
- else if(cf->conn->bits.conn_to_port)
- *pport = cf->conn->conn_to_port;
- else
- *pport = cf->conn->remote_port;
- if(*phostname != cf->conn->host.name)
- *pipv6_ip = (strchr(*phostname, ':') != NULL);
- else
- *pipv6_ip = cf->conn->bits.ipv6_ip;
- return CURLE_OK;
- }
- CURLcode Curl_http_proxy_create_CONNECT(struct httpreq **preq,
- struct Curl_cfilter *cf,
- struct Curl_easy *data,
- int http_version_major)
- {
- const char *hostname = NULL;
- char *authority = NULL;
- int port;
- bool ipv6_ip;
- CURLcode result;
- struct httpreq *req = NULL;
- result = Curl_http_proxy_get_destination(cf, &hostname, &port, &ipv6_ip);
- if(result)
- goto out;
- authority = aprintf("%s%s%s:%d", ipv6_ip?"[":"", hostname,
- ipv6_ip?"]":"", port);
- if(!authority) {
- result = CURLE_OUT_OF_MEMORY;
- goto out;
- }
- result = Curl_http_req_make(&req, "CONNECT", sizeof("CONNECT")-1,
- NULL, 0, authority, strlen(authority),
- NULL, 0);
- if(result)
- goto out;
- /* Setup the proxy-authorization header, if any */
- result = Curl_http_output_auth(data, cf->conn, req->method, HTTPREQ_GET,
- req->authority, TRUE);
- if(result)
- goto out;
- /* If user is not overriding Host: header, we add for HTTP/1.x */
- if(http_version_major == 1 &&
- !Curl_checkProxyheaders(data, cf->conn, STRCONST("Host"))) {
- result = Curl_dynhds_cadd(&req->headers, "Host", authority);
- if(result)
- goto out;
- }
- if(data->state.aptr.proxyuserpwd) {
- result = Curl_dynhds_h1_cadd_line(&req->headers,
- data->state.aptr.proxyuserpwd);
- if(result)
- goto out;
- }
- if(!Curl_checkProxyheaders(data, cf->conn, STRCONST("User-Agent"))
- && data->set.str[STRING_USERAGENT]) {
- result = Curl_dynhds_cadd(&req->headers, "User-Agent",
- data->set.str[STRING_USERAGENT]);
- if(result)
- goto out;
- }
- if(http_version_major == 1 &&
- !Curl_checkProxyheaders(data, cf->conn, STRCONST("Proxy-Connection"))) {
- result = Curl_dynhds_cadd(&req->headers, "Proxy-Connection", "Keep-Alive");
- if(result)
- goto out;
- }
- result = Curl_dynhds_add_custom(data, TRUE, &req->headers);
- out:
- if(result && req) {
- Curl_http_req_free(req);
- req = NULL;
- }
- free(authority);
- *preq = req;
- return result;
- }
- struct cf_proxy_ctx {
- /* the protocol specific sub-filter we install during connect */
- struct Curl_cfilter *cf_protocol;
- };
- static CURLcode http_proxy_cf_connect(struct Curl_cfilter *cf,
- struct Curl_easy *data,
- bool blocking, bool *done)
- {
- struct cf_proxy_ctx *ctx = cf->ctx;
- CURLcode result;
- if(cf->connected) {
- *done = TRUE;
- return CURLE_OK;
- }
- CURL_TRC_CF(data, cf, "connect");
- connect_sub:
- result = cf->next->cft->do_connect(cf->next, data, blocking, done);
- if(result || !*done)
- return result;
- *done = FALSE;
- if(!ctx->cf_protocol) {
- struct Curl_cfilter *cf_protocol = NULL;
- int alpn = Curl_conn_cf_is_ssl(cf->next)?
- cf->conn->proxy_alpn : CURL_HTTP_VERSION_1_1;
- /* First time call after the subchain connected */
- switch(alpn) {
- case CURL_HTTP_VERSION_NONE:
- case CURL_HTTP_VERSION_1_0:
- case CURL_HTTP_VERSION_1_1:
- CURL_TRC_CF(data, cf, "installing subfilter for HTTP/1.1");
- infof(data, "CONNECT tunnel: HTTP/1.%d negotiated",
- (alpn == CURL_HTTP_VERSION_1_0)? 0 : 1);
- result = Curl_cf_h1_proxy_insert_after(cf, data);
- if(result)
- goto out;
- cf_protocol = cf->next;
- break;
- #ifdef USE_NGHTTP2
- case CURL_HTTP_VERSION_2:
- CURL_TRC_CF(data, cf, "installing subfilter for HTTP/2");
- infof(data, "CONNECT tunnel: HTTP/2 negotiated");
- result = Curl_cf_h2_proxy_insert_after(cf, data);
- if(result)
- goto out;
- cf_protocol = cf->next;
- break;
- #endif
- default:
- infof(data, "CONNECT tunnel: unsupported ALPN(%d) negotiated", alpn);
- result = CURLE_COULDNT_CONNECT;
- goto out;
- }
- ctx->cf_protocol = cf_protocol;
- /* after we installed the filter "below" us, we call connect
- * on out sub-chain again.
- */
- goto connect_sub;
- }
- else {
- /* subchain connected and we had already installed the protocol filter.
- * This means the protocol tunnel is established, we are done.
- */
- DEBUGASSERT(ctx->cf_protocol);
- result = CURLE_OK;
- }
- out:
- if(!result) {
- cf->connected = TRUE;
- *done = TRUE;
- }
- return result;
- }
- void Curl_cf_http_proxy_get_host(struct Curl_cfilter *cf,
- struct Curl_easy *data,
- const char **phost,
- const char **pdisplay_host,
- int *pport)
- {
- (void)data;
- if(!cf->connected) {
- *phost = cf->conn->http_proxy.host.name;
- *pdisplay_host = cf->conn->http_proxy.host.dispname;
- *pport = (int)cf->conn->http_proxy.port;
- }
- else {
- cf->next->cft->get_host(cf->next, data, phost, pdisplay_host, pport);
- }
- }
- static void http_proxy_cf_destroy(struct Curl_cfilter *cf,
- struct Curl_easy *data)
- {
- struct cf_proxy_ctx *ctx = cf->ctx;
- (void)data;
- CURL_TRC_CF(data, cf, "destroy");
- free(ctx);
- }
- static void http_proxy_cf_close(struct Curl_cfilter *cf,
- struct Curl_easy *data)
- {
- struct cf_proxy_ctx *ctx = cf->ctx;
- CURL_TRC_CF(data, cf, "close");
- cf->connected = FALSE;
- if(ctx->cf_protocol) {
- struct Curl_cfilter *f;
- /* if someone already removed it, we assume he also
- * took care of destroying it. */
- for(f = cf->next; f; f = f->next) {
- if(f == ctx->cf_protocol) {
- /* still in our sub-chain */
- Curl_conn_cf_discard_sub(cf, ctx->cf_protocol, data, FALSE);
- break;
- }
- }
- ctx->cf_protocol = NULL;
- }
- if(cf->next)
- cf->next->cft->do_close(cf->next, data);
- }
- struct Curl_cftype Curl_cft_http_proxy = {
- "HTTP-PROXY",
- CF_TYPE_IP_CONNECT,
- 0,
- http_proxy_cf_destroy,
- http_proxy_cf_connect,
- http_proxy_cf_close,
- Curl_cf_http_proxy_get_host,
- Curl_cf_def_adjust_pollset,
- Curl_cf_def_data_pending,
- Curl_cf_def_send,
- Curl_cf_def_recv,
- Curl_cf_def_cntrl,
- Curl_cf_def_conn_is_alive,
- Curl_cf_def_conn_keep_alive,
- Curl_cf_def_query,
- };
- CURLcode Curl_cf_http_proxy_insert_after(struct Curl_cfilter *cf_at,
- struct Curl_easy *data)
- {
- struct Curl_cfilter *cf;
- struct cf_proxy_ctx *ctx = NULL;
- CURLcode result;
- (void)data;
- ctx = calloc(1, sizeof(*ctx));
- if(!ctx) {
- result = CURLE_OUT_OF_MEMORY;
- goto out;
- }
- result = Curl_cf_create(&cf, &Curl_cft_http_proxy, ctx);
- if(result)
- goto out;
- ctx = NULL;
- Curl_conn_cf_insert_after(cf_at, cf);
- out:
- free(ctx);
- return result;
- }
- #endif /* ! CURL_DISABLE_HTTP && !CURL_DISABLE_PROXY */
|