+/*********************************************************************
+ *
+ * Function : socks5_connect
+ *
+ * Description : Connect to the SOCKS server, and connect through
+ * it to the specified server. This handles
+ * all the SOCKS negotiation, and returns a file
+ * descriptor for a socket which can be treated as a
+ * normal (non-SOCKS) socket.
+ *
+ * Parameters :
+ * 1 : fwd = Specifies the SOCKS proxy to use.
+ * 2 : target_host = The final server to connect to.
+ * 3 : target_port = The final port to connect to.
+ * 4 : csp = Current client state (buffers, headers, etc...)
+ *
+ * Returns : JB_INVALID_SOCKET => failure, else a socket file descriptor.
+ *
+ *********************************************************************/
+static jb_socket socks5_connect(const struct forward_spec *fwd,
+ const char *target_host,
+ int target_port,
+ struct client_state *csp)
+{
+ int err = 0;
+ char cbuf[300];
+ char sbuf[30];
+ size_t client_pos = 0;
+ int server_size = 0;
+ size_t hostlen = 0;
+ jb_socket sfd;
+ const char *errstr = NULL;
+
+ assert(fwd->gateway_host);
+ if ((fwd->gateway_host == NULL) || (*fwd->gateway_host == '\0'))
+ {
+ errstr = "NULL gateway host specified";
+ err = 1;
+ }
+
+ if (fwd->gateway_port <= 0)
+ {
+ /*
+ * XXX: currently this can't happen because in
+ * case of invalid gateway ports we use the defaults.
+ * Of course we really shouldn't do that.
+ */
+ errstr = "invalid gateway port specified";
+ err = 1;
+ }
+
+ hostlen = strlen(target_host);
+ if (hostlen > 255)
+ {
+ errstr = "target host name is longer than 255 characters";
+ err = 1;
+ }
+
+ if (fwd->type != SOCKS_5)
+ {
+ /* Should never get here */
+ log_error(LOG_LEVEL_FATAL,
+ "SOCKS5 impossible internal error - bad SOCKS type");
+ err = 1;
+ }
+
+ if (err)
+ {
+ errno = EINVAL;
+ assert(errstr != NULL);
+ log_error(LOG_LEVEL_CONNECT, "socks5_connect: %s", errstr);
+ csp->error_message = strdup(errstr);
+ return(JB_INVALID_SOCKET);
+ }
+
+ /* pass the request to the socks server */
+ sfd = connect_to(fwd->gateway_host, fwd->gateway_port, csp);
+
+ if (sfd == JB_INVALID_SOCKET)
+ {
+ errstr = "socks5 server unreachable";
+ log_error(LOG_LEVEL_CONNECT, "socks5_connect: %s", errstr);
+ csp->error_message = strdup(errstr);
+ return(JB_INVALID_SOCKET);
+ }
+
+ client_pos = 0;
+ cbuf[client_pos++] = '\x05'; /* Version */
+ cbuf[client_pos++] = '\x01'; /* One authentication method supported */
+ cbuf[client_pos++] = '\x00'; /* The no authentication authentication method */
+
+ if (write_socket(sfd, cbuf, client_pos))
+ {
+ errstr = "SOCKS5 negotiation write failed";
+ csp->error_message = strdup(errstr);
+ log_error(LOG_LEVEL_CONNECT, "%s", errstr);
+ close_socket(sfd);
+ return(JB_INVALID_SOCKET);
+ }
+
+ if (read_socket(sfd, sbuf, sizeof(sbuf)) != 2)
+ {
+ errstr = "SOCKS5 negotiation read failed";
+ err = 1;
+ }
+
+ if (!err && (sbuf[0] != '\x05'))
+ {
+ errstr = "SOCKS5 negotiation protocol version error";
+ err = 1;
+ }
+
+ if (!err && (sbuf[1] == '\xff'))
+ {
+ errstr = "SOCKS5 authentication required";
+ err = 1;
+ }
+
+ if (!err && (sbuf[1] != '\x00'))
+ {
+ errstr = "SOCKS5 negotiation protocol error";
+ err = 1;
+ }
+
+ if (err)
+ {
+ assert(errstr != NULL);
+ log_error(LOG_LEVEL_CONNECT, "socks5_connect: %s", errstr);
+ csp->error_message = strdup(errstr);
+ close_socket(sfd);
+ errno = EINVAL;
+ return(JB_INVALID_SOCKET);
+ }
+
+ client_pos = 0;
+ cbuf[client_pos++] = '\x05'; /* Version */
+ cbuf[client_pos++] = '\x01'; /* TCP connect */
+ cbuf[client_pos++] = '\x00'; /* Reserved, must be 0x00 */
+ cbuf[client_pos++] = '\x03'; /* Address is domain name */
+ cbuf[client_pos++] = (char)(hostlen & 0xffu);
+ assert(sizeof(cbuf) - client_pos > 255);
+ /* Using strncpy because we really want the nul byte padding. */
+ strncpy(cbuf + client_pos, target_host, sizeof(cbuf) - client_pos);
+ client_pos += (hostlen & 0xffu);
+ cbuf[client_pos++] = (char)((target_port >> 8) & 0xffu);
+ cbuf[client_pos++] = (char)((target_port ) & 0xffu);
+
+ if (write_socket(sfd, cbuf, client_pos))
+ {
+ errstr = "SOCKS5 negotiation read failed";
+ csp->error_message = strdup(errstr);
+ log_error(LOG_LEVEL_CONNECT, "%s", errstr);
+ close_socket(sfd);
+ errno = EINVAL;
+ return(JB_INVALID_SOCKET);
+ }
+
+ server_size = read_socket(sfd, sbuf, sizeof(sbuf));
+ if (server_size < 3)
+ {
+ errstr = "SOCKS5 negotiation read failed";
+ err = 1;
+ }
+ else if (server_size > 20)
+ {
+ /* This is somewhat unexpected but doesn't realy matter. */
+ log_error(LOG_LEVEL_CONNECT, "socks5_connect: read %d bytes "
+ "from socks server. Would have accepted up to %d.",
+ server_size, sizeof(sbuf));
+ }
+
+ if (!err && (sbuf[0] != '\x05'))
+ {
+ errstr = "SOCKS5 negotiation protocol version error";
+ err = 1;
+ }
+
+ if (!err && (sbuf[2] != '\x00'))
+ {
+ errstr = "SOCKS5 negotiation protocol error";
+ err = 1;
+ }
+
+ if (!err)
+ {
+ if (sbuf[1] == SOCKS5_REQUEST_GRANTED)
+ {
+ return(sfd);
+ }
+ errstr = translate_socks5_error(sbuf[1]);
+ err = 1;
+ }
+
+ assert(errstr != NULL);
+ csp->error_message = strdup(errstr);
+ log_error(LOG_LEVEL_CONNECT, "socks5_connect: %s", errstr);
+ close_socket(sfd);
+ errno = EINVAL;
+
+ return(JB_INVALID_SOCKET);
+
+}