curl/lib/socks.h

#ifndef HEADER_CURL_SOCKS_H
#define HEADER_CURL_SOCKS_H
/***************************************************************************
 *                                  _   _ ____  _
 *  Project                     ___| | | |  _ \| |
 *                             / __| | | | |_) | |
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
 * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
 * are also available at https://curl.se/docs/copyright.html.
 *
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 * copies of the Software, and permit persons to whom the Software is
 * furnished to do so, under the terms of the COPYING file.
 *
 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
 * KIND, either express or implied.
 *
 * SPDX-License-Identifier: curl
 *
 ***************************************************************************/

#include "curl_setup.h"

#ifdef CURL_DISABLE_PROXY
#define Curl_SOCKS4(a,b,c,d,e) CURLE_NOT_BUILT_IN
#define Curl_SOCKS5(a,b,c,d,e,f) CURLE_NOT_BUILT_IN
#define Curl_SOCKS_getsock(x,y,z) 0
#else
/*
 * Helper read-from-socket functions. Does the same as Curl_read() but it
 * blocks until all bytes amount of buffersize will be read. No more, no less.
 *
 * This is STUPID BLOCKING behavior
 */
int Curl_blockread_all(struct Curl_cfilter *cf,
                       struct Curl_easy *data,
                       char *buf,
                       ssize_t buffersize,
                       ssize_t *n);

#if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)
/*
 * This function handles the SOCKS5 GSS-API negotiation and initialization
 */
CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf,
                                      struct Curl_easy *data);
#endif

CURLcode Curl_cf_socks_proxy_insert_after(struct Curl_cfilter *cf_at,
                                          struct Curl_easy *data);

extern struct Curl_cftype Curl_cft_socks_proxy;

#endif /* CURL_DISABLE_PROXY */

#endif  /* HEADER_CURL_SOCKS_H */
lib/*.h: use our standard naming scheme for header inclusion guards 2012-12-28 19:03:09 +08:00			`#ifndef HEADER_CURL_SOCKS_H`
			`#define HEADER_CURL_SOCKS_H`
standard curl source code headers 2006-09-24 03:09:39 +08:00			`/***************************************************************************`
			`* _ _ ____ _`
			`* Project ___\| \| \| \| _ \\| \|`
			`* / __\| \| \| \| \|_) \| \|`
			`* \| (__\| \|_\| \| _ <\| \|___`
			`* \___\|\___/\|_\| \_\_____\|`
			`*`
copyright: update all copyright lines and remove year ranges - they are mostly pointless in all major jurisdictions - many big corporations and projects already don't use them - saves us from pointless churn - git keeps history for us - the year range is kept in COPYING checksrc is updated to allow non-year using copyright statements Closes #10205 2023-01-02 20:51:48 +08:00			`* Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.`
standard curl source code headers 2006-09-24 03:09:39 +08:00			`*`
			`* This software is licensed as described in the file COPYING, which`
			`* you should have received as part of this distribution. The terms`
curl.se: new home Closes #6172 2020-11-04 21:02:01 +08:00			`* are also available at https://curl.se/docs/copyright.html.`
standard curl source code headers 2006-09-24 03:09:39 +08:00			`*`
			`* You may opt to use, copy, modify, merge, publish, distribute and/or sell`
			`* copies of the Software, and permit persons to whom the Software is`
			`* furnished to do so, under the terms of the COPYING file.`
			`*`
			`* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY`
			`* KIND, either express or implied.`
			`*`
			`* SPDX-License-Identifier: curl`
copyright: make repository REUSE compliant Add licensing and copyright information for all files in this repository. This either happens in the file itself as a comment header or in the file `.reuse/dep5`. This commit also adds a Github workflow to check pull requests and adapts copyright.pl to the changes. Closes #8869 2022-05-17 17:16:50 +08:00			`*`
standard curl source code headers 2006-09-24 03:09:39 +08:00			`***************************************************************************/`
Dmitriy Sergeyev provided a patch that made the SOCKS[45] code work better as it now will read the full data sent from servers. The SOCKS-related code was also moved to the new lib/socks.c source file. 2006-09-24 03:07:20 +08:00
build: fix circular header inclusion with other packages This commit renames lib/setup.h to lib/curl_setup.h and renames lib/setup_once.h to lib/curl_setup_once.h. Removes the need and usage of a header inclusion guard foreign to libcurl. [1] Removes the need and presence of an alarming notice we carried in old setup_once.h [2] ---------------------------------------- 1 - lib/setup_once.h used __SETUP_ONCE_H macro as header inclusion guard up to commit ec691ca3 which changed this to HEADER_CURL_SETUP_ONCE_H, this single inclusion guard is enough to ensure that inclusion of lib/setup_once.h done from lib/setup.h is only done once. Additionally lib/setup.h has always used __SETUP_ONCE_H macro to protect inclusion of setup_once.h even after commit ec691ca3, this was to avoid a circular header inclusion triggered when building a c-ares enabled version with c-ares sources available which also has a setup_once.h header. Commit ec691ca3 exposes the real nature of __SETUP_ONCE_H usage in lib/setup.h, it is a header inclusion guard foreign to libcurl belonging to c-ares's setup_once.h The renaming this commit does, fixes the circular header inclusion, and as such removes the need and usage of a header inclusion guard foreign to libcurl. Macro __SETUP_ONCE_H no longer used in libcurl. 2 - Due to the circular interdependency of old lib/setup_once.h and the c-ares setup_once.h header, old file lib/setup_once.h has carried back from 2006 up to now days an alarming and prominent notice about the need of keeping libcurl's and c-ares's setup_once.h in sync. Given that this commit fixes the circular interdependency, the need and presence of mentioned notice is removed. All mentioned interdependencies come back from now old days when the c-ares project lived inside a curl subdirectory. This commit removes last traces of such fact. 2013-01-07 02:06:49 +08:00			`#include "curl_setup.h"`
FTP+proxy: macrofied functions when proxy disabled In my attempts to reduce #ifdefs in code, the SOCKS functions are now macros when libcurl is built without proxy support and therefore the FTP code could avoid some #ifs. 2011-04-05 19:55:11 +08:00
			`#ifdef CURL_DISABLE_PROXY`
proxy: Support HTTPS proxy and SOCKS+HTTP(s) * HTTPS proxies: An HTTPS proxy receives all transactions over an SSL/TLS connection. Once a secure connection with the proxy is established, the user agent uses the proxy as usual, including sending CONNECT requests to instruct the proxy to establish a [usually secure] TCP tunnel with an origin server. HTTPS proxies protect nearly all aspects of user-proxy communications as opposed to HTTP proxies that receive all requests (including CONNECT requests) in vulnerable clear text. With HTTPS proxies, it is possible to have two concurrent _nested_ SSL/TLS sessions: the "outer" one between the user agent and the proxy and the "inner" one between the user agent and the origin server (through the proxy). This change adds supports for such nested sessions as well. A secure connection with a proxy requires its own set of the usual SSL options (their actual descriptions differ and need polishing, see TODO): --proxy-cacert FILE CA certificate to verify peer against --proxy-capath DIR CA directory to verify peer against --proxy-cert CERT[:PASSWD] Client certificate file and password --proxy-cert-type TYPE Certificate file type (DER/PEM/ENG) --proxy-ciphers LIST SSL ciphers to use --proxy-crlfile FILE Get a CRL list in PEM format from the file --proxy-insecure Allow connections to proxies with bad certs --proxy-key KEY Private key file name --proxy-key-type TYPE Private key file type (DER/PEM/ENG) --proxy-pass PASS Pass phrase for the private key --proxy-ssl-allow-beast Allow security flaw to improve interop --proxy-sslv2 Use SSLv2 --proxy-sslv3 Use SSLv3 --proxy-tlsv1 Use TLSv1 --proxy-tlsuser USER TLS username --proxy-tlspassword STRING TLS password --proxy-tlsauthtype STRING TLS authentication type (default SRP) All --proxy-foo options are independent from their --foo counterparts, except --proxy-crlfile which defaults to --crlfile and --proxy-capath which defaults to --capath. Curl now also supports %{proxy_ssl_verify_result} --write-out variable, similar to the existing %{ssl_verify_result} variable. Supported backends: OpenSSL, GnuTLS, and NSS. * A SOCKS proxy + HTTP/HTTPS proxy combination: If both --socks* and --proxy options are given, Curl first connects to the SOCKS proxy and then connects (through SOCKS) to the HTTP or HTTPS proxy. TODO: Update documentation for the new APIs and --proxy-* options. Look for "Added in 7.XXX" marks. 2016-11-17 01:49:15 +08:00			`#define Curl_SOCKS4(a,b,c,d,e) CURLE_NOT_BUILT_IN`
return code cleanup: build, init and run-time errors Stop the abuse of CURLE_FAILED_INIT as return code for things not being init related by introducing two new return codes: CURLE_NOT_BUILT_IN and CURLE_UNKNOWN_OPTION CURLE_NOT_BUILT_IN replaces return code 4 that has been obsoleted for several years. It is used for returning error when something is attempted to be used but the feature/option was not enabled or explictitly disabled at build-time. Getting this error mostly means that libcurl needs to be rebuilt. CURLE_FAILED_INIT is now saved and used strictly for init failures. Getting this problem means something went seriously wrong, like a resource shortage or similar. CURLE_UNKNOWN_OPTION is the option formerly known as CURLE_UNKNOWN_TELNET_OPTION (and the old name is still present, separately defined to be removed in a very distant future). This error code is meant to be used to return when an option is given to libcurl that isn't known. This problem would mostly indicate a problem in the program that uses libcurl. 2011-04-05 21:14:02 +08:00			`#define Curl_SOCKS5(a,b,c,d,e,f) CURLE_NOT_BUILT_IN`
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907 2020-02-14 23:16:54 +08:00			`#define Curl_SOCKS_getsock(x,y,z) 0`
FTP+proxy: macrofied functions when proxy disabled In my attempts to reduce #ifdefs in code, the SOCKS functions are now macros when libcurl is built without proxy support and therefore the FTP code could avoid some #ifs. 2011-04-05 19:55:11 +08:00			`#else`
- Markus Moeller introduced two new options to libcurl: CURLOPT_SOCKS5_GSSAPI_SERVICE and CURLOPT_SOCKS5_GSSAPI_NEC to allow libcurl to do GSS-style authentication with SOCKS5 proxies. The curl tool got the options called --socks5-gssapi-service and --socks5-gssapi-nec to enable these. 2009-01-29 05:33:58 +08:00			`/*`
			`* Helper read-from-socket functions. Does the same as Curl_read() but it`
			`* blocks until all bytes amount of buffersize will be read. No more, no less.`
			`*`
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907 2020-02-14 23:16:54 +08:00			`* This is STUPID BLOCKING behavior`
- Markus Moeller introduced two new options to libcurl: CURLOPT_SOCKS5_GSSAPI_SERVICE and CURLOPT_SOCKS5_GSSAPI_NEC to allow libcurl to do GSS-style authentication with SOCKS5 proxies. The curl tool got the options called --socks5-gssapi-service and --socks5-gssapi-nec to enable these. 2009-01-29 05:33:58 +08:00			`*/`
cf-socket: improvements in socket I/O handling - Curl_write_plain/Curl_read_plain have been eliminated. Last code use now uses Curl_conn_send/recv so that requests use conn->send/revc callbacks which defaults to cfilters use. - Curl_recv_plain/Curl_send_plain have been internalized in cf-socket.c. - USE_RECV_BEFORE_SEND_WORKAROUND (active on Windows) has been moved into cf-socket.c. The pre_recv buffer is held at the socket filter context. `postponed_data` structures have been removed from `connectdata`. - the hanger in HTTP/2 request handling was a result of read buffering on all sends and the multi handling is not prepared for this. The following happens: - multi preforms on a HTTP/2 easy handle - h2 reads and processes data - this leads to a send of h2 data - which receives and buffers before the send - h2 returns - multi selects on the socket, but no data arrives (its in the buffer already) the workaround now receives data in a loop as long as there is something in the buffer. The real fix would be for multi to change, so that `data_pending` is evaluated before deciding to wait on the socket. io_buffer, optional, in cf-socket.c, http/2 sets state.drain if lower filter have pending data. This io_buffer is only available/used when the -DUSE_RECV_BEFORE_SEND_WORKAROUND is active, e.g. on Windows configurations. It also maintains the original checks on protocol handler being HTTP and conn->send/recv not being replaced. The HTTP/2 (nghttp2) cfilter now sets data->state.drain when it finds out that the "lower" filter chain has still pending data at the end of its IO operation. This prevents the processing from becoming stalled. Closes #10280 2023-01-30 23:03:00 +08:00			`int Curl_blockread_all(struct Curl_cfilter *cf,`
			`struct Curl_easy *data,`
- Markus Moeller introduced two new options to libcurl: CURLOPT_SOCKS5_GSSAPI_SERVICE and CURLOPT_SOCKS5_GSSAPI_NEC to allow libcurl to do GSS-style authentication with SOCKS5 proxies. The curl tool got the options called --socks5-gssapi-service and --socks5-gssapi-nec to enable these. 2009-01-29 05:33:58 +08:00			`char *buf,`
			`ssize_t buffersize,`
SOCKS: fix the connect timeout The connect timeout logic when using SOCKS was done wrong Bug: http://curl.haxx.se/mail/lib-2011-07/0177.html Reported by: "Spoon Man" 2011-08-08 17:10:17 +08:00			`ssize_t *n);`
- Markus Moeller introduced two new options to libcurl: CURLOPT_SOCKS5_GSSAPI_SERVICE and CURLOPT_SOCKS5_GSSAPI_NEC to allow libcurl to do GSS-style authentication with SOCKS5 proxies. The curl tool got the options called --socks5-gssapi-service and --socks5-gssapi-nec to enable these. 2009-01-29 05:33:58 +08:00
			`#if defined(HAVE_GSSAPI) \|\| defined(USE_WINDOWS_SSPI)`
			`/*`
English: use American spelling consistently Authorization, Initialization, Organization etc. Closes #8673 2022-04-05 19:32:26 +08:00			`* This function handles the SOCKS5 GSS-API negotiation and initialization`
- Markus Moeller introduced two new options to libcurl: CURLOPT_SOCKS5_GSSAPI_SERVICE and CURLOPT_SOCKS5_GSSAPI_NEC to allow libcurl to do GSS-style authentication with SOCKS5 proxies. The curl tool got the options called --socks5-gssapi-service and --socks5-gssapi-nec to enable these. 2009-01-29 05:33:58 +08:00			`*/`
cf-socket: improvements in socket I/O handling - Curl_write_plain/Curl_read_plain have been eliminated. Last code use now uses Curl_conn_send/recv so that requests use conn->send/revc callbacks which defaults to cfilters use. - Curl_recv_plain/Curl_send_plain have been internalized in cf-socket.c. - USE_RECV_BEFORE_SEND_WORKAROUND (active on Windows) has been moved into cf-socket.c. The pre_recv buffer is held at the socket filter context. `postponed_data` structures have been removed from `connectdata`. - the hanger in HTTP/2 request handling was a result of read buffering on all sends and the multi handling is not prepared for this. The following happens: - multi preforms on a HTTP/2 easy handle - h2 reads and processes data - this leads to a send of h2 data - which receives and buffers before the send - h2 returns - multi selects on the socket, but no data arrives (its in the buffer already) the workaround now receives data in a loop as long as there is something in the buffer. The real fix would be for multi to change, so that `data_pending` is evaluated before deciding to wait on the socket. io_buffer, optional, in cf-socket.c, http/2 sets state.drain if lower filter have pending data. This io_buffer is only available/used when the -DUSE_RECV_BEFORE_SEND_WORKAROUND is active, e.g. on Windows configurations. It also maintains the original checks on protocol handler being HTTP and conn->send/recv not being replaced. The HTTP/2 (nghttp2) cfilter now sets data->state.drain when it finds out that the "lower" filter chain has still pending data at the end of its IO operation. This prevents the processing from becoming stalled. Closes #10280 2023-01-30 23:03:00 +08:00			`CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf,`
lib: more conn->data cleanups Closes #6479 2021-01-18 18:56:50 +08:00			`struct Curl_easy *data);`
Dmitriy Sergeyev provided a patch that made the SOCKS[45] code work better as it now will read the full data sent from servers. The SOCKS-related code was also moved to the new lib/socks.c source file. 2006-09-24 03:07:20 +08:00			`#endif`
- Markus Moeller introduced two new options to libcurl: CURLOPT_SOCKS5_GSSAPI_SERVICE and CURLOPT_SOCKS5_GSSAPI_NEC to allow libcurl to do GSS-style authentication with SOCKS5 proxies. The curl tool got the options called --socks5-gssapi-service and --socks5-gssapi-nec to enable these. 2009-01-29 05:33:58 +08:00
lib: connect/h2/h3 refactor Refactoring of connection setup and happy eyeballing. Move nghttp2. ngtcp2, quiche and msh3 into connection filters. - eyeballing cfilter that uses sub-filters for performing parallel connects - socket cfilter for all transport types, including QUIC - QUIC implementations in cfilter, can now participate in eyeballing - connection setup is more dynamic in order to adapt to what filter did really connect. Relevant to see if a SSL filter needs to be added or if SSL has already been provided - HTTP/3 test cases similar to HTTP/2 - multiuse of parallel transfers for HTTP/3, tested for ngtcp2 and quiche - Fix for data attach/detach in VTLS filters that could lead to crashes during parallel transfers. - Eliminating setup() methods in cfilters, no longer needed. - Improving Curl_conn_is_alive() to replace Curl_connalive() and integrated ssl alive checks into cfilter. - Adding CF_CNTRL_CONN_INFO_UPDATE to tell filters to update connection into and persist it at the easy handle. - Several more cfilter related cleanups and moves: - stream_weigth and dependency info is now wrapped in struct Curl_data_priority - Curl_data_priority members depend is available in HTTP2\|HTTP3 - Curl_data_priority members depend on NGHTTP2 support - handling init/reset/cleanup of priority part of url.c - data->state.priority same struct, but shallow copy for compares only - PROTOPT_STREAM has been removed - Curl_conn_is_mulitplex() now available to check on capability - Adding query method to connection filters. - ngtcp2+quiche: implementing query for max concurrent transfers. - Adding is_alive and keep_alive cfilter methods. Adding DATA_SETUP event. - setting keepalive timestamp on connect - DATA_SETUP is called after the connection has been completely setup (but may not connected yet) to allow filters to initialize data members they use. - there is no socket to be had with msh3, it is unclear how select shall work - manual test via "curl --http3 https://curl.se" fail with "empty reply from server". - Various socket/conn related cleanups: - Curl_socket is now Curl_socket_open and in cf-socket.c - Curl_closesocket is now Curl_socket_close and in cf-socket.c - Curl_ssl_use has been replaced with Cur_conn_is_ssl - Curl_conn_tcp_accepted_set has been split into Curl_conn_tcp_listen_set and Curl_conn_tcp_accepted_set with a clearer purpose Closes #10141 2022-12-30 16:14:55 +08:00			`CURLcode Curl_cf_socks_proxy_insert_after(struct Curl_cfilter *cf_at,`
			`struct Curl_easy *data);`

curl_log: for failf/infof and debug logging implementations - new functions and macros for cfilter debugging - set CURL_DEBUG with names of cfilters where debug logging should be enabled - use GNUC __attribute__ to enable printf format checks during compile Closes #10271 2023-01-11 17:30:42 +08:00			`extern struct Curl_cftype Curl_cft_socks_proxy;`

FTP+proxy: macrofied functions when proxy disabled In my attempts to reduce #ifdefs in code, the SOCKS functions are now macros when libcurl is built without proxy support and therefore the FTP code could avoid some #ifs. 2011-04-05 19:55:11 +08:00			`#endif /* CURL_DISABLE_PROXY */`

lib/*.h: use our standard naming scheme for header inclusion guards 2012-12-28 19:03:09 +08:00			`#endif /* HEADER_CURL_SOCKS_H */`