1 | /* GIO - GLib Input, Output and Streaming Library |
2 | * |
3 | * Copyright (C) 2010 Collabora, Ltd. |
4 | * Copyright (C) 2014 Red Hat, Inc. |
5 | * |
6 | * This library is free software; you can redistribute it and/or |
7 | * modify it under the terms of the GNU Lesser General Public |
8 | * License as published by the Free Software Foundation; either |
9 | * version 2.1 of the License, or (at your option) any later version. |
10 | * |
11 | * This library is distributed in the hope that it will be useful, |
12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
14 | * Lesser General Public License for more details. |
15 | * |
16 | * You should have received a copy of the GNU Lesser General |
17 | * Public License along with this library; if not, see <http://www.gnu.org/licenses/>. |
18 | * |
19 | * Author: Nicolas Dufresne <nicolas.dufresne@collabora.co.uk> |
20 | * Marc-André Lureau <marcandre.lureau@redhat.com> |
21 | */ |
22 | |
23 | #include "config.h" |
24 | |
25 | #include "ghttpproxy.h" |
26 | |
27 | #include <string.h> |
28 | #include <stdlib.h> |
29 | |
30 | #include "giomodule.h" |
31 | #include "giomodule-priv.h" |
32 | #include "giostream.h" |
33 | #include "ginputstream.h" |
34 | #include "glibintl.h" |
35 | #include "goutputstream.h" |
36 | #include "gproxy.h" |
37 | #include "gproxyaddress.h" |
38 | #include "gsocketconnectable.h" |
39 | #include "gtask.h" |
40 | #include "gtlsclientconnection.h" |
41 | #include "gtlsconnection.h" |
42 | |
43 | |
44 | struct _GHttpProxy |
45 | { |
46 | GObject parent; |
47 | }; |
48 | |
49 | struct _GHttpProxyClass |
50 | { |
51 | GObjectClass parent_class; |
52 | }; |
53 | |
54 | static void g_http_proxy_iface_init (GProxyInterface *proxy_iface); |
55 | |
56 | #define g_http_proxy_get_type _g_http_proxy_get_type |
57 | G_DEFINE_TYPE_WITH_CODE (GHttpProxy, g_http_proxy, G_TYPE_OBJECT, |
58 | G_IMPLEMENT_INTERFACE (G_TYPE_PROXY, |
59 | g_http_proxy_iface_init) |
60 | _g_io_modules_ensure_extension_points_registered (); |
61 | g_io_extension_point_implement (G_PROXY_EXTENSION_POINT_NAME, |
62 | g_define_type_id, |
63 | "http" , |
64 | 0)) |
65 | |
66 | static void |
67 | g_http_proxy_init (GHttpProxy *proxy) |
68 | { |
69 | } |
70 | |
71 | static gchar * |
72 | create_request (GProxyAddress *proxy_address, |
73 | gboolean *has_cred, |
74 | GError **error) |
75 | { |
76 | const gchar *hostname; |
77 | gint port; |
78 | const gchar *username; |
79 | const gchar *password; |
80 | GString *request; |
81 | gchar *ascii_hostname; |
82 | |
83 | if (has_cred) |
84 | *has_cred = FALSE; |
85 | |
86 | hostname = g_proxy_address_get_destination_hostname (proxy: proxy_address); |
87 | ascii_hostname = g_hostname_to_ascii (hostname); |
88 | if (!ascii_hostname) |
89 | { |
90 | g_set_error_literal (err: error, G_IO_ERROR, code: G_IO_ERROR_FAILED, |
91 | _("Invalid hostname" )); |
92 | return NULL; |
93 | } |
94 | port = g_proxy_address_get_destination_port (proxy: proxy_address); |
95 | username = g_proxy_address_get_username (proxy: proxy_address); |
96 | password = g_proxy_address_get_password (proxy: proxy_address); |
97 | |
98 | request = g_string_new (NULL); |
99 | |
100 | g_string_append_printf (string: request, |
101 | format: "CONNECT %s:%i HTTP/1.0\r\n" |
102 | "Host: %s:%i\r\n" |
103 | "Proxy-Connection: keep-alive\r\n" |
104 | "User-Agent: GLib/%i.%i\r\n" , |
105 | ascii_hostname, port, |
106 | ascii_hostname, port, |
107 | GLIB_MAJOR_VERSION, GLIB_MINOR_VERSION); |
108 | g_free (mem: ascii_hostname); |
109 | |
110 | if (username != NULL && password != NULL) |
111 | { |
112 | gchar *cred; |
113 | gchar *base64_cred; |
114 | |
115 | if (has_cred) |
116 | *has_cred = TRUE; |
117 | |
118 | cred = g_strdup_printf (format: "%s:%s" , username, password); |
119 | base64_cred = g_base64_encode (data: (guchar *) cred, len: strlen (s: cred)); |
120 | g_free (mem: cred); |
121 | g_string_append_printf (string: request, |
122 | format: "Proxy-Authorization: Basic %s\r\n" , |
123 | base64_cred); |
124 | g_free (mem: base64_cred); |
125 | } |
126 | |
127 | g_string_append (string: request, val: "\r\n" ); |
128 | |
129 | return g_string_free (string: request, FALSE); |
130 | } |
131 | |
132 | static gboolean |
133 | check_reply (const gchar *buffer, |
134 | gboolean has_cred, |
135 | GError **error) |
136 | { |
137 | gint err_code; |
138 | const gchar *ptr = buffer + 7; |
139 | |
140 | if (strncmp (s1: buffer, s2: "HTTP/1." , n: 7) != 0 || (*ptr != '0' && *ptr != '1')) |
141 | { |
142 | g_set_error_literal (err: error, G_IO_ERROR, code: G_IO_ERROR_PROXY_FAILED, |
143 | _("Bad HTTP proxy reply" )); |
144 | return FALSE; |
145 | } |
146 | |
147 | ptr++; |
148 | while (*ptr == ' ') |
149 | ptr++; |
150 | |
151 | err_code = atoi (nptr: ptr); |
152 | |
153 | if (err_code < 200 || err_code >= 300) |
154 | { |
155 | switch (err_code) |
156 | { |
157 | case 403: |
158 | g_set_error_literal (err: error, G_IO_ERROR, code: G_IO_ERROR_PROXY_NOT_ALLOWED, |
159 | _("HTTP proxy connection not allowed" )); |
160 | break; |
161 | case 407: |
162 | if (has_cred) |
163 | g_set_error_literal (err: error, G_IO_ERROR, code: G_IO_ERROR_PROXY_AUTH_FAILED, |
164 | _("HTTP proxy authentication failed" )); |
165 | else |
166 | g_set_error_literal (err: error, G_IO_ERROR, code: G_IO_ERROR_PROXY_NEED_AUTH, |
167 | _("HTTP proxy authentication required" )); |
168 | break; |
169 | default: |
170 | g_set_error (err: error, G_IO_ERROR, code: G_IO_ERROR_PROXY_FAILED, |
171 | _("HTTP proxy connection failed: %i" ), err_code); |
172 | } |
173 | |
174 | return FALSE; |
175 | } |
176 | |
177 | return TRUE; |
178 | } |
179 | |
180 | #define HTTP_END_MARKER "\r\n\r\n" |
181 | |
182 | static GIOStream * |
183 | g_http_proxy_connect (GProxy *proxy, |
184 | GIOStream *io_stream, |
185 | GProxyAddress *proxy_address, |
186 | GCancellable *cancellable, |
187 | GError **error) |
188 | { |
189 | GInputStream *in; |
190 | GOutputStream *out; |
191 | gchar *buffer = NULL; |
192 | gsize buffer_length; |
193 | gsize bytes_read; |
194 | gboolean has_cred; |
195 | GIOStream *tlsconn = NULL; |
196 | |
197 | if (G_IS_HTTPS_PROXY (proxy)) |
198 | { |
199 | tlsconn = g_tls_client_connection_new (base_io_stream: io_stream, |
200 | G_SOCKET_CONNECTABLE (proxy_address), |
201 | error); |
202 | if (!tlsconn) |
203 | goto error; |
204 | |
205 | #ifdef DEBUG |
206 | { |
207 | GTlsCertificateFlags tls_validation_flags = G_TLS_CERTIFICATE_VALIDATE_ALL; |
208 | |
209 | tls_validation_flags &= ~(G_TLS_CERTIFICATE_UNKNOWN_CA | G_TLS_CERTIFICATE_BAD_IDENTITY); |
210 | g_tls_client_connection_set_validation_flags (G_TLS_CLIENT_CONNECTION (tlsconn), |
211 | tls_validation_flags); |
212 | } |
213 | #endif |
214 | |
215 | if (!g_tls_connection_handshake (G_TLS_CONNECTION (tlsconn), cancellable, error)) |
216 | goto error; |
217 | |
218 | io_stream = tlsconn; |
219 | } |
220 | |
221 | in = g_io_stream_get_input_stream (stream: io_stream); |
222 | out = g_io_stream_get_output_stream (stream: io_stream); |
223 | |
224 | buffer = create_request (proxy_address, has_cred: &has_cred, error); |
225 | if (!buffer) |
226 | goto error; |
227 | if (!g_output_stream_write_all (stream: out, buffer, count: strlen (s: buffer), NULL, |
228 | cancellable, error)) |
229 | goto error; |
230 | |
231 | g_free (mem: buffer); |
232 | |
233 | bytes_read = 0; |
234 | buffer_length = 1024; |
235 | buffer = g_malloc (n_bytes: buffer_length); |
236 | |
237 | /* Read byte-by-byte instead of using GDataInputStream |
238 | * since we do not want to read beyond the end marker |
239 | */ |
240 | do |
241 | { |
242 | gssize signed_nread; |
243 | gsize nread; |
244 | |
245 | signed_nread = |
246 | g_input_stream_read (stream: in, buffer: buffer + bytes_read, count: 1, cancellable, error); |
247 | if (signed_nread == -1) |
248 | goto error; |
249 | |
250 | nread = signed_nread; |
251 | if (nread == 0) |
252 | break; |
253 | |
254 | ++bytes_read; |
255 | |
256 | if (bytes_read == buffer_length) |
257 | { |
258 | /* HTTP specifications does not defines any upper limit for |
259 | * headers. But, the most usual size used seems to be 8KB. |
260 | * Yet, the biggest we found was Tomcat's HTTP headers whose |
261 | * size is 48K. So, for a reasonable error margin, let's accept |
262 | * a header with a twice as large size but no more: 96KB */ |
263 | if (buffer_length > 98304) |
264 | { |
265 | g_set_error_literal (err: error, G_IO_ERROR, code: G_IO_ERROR_PROXY_FAILED, |
266 | _("HTTP proxy response too big" )); |
267 | goto error; |
268 | } |
269 | buffer_length = 2 * buffer_length; |
270 | buffer = g_realloc (mem: buffer, n_bytes: buffer_length); |
271 | } |
272 | |
273 | *(buffer + bytes_read) = '\0'; |
274 | |
275 | if (g_str_has_suffix (str: buffer, HTTP_END_MARKER)) |
276 | break; |
277 | } |
278 | while (TRUE); |
279 | |
280 | if (bytes_read == 0) |
281 | { |
282 | g_set_error_literal (err: error, G_IO_ERROR, code: G_IO_ERROR_PROXY_FAILED, |
283 | _("HTTP proxy server closed connection unexpectedly." )); |
284 | goto error; |
285 | } |
286 | |
287 | if (!check_reply (buffer, has_cred, error)) |
288 | goto error; |
289 | |
290 | g_free (mem: buffer); |
291 | |
292 | g_object_ref (io_stream); |
293 | g_clear_object (&tlsconn); |
294 | |
295 | return io_stream; |
296 | |
297 | error: |
298 | g_clear_object (&tlsconn); |
299 | g_free (mem: buffer); |
300 | return NULL; |
301 | } |
302 | |
303 | typedef struct |
304 | { |
305 | GIOStream *io_stream; |
306 | GProxyAddress *proxy_address; |
307 | } ConnectAsyncData; |
308 | |
309 | static void |
310 | free_connect_data (ConnectAsyncData *data) |
311 | { |
312 | g_object_unref (object: data->io_stream); |
313 | g_object_unref (object: data->proxy_address); |
314 | g_slice_free (ConnectAsyncData, data); |
315 | } |
316 | |
317 | static void |
318 | connect_thread (GTask *task, |
319 | gpointer source_object, |
320 | gpointer task_data, |
321 | GCancellable *cancellable) |
322 | { |
323 | GProxy *proxy = source_object; |
324 | ConnectAsyncData *data = task_data; |
325 | GIOStream *res; |
326 | GError *error = NULL; |
327 | |
328 | res = g_http_proxy_connect (proxy, io_stream: data->io_stream, proxy_address: data->proxy_address, |
329 | cancellable, error: &error); |
330 | |
331 | if (res == NULL) |
332 | g_task_return_error (task, error); |
333 | else |
334 | g_task_return_pointer (task, result: res, result_destroy: g_object_unref); |
335 | } |
336 | |
337 | static void |
338 | g_http_proxy_connect_async (GProxy *proxy, |
339 | GIOStream *io_stream, |
340 | GProxyAddress *proxy_address, |
341 | GCancellable *cancellable, |
342 | GAsyncReadyCallback callback, |
343 | gpointer user_data) |
344 | { |
345 | ConnectAsyncData *data; |
346 | GTask *task; |
347 | |
348 | data = g_slice_new0 (ConnectAsyncData); |
349 | data->io_stream = g_object_ref (io_stream); |
350 | data->proxy_address = g_object_ref (proxy_address); |
351 | |
352 | task = g_task_new (source_object: proxy, cancellable, callback, callback_data: user_data); |
353 | g_task_set_source_tag (task, g_http_proxy_connect_async); |
354 | g_task_set_task_data (task, task_data: data, task_data_destroy: (GDestroyNotify) free_connect_data); |
355 | |
356 | g_task_run_in_thread (task, task_func: connect_thread); |
357 | g_object_unref (object: task); |
358 | } |
359 | |
360 | static GIOStream * |
361 | g_http_proxy_connect_finish (GProxy *proxy, |
362 | GAsyncResult *result, |
363 | GError **error) |
364 | { |
365 | return g_task_propagate_pointer (G_TASK (result), error); |
366 | } |
367 | |
368 | static gboolean |
369 | g_http_proxy_supports_hostname (GProxy *proxy) |
370 | { |
371 | return TRUE; |
372 | } |
373 | |
374 | static void |
375 | g_http_proxy_class_init (GHttpProxyClass *class) |
376 | { |
377 | } |
378 | |
379 | static void |
380 | g_http_proxy_iface_init (GProxyInterface *proxy_iface) |
381 | { |
382 | proxy_iface->connect = g_http_proxy_connect; |
383 | proxy_iface->connect_async = g_http_proxy_connect_async; |
384 | proxy_iface->connect_finish = g_http_proxy_connect_finish; |
385 | proxy_iface->supports_hostname = g_http_proxy_supports_hostname; |
386 | } |
387 | |
388 | struct _GHttpsProxy |
389 | { |
390 | GHttpProxy parent; |
391 | }; |
392 | |
393 | struct _GHttpsProxyClass |
394 | { |
395 | GHttpProxyClass parent_class; |
396 | }; |
397 | |
398 | #define g_https_proxy_get_type _g_https_proxy_get_type |
399 | G_DEFINE_TYPE_WITH_CODE (GHttpsProxy, g_https_proxy, G_TYPE_HTTP_PROXY, |
400 | G_IMPLEMENT_INTERFACE (G_TYPE_PROXY, |
401 | g_http_proxy_iface_init) |
402 | _g_io_modules_ensure_extension_points_registered (); |
403 | g_io_extension_point_implement (G_PROXY_EXTENSION_POINT_NAME, |
404 | g_define_type_id, |
405 | "https" , |
406 | 0)) |
407 | |
408 | static void |
409 | g_https_proxy_init (GHttpsProxy *proxy) |
410 | { |
411 | } |
412 | |
413 | static void |
414 | g_https_proxy_class_init (GHttpsProxyClass *class) |
415 | { |
416 | } |
417 | |