Attachment #19723 for bug #29744

View | Details | Raw Unified | Return to bug 29744
Collapse All | Expand All




#ifdef USE_SSL
"   -e         --encrypt           encrypt the communication using SSL\n"
"   -E         --encrypt-proxy     encrypt the communitation between the client and the proxy using SSL\n"
"   -R         --encrypt-remproxy  encrypt the communitation between the first and second proxy using SSL\n"
#endif
#ifdef SETPROCTITLE
"   -x STRING  --proctitle=STRING  Set the process-title to STRING\n"

  args_info->domain_given = 0;
  args_info->encrypt_given = 0;
  args_info->encryptproxy_given = 0;
  args_info->encryptremproxy_given = 0;
  args_info->proctitle_given = 0;

/* No... we can't make this a function... -- Maniac */

	args_info->standalone_arg = 0; \
	args_info->encrypt_flag = 0; \
	args_info->encryptproxy_flag = 0; \
	args_info->encryptremproxy_flag = 0; \
	args_info->proctitle_arg = NULL; \
} 


	{ "quiet",		0, NULL, 'q' },
	{ "encrypt",    	0, NULL, 'e' },
	{ "encrypt-proxy",	0, NULL, 'E' },
	{ "encrypt-remproxy",	0, NULL, 'R' },
        { NULL,	0, NULL, 0 }
      };

      c = getopt_long (argc, argv, "hVia:u:s:t:U:S:p:r:d:H:x:nvNeERq", long_options, &option_index);
#else
      c = getopt( argc, argv, "hVia:u:s:t:U:S:p:r:d:H:x:nvNeERq" );
#endif

      if (c == -1) break;	/* Exit from `while (1)' loop.  */

	  if( args_info->verbose_flag )
	  	message("SSL client to proxy enabled\n");
	  break;

	case 'R':	/* Turn on local to remote proxy SSL encryption */
	  args_info->encryptremproxy_flag = !(args_info->encryptremproxy_flag);
	  if( args_info->verbose_flag )
	  	message("SSL local to remote proxy enabled\n");
	  break;
#endif

	case 'i':	/* Run from inetd. */

Lines 42-47 Link Here

(-)proxytunnel-1.7.0/cmdline.h (+2 lines)
42	int standalone_arg; /* Turn on stdalone (-a) on port */	42	int standalone_arg; /* Turn on stdalone (-a) on port */
43	int encrypt_flag; /* Turn on SSL encryption (default=off). */	43	int encrypt_flag; /* Turn on SSL encryption (default=off). */
44	int encryptproxy_flag;/* Turn on client to proxy SSL encryption (def=off).*/	44	int encryptproxy_flag;/* Turn on client to proxy SSL encryption (def=off).*/
		45	int encryptremproxy_flag; /* Turn on local to remote proxy SSL encryption (def=off).*/
45		46
46	char * proctitle_arg; /* Override process title (default=off). */	47	char * proctitle_arg; /* Override process title (default=off). */
47		48
Lines 62-67 Link Here
62	int header_given; /* Whether extra headers are given */	63	int header_given; /* Whether extra headers are given */
63	int encrypt_given; /* Whether encrypt was given */	64	int encrypt_given; /* Whether encrypt was given */
64	int encryptproxy_given; /* Whether encrypt was given */	65	int encryptproxy_given; /* Whether encrypt was given */
		66	int encryptremproxy_given; /* Whether encrypt was given */
65	int proctitle_given; /* Whether to override process title */	67	int proctitle_given; /* Whether to override process title */
66	} ;	68	} ;
67		69

Lines 190-195 Link Here

(-)proxytunnel-1.7.0/http.c (+6 lines)
190	*/	190	*/
191	while ( strcmp( buf, "\r\n" ) != 0 ) readline(pts);	191	while ( strcmp( buf, "\r\n" ) != 0 ) readline(pts);
192		192
		193	/* If --encrypt-remproxy is specified, connect to the remote proxy using SSL */
		194	#ifdef USE_SSL
		195	if ( args_info.encryptremproxy_flag )
		196	stream_enable_ssl(stunnel);
		197	#endif
		198
193	if( args_info.verbose_flag )	199	if( args_info.verbose_flag )
194	message( "Tunneling to %s (destination)\n", args_info.dest_arg );	200	message( "Tunneling to %s (destination)\n", args_info.dest_arg );
195	sprintf( buf, "CONNECT %s HTTP/1.0\r\n", args_info.dest_arg );	201	sprintf( buf, "CONNECT %s HTTP/1.0\r\n", args_info.dest_arg );

Lines 1-10 Link Here

(-)proxytunnel-1.7.0/INSTALL (-5 / +2 lines)
1	Short guide to installing proxytunnel	1	Short guide to installing proxytunnel
2		2
3	On most modern unix systems, use the normal Makefile	3	On most modern unix systems, use the normal Makefile, possibly uncommenting
4	On MAC OS X, use Makefile.darwin	4	the section related to your system (darwin/cygwin/solaris/openbsd)
5	If you don't have gnu-getopts, use Makefile.no-gnu-getopts
6	On windows/Cygwin, use Makefile.cygwin
7	etc etc...
8		5
9	If you want to enable setproctitle functionality, add a CFLAGS define	6	If you want to enable setproctitle functionality, add a CFLAGS define
10	-DSETPROCTITLE (uncomment sample in Makefile)	7	-DSETPROCTITLE (uncomment sample in Makefile)

Lines 61-68 Link Here

(-)proxytunnel-1.7.0/io.c (-2 / +3 lines)
61		61
62	if( args_info.verbose_flag )	62	if( args_info.verbose_flag )
63	{	63	{
64	char * dstr = malloc(sizeof(buf-1) );	64	/* Copy line of data into dstr without trailing newline */
65	strlcpy( dstr, buf, strlen(buf) -1 );	65	char * dstr = malloc(strlen(buf));
		66	strlcpy( dstr, buf, strlen(buf) - 1);
66	if (strcmp(dstr, ""))	67	if (strcmp(dstr, ""))
67	message( "<- %s\n", dstr );	68	message( "<- %s\n", dstr );
68	}	69	}

Lines 4-14 Link Here

(-)proxytunnel-1.7.0/Makefile (-2 / +7 lines)
4		4
5	CC ?= cc	5	CC ?= cc
6	CFLAGS ?= -Wall -O2 -ggdb	6	CFLAGS ?= -Wall -O2 -ggdb
7	CFLAGS += -DHAVE_GETOPT_LONG # Comment on non-gnu systems	7	CFLAGS += -DHAVE_GETOPT_LONG # Comment on non-gnu systems
8	CFLAGS += -DUSE_SSL # Comment if you don't have/want ssl	8	CFLAGS += -DUSE_SSL # Comment if you don't have/want ssl
9	# Most systems	9	# Most systems
10	CFLAGS += -DSETPROCTITLE -DSPT_TYPE=2	10	CFLAGS += -DSETPROCTITLE -DSPT_TYPE=2
11		11
		12	# Testing new flags
		13	CFLAGS += -DSO_REUSEPORT # Comment if you don't have this flag
		14
12	# System dependant blocks... if your system is listed below, uncomment	15	# System dependant blocks... if your system is listed below, uncomment
13	# the relevant lines	16	# the relevant lines
14		17
Lines 39-44 Link Here
39	MANDIR = $(DATADIR)/man	42	MANDIR = $(DATADIR)/man
40		43
41	PROGNAME = proxytunnel	44	PROGNAME = proxytunnel
		45
		46	# Remove strlcpy/strlcat on (open)bsd/darwin systems
42	OBJ = proxytunnel.o \	47	OBJ = proxytunnel.o \
43	base64.o \	48	base64.o \
44	strlcpy.o \	49	strlcpy.o \




void do_daemon()
{
	int			listen_sd;
	int			one = 1;
	struct sockaddr_in	sa_serv;
	struct sockaddr_in	sa_cli;
	socklen_t		client_len;

	/* Socket descriptor */
	int sd;

	if ( ( listen_sd = socket( AF_INET, SOCK_STREAM, IPPROTO_TCP ) ) < 0 )
	if ( ( listen_sd = socket( AF_INET, SOCK_STREAM, 0 ) ) < 0 )
	{
		my_perror( "Server socket creation failed" );
		exit(1);
	}

#ifdef SO_REUSEPORT     /* doesnt exist everywhere... */
	setsockopt(listen_sd, SOL_SOCKET, SO_REUSEPORT, &one, sizeof (one));
#endif
	setsockopt(listen_sd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one));


	memset( &sa_serv, '\0', sizeof( sa_serv ) );
	sa_serv.sin_family = AF_INET;
	sa_serv.sin_addr.s_addr = htonl(INADDR_ANY);
	sa_serv.sin_port = htons( args_info.standalone_arg );

	if ( bind( listen_sd, (struct sockaddr * )&sa_serv, sizeof( struct sockaddr ) ) < 0)
	{
		my_perror("Server socket bind failed");
		exit(1);

	i_am_daemon = 1;
#endif /* CYGWIN */
	atexit( closeall );
	listen( listen_sd, 8 );

	while (1==1)
	{

	 * Only one of -E (SSL encrypt client to proxy connection) or -e (SSL encrypt tunnel data)
         * can be specified.
	 */
	if ((args_info.encrypt_flag ? 1 : 0) +
	    (args_info.encryptproxy_flag ? 1 : 0) +
	    (args_info.encryptremproxy_flag ? 1 : 0) > 1)
	{
		message("Error: only one of --encrypt, --encrypt-proxy and --encrypt-remproxy can be specified for a tunnel\n");
		exit( 1 );
	}


		cpio(std, stunnel);
	}

	/* If we do happen to get here, clean up */
	closeall();

	exit( 0 );
}





int stream_close(PTSTREAM *pts)
{
	/* Close the incoming fd */
	if (pts->incoming_fd != 0)
		close(pts->incoming_fd);

	/* Close the outgoing fd */
	if (pts->outgoing_fd != 0)
		close(pts->outgoing_fd);

	/* Destroy the SSL context */
	if (pts->ssl)
	{
#ifdef USE_SSL
        SSL_shutdown (pts->ssl);
        SSL_free (pts->ssl);
		SSL_CTX_free (pts->ctx);
#endif
	}

	/* Close the incoming fd */
	close(pts->incoming_fd);

	/* Close the outgoing fd */
	close(pts->outgoing_fd);
		
	/* Free the structure */
	free(pts);


	
	/* Initialise the connection */
	SSLeay_add_ssl_algorithms();
	meth = SSLv23_client_method();
	SSL_load_error_strings();

	ctx = SSL_CTX_new (meth);

Return to bug 29744

Lines 165-170 Link Here

(-)proxytunnel-1.7.0/proxytunnel.c (-10 / +15 lines)
165	void do_daemon()	165	void do_daemon()
166	{	166	{
167	int listen_sd;	167	int listen_sd;
		168	int one = 1;
168	struct sockaddr_in sa_serv;	169	struct sockaddr_in sa_serv;
169	struct sockaddr_in sa_cli;	170	struct sockaddr_in sa_cli;
170	socklen_t client_len;	171	socklen_t client_len;
Lines 176-194 Link Here
176	/* Socket descriptor */	177	/* Socket descriptor */
177	int sd;	178	int sd;
178		179
179		180	if ( ( listen_sd = socket( AF_INET, SOCK_STREAM, IPPROTO_TCP ) ) < 0 )
180	if ( ( listen_sd = socket( AF_INET, SOCK_STREAM, 0 ) ) < 0 )
181	{	181	{
182	my_perror( "Server socket creation failed" );	182	my_perror( "Server socket creation failed" );
183	exit(1);	183	exit(1);
184	}	184	}
185		185
		186	#ifdef SO_REUSEPORT /* doesnt exist everywhere... */
		187	setsockopt(listen_sd, SOL_SOCKET, SO_REUSEPORT, &one, sizeof (one));
		188	#endif
		189	setsockopt(listen_sd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one));
		190
		191
186	memset( &sa_serv, '\0', sizeof( sa_serv ) );	192	memset( &sa_serv, '\0', sizeof( sa_serv ) );
187	sa_serv.sin_family = AF_INET;	193	sa_serv.sin_family = AF_INET;
188	sa_serv.sin_addr.s_addr = INADDR_ANY;	194	sa_serv.sin_addr.s_addr = htonl(INADDR_ANY);
189	sa_serv.sin_port = htons( args_info.standalone_arg );	195	sa_serv.sin_port = htons( args_info.standalone_arg );
190		196
191	if ( bind( listen_sd, (struct sockaddr * )&sa_serv, sizeof( sa_serv ) ) < 0)	197	if ( bind( listen_sd, (struct sockaddr * )&sa_serv, sizeof( struct sockaddr ) ) < 0)
192	{	198	{
193	my_perror("Server socket bind failed");	199	my_perror("Server socket bind failed");
194	exit(1);	200	exit(1);
Lines 228-234 Link Here
228	i_am_daemon = 1;	234	i_am_daemon = 1;
229	#endif /* CYGWIN */	235	#endif /* CYGWIN */
230	atexit( closeall );	236	atexit( closeall );
231	listen( listen_sd, 5 );	237	listen( listen_sd, 8 );
232		238
233	while (1==1)	239	while (1==1)
234	{	240	{
Lines 378-386 Link Here
378	* Only one of -E (SSL encrypt client to proxy connection) or -e (SSL encrypt tunnel data)	384	* Only one of -E (SSL encrypt client to proxy connection) or -e (SSL encrypt tunnel data)
379	* can be specified.	385	* can be specified.
380	*/	386	*/
381	if (args_info.encryptproxy_flag && args_info.encrypt_flag)	387	if ((args_info.encrypt_flag ? 1 : 0) +
		388	(args_info.encryptproxy_flag ? 1 : 0) +
		389	(args_info.encryptremproxy_flag ? 1 : 0) > 1)
382	{	390	{
383	message("Error: only one of --encrypt-proxy and --encrypt can be specified for a tunnel\n");	391	message("Error: only one of --encrypt, --encrypt-proxy and --encrypt-remproxy can be specified for a tunnel\n");
384	exit( 1 );	392	exit( 1 );
385	}	393	}
386		394
Lines 433-440 Link Here
433	cpio(std, stunnel);	441	cpio(std, stunnel);
434	}	442	}
435		443
436	/* If we do happen to get here, clean up */
437	closeall();
438
439	exit( 0 );	444	exit( 0 );
440	}	445	}

Lines 60-65 Link Here

(-)proxytunnel-1.7.0/cmdline.c (-2 / +12 lines)
60	#ifdef USE_SSL	60	#ifdef USE_SSL
61	" -e --encrypt encrypt the communication using SSL\n"	61	" -e --encrypt encrypt the communication using SSL\n"
62	" -E --encrypt-proxy encrypt the communitation between the client and the proxy using SSL\n"	62	" -E --encrypt-proxy encrypt the communitation between the client and the proxy using SSL\n"
		63	" -R --encrypt-remproxy encrypt the communitation between the first and second proxy using SSL\n"
63	#endif	64	#endif
64	#ifdef SETPROCTITLE	65	#ifdef SETPROCTITLE
65	" -x STRING --proctitle=STRING Set the process-title to STRING\n"	66	" -x STRING --proctitle=STRING Set the process-title to STRING\n"
Lines 134-139 Link Here
134	args_info->domain_given = 0;	135	args_info->domain_given = 0;
135	args_info->encrypt_given = 0;	136	args_info->encrypt_given = 0;
136	args_info->encryptproxy_given = 0;	137	args_info->encryptproxy_given = 0;
		138	args_info->encryptremproxy_given = 0;
137	args_info->proctitle_given = 0;	139	args_info->proctitle_given = 0;
138		140
139	/* No... we can't make this a function... -- Maniac */	141	/* No... we can't make this a function... -- Maniac */
Lines 154-159 Link Here
154	args_info->standalone_arg = 0; \	156	args_info->standalone_arg = 0; \
155	args_info->encrypt_flag = 0; \	157	args_info->encrypt_flag = 0; \
156	args_info->encryptproxy_flag = 0; \	158	args_info->encryptproxy_flag = 0; \
		159	args_info->encryptremproxy_flag = 0; \
157	args_info->proctitle_arg = NULL; \	160	args_info->proctitle_arg = NULL; \
158	}	161	}
159		162
Lines 195-206 Link Here
195	{ "quiet", 0, NULL, 'q' },	198	{ "quiet", 0, NULL, 'q' },
196	{ "encrypt", 0, NULL, 'e' },	199	{ "encrypt", 0, NULL, 'e' },
197	{ "encrypt-proxy", 0, NULL, 'E' },	200	{ "encrypt-proxy", 0, NULL, 'E' },
		201	{ "encrypt-remproxy", 0, NULL, 'R' },
198	{ NULL, 0, NULL, 0 }	202	{ NULL, 0, NULL, 0 }
199	};	203	};
200		204
201	c = getopt_long (argc, argv, "hVia:u:s:t:U:S:p:r:d:H:x:nvNeEq", long_options, &option_index);	205	c = getopt_long (argc, argv, "hVia:u:s:t:U:S:p:r:d:H:x:nvNeERq", long_options, &option_index);
202	#else	206	#else
203	c = getopt( argc, argv, "hVia:u:s:t:U:S:p:r:d:H:x:nvNeEq" );	207	c = getopt( argc, argv, "hVia:u:s:t:U:S:p:r:d:H:x:nvNeERq" );
204	#endif	208	#endif
205		209
206	if (c == -1) break; /* Exit from `while (1)' loop. */	210	if (c == -1) break; /* Exit from `while (1)' loop. */
Lines 224-229 Link Here
224	if( args_info->verbose_flag )	228	if( args_info->verbose_flag )
225	message("SSL client to proxy enabled\n");	229	message("SSL client to proxy enabled\n");
226	break;	230	break;
		231
		232	case 'R': /* Turn on local to remote proxy SSL encryption */
		233	args_info->encryptremproxy_flag = !(args_info->encryptremproxy_flag);
		234	if( args_info->verbose_flag )
		235	message("SSL local to remote proxy enabled\n");
		236	break;
227	#endif	237	#endif
228		238
229	case 'i': /* Run from inetd. */	239	case 'i': /* Run from inetd. */

Lines 55-77 Link Here

(-)proxytunnel-1.7.0/ptstream.c (-10 / +9 lines)
55		55
56	int stream_close(PTSTREAM *pts)	56	int stream_close(PTSTREAM *pts)
57	{	57	{
58	/* Close the incoming fd */
59	if (pts->incoming_fd != 0)
60	close(pts->incoming_fd);
61
62	/* Close the outgoing fd */
63	if (pts->outgoing_fd != 0)
64	close(pts->outgoing_fd);
65
66	/* Destroy the SSL context */	58	/* Destroy the SSL context */
67	if (pts->ssl)	59	if (pts->ssl)
68	{	60	{
69	#ifdef USE_SSL	61	#ifdef USE_SSL
70	SSL_free (pts->ssl);	62	SSL_shutdown (pts->ssl);
		63	SSL_free (pts->ssl);
71	SSL_CTX_free (pts->ctx);	64	SSL_CTX_free (pts->ctx);
72	#endif	65	#endif
73	}	66	}
74		67
		68	/* Close the incoming fd */
		69	close(pts->incoming_fd);
		70
		71	/* Close the outgoing fd */
		72	close(pts->outgoing_fd);
		73
75	/* Free the structure */	74	/* Free the structure */
76	free(pts);	75	free(pts);
77		76
Lines 191-197 Link Here
191		190
192	/* Initialise the connection */	191	/* Initialise the connection */
193	SSLeay_add_ssl_algorithms();	192	SSLeay_add_ssl_algorithms();
194	meth = SSLv2_client_method();	193	meth = SSLv23_client_method();
195	SSL_load_error_strings();	194	SSL_load_error_strings();
196		195
197	ctx = SSL_CTX_new (meth);	196	ctx = SSL_CTX_new (meth);