opm: add support for HTTPS CONNECT proxies.

TBD: do we need an SSL listener for these?
This commit is contained in:
Elizabeth Myers 2016-04-02 18:37:59 -05:00
parent 2d89c9ffc1
commit eb0814b3cb
4 changed files with 46 additions and 6 deletions

View file

@ -33,6 +33,7 @@ typedef enum protocol_t
PROTO_SOCKS4, PROTO_SOCKS4,
PROTO_SOCKS5, PROTO_SOCKS5,
PROTO_HTTP_CONNECT, PROTO_HTTP_CONNECT,
PROTO_HTTPS_CONNECT,
} protocol_t; } protocol_t;
struct opm_lookup struct opm_lookup
@ -45,6 +46,7 @@ struct opm_proxy
char note[16]; char note[16];
protocol_t proto; protocol_t proto;
uint16_t port; uint16_t port;
bool ssl;
rb_dlink_node node; rb_dlink_node node;
}; };
@ -97,6 +99,8 @@ get_protocol_from_string(const char *str)
return PROTO_SOCKS5; return PROTO_SOCKS5;
else if(strcasecmp(str, "httpconnect") == 0) else if(strcasecmp(str, "httpconnect") == 0)
return PROTO_HTTP_CONNECT; return PROTO_HTTP_CONNECT;
else if(strcasecmp(str, "httpsconnect") == 0)
return PROTO_HTTPS_CONNECT;
else else
return PROTO_NONE; return PROTO_NONE;
} }
@ -426,6 +430,7 @@ establish_connection(struct auth_client *auth, struct opm_proxy *proxy)
{ {
case PROTO_SOCKS4: case PROTO_SOCKS4:
#ifdef RB_IPV6 #ifdef RB_IPV6
/* SOCKS4 is IPv4 only */
if(GET_SS_FAMILY(&auth->c_addr) == AF_INET6) if(GET_SS_FAMILY(&auth->c_addr) == AF_INET6)
{ {
rb_free(scan); rb_free(scan);
@ -438,6 +443,7 @@ establish_connection(struct auth_client *auth, struct opm_proxy *proxy)
callback = socks5_connected; callback = socks5_connected;
break; break;
case PROTO_HTTP_CONNECT: case PROTO_HTTP_CONNECT:
case PROTO_HTTPS_CONNECT:
callback = http_connect_connected; callback = http_connect_connected;
default: default:
return; return;
@ -469,11 +475,19 @@ establish_connection(struct auth_client *auth, struct opm_proxy *proxy)
SET_SS_PORT(&c_a, htons(proxy->port)); SET_SS_PORT(&c_a, htons(proxy->port));
rb_dlinkAdd(scan, &scan->node, &lookup->scans); rb_dlinkAdd(scan, &scan->node, &lookup->scans);
rb_connect_tcp(scan->F,
(struct sockaddr *)&c_a, if(!proxy->ssl)
(struct sockaddr *)&l_a, rb_connect_tcp(scan->F,
GET_SS_LEN(&l_a), (struct sockaddr *)&c_a,
callback, scan, opm_timeout); (struct sockaddr *)&l_a,
GET_SS_LEN(&l_a),
callback, scan, opm_timeout);
else
rb_connect_tcp_ssl(scan->F,
(struct sockaddr *)&c_a,
(struct sockaddr *)&l_a,
GET_SS_LEN(&l_a),
callback, scan, opm_timeout);
} }
static bool static bool
@ -754,12 +768,19 @@ create_opm_scanner(const char *key __unused, int parc __unused, const char **par
{ {
case PROTO_SOCKS4: case PROTO_SOCKS4:
snprintf(proxy->note, sizeof(proxy->note), "socks4:%hu", proxy->port); snprintf(proxy->note, sizeof(proxy->note), "socks4:%hu", proxy->port);
proxy->ssl = false;
break; break;
case PROTO_SOCKS5: case PROTO_SOCKS5:
snprintf(proxy->note, sizeof(proxy->note), "socks5:%hu", proxy->port); snprintf(proxy->note, sizeof(proxy->note), "socks5:%hu", proxy->port);
proxy->ssl = false;
break; break;
case PROTO_HTTP_CONNECT: case PROTO_HTTP_CONNECT:
snprintf(proxy->note, sizeof(proxy->note), "httpconnect:%hu", proxy->port); snprintf(proxy->note, sizeof(proxy->note), "httpconnect:%hu", proxy->port);
proxy->ssl = false;
break;
case PROTO_HTTPS_CONNECT:
snprintf(proxy->note, sizeof(proxy->note), "httpsconnect:%hu", proxy->port);
proxy->ssl = true;
break; break;
default: default:
warn_opers(L_CRIT, "OPM: got an unknown proxy type: %s (port %hu)", parv[0], proxy->port); warn_opers(L_CRIT, "OPM: got an unknown proxy type: %s (port %hu)", parv[0], proxy->port);

View file

@ -489,6 +489,12 @@ opm {
* below. * below.
*/ */
httpconnect_ports = 80, 8080, 8000; httpconnect_ports = 80, 8080, 8000;
/* These are the ports to scan for HTTPS CONNECT proxies on (SSL).
* They may overlap with other scan types. Sensible defaults are given
* below.
*/
httpsconnect_ports = 443, 4443;
}; };
alias "NickServ" { alias "NickServ" {

View file

@ -960,11 +960,17 @@ opm {
*/ */
socks5_ports = 80, 443, 1080, 8000, 8080, 10800; socks5_ports = 80, 443, 1080, 8000, 8080, 10800;
/* These are the ports to scan for HTTP connect proxies on (plaintext). /* These are the ports to scan for HTTP CONNECT proxies on (plaintext).
* They may overlap with other scan types. Sensible defaults are given * They may overlap with other scan types. Sensible defaults are given
* below. * below.
*/ */
httpconnect_ports = 80, 8080, 8000; httpconnect_ports = 80, 8080, 8000;
/* These are the ports to scan for HTTPS CONNECT proxies on (SSL).
* They may overlap with other scan types. Sensible defaults are given
* below.
*/
httpsconnect_ports = 443, 4443;
}; };
/* /*

View file

@ -2314,6 +2314,12 @@ conf_set_opm_scan_ports_httpconnect(void *data)
conf_set_opm_scan_ports_all(data, "opm::httpconnect_ports", "httpconnect"); conf_set_opm_scan_ports_all(data, "opm::httpconnect_ports", "httpconnect");
} }
static void
conf_set_opm_scan_ports_httpsconnect(void *data)
{
conf_set_opm_scan_ports_all(data, "opm::httpsconnect_ports", "httpsconnect");
}
/* public functions */ /* public functions */
@ -2854,4 +2860,5 @@ newconf_init()
add_conf_item("opm", "socks4_ports", CF_INT | CF_FLIST, conf_set_opm_scan_ports_socks4); add_conf_item("opm", "socks4_ports", CF_INT | CF_FLIST, conf_set_opm_scan_ports_socks4);
add_conf_item("opm", "socks5_ports", CF_INT | CF_FLIST, conf_set_opm_scan_ports_socks5); add_conf_item("opm", "socks5_ports", CF_INT | CF_FLIST, conf_set_opm_scan_ports_socks5);
add_conf_item("opm", "httpconnect_ports", CF_INT | CF_FLIST, conf_set_opm_scan_ports_httpconnect); add_conf_item("opm", "httpconnect_ports", CF_INT | CF_FLIST, conf_set_opm_scan_ports_httpconnect);
add_conf_item("opm", "httpsconnect_ports", CF_INT | CF_FLIST, conf_set_opm_scan_ports_httpsconnect);
} }