diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/Makefile.am | 3 | ||||
| -rw-r--r-- | src/reqs.c | 122 | ||||
| -rw-r--r-- | src/reqs.h | 22 | ||||
| -rw-r--r-- | src/transparent-proxy.c | 121 | ||||
| -rw-r--r-- | src/transparent-proxy.h | 39 | 
5 files changed, 193 insertions, 114 deletions
| diff --git a/src/Makefile.am b/src/Makefile.am index 3910e33..4b616e0 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -41,6 +41,7 @@ tinyproxy_SOURCES = \  	vector.c vector.h  EXTRA_tinyproxy_SOURCES = filter.c filter.h \ -	reverse-proxy.c reverse-proxy.h +	reverse-proxy.c reverse-proxy.h \ +	transparent-proxy.c transparent-proxy.h  tinyproxy_DEPENDENCIES = @ADDITIONAL_OBJECTS@  tinyproxy_LDADD = @ADDITIONAL_OBJECTS@ @@ -44,17 +44,13 @@  #include "utils.h"  #include "vector.h"  #include "reverse-proxy.h" +#include "transparent-proxy.h"  /*   * Maximum length of a HTTP line   */  #define HTTP_LINE_LENGTH (MAXBUFFSIZE / 6) -/* - * Port constants for HTTP (80) and SSL (443) - */ -#define HTTP_PORT 80 -#define HTTP_PORT_SSL 443  /*   * Macro to help test if the Upstream proxy supported is compiled in and @@ -79,18 +75,6 @@   */  static vector_t ports_allowed_by_connect = NULL; -/* - * This structure holds the information pulled from a URL request. - */ -struct request_s { -        char *method; -        char *protocol; - -        char *host; -        uint16_t port; - -        char *path; -};  /*   * Now, this routine adds a "port" to the list.  It also creates the list if @@ -316,28 +300,6 @@ extract_ssl_url(const char *url, struct request_s *request)          return 0;  } -#ifdef TRANSPARENT_PROXY -/* - * Build a URL from parts. - */ -static int -build_url(char **url, const char *host, int port, const char *path) -{ -        int len; - -        assert(url != NULL); -        assert(host != NULL); -        assert(port > 0 && port < 32768); -        assert(path != NULL); - -        len = strlen(host) + strlen(path) + 14; -        *url = safemalloc(len); -        if (*url == NULL) -                return -1; - -        return snprintf(*url, len, "http://%s:%d%s", host, port, path); -} -#endif                          /* TRANSPARENT_PROXY */  #ifdef UPSTREAM_SUPPORT  /* @@ -692,88 +654,22 @@ process_request(struct conn_s *connptr, hashmap_t hashofheaders)                  connptr->connect_method = TRUE;          } else {  #ifdef TRANSPARENT_PROXY -                /* -                 * This section of code is used for the transparent proxy -                 * option.  You will need to configure your firewall to -                 * redirect all connections for HTTP traffic to tinyproxy -                 * for this to work properly. -                 * -                 * This code was written by Petr Lampa <lampa@fit.vutbr.cz> -                 */ -                int length; -                char *data; - -                length = -                    hashmap_entry_by_key(hashofheaders, "host", (void **)&data); -                if (length <= 0) { -                        struct sockaddr_in dest_addr; - -                        if (getsockname -                            (connptr->client_fd, (struct sockaddr *)&dest_addr, -                             &length) < 0) { -                                log_message(LOG_ERR, -                                            "process_request: cannot get destination IP for %d", -                                            connptr->client_fd); -                                indicate_http_error(connptr, 400, "Bad Request", -                                                    "detail", -                                                    "Unknown destination", -                                                    "url", url, NULL); -                                safefree(url); -                                free_request_struct(request); -                                return NULL; -                        } -                        request->host = safemalloc(17); -                        strcpy(request->host, inet_ntoa(dest_addr.sin_addr)); -                        request->port = ntohs(dest_addr.sin_port); -                        request->path = safemalloc(strlen(url) + 1); -                        strcpy(request->path, url); -                        safefree(url); -                        build_url(&url, request->host, request->port, -                                  request->path); -                        log_message(LOG_INFO, -                                    "process_request: trans IP %s %s for %d", -                                    request->method, url, connptr->client_fd); -                } else { -                        request->host = safemalloc(length + 1); -                        if (sscanf -                            (data, "%[^:]:%hu", request->host, -                             &request->port) != 2) { -                                strcpy(request->host, data); -                                request->port = HTTP_PORT; -                        } -                        request->path = safemalloc(strlen(url) + 1); -                        strcpy(request->path, url); -                        safefree(url); -                        build_url(&url, request->host, request->port, -                                  request->path); -                        log_message(LOG_INFO, -                                    "process_request: trans Host %s %s for %d", -                                    request->method, url, connptr->client_fd); -                } -                if (config.ipAddr && strcmp(request->host, config.ipAddr) == 0) { -                        log_message(LOG_ERR, -                                    "process_request: destination IP is localhost %d", -                                    connptr->client_fd); -                        indicate_http_error(connptr, 400, "Bad Request", -                                            "detail", -                                            "You tried to connect to the machine the proxy is running on", -                                            "url", url, NULL); +                if (!do_transparent_proxy(connptr, hashofheaders, request, &config, url)) {                          safefree(url);                          free_request_struct(request);                          return NULL;                  }  #else -                log_message(LOG_ERR, -                            "process_request: Unknown URL type on file descriptor %d", -                            connptr->client_fd); -                indicate_http_error(connptr, 400, "Bad Request", -                                    "detail", "Unknown URL type", -                                    "url", url, NULL); - +                indicate_http_error(connptr, 501, "Not Implemented", +                                "detail", "Unknown method or unsupported protocol.", +                                "url", url, NULL); +                log_message(LOG_INFO, +                                "Unknown method (%s) or protocol (%s)", +                                request->method, url);                  safefree(url);                  free_request_struct(request); -                  return NULL; +                                  #endif          } @@ -22,6 +22,28 @@  #ifndef _TINYPROXY_REQS_H_  #define _TINYPROXY_REQS_H_ +#include "common.h" + + +/* + * Port constants for HTTP (80) and SSL (443) + */ +#define HTTP_PORT 80 +#define HTTP_PORT_SSL 443 + +/* + * This structure holds the information pulled from a URL request. + */ +struct request_s { +        char *method; +        char *protocol; + +        char *host; +        uint16_t port; + +        char *path; +}; +  extern void handle_connection(int fd);  extern void add_connect_port_allowed(int port);  extern void upstream_add(const char *host, int port, const char *domain); diff --git a/src/transparent-proxy.c b/src/transparent-proxy.c new file mode 100644 index 0000000..5bffa31 --- /dev/null +++ b/src/transparent-proxy.c @@ -0,0 +1,121 @@ +/* tinyproxy - A fast light-weight HTTP proxy + * Copyright (C) 2002       Petr Lampa <lampa@fit.vutbr.cz> + * Copyright (C) 2008       Robert James Kaes <rjk@wormbytes.ca> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +/* + * This section of code is used for the transparent proxy option.  You will + * need to configure your firewall to redirect all connections for HTTP + * traffic to tinyproxy for this to work properly. + */ + +#include "tinyproxy.h" + +#include "transparent-proxy.h" +#include "conns.h" +#include "heap.h" +#include "html-error.h" +#include "log.h" +#include "reqs.h" + +/* + * Build a URL from parts. + */ +static int +build_url(char **url, const char *host, int port, const char *path) +{ +        int len; + +        assert(url != NULL); +        assert(host != NULL); +        assert(port > 0 && port < 32768); +        assert(path != NULL); + +        len = strlen(host) + strlen(path) + 14; +        *url = safemalloc(len); +        if (*url == NULL) +                return -1; + +        return snprintf(*url, len, "http://%s:%d%s", host, port, path); +} + + +int +do_transparent_proxy(struct conn_s *connptr, hashmap_t hashofheaders, +                struct request_s *request, struct config_s *conf, char *url) +{ +        socklen_t length; +        char *data; +         +        length = +                hashmap_entry_by_key(hashofheaders, "host", (void **)&data); +        if (length <= 0) { +                struct sockaddr_in dest_addr; +         +                if (getsockname +                        (connptr->client_fd, (struct sockaddr *)&dest_addr, +                        &length) < 0) { +                        log_message(LOG_ERR, +                                        "process_request: cannot get destination IP for %d", +                                        connptr->client_fd); +                        indicate_http_error(connptr, 400, "Bad Request", +                                                "detail", +                                                "Unknown destination", +                                                "url", url, NULL); +                        return 0; +                } +                request->host = safemalloc(17); +                strcpy(request->host, inet_ntoa(dest_addr.sin_addr)); +                request->port = ntohs(dest_addr.sin_port); +                request->path = safemalloc(strlen(url) + 1); +                strcpy(request->path, url); +                safefree(url); +                build_url(&url, request->host, request->port, +                                request->path); +                log_message(LOG_INFO, +                                "process_request: trans IP %s %s for %d", +                                request->method, url, connptr->client_fd); +        } else { +                request->host = safemalloc(length + 1); +                if (sscanf +                        (data, "%[^:]:%hu", request->host, +                        &request->port) != 2) { +                        strcpy(request->host, data); +                        request->port = HTTP_PORT; +                } +                request->path = safemalloc(strlen(url) + 1); +                strcpy(request->path, url); +                safefree(url); +                build_url(&url, request->host, request->port, +                                request->path); +                log_message(LOG_INFO, +                                "process_request: trans Host %s %s for %d", +                                request->method, url, connptr->client_fd); +        } +        if (conf->ipAddr && strcmp(request->host, conf->ipAddr) == 0) { +                log_message(LOG_ERR, +                                "process_request: destination IP is localhost %d", +                                connptr->client_fd); +                indicate_http_error(connptr, 400, "Bad Request", +                                        "detail", +                                        "You tried to connect to the machine the proxy is running on", +                                        "url", url, NULL); +                return 0; +        } + +        return 1; +} diff --git a/src/transparent-proxy.h b/src/transparent-proxy.h new file mode 100644 index 0000000..37cc54d --- /dev/null +++ b/src/transparent-proxy.h @@ -0,0 +1,39 @@ +/* tinyproxy - A fast light-weight HTTP proxy + * Copyright (C) 2008 Robert James Kaes <rjk@wormbytes.ca> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +/* See 'transparent-proxy.c' for detailed information. */ + +#ifndef TINYPROXY_TRANSPARENT_PROXY_H +#define TINYPROXY_TRANSPARENT_PROXY_H + +#include "common.h" + +#ifdef TRANSPARENT_PROXY + +#include "conns.h" +#include "hashmap.h" +#include "reqs.h" + +extern int do_transparent_proxy(struct conn_s *connptr, +                                hashmap_t hashofheaders, struct request_s *request, +                                struct config_s *config, char *url); + + +#endif + +#endif | 
