You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Ted Keller <ke...@bfg.com> on 1999/10/27 06:16:02 UTC
[PATCH] Add Socks5 Support to Apache 1.3.9
Attached are several patches which correctly add Socks5 support to the
apache proxy server. The biggest part of these patches is to ensure the
proxy server closes the communications channel with the remote web
servers. Without clossing this channel, the socks libraries report
[Sat Sep 25 10:45:53 1999] [error] [client 170.126.243.144] (133)Tra
nsport endpoint is already connected: proxy connect to 0.0.0.21 port 80
failed
With the following patches, this errror is eliminated.
I've run these on both apache_1.3.6 and apache_1.3.9 with good success.
The following modules were modified...
Configure - Improve Socks5 support configuration
socks5.h - new file - add defines for socks5 library modules
alloc.c - added close routine for the ftp data socket.
proxy_http.c - added close statements
proxy_ftp.c - added close statements
ted keller
*** Configure.orig Sun Aug 15 20:49:08 1999
--- Configure Fri Sep 24 23:27:34 1999
***************
*** 1499,1507 ****
# otherwise we assume "-L/usr/local/lib -lsocks5"
if [ "x$RULE_SOCKS5" = "xyes" ]; then
echo " + enabling SOCKS5 support"
! CFLAGS="$CFLAGS -DSOCKS -DSOCKS5"
! CFLAGS="$CFLAGS -Dconnect=SOCKSconnect -Dselect=SOCKSselect"
! CFLAGS="$CFLAGS -Dgethostbyname=SOCKSgethostbyname -Dclose=SOCKSclose"
if [ "x`egrep '^EXTRA_L' Makefile.config | grep lsocks5`" = "x" ]; then
LIBS="$LIBS -L/usr/local/lib -lsocks5"
fi
--- 1499,1507 ----
# otherwise we assume "-L/usr/local/lib -lsocks5"
if [ "x$RULE_SOCKS5" = "xyes" ]; then
echo " + enabling SOCKS5 support"
! CFLAGS="$CFLAGS -DSOCKS -DSOCKS5 -include $(INCDIR)/socks5.h"
! # CFLAGS="$CFLAGS -Dconnect=SOCKSconnect -Dselect=SOCKSselect"
! # CFLAGS="$CFLAGS -Dgethostbyname=SOCKSgethostbyname -Dclose=SOCKSclose"
if [ "x`egrep '^EXTRA_L' Makefile.config | grep lsocks5`" = "x" ]; then
LIBS="$LIBS -L/usr/local/lib -lsocks5"
fi
*** alloc.c.orig Thu Jul 29 13:53:57 1999
--- alloc.c Sun Sep 19 22:23:02 1999
***************
*** 2003,2008 ****
--- 2003,2025 ----
}
+ API_EXPORT(int) ap_pdclosesocket(int sock)
+ {
+ int res;
+ int save_errno;
+
+ ap_block_alarms();
+ res = closesocket(sock);
+ #ifdef WIN32
+ errno = WSAGetLastError();
+ #endif /* WIN32 */
+ save_errno = errno;
+ ap_unblock_alarms();
+ errno = save_errno;
+ return res;
+ }
+
+
/*
* Here's a pool-based interface to POSIX regex's regcomp().
* Note that we return regex_t instead of being passed one.
*** proxy_ftp.c.orig Sun Sep 19 21:45:48 1999
--- proxy_ftp.c Sun Sep 19 22:00:19 1999
***************
*** 64,70 ****
#define AUTODETECT_PWD
! DEF_Explain
/*
* Decodes a '%' escaped string, and returns the number of characters
--- 64,70 ----
#define AUTODETECT_PWD
! DEF_Explain
/*
* Decodes a '%' escaped string, and returns the number of characters
***************
*** 577,583 ****
#ifndef _OSD_POSIX /* BS2000 has this option "always on" */
ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
"proxy: error setting reuseaddr option: setsockopt(SO_REUSEADDR)");
! ap_pclosesocket(p, sock);
return HTTP_INTERNAL_SERVER_ERROR;
#endif /*_OSD_POSIX*/
}
--- 577,583 ----
#ifndef _OSD_POSIX /* BS2000 has this option "always on" */
ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
"proxy: error setting reuseaddr option: setsockopt(SO_REUSEADDR)");
! ap_pclosesocket(p,sock);
return HTTP_INTERNAL_SERVER_ERROR;
#endif /*_OSD_POSIX*/
}
***************
*** 605,611 ****
}
#endif
if (i == -1) {
! ap_pclosesocket(p, sock);
return ap_proxyerror(r, HTTP_BAD_GATEWAY, ap_pstrcat(r->pool,
"Could not connect to remote machine: ",
strerror(errno), NULL));
--- 605,611 ----
}
#endif
if (i == -1) {
! ap_pclosesocket(p,sock);
return ap_proxyerror(r, HTTP_BAD_GATEWAY, ap_pstrcat(r->pool,
"Could not connect to remote machine: ",
strerror(errno), NULL));
***************
*** 628,633 ****
--- 628,634 ----
Explain1("FTP: returned status %d", i);
if (i == -1) {
ap_kill_timeout(r);
+ ap_pclosesocket(p,sock);
return ap_proxyerror(r, HTTP_BAD_GATEWAY,
"Error reading from remote server");
}
***************
*** 645,655 ****
--- 646,658 ----
* Retry-After = "Retry-After" ":" ( HTTP-date | delta-seconds )
*/
ap_set_header("Retry-After", ap_psprintf(p, "%u", 60*wait_mins);
+ ap_pclosesocket(p,sock);
return ap_proxyerror(r, HTTP_SERVICE_UNAVAILABLE, resp);
}
#endif
if (i != 220) {
ap_kill_timeout(r);
+ ap_pclosesocket(p,sock);
return ap_proxyerror(r, HTTP_BAD_GATEWAY, resp);
}
***************
*** 673,692 ****
--- 676,699 ----
Explain1("FTP: returned status %d", i);
if (i == -1) {
ap_kill_timeout(r);
+ ap_pclosesocket(p,sock);
return ap_proxyerror(r, HTTP_BAD_GATEWAY,
"Error reading from remote server");
}
if (i == 530) {
ap_kill_timeout(r);
+ ap_pclosesocket(p,sock);
return ftp_unauthorized (r, 1); /* log it: user name guessing attempt? */
}
if (i != 230 && i != 331) {
ap_kill_timeout(r);
+ ap_pclosesocket(p,sock);
return HTTP_BAD_GATEWAY;
}
if (i == 331) { /* send password */
if (password == NULL) {
+ ap_pclosesocket(p,sock);
return ftp_unauthorized (r, 0);
}
ap_bvputs(f, "PASS ", password, CRLF, NULL);
***************
*** 704,714 ****
--- 711,723 ----
Explain1("FTP: returned status %d", i);
if (i == -1) {
ap_kill_timeout(r);
+ ap_pclosesocket(p,sock);
return ap_proxyerror(r, HTTP_BAD_GATEWAY,
"Error reading from remote server");
}
if (i == 332) {
ap_kill_timeout(r);
+ ap_pclosesocket(p,sock);
return ap_proxyerror(r, HTTP_UNAUTHORIZED,
"Need account for login");
}
***************
*** 715,724 ****
--- 724,735 ----
/* @@@ questionable -- we might as well return a 403 Forbidden here */
if (i == 530) {
ap_kill_timeout(r);
+ ap_pclosesocket(p,sock);
return ftp_unauthorized (r, 1); /* log it: passwd guessing attempt? */
}
if (i != 230 && i != 202) {
ap_kill_timeout(r);
+ ap_pclosesocket(p,sock);
return HTTP_BAD_GATEWAY;
}
}
***************
*** 750,764 ****
--- 761,778 ----
Explain1("FTP: returned status %d", i);
if (i == -1) {
ap_kill_timeout(r);
+ ap_pclosesocket(p,sock);
return ap_proxyerror(r, HTTP_BAD_GATEWAY,
"Error reading from remote server");
}
if (i == 550) {
ap_kill_timeout(r);
+ ap_pclosesocket(p,sock);
return HTTP_NOT_FOUND;
}
if (i != 250) {
ap_kill_timeout(r);
+ ap_pclosesocket(p,sock);
return HTTP_BAD_GATEWAY;
}
***************
*** 794,804 ****
--- 808,820 ----
Explain1("FTP: returned status %d", i);
if (i == -1) {
ap_kill_timeout(r);
+ ap_pclosesocket(p,sock);
return ap_proxyerror(r, HTTP_BAD_GATEWAY,
"Error reading from remote server");
}
if (i != 200 && i != 504) {
ap_kill_timeout(r);
+ ap_pclosesocket(p,sock);
return HTTP_BAD_GATEWAY;
}
/* Allow not implemented */
***************
*** 807,818 ****
}
/* try to set up PASV data connection first */
! dsock = ap_psocket(p, PF_INET, SOCK_STREAM, IPPROTO_TCP);
if (dsock == -1) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
"proxy: error creating PASV socket");
ap_bclose(f);
ap_kill_timeout(r);
return HTTP_INTERNAL_SERVER_ERROR;
}
--- 823,835 ----
}
/* try to set up PASV data connection first */
! dsock = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
if (dsock == -1) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
"proxy: error creating PASV socket");
ap_bclose(f);
ap_kill_timeout(r);
+ ap_pclosesocket(p,sock);
return HTTP_INTERNAL_SERVER_ERROR;
}
***************
*** 838,846 ****
if (i == -1) {
ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, r,
"PASV: control connection is toast");
! ap_pclosesocket(p, dsock);
ap_bclose(f);
ap_kill_timeout(r);
return HTTP_INTERNAL_SERVER_ERROR;
}
else {
--- 855,864 ----
if (i == -1) {
ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, r,
"PASV: control connection is toast");
! ap_pdclosesocket(dsock);
ap_bclose(f);
ap_kill_timeout(r);
+ ap_pclosesocket(p,sock);
return HTTP_INTERNAL_SERVER_ERROR;
}
else {
***************
*** 876,881 ****
--- 894,901 ----
if (i == -1) {
ap_kill_timeout(r);
+ ap_pdclosesocket(dsock);
+ ap_pclosesocket(p,sock);
return ap_proxyerror(r, HTTP_BAD_GATEWAY,
ap_pstrcat(r->pool,
"Could not connect to remote machine: ",
***************
*** 886,910 ****
}
}
else
! ap_pclosesocket(p, dsock); /* and try the regular way */
}
if (!pasvmode) { /* set up data connection */
clen = sizeof(struct sockaddr_in);
if (getsockname(sock, (struct sockaddr *) &server, &clen) < 0) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
"proxy: error getting socket address");
ap_bclose(f);
ap_kill_timeout(r);
return HTTP_INTERNAL_SERVER_ERROR;
}
! dsock = ap_psocket(p, PF_INET, SOCK_STREAM, IPPROTO_TCP);
if (dsock == -1) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
"proxy: error creating socket");
ap_bclose(f);
ap_kill_timeout(r);
return HTTP_INTERNAL_SERVER_ERROR;
}
--- 906,935 ----
}
}
else
! ap_pdclosesocket(dsock); /* and try the regular way */
}
if (!pasvmode) { /* set up data connection */
clen = sizeof(struct sockaddr_in);
+
if (getsockname(sock, (struct sockaddr *) &server, &clen) < 0) {
+
ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
"proxy: error getting socket address");
ap_bclose(f);
ap_kill_timeout(r);
+ ap_pclosesocket(p,sock);
return HTTP_INTERNAL_SERVER_ERROR;
}
! dsock = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
if (dsock == -1) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
"proxy: error creating socket");
ap_bclose(f);
ap_kill_timeout(r);
+ ap_pdclosesocket(dsock);
+ ap_pclosesocket(p,sock);
return HTTP_INTERNAL_SERVER_ERROR;
}
***************
*** 913,934 ****
#ifndef _OSD_POSIX /* BS2000 has this option "always on" */
ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
"proxy: error setting reuseaddr option");
- ap_pclosesocket(p, dsock);
ap_bclose(f);
ap_kill_timeout(r);
return HTTP_INTERNAL_SERVER_ERROR;
#endif /*_OSD_POSIX*/
}
-
if (bind(dsock, (struct sockaddr *) &server,
sizeof(struct sockaddr_in)) == -1) {
char buff[22];
-
ap_snprintf(buff, sizeof(buff), "%s:%d", inet_ntoa(server.sin_addr), server.sin_port);
ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
"proxy: error binding to ftp data socket %s", buff);
ap_bclose(f);
! ap_pclosesocket(p, dsock);
return HTTP_INTERNAL_SERVER_ERROR;
}
listen(dsock, 2); /* only need a short queue */
--- 938,959 ----
#ifndef _OSD_POSIX /* BS2000 has this option "always on" */
ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
"proxy: error setting reuseaddr option");
ap_bclose(f);
ap_kill_timeout(r);
+ ap_pdclosesocket(dsock);
+ ap_pclosesocket(p,sock);
return HTTP_INTERNAL_SERVER_ERROR;
#endif /*_OSD_POSIX*/
}
if (bind(dsock, (struct sockaddr *) &server,
sizeof(struct sockaddr_in)) == -1) {
char buff[22];
ap_snprintf(buff, sizeof(buff), "%s:%d", inet_ntoa(server.sin_addr), server.sin_port);
ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
"proxy: error binding to ftp data socket %s", buff);
ap_bclose(f);
! ap_pdclosesocket(dsock);
! ap_pclosesocket(p,sock);
return HTTP_INTERNAL_SERVER_ERROR;
}
listen(dsock, 2); /* only need a short queue */
***************
*** 967,981 ****
--- 992,1012 ----
Explain1("FTP: returned status %d", i);
if (i == -1) {
ap_kill_timeout(r);
+ ap_pdclosesocket(dsock);
+ ap_pclosesocket(p,sock);
return ap_proxyerror(r, HTTP_BAD_GATEWAY,
"Error reading from remote server");
}
if (i == 550) {
ap_kill_timeout(r);
+ ap_pdclosesocket(dsock);
+ ap_pclosesocket(p,sock);
return HTTP_NOT_FOUND;
}
if (i != 250) {
ap_kill_timeout(r);
+ ap_pdclosesocket(dsock);
+ ap_pclosesocket(p,sock);
return HTTP_BAD_GATEWAY;
}
path = "";
***************
*** 1006,1016 ****
--- 1037,1051 ----
Explain1("FTP: PWD returned status %d", i);
if (i == -1 || i == 421) {
ap_kill_timeout(r);
+ ap_pdclosesocket(dsock);
+ ap_pclosesocket(p,sock);
return ap_proxyerror(r, HTTP_BAD_GATEWAY,
"Error reading from remote server");
}
if (i == 550) {
ap_kill_timeout(r);
+ ap_pdclosesocket(dsock);
+ ap_pclosesocket(p,sock);
return HTTP_NOT_FOUND;
}
if (i == 257) {
***************
*** 1051,1056 ****
--- 1086,1093 ----
Explain1("FTP: returned status %d", rc);
if (rc == -1) {
ap_kill_timeout(r);
+ ap_pdclosesocket(dsock);
+ ap_pclosesocket(p,sock);
return ap_proxyerror(r, HTTP_BAD_GATEWAY,
"Error reading from remote server");
}
***************
*** 1072,1086 ****
--- 1109,1129 ----
Explain1("FTP: returned status %d", rc);
if (rc == -1) {
ap_kill_timeout(r);
+ ap_pdclosesocket(dsock);
+ ap_pclosesocket(p,sock);
return ap_proxyerror(r, HTTP_BAD_GATEWAY,
"Error reading from remote server");
}
if (rc == 550) {
ap_kill_timeout(r);
+ ap_pdclosesocket(dsock);
+ ap_pclosesocket(p,sock);
return HTTP_NOT_FOUND;
}
if (rc != 250) {
ap_kill_timeout(r);
+ ap_pdclosesocket(dsock);
+ ap_pclosesocket(p,sock);
return HTTP_BAD_GATEWAY;
}
***************
*** 1099,1109 ****
--- 1142,1156 ----
Explain1("FTP: PWD returned status %d", i);
if (i == -1 || i == 421) {
ap_kill_timeout(r);
+ ap_pdclosesocket(dsock);
+ ap_pclosesocket(p,sock);
return ap_proxyerror(r, HTTP_BAD_GATEWAY,
"Error reading from remote server");
}
if (i == 550) {
ap_kill_timeout(r);
+ ap_pdclosesocket(dsock);
+ ap_pclosesocket(p,sock);
return HTTP_NOT_FOUND;
}
if (i == 257) {
***************
*** 1117,1129 ****
Explain0("FTP: LIST -lag");
rc = ftp_getrc(f);
Explain1("FTP: returned status %d", rc);
! if (rc == -1)
return ap_proxyerror(r, HTTP_BAD_GATEWAY,
"Error reading from remote server");
}
ap_kill_timeout(r);
! if (rc != 125 && rc != 150 && rc != 226 && rc != 250)
return HTTP_BAD_GATEWAY;
r->status = HTTP_OK;
r->status_line = "200 OK";
--- 1164,1182 ----
Explain0("FTP: LIST -lag");
rc = ftp_getrc(f);
Explain1("FTP: returned status %d", rc);
! if (rc == -1) {
! ap_pdclosesocket(dsock);
! ap_pclosesocket(p,sock);
return ap_proxyerror(r, HTTP_BAD_GATEWAY,
"Error reading from remote server");
}
ap_kill_timeout(r);
! if (rc != 125 && rc != 150 && rc != 226 && rc != 250) {
! ap_pdclosesocket(dsock);
! ap_pclosesocket(p,sock);
return HTTP_BAD_GATEWAY;
+ }
+ }
r->status = HTTP_OK;
r->status_line = "200 OK";
***************
*** 1165,1172 ****
i = ap_proxy_cache_update(c, resp_hdrs, 0, nocache);
if (i != DECLINED) {
! ap_pclosesocket(p, dsock);
ap_bclose(f);
return i;
}
--- 1218,1226 ----
i = ap_proxy_cache_update(c, resp_hdrs, 0, nocache);
if (i != DECLINED) {
! ap_pdclosesocket(dsock);
ap_bclose(f);
+ ap_pclosesocket(p,sock);
return i;
}
***************
*** 1179,1189 ****
if (csd == -1) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
"proxy: failed to accept data connection");
! ap_pclosesocket(p, dsock);
ap_bclose(f);
ap_kill_timeout(r);
if (c != NULL)
c = ap_proxy_cache_error(c);
return HTTP_BAD_GATEWAY;
}
ap_note_cleanups_for_socket(p, csd);
--- 1233,1244 ----
if (csd == -1) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
"proxy: failed to accept data connection");
! ap_pdclosesocket(dsock);
ap_bclose(f);
ap_kill_timeout(r);
if (c != NULL)
c = ap_proxy_cache_error(c);
+ ap_pclosesocket(p,sock);
return HTTP_BAD_GATEWAY;
}
ap_note_cleanups_for_socket(p, csd);
***************
*** 1279,1284 ****
ap_rflush(r); /* flush before garbage collection */
ap_proxy_garbage_coll(r);
!
return OK;
}
--- 1334,1340 ----
ap_rflush(r); /* flush before garbage collection */
ap_proxy_garbage_coll(r);
! ap_pdclosesocket(dsock);
! ap_pclosesocket(p,sock);
return OK;
}
*** proxy_http.c.orig Sat Sep 18 22:46:53 1999
--- proxy_http.c Sat Sep 18 22:53:55 1999
***************
*** 289,300 ****
}
#endif
if (i == -1) {
! if (proxyhost != NULL)
return DECLINED; /* try again another way */
! else
return ap_proxyerror(r, HTTP_BAD_GATEWAY, ap_pstrcat(r->pool,
"Could not connect to remote machine: ",
strerror(errno), NULL));
}
clear_connection(r->pool, r->headers_in); /* Strip connection-based headers */
--- 289,303 ----
}
#endif
if (i == -1) {
! if (proxyhost != NULL) {
! ap_pclosesocket(p,sock);
return DECLINED; /* try again another way */
! }else {
! ap_pclosesocket(p,sock);
return ap_proxyerror(r, HTTP_BAD_GATEWAY, ap_pstrcat(r->pool,
"Could not connect to remote machine: ",
strerror(errno), NULL));
+ }
}
clear_connection(r->pool, r->headers_in); /* Strip connection-based headers */
***************
*** 370,380 ****
--- 373,385 ----
ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
"ap_bgets() - proxy receive - Error reading from remote server %s (length %d)",
proxyhost ? proxyhost : desthost, len);
+ ap_pclosesocket(p,sock);
return ap_proxyerror(r, HTTP_BAD_GATEWAY,
"Error reading from remote server");
} else if (len == 0) {
ap_bclose(f);
ap_kill_timeout(r);
+ ap_pclosesocket(p,sock);
return ap_proxyerror(r, HTTP_BAD_GATEWAY,
"Document contains no data");
}
***************
*** 391,396 ****
--- 396,402 ----
if (buffer[5] != '1' || buffer[len - 1] != '\n') {
ap_bclose(f);
ap_kill_timeout(r);
+ ap_pclosesocket(p,sock);
return HTTP_BAD_GATEWAY;
}
backasswards = 0;
***************
*** 435,442 ****
}
clear_connection(p, resp_hdrs); /* Strip Connection hdrs */
! }
! else {
/* an http/0.9 response */
backasswards = 1;
r->status = 200;
--- 441,447 ----
}
clear_connection(p, resp_hdrs); /* Strip Connection hdrs */
! } else {
/* an http/0.9 response */
backasswards = 1;
r->status = 200;
***************
*** 476,481 ****
--- 481,487 ----
i = ap_proxy_cache_update(c, resp_hdrs, !backasswards, nocache);
if (i != DECLINED) {
ap_bclose(f);
+ ap_pclosesocket(p,sock);
return i;
}
***************
*** 539,543 ****
--- 545,550 ----
ap_bclose(f);
ap_proxy_garbage_coll(r);
+ ap_pclosesocket(p,sock);
return OK;
}
**********************New file *********************************
src/include/socks5.h
#ifdef SOCKS5
#define connect SOCKSconnect
#define getpeername SOCKSgetpeername
#define accept SOCKSaccept
#define listen SOCKSlisten
#define select SOCKSselect
#define recvfrom SOCKSrecvfrom
#define sendto SOCKSsendto
#define recv SOCKSrecv
#define send SOCKSsend
#define read SOCKSread
#define write SOCKSwrite
#define rresvport SOCKSrresvport
#define shutdown SOCKSshutdown
#define listen SOCKSlisten
#define close SOCKSclose
#define dup SOCKSdup
#define dup2 SOCKSdup2
/* #define fclose SOCKSfclose */
#define gethostbyname SOCKSgethostbyname
#endif /* SOCKS5 */
Re: [PATCH] Add Socks5 Support to Apache 1.3.9
Posted by Manoj Kasichainula <ma...@io.com>.
On Wed, Oct 27, 1999 at 12:16:02AM -0400, Ted Keller wrote:
> Attached are several patches which correctly add Socks5 support to the
> apache proxy server.
I'm curious. Does mod_proxy work with the SOCKS 4 support and Dante?
Dante exports a SOCKS4-like interface but also supports SOCKS 5, and
it seems to work better for me in general than the NEC socks code.
--
Manoj Kasichainula - manojk at io dot com - http://www.io.com/~manojk/