Permalink
Cannot retrieve contributors at this time
160 lines (141 sloc)
4.85 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters
| /* | |
| * Copyright (c) 2014, Yawning Angel <yawning at torproject dot org> | |
| * All rights reserved. | |
| * | |
| * Redistribution and use in source and binary forms, with or without | |
| * modification, are permitted provided that the following conditions are met: | |
| * | |
| * * Redistributions of source code must retain the above copyright notice, | |
| * this list of conditions and the following disclaimer. | |
| * | |
| * * Redistributions in binary form must reproduce the above copyright notice, | |
| * this list of conditions and the following disclaimer in the documentation | |
| * and/or other materials provided with the distribution. | |
| * | |
| * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" | |
| * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
| * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
| * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE | |
| * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR | |
| * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF | |
| * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS | |
| * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN | |
| * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
| * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE | |
| * POSSIBILITY OF SUCH DAMAGE. | |
| */ | |
| package main | |
| import ( | |
| "errors" | |
| "fmt" | |
| "net" | |
| "net/url" | |
| "os" | |
| "strconv" | |
| "git.torproject.org/pluggable-transports/goptlib.git" | |
| ) | |
| // This file contains things that probably should be in goptlib but are not | |
| // yet or are not finalized. | |
| func ptEnvError(msg string) error { | |
| line := []byte(fmt.Sprintf("ENV-ERROR %s\n", msg)) | |
| pt.Stdout.Write(line) | |
| return errors.New(msg) | |
| } | |
| func ptProxyError(msg string) error { | |
| line := []byte(fmt.Sprintf("PROXY-ERROR %s\n", msg)) | |
| pt.Stdout.Write(line) | |
| return errors.New(msg) | |
| } | |
| func ptProxyDone() { | |
| line := []byte("PROXY DONE\n") | |
| pt.Stdout.Write(line) | |
| } | |
| func ptIsClient() (bool, error) { | |
| clientEnv := os.Getenv("TOR_PT_CLIENT_TRANSPORTS") | |
| serverEnv := os.Getenv("TOR_PT_SERVER_TRANSPORTS") | |
| if clientEnv != "" && serverEnv != "" { | |
| return false, ptEnvError("TOR_PT_[CLIENT,SERVER]_TRANSPORTS both set") | |
| } else if clientEnv != "" { | |
| return true, nil | |
| } else if serverEnv != "" { | |
| return false, nil | |
| } | |
| return false, errors.New("not launched as a managed transport") | |
| } | |
| func ptGetProxy() (*url.URL, error) { | |
| specString := os.Getenv("TOR_PT_PROXY") | |
| if specString == "" { | |
| return nil, nil | |
| } | |
| spec, err := url.Parse(specString) | |
| if err != nil { | |
| return nil, ptProxyError(fmt.Sprintf("failed to parse proxy config: %s", err)) | |
| } | |
| // Validate the TOR_PT_PROXY uri. | |
| if !spec.IsAbs() { | |
| return nil, ptProxyError("proxy URI is relative, must be absolute") | |
| } | |
| if spec.Path != "" { | |
| return nil, ptProxyError("proxy URI has a path defined") | |
| } | |
| if spec.RawQuery != "" { | |
| return nil, ptProxyError("proxy URI has a query defined") | |
| } | |
| if spec.Fragment != "" { | |
| return nil, ptProxyError("proxy URI has a fragment defined") | |
| } | |
| switch spec.Scheme { | |
| case "http": | |
| // The most forgiving of proxies. | |
| case "socks4a": | |
| if spec.User != nil { | |
| _, isSet := spec.User.Password() | |
| if isSet { | |
| return nil, ptProxyError("proxy URI specified SOCKS4a and a password") | |
| } | |
| } | |
| case "socks5": | |
| if spec.User != nil { | |
| // UNAME/PASSWD both must be between 1 and 255 bytes long. (RFC1929) | |
| user := spec.User.Username() | |
| passwd, isSet := spec.User.Password() | |
| if len(user) < 1 || len(user) > 255 { | |
| return nil, ptProxyError("proxy URI specified a invalid SOCKS5 username") | |
| } | |
| if !isSet || len(passwd) < 1 || len(passwd) > 255 { | |
| return nil, ptProxyError("proxy URI specified a invalid SOCKS5 password") | |
| } | |
| } | |
| default: | |
| return nil, ptProxyError(fmt.Sprintf("proxy URI has invalid scheme: %s", spec.Scheme)) | |
| } | |
| _, err = resolveAddrStr(spec.Host) | |
| if err != nil { | |
| return nil, ptProxyError(fmt.Sprintf("proxy URI has invalid host: %s", err)) | |
| } | |
| return spec, nil | |
| } | |
| // Sigh, pt.resolveAddr() isn't exported. Include our own getto version that | |
| // doesn't work around #7011, because we don't work with pre-0.2.5.x tor, and | |
| // all we care about is validation anyway. | |
| func resolveAddrStr(addrStr string) (*net.TCPAddr, error) { | |
| ipStr, portStr, err := net.SplitHostPort(addrStr) | |
| if err != nil { | |
| return nil, err | |
| } | |
| if ipStr == "" { | |
| return nil, net.InvalidAddrError(fmt.Sprintf("address string %q lacks a host part", addrStr)) | |
| } | |
| if portStr == "" { | |
| return nil, net.InvalidAddrError(fmt.Sprintf("address string %q lacks a port part", addrStr)) | |
| } | |
| ip := net.ParseIP(ipStr) | |
| if ip == nil { | |
| return nil, net.InvalidAddrError(fmt.Sprintf("not an IP string: %q", ipStr)) | |
| } | |
| port, err := strconv.ParseUint(portStr, 10, 16) | |
| if err != nil { | |
| return nil, net.InvalidAddrError(fmt.Sprintf("not a Port string: %q", portStr)) | |
| } | |
| return &net.TCPAddr{IP: ip, Port: int(port), Zone: ""}, nil | |
| } |