[164] | 1 | /***************************************************************************
|
---|
| 2 | * _ _ ____ _
|
---|
| 3 | * Project ___| | | | _ \| |
|
---|
| 4 | * / __| | | | |_) | |
|
---|
| 5 | * | (__| |_| | _ <| |___
|
---|
| 6 | * \___|\___/|_| \_\_____|
|
---|
| 7 | *
|
---|
| 8 | * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
|
---|
| 9 | *
|
---|
| 10 | * This software is licensed as described in the file COPYING, which
|
---|
| 11 | * you should have received as part of this distribution. The terms
|
---|
| 12 | * are also available at https://curl.haxx.se/docs/copyright.html.
|
---|
| 13 | *
|
---|
| 14 | * You may opt to use, copy, modify, merge, publish, distribute and/or sell
|
---|
| 15 | * copies of the Software, and permit persons to whom the Software is
|
---|
| 16 | * furnished to do so, under the terms of the COPYING file.
|
---|
| 17 | *
|
---|
| 18 | * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
|
---|
| 19 | * KIND, either express or implied.
|
---|
| 20 | *
|
---|
| 21 | ***************************************************************************/
|
---|
| 22 |
|
---|
| 23 | #include "curl_setup.h"
|
---|
| 24 |
|
---|
| 25 | #if !defined(CURL_DISABLE_PROXY) && !defined(CURL_DISABLE_HTTP)
|
---|
| 26 |
|
---|
| 27 | #include "urldata.h"
|
---|
| 28 | #include <curl/curl.h>
|
---|
| 29 | #include "http_proxy.h"
|
---|
| 30 | #include "sendf.h"
|
---|
| 31 | #include "http.h"
|
---|
| 32 | #include "url.h"
|
---|
| 33 | #include "select.h"
|
---|
| 34 | #include "rawstr.h"
|
---|
| 35 | #include "progress.h"
|
---|
| 36 | #include "non-ascii.h"
|
---|
| 37 | #include "connect.h"
|
---|
| 38 | #include "curl_printf.h"
|
---|
| 39 | #include "curlx.h"
|
---|
| 40 |
|
---|
| 41 | #include "curl_memory.h"
|
---|
| 42 | /* The last #include file should be: */
|
---|
| 43 | #include "memdebug.h"
|
---|
| 44 |
|
---|
| 45 | CURLcode Curl_proxy_connect(struct connectdata *conn)
|
---|
| 46 | {
|
---|
| 47 | if(conn->bits.tunnel_proxy && conn->bits.httpproxy) {
|
---|
| 48 | #ifndef CURL_DISABLE_PROXY
|
---|
| 49 | /* for [protocol] tunneled through HTTP proxy */
|
---|
| 50 | struct HTTP http_proxy;
|
---|
| 51 | void *prot_save;
|
---|
| 52 | CURLcode result;
|
---|
| 53 |
|
---|
| 54 | /* BLOCKING */
|
---|
| 55 | /* We want "seamless" operations through HTTP proxy tunnel */
|
---|
| 56 |
|
---|
| 57 | /* Curl_proxyCONNECT is based on a pointer to a struct HTTP at the
|
---|
| 58 | * member conn->proto.http; we want [protocol] through HTTP and we have
|
---|
| 59 | * to change the member temporarily for connecting to the HTTP
|
---|
| 60 | * proxy. After Curl_proxyCONNECT we have to set back the member to the
|
---|
| 61 | * original pointer
|
---|
| 62 | *
|
---|
| 63 | * This function might be called several times in the multi interface case
|
---|
| 64 | * if the proxy's CONNTECT response is not instant.
|
---|
| 65 | */
|
---|
| 66 | prot_save = conn->data->req.protop;
|
---|
| 67 | memset(&http_proxy, 0, sizeof(http_proxy));
|
---|
| 68 | conn->data->req.protop = &http_proxy;
|
---|
| 69 | connkeep(conn, "HTTP proxy CONNECT");
|
---|
| 70 | result = Curl_proxyCONNECT(conn, FIRSTSOCKET,
|
---|
| 71 | conn->host.name, conn->remote_port, FALSE);
|
---|
| 72 | conn->data->req.protop = prot_save;
|
---|
| 73 | if(CURLE_OK != result)
|
---|
| 74 | return result;
|
---|
| 75 | Curl_safefree(conn->allocptr.proxyuserpwd);
|
---|
| 76 | #else
|
---|
| 77 | return CURLE_NOT_BUILT_IN;
|
---|
| 78 | #endif
|
---|
| 79 | }
|
---|
| 80 | /* no HTTP tunnel proxy, just return */
|
---|
| 81 | return CURLE_OK;
|
---|
| 82 | }
|
---|
| 83 |
|
---|
| 84 | /*
|
---|
| 85 | * Curl_proxyCONNECT() requires that we're connected to a HTTP proxy. This
|
---|
| 86 | * function will issue the necessary commands to get a seamless tunnel through
|
---|
| 87 | * this proxy. After that, the socket can be used just as a normal socket.
|
---|
| 88 | *
|
---|
| 89 | * 'blocking' set to TRUE means that this function will do the entire CONNECT
|
---|
| 90 | * + response in a blocking fashion. Should be avoided!
|
---|
| 91 | */
|
---|
| 92 |
|
---|
| 93 | CURLcode Curl_proxyCONNECT(struct connectdata *conn,
|
---|
| 94 | int sockindex,
|
---|
| 95 | const char *hostname,
|
---|
| 96 | int remote_port,
|
---|
| 97 | bool blocking)
|
---|
| 98 | {
|
---|
| 99 | int subversion=0;
|
---|
| 100 | struct SessionHandle *data=conn->data;
|
---|
| 101 | struct SingleRequest *k = &data->req;
|
---|
| 102 | CURLcode result;
|
---|
| 103 | curl_socket_t tunnelsocket = conn->sock[sockindex];
|
---|
| 104 | curl_off_t cl=0;
|
---|
| 105 | bool closeConnection = FALSE;
|
---|
| 106 | bool chunked_encoding = FALSE;
|
---|
| 107 | long check;
|
---|
| 108 |
|
---|
| 109 | #define SELECT_OK 0
|
---|
| 110 | #define SELECT_ERROR 1
|
---|
| 111 | #define SELECT_TIMEOUT 2
|
---|
| 112 | int error = SELECT_OK;
|
---|
| 113 |
|
---|
| 114 | if(conn->tunnel_state[sockindex] == TUNNEL_COMPLETE)
|
---|
| 115 | return CURLE_OK; /* CONNECT is already completed */
|
---|
| 116 |
|
---|
| 117 | conn->bits.proxy_connect_closed = FALSE;
|
---|
| 118 |
|
---|
| 119 | do {
|
---|
| 120 | if(TUNNEL_INIT == conn->tunnel_state[sockindex]) {
|
---|
| 121 | /* BEGIN CONNECT PHASE */
|
---|
| 122 | char *host_port;
|
---|
| 123 | Curl_send_buffer *req_buffer;
|
---|
| 124 |
|
---|
| 125 | infof(data, "Establish HTTP proxy tunnel to %s:%hu\n",
|
---|
| 126 | hostname, remote_port);
|
---|
| 127 |
|
---|
| 128 | /* This only happens if we've looped here due to authentication
|
---|
| 129 | reasons, and we don't really use the newly cloned URL here
|
---|
| 130 | then. Just free() it. */
|
---|
| 131 | free(data->req.newurl);
|
---|
| 132 | data->req.newurl = NULL;
|
---|
| 133 |
|
---|
| 134 | /* initialize a dynamic send-buffer */
|
---|
| 135 | req_buffer = Curl_add_buffer_init();
|
---|
| 136 |
|
---|
| 137 | if(!req_buffer)
|
---|
| 138 | return CURLE_OUT_OF_MEMORY;
|
---|
| 139 |
|
---|
| 140 | host_port = aprintf("%s:%hu", hostname, remote_port);
|
---|
| 141 | if(!host_port) {
|
---|
| 142 | Curl_add_buffer_free(req_buffer);
|
---|
| 143 | return CURLE_OUT_OF_MEMORY;
|
---|
| 144 | }
|
---|
| 145 |
|
---|
| 146 | /* Setup the proxy-authorization header, if any */
|
---|
| 147 | result = Curl_http_output_auth(conn, "CONNECT", host_port, TRUE);
|
---|
| 148 |
|
---|
| 149 | free(host_port);
|
---|
| 150 |
|
---|
| 151 | if(!result) {
|
---|
| 152 | char *host=(char *)"";
|
---|
| 153 | const char *proxyconn="";
|
---|
| 154 | const char *useragent="";
|
---|
| 155 | const char *http = (conn->proxytype == CURLPROXY_HTTP_1_0) ?
|
---|
| 156 | "1.0" : "1.1";
|
---|
| 157 | char *hostheader= /* host:port with IPv6 support */
|
---|
| 158 | aprintf("%s%s%s:%hu", conn->bits.ipv6_ip?"[":"",
|
---|
| 159 | hostname, conn->bits.ipv6_ip?"]":"",
|
---|
| 160 | remote_port);
|
---|
| 161 | if(!hostheader) {
|
---|
| 162 | Curl_add_buffer_free(req_buffer);
|
---|
| 163 | return CURLE_OUT_OF_MEMORY;
|
---|
| 164 | }
|
---|
| 165 |
|
---|
| 166 | if(!Curl_checkProxyheaders(conn, "Host:")) {
|
---|
| 167 | host = aprintf("Host: %s\r\n", hostheader);
|
---|
| 168 | if(!host) {
|
---|
| 169 | free(hostheader);
|
---|
| 170 | Curl_add_buffer_free(req_buffer);
|
---|
| 171 | return CURLE_OUT_OF_MEMORY;
|
---|
| 172 | }
|
---|
| 173 | }
|
---|
| 174 | if(!Curl_checkProxyheaders(conn, "Proxy-Connection:"))
|
---|
| 175 | proxyconn = "Proxy-Connection: Keep-Alive\r\n";
|
---|
| 176 |
|
---|
| 177 | if(!Curl_checkProxyheaders(conn, "User-Agent:") &&
|
---|
| 178 | data->set.str[STRING_USERAGENT])
|
---|
| 179 | useragent = conn->allocptr.uagent;
|
---|
| 180 |
|
---|
| 181 | result =
|
---|
| 182 | Curl_add_bufferf(req_buffer,
|
---|
| 183 | "CONNECT %s HTTP/%s\r\n"
|
---|
| 184 | "%s" /* Host: */
|
---|
| 185 | "%s" /* Proxy-Authorization */
|
---|
| 186 | "%s" /* User-Agent */
|
---|
| 187 | "%s", /* Proxy-Connection */
|
---|
| 188 | hostheader,
|
---|
| 189 | http,
|
---|
| 190 | host,
|
---|
| 191 | conn->allocptr.proxyuserpwd?
|
---|
| 192 | conn->allocptr.proxyuserpwd:"",
|
---|
| 193 | useragent,
|
---|
| 194 | proxyconn);
|
---|
| 195 |
|
---|
| 196 | if(host && *host)
|
---|
| 197 | free(host);
|
---|
| 198 | free(hostheader);
|
---|
| 199 |
|
---|
| 200 | if(!result)
|
---|
| 201 | result = Curl_add_custom_headers(conn, TRUE, req_buffer);
|
---|
| 202 |
|
---|
| 203 | if(!result)
|
---|
| 204 | /* CRLF terminate the request */
|
---|
| 205 | result = Curl_add_bufferf(req_buffer, "\r\n");
|
---|
| 206 |
|
---|
| 207 | if(!result) {
|
---|
| 208 | /* Send the connect request to the proxy */
|
---|
| 209 | /* BLOCKING */
|
---|
| 210 | result =
|
---|
| 211 | Curl_add_buffer_send(req_buffer, conn,
|
---|
| 212 | &data->info.request_size, 0, sockindex);
|
---|
| 213 | }
|
---|
| 214 | req_buffer = NULL;
|
---|
| 215 | if(result)
|
---|
| 216 | failf(data, "Failed sending CONNECT to proxy");
|
---|
| 217 | }
|
---|
| 218 |
|
---|
| 219 | Curl_add_buffer_free(req_buffer);
|
---|
| 220 | if(result)
|
---|
| 221 | return result;
|
---|
| 222 |
|
---|
| 223 | conn->tunnel_state[sockindex] = TUNNEL_CONNECT;
|
---|
| 224 | } /* END CONNECT PHASE */
|
---|
| 225 |
|
---|
| 226 | check = Curl_timeleft(data, NULL, TRUE);
|
---|
| 227 | if(check <= 0) {
|
---|
| 228 | failf(data, "Proxy CONNECT aborted due to timeout");
|
---|
| 229 | return CURLE_RECV_ERROR;
|
---|
| 230 | }
|
---|
| 231 |
|
---|
| 232 | if(!blocking) {
|
---|
| 233 | if(0 == Curl_socket_ready(tunnelsocket, CURL_SOCKET_BAD, 0))
|
---|
| 234 | /* return so we'll be called again polling-style */
|
---|
| 235 | return CURLE_OK;
|
---|
| 236 | else {
|
---|
| 237 | DEBUGF(infof(data,
|
---|
| 238 | "Read response immediately from proxy CONNECT\n"));
|
---|
| 239 | }
|
---|
| 240 | }
|
---|
| 241 |
|
---|
| 242 | /* at this point, the tunnel_connecting phase is over. */
|
---|
| 243 |
|
---|
| 244 | { /* READING RESPONSE PHASE */
|
---|
| 245 | size_t nread; /* total size read */
|
---|
| 246 | int perline; /* count bytes per line */
|
---|
| 247 | int keepon=TRUE;
|
---|
| 248 | ssize_t gotbytes;
|
---|
| 249 | char *ptr;
|
---|
| 250 | char *line_start;
|
---|
| 251 |
|
---|
| 252 | ptr=data->state.buffer;
|
---|
| 253 | line_start = ptr;
|
---|
| 254 |
|
---|
| 255 | nread=0;
|
---|
| 256 | perline=0;
|
---|
| 257 |
|
---|
| 258 | while((nread<BUFSIZE) && (keepon && !error)) {
|
---|
| 259 |
|
---|
| 260 | check = Curl_timeleft(data, NULL, TRUE);
|
---|
| 261 | if(check <= 0) {
|
---|
| 262 | failf(data, "Proxy CONNECT aborted due to timeout");
|
---|
| 263 | error = SELECT_TIMEOUT; /* already too little time */
|
---|
| 264 | break;
|
---|
| 265 | }
|
---|
| 266 |
|
---|
| 267 | /* loop every second at least, less if the timeout is near */
|
---|
| 268 | switch (Curl_socket_ready(tunnelsocket, CURL_SOCKET_BAD,
|
---|
| 269 | check<1000L?check:1000)) {
|
---|
| 270 | case -1: /* select() error, stop reading */
|
---|
| 271 | error = SELECT_ERROR;
|
---|
| 272 | failf(data, "Proxy CONNECT aborted due to select/poll error");
|
---|
| 273 | break;
|
---|
| 274 | case 0: /* timeout */
|
---|
| 275 | break;
|
---|
| 276 | default:
|
---|
| 277 | DEBUGASSERT(ptr+BUFSIZE-nread <= data->state.buffer+BUFSIZE+1);
|
---|
| 278 | result = Curl_read(conn, tunnelsocket, ptr, BUFSIZE-nread,
|
---|
| 279 | &gotbytes);
|
---|
| 280 | if(result==CURLE_AGAIN)
|
---|
| 281 | continue; /* go loop yourself */
|
---|
| 282 | else if(result)
|
---|
| 283 | keepon = FALSE;
|
---|
| 284 | else if(gotbytes <= 0) {
|
---|
| 285 | keepon = FALSE;
|
---|
| 286 | if(data->set.proxyauth && data->state.authproxy.avail) {
|
---|
| 287 | /* proxy auth was requested and there was proxy auth available,
|
---|
| 288 | then deem this as "mere" proxy disconnect */
|
---|
| 289 | conn->bits.proxy_connect_closed = TRUE;
|
---|
| 290 | infof(data, "Proxy CONNECT connection closed\n");
|
---|
| 291 | }
|
---|
| 292 | else {
|
---|
| 293 | error = SELECT_ERROR;
|
---|
| 294 | failf(data, "Proxy CONNECT aborted");
|
---|
| 295 | }
|
---|
| 296 | }
|
---|
| 297 | else {
|
---|
| 298 | /*
|
---|
| 299 | * We got a whole chunk of data, which can be anything from one
|
---|
| 300 | * byte to a set of lines and possibly just a piece of the last
|
---|
| 301 | * line.
|
---|
| 302 | */
|
---|
| 303 | int i;
|
---|
| 304 |
|
---|
| 305 | nread += gotbytes;
|
---|
| 306 |
|
---|
| 307 | if(keepon > TRUE) {
|
---|
| 308 | /* This means we are currently ignoring a response-body */
|
---|
| 309 |
|
---|
| 310 | nread = 0; /* make next read start over in the read buffer */
|
---|
| 311 | ptr=data->state.buffer;
|
---|
| 312 | if(cl) {
|
---|
| 313 | /* A Content-Length based body: simply count down the counter
|
---|
| 314 | and make sure to break out of the loop when we're done! */
|
---|
| 315 | cl -= gotbytes;
|
---|
| 316 | if(cl<=0) {
|
---|
| 317 | keepon = FALSE;
|
---|
| 318 | break;
|
---|
| 319 | }
|
---|
| 320 | }
|
---|
| 321 | else {
|
---|
| 322 | /* chunked-encoded body, so we need to do the chunked dance
|
---|
| 323 | properly to know when the end of the body is reached */
|
---|
| 324 | CHUNKcode r;
|
---|
| 325 | ssize_t tookcareof=0;
|
---|
| 326 |
|
---|
| 327 | /* now parse the chunked piece of data so that we can
|
---|
| 328 | properly tell when the stream ends */
|
---|
| 329 | r = Curl_httpchunk_read(conn, ptr, gotbytes, &tookcareof);
|
---|
| 330 | if(r == CHUNKE_STOP) {
|
---|
| 331 | /* we're done reading chunks! */
|
---|
| 332 | infof(data, "chunk reading DONE\n");
|
---|
| 333 | keepon = FALSE;
|
---|
| 334 | /* we did the full CONNECT treatment, go COMPLETE */
|
---|
| 335 | conn->tunnel_state[sockindex] = TUNNEL_COMPLETE;
|
---|
| 336 | }
|
---|
| 337 | else
|
---|
| 338 | infof(data, "Read %zd bytes of chunk, continue\n",
|
---|
| 339 | tookcareof);
|
---|
| 340 | }
|
---|
| 341 | }
|
---|
| 342 | else
|
---|
| 343 | for(i = 0; i < gotbytes; ptr++, i++) {
|
---|
| 344 | perline++; /* amount of bytes in this line so far */
|
---|
| 345 | if(*ptr == 0x0a) {
|
---|
| 346 | char letter;
|
---|
| 347 | int writetype;
|
---|
| 348 |
|
---|
| 349 | /* convert from the network encoding */
|
---|
| 350 | result = Curl_convert_from_network(data, line_start,
|
---|
| 351 | perline);
|
---|
| 352 | /* Curl_convert_from_network calls failf if unsuccessful */
|
---|
| 353 | if(result)
|
---|
| 354 | return result;
|
---|
| 355 |
|
---|
| 356 | /* output debug if that is requested */
|
---|
| 357 | if(data->set.verbose)
|
---|
| 358 | Curl_debug(data, CURLINFO_HEADER_IN,
|
---|
| 359 | line_start, (size_t)perline, conn);
|
---|
| 360 |
|
---|
| 361 | /* send the header to the callback */
|
---|
| 362 | writetype = CLIENTWRITE_HEADER;
|
---|
| 363 | if(data->set.include_header)
|
---|
| 364 | writetype |= CLIENTWRITE_BODY;
|
---|
| 365 |
|
---|
| 366 | result = Curl_client_write(conn, writetype, line_start,
|
---|
| 367 | perline);
|
---|
| 368 |
|
---|
| 369 | data->info.header_size += (long)perline;
|
---|
| 370 | data->req.headerbytecount += (long)perline;
|
---|
| 371 |
|
---|
| 372 | if(result)
|
---|
| 373 | return result;
|
---|
| 374 |
|
---|
| 375 | /* Newlines are CRLF, so the CR is ignored as the line isn't
|
---|
| 376 | really terminated until the LF comes. Treat a following CR
|
---|
| 377 | as end-of-headers as well.*/
|
---|
| 378 |
|
---|
| 379 | if(('\r' == line_start[0]) ||
|
---|
| 380 | ('\n' == line_start[0])) {
|
---|
| 381 | /* end of response-headers from the proxy */
|
---|
| 382 | nread = 0; /* make next read start over in the read
|
---|
| 383 | buffer */
|
---|
| 384 | ptr=data->state.buffer;
|
---|
| 385 | if((407 == k->httpcode) && !data->state.authproblem) {
|
---|
| 386 | /* If we get a 407 response code with content length
|
---|
| 387 | when we have no auth problem, we must ignore the
|
---|
| 388 | whole response-body */
|
---|
| 389 | keepon = 2;
|
---|
| 390 |
|
---|
| 391 | if(cl) {
|
---|
| 392 | infof(data, "Ignore %" CURL_FORMAT_CURL_OFF_T
|
---|
| 393 | " bytes of response-body\n", cl);
|
---|
| 394 |
|
---|
| 395 | /* remove the remaining chunk of what we already
|
---|
| 396 | read */
|
---|
| 397 | cl -= (gotbytes - i);
|
---|
| 398 |
|
---|
| 399 | if(cl<=0)
|
---|
| 400 | /* if the whole thing was already read, we are done!
|
---|
| 401 | */
|
---|
| 402 | keepon=FALSE;
|
---|
| 403 | }
|
---|
| 404 | else if(chunked_encoding) {
|
---|
| 405 | CHUNKcode r;
|
---|
| 406 | /* We set ignorebody true here since the chunked
|
---|
| 407 | decoder function will acknowledge that. Pay
|
---|
| 408 | attention so that this is cleared again when this
|
---|
| 409 | function returns! */
|
---|
| 410 | k->ignorebody = TRUE;
|
---|
| 411 | infof(data, "%zd bytes of chunk left\n", gotbytes-i);
|
---|
| 412 |
|
---|
| 413 | if(line_start[1] == '\n') {
|
---|
| 414 | /* this can only be a LF if the letter at index 0
|
---|
| 415 | was a CR */
|
---|
| 416 | line_start++;
|
---|
| 417 | i++;
|
---|
| 418 | }
|
---|
| 419 |
|
---|
| 420 | /* now parse the chunked piece of data so that we can
|
---|
| 421 | properly tell when the stream ends */
|
---|
| 422 | r = Curl_httpchunk_read(conn, line_start+1,
|
---|
| 423 | gotbytes -i, &gotbytes);
|
---|
| 424 | if(r == CHUNKE_STOP) {
|
---|
| 425 | /* we're done reading chunks! */
|
---|
| 426 | infof(data, "chunk reading DONE\n");
|
---|
| 427 | keepon = FALSE;
|
---|
| 428 | /* we did the full CONNECT treatment, go to
|
---|
| 429 | COMPLETE */
|
---|
| 430 | conn->tunnel_state[sockindex] = TUNNEL_COMPLETE;
|
---|
| 431 | }
|
---|
| 432 | else
|
---|
| 433 | infof(data, "Read %zd bytes of chunk, continue\n",
|
---|
| 434 | gotbytes);
|
---|
| 435 | }
|
---|
| 436 | else {
|
---|
| 437 | /* without content-length or chunked encoding, we
|
---|
| 438 | can't keep the connection alive since the close is
|
---|
| 439 | the end signal so we bail out at once instead */
|
---|
| 440 | keepon=FALSE;
|
---|
| 441 | }
|
---|
| 442 | }
|
---|
| 443 | else {
|
---|
| 444 | keepon = FALSE;
|
---|
| 445 | if(200 == data->info.httpproxycode) {
|
---|
| 446 | if(gotbytes - (i+1))
|
---|
| 447 | failf(data, "Proxy CONNECT followed by %zd bytes "
|
---|
| 448 | "of opaque data. Data ignored (known bug #39)",
|
---|
| 449 | gotbytes - (i+1));
|
---|
| 450 | }
|
---|
| 451 | }
|
---|
| 452 | /* we did the full CONNECT treatment, go to COMPLETE */
|
---|
| 453 | conn->tunnel_state[sockindex] = TUNNEL_COMPLETE;
|
---|
| 454 | break; /* breaks out of for-loop, not switch() */
|
---|
| 455 | }
|
---|
| 456 |
|
---|
| 457 | /* keep a backup of the position we are about to blank */
|
---|
| 458 | letter = line_start[perline];
|
---|
| 459 | line_start[perline]=0; /* zero terminate the buffer */
|
---|
| 460 | if((checkprefix("WWW-Authenticate:", line_start) &&
|
---|
| 461 | (401 == k->httpcode)) ||
|
---|
| 462 | (checkprefix("Proxy-authenticate:", line_start) &&
|
---|
| 463 | (407 == k->httpcode))) {
|
---|
| 464 |
|
---|
| 465 | bool proxy = (k->httpcode == 407) ? TRUE : FALSE;
|
---|
| 466 | char *auth = Curl_copy_header_value(line_start);
|
---|
| 467 | if(!auth)
|
---|
| 468 | return CURLE_OUT_OF_MEMORY;
|
---|
| 469 |
|
---|
| 470 | result = Curl_http_input_auth(conn, proxy, auth);
|
---|
| 471 |
|
---|
| 472 | free(auth);
|
---|
| 473 |
|
---|
| 474 | if(result)
|
---|
| 475 | return result;
|
---|
| 476 | }
|
---|
| 477 | else if(checkprefix("Content-Length:", line_start)) {
|
---|
| 478 | cl = curlx_strtoofft(line_start +
|
---|
| 479 | strlen("Content-Length:"), NULL, 10);
|
---|
| 480 | }
|
---|
| 481 | else if(Curl_compareheader(line_start,
|
---|
| 482 | "Connection:", "close"))
|
---|
| 483 | closeConnection = TRUE;
|
---|
| 484 | else if(Curl_compareheader(line_start,
|
---|
| 485 | "Transfer-Encoding:",
|
---|
| 486 | "chunked")) {
|
---|
| 487 | infof(data, "CONNECT responded chunked\n");
|
---|
| 488 | chunked_encoding = TRUE;
|
---|
| 489 | /* init our chunky engine */
|
---|
| 490 | Curl_httpchunk_init(conn);
|
---|
| 491 | }
|
---|
| 492 | else if(Curl_compareheader(line_start,
|
---|
| 493 | "Proxy-Connection:", "close"))
|
---|
| 494 | closeConnection = TRUE;
|
---|
| 495 | else if(2 == sscanf(line_start, "HTTP/1.%d %d",
|
---|
| 496 | &subversion,
|
---|
| 497 | &k->httpcode)) {
|
---|
| 498 | /* store the HTTP code from the proxy */
|
---|
| 499 | data->info.httpproxycode = k->httpcode;
|
---|
| 500 | }
|
---|
| 501 | /* put back the letter we blanked out before */
|
---|
| 502 | line_start[perline]= letter;
|
---|
| 503 |
|
---|
| 504 | perline=0; /* line starts over here */
|
---|
| 505 | line_start = ptr+1; /* this skips the zero byte we wrote */
|
---|
| 506 | }
|
---|
| 507 | }
|
---|
| 508 | }
|
---|
| 509 | break;
|
---|
| 510 | } /* switch */
|
---|
| 511 | if(Curl_pgrsUpdate(conn))
|
---|
| 512 | return CURLE_ABORTED_BY_CALLBACK;
|
---|
| 513 | } /* while there's buffer left and loop is requested */
|
---|
| 514 |
|
---|
| 515 | if(error)
|
---|
| 516 | return CURLE_RECV_ERROR;
|
---|
| 517 |
|
---|
| 518 | if(data->info.httpproxycode != 200) {
|
---|
| 519 | /* Deal with the possibly already received authenticate
|
---|
| 520 | headers. 'newurl' is set to a new URL if we must loop. */
|
---|
| 521 | result = Curl_http_auth_act(conn);
|
---|
| 522 | if(result)
|
---|
| 523 | return result;
|
---|
| 524 |
|
---|
| 525 | if(conn->bits.close)
|
---|
| 526 | /* the connection has been marked for closure, most likely in the
|
---|
| 527 | Curl_http_auth_act() function and thus we can kill it at once
|
---|
| 528 | below
|
---|
| 529 | */
|
---|
| 530 | closeConnection = TRUE;
|
---|
| 531 | }
|
---|
| 532 |
|
---|
| 533 | if(closeConnection && data->req.newurl) {
|
---|
| 534 | /* Connection closed by server. Don't use it anymore */
|
---|
| 535 | Curl_closesocket(conn, conn->sock[sockindex]);
|
---|
| 536 | conn->sock[sockindex] = CURL_SOCKET_BAD;
|
---|
| 537 | break;
|
---|
| 538 | }
|
---|
| 539 | } /* END READING RESPONSE PHASE */
|
---|
| 540 |
|
---|
| 541 | /* If we are supposed to continue and request a new URL, which basically
|
---|
| 542 | * means the HTTP authentication is still going on so if the tunnel
|
---|
| 543 | * is complete we start over in INIT state */
|
---|
| 544 | if(data->req.newurl &&
|
---|
| 545 | (TUNNEL_COMPLETE == conn->tunnel_state[sockindex])) {
|
---|
| 546 | conn->tunnel_state[sockindex] = TUNNEL_INIT;
|
---|
| 547 | infof(data, "TUNNEL_STATE switched to: %d\n",
|
---|
| 548 | conn->tunnel_state[sockindex]);
|
---|
| 549 | }
|
---|
| 550 |
|
---|
| 551 | } while(data->req.newurl);
|
---|
| 552 |
|
---|
| 553 | if(200 != data->req.httpcode) {
|
---|
| 554 | if(closeConnection && data->req.newurl) {
|
---|
| 555 | conn->bits.proxy_connect_closed = TRUE;
|
---|
| 556 | infof(data, "Connect me again please\n");
|
---|
| 557 | }
|
---|
| 558 | else {
|
---|
| 559 | free(data->req.newurl);
|
---|
| 560 | data->req.newurl = NULL;
|
---|
| 561 | /* failure, close this connection to avoid re-use */
|
---|
| 562 | connclose(conn, "proxy CONNECT failure");
|
---|
| 563 | Curl_closesocket(conn, conn->sock[sockindex]);
|
---|
| 564 | conn->sock[sockindex] = CURL_SOCKET_BAD;
|
---|
| 565 | }
|
---|
| 566 |
|
---|
| 567 | /* to back to init state */
|
---|
| 568 | conn->tunnel_state[sockindex] = TUNNEL_INIT;
|
---|
| 569 |
|
---|
| 570 | if(conn->bits.proxy_connect_closed)
|
---|
| 571 | /* this is not an error, just part of the connection negotiation */
|
---|
| 572 | return CURLE_OK;
|
---|
| 573 | else {
|
---|
| 574 | failf(data, "Received HTTP code %d from proxy after CONNECT",
|
---|
| 575 | data->req.httpcode);
|
---|
| 576 | return CURLE_RECV_ERROR;
|
---|
| 577 | }
|
---|
| 578 | }
|
---|
| 579 |
|
---|
| 580 | conn->tunnel_state[sockindex] = TUNNEL_COMPLETE;
|
---|
| 581 |
|
---|
| 582 | /* If a proxy-authorization header was used for the proxy, then we should
|
---|
| 583 | make sure that it isn't accidentally used for the document request
|
---|
| 584 | after we've connected. So let's free and clear it here. */
|
---|
| 585 | Curl_safefree(conn->allocptr.proxyuserpwd);
|
---|
| 586 | conn->allocptr.proxyuserpwd = NULL;
|
---|
| 587 |
|
---|
| 588 | data->state.authproxy.done = TRUE;
|
---|
| 589 |
|
---|
| 590 | infof (data, "Proxy replied OK to CONNECT request\n");
|
---|
| 591 | data->req.ignorebody = FALSE; /* put it (back) to non-ignore state */
|
---|
| 592 | conn->bits.rewindaftersend = FALSE; /* make sure this isn't set for the
|
---|
| 593 | document request */
|
---|
| 594 | return CURLE_OK;
|
---|
| 595 | }
|
---|
| 596 | #endif /* CURL_DISABLE_PROXY */
|
---|