[apple/security.git] / OSX / libsecurity_utilities / lib / socks++.h

/*
 * Copyright (c) 2000-2004,2011,2014 Apple Inc. All Rights Reserved.
 * 
 * @APPLE_LICENSE_HEADER_START@
 * 
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this
 * file.
 * 
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 * 
 * @APPLE_LICENSE_HEADER_END@
 */


//
// socks - socks version of IP sockets
//
// This Socks implementation replaces the TCP-functional layer of the socket interface
// (TCPClientSocket and TCPServerSocket), not the raw Socket layer. Remember what
// Socks was invented for -- it's NOT a generic socket abstraction layer, valiant efforts
// of the various -lsocks libraries nonwithstanding.
// Do note that these are not virtual overrides, but textual replacements.
//
// This implementation supports Socks versions 4 and 5, as well as direct (un-socksed) sockets.
// The choice is per socket object.
//
// API Synopsis:
//	SocksServer *server = SocksServer::make(version, IP-address);
//	SocksServer::defaultServer(server);	// for new sockets
//	SocksClientSocket clientSocket(...);
//		clientSocket.server(server);		// for this socket
//	SocksServerSocket serverSocket(...);	// only supports .receive()
// Otherwise, Socks{Client,Server}Socket is functionally equivalent to {Client,Server}Socket.
// Sockets without a Server (explicit or by default) are direct.
//
// Minimum replacement strategy:
//	#define TCPClientSocket SocksClientSocket
//	#define TCPServerSocket SocksServerSocket
//	SocksServer::defaultServer(SocksServer::make(...));
//
// Limitations:
// There is no UDP Socks support.
// @@@ Nonblocking sockets may not work quite right.
//
#ifndef _H_SOCKSPLUSPLUS
#define _H_SOCKSPLUSPLUS

#include "ip++.h"
#include <security_utilities/threading.h>
#include <security_utilities/globalizer.h>


using namespace UnixPlusPlus;


namespace Security {
namespace IPPlusPlus {


class SocksServerSocket;
class SocksClientSocket;


//
// A particular Socks server and version. Get one by calling SocksServer::make().
// You can express "no socks server" (direct connect) with a NULL pointer (or version==0).
//
class SocksServer {
public:
    class Support; friend class Support;

private:
    struct Global {
        mutable Mutex lock;			// lock for mGlobalServerAddress
        SocksServer *mServer;		// global default server
        ThreadNexus<IPAddress> lastConnected; // last address connected to (for aux. bind)
        
        Global() : mServer(NULL) { }
        
        void server(SocksServer *srv)	{ StLock<Mutex> _(lock); mServer = srv; }
        SocksServer *server() const		{ StLock<Mutex> _(lock); return mServer; }
    };
    static ModuleNexus<Global> global; // global state

public:
    typedef unsigned int Version;
    
    static SocksServer *make(Version version, const IPSockAddress &addr);

    const IPSockAddress &address() const	{ return mServerAddress; }
    Version version() const					{ return mVersion; }
    
public:
    static SocksServer *defaultServer()		{ return global().server(); }
    static void defaultServer(SocksServer *server) { global().server(server); }

protected:
	virtual ~SocksServer();
	
    virtual void connect(SocksClientSocket &me, const IPSockAddress &peer) = 0;
    virtual void connect(SocksClientSocket &me, const Host &host, IPPort port) = 0;
    virtual void bind(SocksServerSocket &me, const IPAddress &peer, IPPort port) = 0;
    virtual void receive(SocksServerSocket &me, SocksClientSocket &receiver) = 0;

    SocksServer(Version v, const IPSockAddress &addr) : mVersion(v), mServerAddress(addr) { }

protected:
    Version mVersion;
    IPSockAddress mServerAddress;

public:
    class Support {
    public:
        SocksServer *server() const		{ return mServer; }
        void server(SocksServer *srv)	{ mServer = srv; }
        
        IPSockAddress localAddress(const Socket &me) const;
        IPSockAddress peerAddress(const Socket &me) const;
        
    protected:
        Support() : mServer(defaultServer()) { }

        void connect(SocksClientSocket &me, const IPSockAddress &peer)	
        { mServer->connect(me, peer); }
        void connect(SocksClientSocket &me, const Host &host, IPPort port) 
        { mServer->connect(me, host, port); }
        void bind(SocksServerSocket &me, const IPAddress &peer, IPPort port)
        { mServer->bind(me, peer, port); }
        void receive(SocksServerSocket &me, SocksClientSocket &receiver)
        { mServer->receive(me, receiver); }
        
        void lastConnected(IPAddress addr)	{ global().lastConnected() = addr; }
        IPAddress lastConnected() const		{ return global().lastConnected(); }
    
    public:
        SocksServer *mServer;				// server for this socket
        IPSockAddress mLocalAddress;		// my own address, as reported by server
        IPSockAddress mPeerAddress;			// peer address
    };
};


//
// The Socks version of a TCPClientSocket
//
class SocksClientSocket : public TCPClientSocket, public SocksServer::Support {
public:
    SocksClientSocket() { }
    SocksClientSocket(const IPSockAddress &peer)				{ open(peer); }
    SocksClientSocket(const IPAddress &addr, IPPort port)		{ open(addr, port); }
    SocksClientSocket(const Host &host, IPPort port)			{ open(host, port); }
    
    void open(const IPSockAddress &peer);
    void open(const IPAddress &addr, IPPort port);
    void open(const Host &host, IPPort port);

    IPSockAddress localAddress() const		{ return Support::localAddress(*this); }
    IPSockAddress peerAddress() const		{ return Support::peerAddress(*this); }
    
public:
    void setFd(int fd, const IPSockAddress &local, const IPSockAddress &peer);
};


//
// The Socks version of a TCPServerSocket.
// Note that this version only supports the receive() access method.
// By the nature of things, the queue-length argument is ignored (it's always 1).
//
// A note about setMainConnection: There is a structural problem
// with the Socks protocol. When a SocksServerSocket goes active,
// the protocol requires the IP address of the host the connection will be
// coming from. Typical Socks library layers simply assume that this will
// be the address of the last server connected to by another (TCP) socket.
// We do this heuristic too, but it's unreliable: it's a per-thread global, and will
// fail if you interleave multiple socks "sessions" in the same thread. For this
// case (or if you just want to be safe and explicit), you can call setMainConnection to
// explicitly link this socket to a TCPClientSocket whose peer we should use.
// Do note that this call does not exist in the plain (non-socks) socket layer.
//
class SocksServerSocket : public TCPServerSocket, public SocksServer::Support {
public:
    SocksServerSocket() { }
    SocksServerSocket(const IPSockAddress &local, int = 1) { open(local); }
    SocksServerSocket(IPPort port, int = 1)					{ open(port); }
    
    void open(const IPSockAddress &local, int = 1);
    void open(IPPort port = 0, int = 1)
    { open(IPSockAddress(IPAddress::any, port)); }
    
    void receive(SocksClientSocket &client);		// accept incoming and close listener

    IPSockAddress localAddress() const		{ return Support::localAddress(*this); }
    IPSockAddress peerAddress() const		{ return Support::peerAddress(*this); }
    
    // this special call is not an overlay of TCPServerSocket - it exists only for Socks
    void setMainConnection(TCPClientSocket &main)
    { mConnectionPeer = main.peerAddress().address(); }
    
private:
    IPAddress mConnectionPeer;						// address to say we're peered with
    
private:
    void operator () (TCPClientSocket &newClient);	// not supported by Socks
};


}	// end namespace IPPlusPlus
}	// end namespace Security


#endif //_H_IPPLUSPLUS
Commit	Line	Data
b1ab9ed8	1	/*
d8f41ccd	2	* Copyright (c) 2000-2004,2011,2014 Apple Inc. All Rights Reserved.
b1ab9ed8 A	3	*
	4	* @APPLE_LICENSE_HEADER_START@
	5	*
	6	* This file contains Original Code and/or Modifications of Original Code
	7	* as defined in and that are subject to the Apple Public Source License
	8	* Version 2.0 (the 'License'). You may not use this file except in
	9	* compliance with the License. Please obtain a copy of the License at
	10	* http://www.opensource.apple.com/apsl/ and read it before using this
	11	* file.
	12	*
	13	* The Original Code and all software distributed under the License are
	14	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
	15	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
	16	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
	17	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
	18	* Please see the License for the specific language governing rights and
	19	* limitations under the License.
	20	*
	21	* @APPLE_LICENSE_HEADER_END@
	22	*/
	23
	24
	25	//
	26	// socks - socks version of IP sockets
	27	//
	28	// This Socks implementation replaces the TCP-functional layer of the socket interface
	29	// (TCPClientSocket and TCPServerSocket), not the raw Socket layer. Remember what
	30	// Socks was invented for -- it's NOT a generic socket abstraction layer, valiant efforts
	31	// of the various -lsocks libraries nonwithstanding.
	32	// Do note that these are not virtual overrides, but textual replacements.
	33	//
	34	// This implementation supports Socks versions 4 and 5, as well as direct (un-socksed) sockets.
	35	// The choice is per socket object.
	36	//
	37	// API Synopsis:
	38	// SocksServer *server = SocksServer::make(version, IP-address);
	39	// SocksServer::defaultServer(server); // for new sockets
	40	// SocksClientSocket clientSocket(...);
	41	// clientSocket.server(server); // for this socket
	42	// SocksServerSocket serverSocket(...); // only supports .receive()
	43	// Otherwise, Socks{Client,Server}Socket is functionally equivalent to {Client,Server}Socket.
	44	// Sockets without a Server (explicit or by default) are direct.
	45	//
	46	// Minimum replacement strategy:
	47	// #define TCPClientSocket SocksClientSocket
	48	// #define TCPServerSocket SocksServerSocket
	49	// SocksServer::defaultServer(SocksServer::make(...));
	50	//
	51	// Limitations:
	52	// There is no UDP Socks support.
	53	// @@@ Nonblocking sockets may not work quite right.
	54	//
	55	#ifndef _H_SOCKSPLUSPLUS
	56	#define _H_SOCKSPLUSPLUS
	57
	58	#include "ip++.h"
	59	#include <security_utilities/threading.h>
	60	#include <security_utilities/globalizer.h>
	61
	62
	63	using namespace UnixPlusPlus;
	64
	65
	66	namespace Security {
67	namespace IPPlusPlus {
68
69
70	class SocksServerSocket;
71	class SocksClientSocket;
72
73
74	//
75	// A particular Socks server and version. Get one by calling SocksServer::make().
76	// You can express "no socks server" (direct connect) with a NULL pointer (or version==0).
77	//
78	class SocksServer {
79	public:
80	class Support; friend class Support;
81
82	private:
83	struct Global {
84	mutable Mutex lock; // lock for mGlobalServerAddress
85	SocksServer *mServer; // global default server
86	ThreadNexus<IPAddress> lastConnected; // last address connected to (for aux. bind)
87
88	Global() : mServer(NULL) { }
89
90	void server(SocksServer *srv) { StLock<Mutex> _(lock); mServer = srv; }
91	SocksServer *server() const { StLock<Mutex> _(lock); return mServer; }
92	};
93	static ModuleNexus<Global> global; // global state
94
95	public:
96	typedef unsigned int Version;
97
98	static SocksServer *make(Version version, const IPSockAddress &addr);
99
100	const IPSockAddress &address() const { return mServerAddress; }
101	Version version() const { return mVersion; }
102
103	public:
104	static SocksServer *defaultServer() { return global().server(); }
105	static void defaultServer(SocksServer *server) { global().server(server); }
106
107	protected:
108	virtual ~SocksServer();
109
110	virtual void connect(SocksClientSocket &me, const IPSockAddress &peer) = 0;
111	virtual void connect(SocksClientSocket &me, const Host &host, IPPort port) = 0;
112	virtual void bind(SocksServerSocket &me, const IPAddress &peer, IPPort port) = 0;
113	virtual void receive(SocksServerSocket &me, SocksClientSocket &receiver) = 0;
114
115	SocksServer(Version v, const IPSockAddress &addr) : mVersion(v), mServerAddress(addr) { }
116
117	protected:
118	Version mVersion;
119	IPSockAddress mServerAddress;
120
121	public:
122	class Support {
123	public:
124	SocksServer *server() const { return mServer; }
125	void server(SocksServer *srv) { mServer = srv; }
126
127	IPSockAddress localAddress(const Socket &me) const;
128	IPSockAddress peerAddress(const Socket &me) const;
129
130	protected:
131	Support() : mServer(defaultServer()) { }
132
133	void connect(SocksClientSocket &me, const IPSockAddress &peer)
134	{ mServer->connect(me, peer); }
135	void connect(SocksClientSocket &me, const Host &host, IPPort port)
136	{ mServer->connect(me, host, port); }
137	void bind(SocksServerSocket &me, const IPAddress &peer, IPPort port)
138	{ mServer->bind(me, peer, port); }
139	void receive(SocksServerSocket &me, SocksClientSocket &receiver)
140	{ mServer->receive(me, receiver); }
141
142	void lastConnected(IPAddress addr) { global().lastConnected() = addr; }
143	IPAddress lastConnected() const { return global().lastConnected(); }
144
145	public:
146	SocksServer *mServer; // server for this socket
147	IPSockAddress mLocalAddress; // my own address, as reported by server
148	IPSockAddress mPeerAddress; // peer address
149	};
150	};
151
152
153	//
154	// The Socks version of a TCPClientSocket
155	//
156	class SocksClientSocket : public TCPClientSocket, public SocksServer::Support {
157	public:
158	SocksClientSocket() { }
159	SocksClientSocket(const IPSockAddress &peer) { open(peer); }
160	SocksClientSocket(const IPAddress &addr, IPPort port) { open(addr, port); }
161	SocksClientSocket(const Host &host, IPPort port) { open(host, port); }
162
163	void open(const IPSockAddress &peer);
164	void open(const IPAddress &addr, IPPort port);
165	void open(const Host &host, IPPort port);
166
167	IPSockAddress localAddress() const { return Support::localAddress(*this); }
168	IPSockAddress peerAddress() const { return Support::peerAddress(*this); }
169
170	public:
171	void setFd(int fd, const IPSockAddress &local, const IPSockAddress &peer);
172	};
173
174
175	//
176	// The Socks version of a TCPServerSocket.
177	// Note that this version only supports the receive() access method.
178	// By the nature of things, the queue-length argument is ignored (it's always 1).
179	//
180	// A note about setMainConnection: There is a structural problem
181	// with the Socks protocol. When a SocksServerSocket goes active,
182	// the protocol requires the IP address of the host the connection will be
183	// coming from. Typical Socks library layers simply assume that this will
184	// be the address of the last server connected to by another (TCP) socket.
185	// We do this heuristic too, but it's unreliable: it's a per-thread global, and will
186	// fail if you interleave multiple socks "sessions" in the same thread. For this
187	// case (or if you just want to be safe and explicit), you can call setMainConnection to
188	// explicitly link this socket to a TCPClientSocket whose peer we should use.
189	// Do note that this call does not exist in the plain (non-socks) socket layer.
190	//
191	class SocksServerSocket : public TCPServerSocket, public SocksServer::Support {
192	public:
193	SocksServerSocket() { }
194	SocksServerSocket(const IPSockAddress &local, int = 1) { open(local); }
195	SocksServerSocket(IPPort port, int = 1) { open(port); }
196
197	void open(const IPSockAddress &local, int = 1);
198	void open(IPPort port = 0, int = 1)
199	{ open(IPSockAddress(IPAddress::any, port)); }
200
201	void receive(SocksClientSocket &client); // accept incoming and close listener
202
203	IPSockAddress localAddress() const { return Support::localAddress(*this); }
204	IPSockAddress peerAddress() const { return Support::peerAddress(*this); }
205
206	// this special call is not an overlay of TCPServerSocket - it exists only for Socks
207	void setMainConnection(TCPClientSocket &main)
208	{ mConnectionPeer = main.peerAddress().address(); }
209
210	private:
211	IPAddress mConnectionPeer; // address to say we're peered with
212
213	private:
214	void operator () (TCPClientSocket &newClient); // not supported by Socks
215	};
216
217
218	} // end namespace IPPlusPlus
219	} // end namespace Security
220
221
222	#endif //_H_IPPLUSPLUS