1 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* This Source Code Form is subject to the terms of the Mozilla Public
3 * License, v. 2.0. If a copy of the MPL was not distributed with this
4 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
5
6 #include "nsISystemProxySettings.h"
7 #include "mozilla/Components.h"
8 #include "nsIURI.h"
9 #include "nsReadableUtils.h"
10 #include "nsArrayUtils.h"
11 #include "prnetdb.h"
12 #include "prenv.h"
13 #include "nsPrintfCString.h"
14 #include "nsNetCID.h"
15 #include "nsNetUtil.h"
16 #include "nsISupportsPrimitives.h"
17 #include "nsIGSettingsService.h"
18 #include "nsInterfaceHashtable.h"
19 #include "mozilla/Attributes.h"
20 #include "nsIURI.h"
21
22 using namespace mozilla;
23
24 class nsUnixSystemProxySettings final : public nsISystemProxySettings {
25 public:
26 NS_DECL_ISUPPORTS
27 NS_DECL_NSISYSTEMPROXYSETTINGS
28
nsUnixSystemProxySettings()29 nsUnixSystemProxySettings() : mSchemeProxySettings(4) {}
30 void Init();
31
32 private:
33 ~nsUnixSystemProxySettings() = default;
34
35 nsCOMPtr<nsIGSettingsService> mGSettings;
36 nsCOMPtr<nsIGSettingsCollection> mProxySettings;
37 nsInterfaceHashtable<nsCStringHashKey, nsIGSettingsCollection>
38 mSchemeProxySettings;
39 nsresult GetProxyFromGSettings(const nsACString& aScheme,
40 const nsACString& aHost, int32_t aPort,
41 nsACString& aResult);
42 nsresult SetProxyResultFromGSettings(const char* aKeyBase, const char* aType,
43 nsACString& aResult);
44 };
45
NS_IMPL_ISUPPORTS(nsUnixSystemProxySettings,nsISystemProxySettings)46 NS_IMPL_ISUPPORTS(nsUnixSystemProxySettings, nsISystemProxySettings)
47
48 NS_IMETHODIMP
49 nsUnixSystemProxySettings::GetMainThreadOnly(bool* aMainThreadOnly) {
50 // dbus prevents us from being threadsafe, but this routine should not block
51 // anyhow
52 *aMainThreadOnly = true;
53 return NS_OK;
54 }
55
Init()56 void nsUnixSystemProxySettings::Init() {
57 mGSettings = do_GetService(NS_GSETTINGSSERVICE_CONTRACTID);
58 if (mGSettings) {
59 mGSettings->GetCollectionForSchema("org.gnome.system.proxy"_ns,
60 getter_AddRefs(mProxySettings));
61 }
62 }
63
GetPACURI(nsACString & aResult)64 nsresult nsUnixSystemProxySettings::GetPACURI(nsACString& aResult) {
65 if (mProxySettings) {
66 nsCString proxyMode;
67 // Check if mode is auto
68 nsresult rv = mProxySettings->GetString("mode"_ns, proxyMode);
69 if (rv == NS_OK && proxyMode.EqualsLiteral("auto")) {
70 return mProxySettings->GetString("autoconfig-url"_ns, aResult);
71 }
72 }
73
74 // Return an empty string when auto mode is not set.
75 aResult.Truncate();
76 return NS_OK;
77 }
78
IsInNoProxyList(const nsACString & aHost,int32_t aPort,const char * noProxyVal)79 static bool IsInNoProxyList(const nsACString& aHost, int32_t aPort,
80 const char* noProxyVal) {
81 NS_ASSERTION(aPort >= 0, "Negative port?");
82
83 nsAutoCString noProxy(noProxyVal);
84 if (noProxy.EqualsLiteral("*")) return true;
85
86 noProxy.StripWhitespace();
87
88 nsReadingIterator<char> pos;
89 nsReadingIterator<char> end;
90 noProxy.BeginReading(pos);
91 noProxy.EndReading(end);
92 while (pos != end) {
93 nsReadingIterator<char> last = pos;
94 nsReadingIterator<char> nextPos;
95 if (FindCharInReadable(',', last, end)) {
96 nextPos = last;
97 ++nextPos;
98 } else {
99 last = end;
100 nextPos = end;
101 }
102
103 nsReadingIterator<char> colon = pos;
104 int32_t port = -1;
105 if (FindCharInReadable(':', colon, last)) {
106 ++colon;
107 nsDependentCSubstring portStr(colon, last);
108 nsAutoCString portStr2(
109 portStr); // We need this for ToInteger. String API's suck.
110 nsresult err;
111 port = portStr2.ToInteger(&err);
112 if (NS_FAILED(err)) {
113 port = -2; // don't match any port, so we ignore this pattern
114 }
115 --colon;
116 } else {
117 colon = last;
118 }
119
120 if (port == -1 || port == aPort) {
121 nsDependentCSubstring hostStr(pos, colon);
122 // By using StringEndsWith instead of an equality comparator, we can
123 // include sub-domains
124 if (StringEndsWith(aHost, hostStr, nsCaseInsensitiveCStringComparator))
125 return true;
126 }
127
128 pos = nextPos;
129 }
130
131 return false;
132 }
133
SetProxyResult(const char * aType,const nsACString & aHost,int32_t aPort,nsACString & aResult)134 static void SetProxyResult(const char* aType, const nsACString& aHost,
135 int32_t aPort, nsACString& aResult) {
136 aResult.AssignASCII(aType);
137 aResult.Append(' ');
138 aResult.Append(aHost);
139 if (aPort > 0) {
140 aResult.Append(':');
141 aResult.AppendInt(aPort);
142 }
143 }
144
SetProxyResultDirect(nsACString & aResult)145 static void SetProxyResultDirect(nsACString& aResult) {
146 aResult.AssignLiteral("DIRECT");
147 }
148
GetProxyFromEnvironment(const nsACString & aScheme,const nsACString & aHost,int32_t aPort,nsACString & aResult)149 static nsresult GetProxyFromEnvironment(const nsACString& aScheme,
150 const nsACString& aHost, int32_t aPort,
151 nsACString& aResult) {
152 nsAutoCString envVar;
153 envVar.Append(aScheme);
154 envVar.AppendLiteral("_proxy");
155 const char* proxyVal = PR_GetEnv(envVar.get());
156 if (!proxyVal) {
157 proxyVal = PR_GetEnv("all_proxy");
158 if (!proxyVal) {
159 // Return failure so that the caller can detect the failure and
160 // fall back to other proxy detection (e.g., WPAD)
161 return NS_ERROR_FAILURE;
162 }
163 }
164
165 const char* noProxyVal = PR_GetEnv("no_proxy");
166 if (noProxyVal && IsInNoProxyList(aHost, aPort, noProxyVal)) {
167 SetProxyResultDirect(aResult);
168 return NS_OK;
169 }
170
171 // Use our URI parser to crack the proxy URI
172 nsCOMPtr<nsIURI> proxyURI;
173 nsresult rv = NS_NewURI(getter_AddRefs(proxyURI), proxyVal);
174 NS_ENSURE_SUCCESS(rv, rv);
175
176 // Is there a way to specify "socks://" or something in these environment
177 // variables? I can't find any documentation.
178 if (!proxyURI->SchemeIs("http")) {
179 return NS_ERROR_UNKNOWN_PROTOCOL;
180 }
181
182 nsAutoCString proxyHost;
183 rv = proxyURI->GetHost(proxyHost);
184 NS_ENSURE_SUCCESS(rv, rv);
185
186 int32_t proxyPort;
187 rv = proxyURI->GetPort(&proxyPort);
188 NS_ENSURE_SUCCESS(rv, rv);
189
190 SetProxyResult("PROXY", proxyHost, proxyPort, aResult);
191 return NS_OK;
192 }
193
SetProxyResultFromGSettings(const char * aKeyBase,const char * aType,nsACString & aResult)194 nsresult nsUnixSystemProxySettings::SetProxyResultFromGSettings(
195 const char* aKeyBase, const char* aType, nsACString& aResult) {
196 nsDependentCString key(aKeyBase);
197
198 nsCOMPtr<nsIGSettingsCollection> proxy_settings =
199 mSchemeProxySettings.Get(key);
200 nsresult rv;
201 if (!proxy_settings) {
202 rv =
203 mGSettings->GetCollectionForSchema(key, getter_AddRefs(proxy_settings));
204 NS_ENSURE_SUCCESS(rv, rv);
205
206 mSchemeProxySettings.InsertOrUpdate(key, proxy_settings);
207 }
208
209 nsAutoCString host;
210 rv = proxy_settings->GetString("host"_ns, host);
211 NS_ENSURE_SUCCESS(rv, rv);
212 if (host.IsEmpty()) return NS_ERROR_FAILURE;
213
214 int32_t port;
215 rv = proxy_settings->GetInt("port"_ns, &port);
216 NS_ENSURE_SUCCESS(rv, rv);
217
218 /* When port is 0, proxy is not considered as enabled even if host is set. */
219 if (port == 0) return NS_ERROR_FAILURE;
220
221 SetProxyResult(aType, host, port, aResult);
222 return NS_OK;
223 }
224
225 /* copied from nsProtocolProxyService.cpp --- we should share this! */
proxy_MaskIPv6Addr(PRIPv6Addr & addr,uint16_t mask_len)226 static void proxy_MaskIPv6Addr(PRIPv6Addr& addr, uint16_t mask_len) {
227 if (mask_len == 128) return;
228
229 if (mask_len > 96) {
230 addr.pr_s6_addr32[3] =
231 PR_htonl(PR_ntohl(addr.pr_s6_addr32[3]) & (~0L << (128 - mask_len)));
232 } else if (mask_len > 64) {
233 addr.pr_s6_addr32[3] = 0;
234 addr.pr_s6_addr32[2] =
235 PR_htonl(PR_ntohl(addr.pr_s6_addr32[2]) & (~0L << (96 - mask_len)));
236 } else if (mask_len > 32) {
237 addr.pr_s6_addr32[3] = 0;
238 addr.pr_s6_addr32[2] = 0;
239 addr.pr_s6_addr32[1] =
240 PR_htonl(PR_ntohl(addr.pr_s6_addr32[1]) & (~0L << (64 - mask_len)));
241 } else {
242 addr.pr_s6_addr32[3] = 0;
243 addr.pr_s6_addr32[2] = 0;
244 addr.pr_s6_addr32[1] = 0;
245 addr.pr_s6_addr32[0] =
246 PR_htonl(PR_ntohl(addr.pr_s6_addr32[0]) & (~0L << (32 - mask_len)));
247 }
248 }
249
ConvertToIPV6Addr(const nsACString & aName,PRIPv6Addr * aAddr,int32_t * aMask)250 static bool ConvertToIPV6Addr(const nsACString& aName, PRIPv6Addr* aAddr,
251 int32_t* aMask) {
252 PRNetAddr addr;
253 // try to convert hostname to IP
254 if (PR_StringToNetAddr(PromiseFlatCString(aName).get(), &addr) != PR_SUCCESS)
255 return false;
256
257 // convert parsed address to IPv6
258 if (addr.raw.family == PR_AF_INET) {
259 // convert to IPv4-mapped address
260 PR_ConvertIPv4AddrToIPv6(addr.inet.ip, aAddr);
261 if (aMask) {
262 if (*aMask <= 32)
263 *aMask += 96;
264 else
265 return false;
266 }
267 } else if (addr.raw.family == PR_AF_INET6) {
268 // copy the address
269 memcpy(aAddr, &addr.ipv6.ip, sizeof(PRIPv6Addr));
270 } else {
271 return false;
272 }
273
274 return true;
275 }
276
HostIgnoredByProxy(const nsACString & aIgnore,const nsACString & aHost)277 static bool HostIgnoredByProxy(const nsACString& aIgnore,
278 const nsACString& aHost) {
279 if (aIgnore.Equals(aHost, nsCaseInsensitiveCStringComparator)) return true;
280
281 if (aIgnore.First() == '*' &&
282 StringEndsWith(aHost, nsDependentCSubstring(aIgnore, 1),
283 nsCaseInsensitiveCStringComparator))
284 return true;
285
286 int32_t mask = 128;
287 nsReadingIterator<char> start;
288 nsReadingIterator<char> slash;
289 nsReadingIterator<char> end;
290 aIgnore.BeginReading(start);
291 aIgnore.BeginReading(slash);
292 aIgnore.EndReading(end);
293 if (FindCharInReadable('/', slash, end)) {
294 ++slash;
295 nsDependentCSubstring maskStr(slash, end);
296 nsAutoCString maskStr2(maskStr);
297 nsresult err;
298 mask = maskStr2.ToInteger(&err);
299 if (NS_FAILED(err)) {
300 mask = 128;
301 }
302 --slash;
303 } else {
304 slash = end;
305 }
306
307 nsDependentCSubstring ignoreStripped(start, slash);
308 PRIPv6Addr ignoreAddr, hostAddr;
309 if (!ConvertToIPV6Addr(ignoreStripped, &ignoreAddr, &mask) ||
310 !ConvertToIPV6Addr(aHost, &hostAddr, nullptr))
311 return false;
312
313 proxy_MaskIPv6Addr(ignoreAddr, mask);
314 proxy_MaskIPv6Addr(hostAddr, mask);
315
316 return memcmp(&ignoreAddr, &hostAddr, sizeof(PRIPv6Addr)) == 0;
317 }
318
GetProxyFromGSettings(const nsACString & aScheme,const nsACString & aHost,int32_t aPort,nsACString & aResult)319 nsresult nsUnixSystemProxySettings::GetProxyFromGSettings(
320 const nsACString& aScheme, const nsACString& aHost, int32_t aPort,
321 nsACString& aResult) {
322 nsCString proxyMode;
323 nsresult rv = mProxySettings->GetString("mode"_ns, proxyMode);
324 NS_ENSURE_SUCCESS(rv, rv);
325
326 // return NS_ERROR_FAILURE when no proxy is set
327 if (!proxyMode.EqualsLiteral("manual")) {
328 return NS_ERROR_FAILURE;
329 }
330
331 nsCOMPtr<nsIArray> ignoreList;
332 if (NS_SUCCEEDED(mProxySettings->GetStringList("ignore-hosts"_ns,
333 getter_AddRefs(ignoreList))) &&
334 ignoreList) {
335 uint32_t len = 0;
336 ignoreList->GetLength(&len);
337 for (uint32_t i = 0; i < len; ++i) {
338 nsCOMPtr<nsISupportsCString> str = do_QueryElementAt(ignoreList, i);
339 if (str) {
340 nsCString s;
341 if (NS_SUCCEEDED(str->GetData(s)) && !s.IsEmpty()) {
342 if (HostIgnoredByProxy(s, aHost)) {
343 SetProxyResultDirect(aResult);
344 return NS_OK;
345 }
346 }
347 }
348 }
349 }
350
351 if (aScheme.LowerCaseEqualsLiteral("http")) {
352 rv = SetProxyResultFromGSettings("org.gnome.system.proxy.http", "PROXY",
353 aResult);
354 } else if (aScheme.LowerCaseEqualsLiteral("https")) {
355 rv = SetProxyResultFromGSettings("org.gnome.system.proxy.https", "PROXY",
356 aResult);
357 /* Try to use HTTP proxy when HTTPS proxy is not explicitly defined */
358 if (rv != NS_OK)
359 rv = SetProxyResultFromGSettings("org.gnome.system.proxy.http", "PROXY",
360 aResult);
361 } else if (aScheme.LowerCaseEqualsLiteral("ftp")) {
362 rv = SetProxyResultFromGSettings("org.gnome.system.proxy.ftp", "PROXY",
363 aResult);
364 } else {
365 rv = NS_ERROR_FAILURE;
366 }
367 if (rv != NS_OK) {
368 /* If proxy for scheme is not specified, use SOCKS proxy for all schemes */
369 rv = SetProxyResultFromGSettings("org.gnome.system.proxy.socks", "SOCKS",
370 aResult);
371 }
372
373 if (NS_FAILED(rv)) {
374 SetProxyResultDirect(aResult);
375 }
376
377 return NS_OK;
378 }
379
GetProxyForURI(const nsACString & aSpec,const nsACString & aScheme,const nsACString & aHost,const int32_t aPort,nsACString & aResult)380 nsresult nsUnixSystemProxySettings::GetProxyForURI(const nsACString& aSpec,
381 const nsACString& aScheme,
382 const nsACString& aHost,
383 const int32_t aPort,
384 nsACString& aResult) {
385 if (mProxySettings) {
386 nsresult rv = GetProxyFromGSettings(aScheme, aHost, aPort, aResult);
387 if (NS_SUCCEEDED(rv)) return rv;
388 }
389
390 return GetProxyFromEnvironment(aScheme, aHost, aPort, aResult);
391 }
392
NS_IMPL_COMPONENT_FACTORY(nsUnixSystemProxySettings)393 NS_IMPL_COMPONENT_FACTORY(nsUnixSystemProxySettings) {
394 auto result = MakeRefPtr<nsUnixSystemProxySettings>();
395 result->Init();
396 return result.forget().downcast<nsISupports>();
397 }
398