1 /* $OpenBSD: ftp-proxy.c,v 1.15 2007/08/15 15:18:02 camield Exp $ */ 2 3 /* 4 * Copyright (c) 2004, 2005 Camiel Dobbelaar, <cd@sentia.nl> 5 * 6 * Permission to use, copy, modify, and distribute this software for any 7 * purpose with or without fee is hereby granted, provided that the above 8 * copyright notice and this permission notice appear in all copies. 9 * 10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 */ 18 19 #include <sys/queue.h> 20 #include <sys/types.h> 21 #include <sys/event.h> 22 #include <sys/time.h> 23 #include <sys/resource.h> 24 #include <sys/socket.h> 25 26 #include <net/if.h> 27 #include <net/pf/pfvar.h> 28 #include <netinet/in.h> 29 #include <arpa/inet.h> 30 31 #include <err.h> 32 #include <errno.h> 33 #include <fcntl.h> 34 #include <netdb.h> 35 #include <pwd.h> 36 #include <signal.h> 37 #include <stdarg.h> 38 #include <stdio.h> 39 #include <stdlib.h> 40 #include <string.h> 41 #include <syslog.h> 42 #include <unistd.h> 43 #include <vis.h> 44 45 #include "filter.h" 46 47 #define CONNECT_TIMEOUT 30 48 #define MIN_PORT 1024 49 #define MAX_LINE 500 50 #define MAX_LOGLINE 300 51 #define NTOP_BUFS 3 52 #define TCP_BACKLOG 10 53 54 #define CHROOT_DIR "/var/empty" 55 #define NOPRIV_USER "proxy" 56 57 /* pfctl standard NAT range. */ 58 #define PF_NAT_PROXY_PORT_LOW 50001 59 #define PF_NAT_PROXY_PORT_HIGH 65535 60 61 #define sstosa(ss) ((struct sockaddr *)(ss)) 62 63 enum { CMD_NONE = 0, CMD_PORT, CMD_EPRT, CMD_PASV, CMD_EPSV }; 64 65 struct cbuf { 66 char *buffer; 67 size_t buffer_size; 68 size_t buffer_offset; 69 }; 70 71 struct session { 72 u_int32_t id; 73 struct sockaddr_storage client_ss; 74 struct sockaddr_storage proxy_ss; 75 struct sockaddr_storage server_ss; 76 struct sockaddr_storage orig_server_ss; 77 struct cbuf client; 78 struct cbuf server; 79 int client_fd; 80 int server_fd; 81 char cbuf[MAX_LINE]; 82 size_t cbuf_valid; 83 char sbuf[MAX_LINE]; 84 size_t sbuf_valid; 85 int cmd; 86 u_int16_t port; 87 u_int16_t proxy_port; 88 LIST_ENTRY(session) entry; 89 }; 90 91 LIST_HEAD(, session) sessions = LIST_HEAD_INITIALIZER(sessions); 92 93 void buffer_data(struct session *, struct cbuf *, char *, size_t); 94 int client_parse(struct session *); 95 int client_parse_anon(struct session *); 96 int client_parse_cmd(struct session *); 97 void client_read(struct session *); 98 void client_write(struct session *); 99 int drop_privs(void); 100 void end_session(struct session *); 101 int exit_daemon(void); 102 int getline(char *, size_t *); 103 void handle_connection(const int); 104 void handle_signal(int); 105 struct session * init_session(void); 106 void logmsg(int, const char *, ...) __printflike(2, 3); 107 u_int16_t parse_port(int); 108 u_int16_t pick_proxy_port(void); 109 void proxy_reply(int, struct sockaddr *, u_int16_t); 110 int server_parse(struct session *); 111 void server_read(struct session *); 112 void server_write(struct session *); 113 int allow_data_connection(struct session *s); 114 const char *sock_ntop(struct sockaddr *); 115 void usage(void); 116 117 char linebuf[MAX_LINE + 1]; 118 size_t linelen; 119 120 char ntop_buf[NTOP_BUFS][INET6_ADDRSTRLEN]; 121 122 #define KQ_NEVENTS 64 123 struct kevent changes[KQ_NEVENTS]; 124 int nchanges; 125 126 struct sockaddr_storage fixed_server_ss, fixed_proxy_ss; 127 char *fixed_server, *fixed_server_port, *fixed_proxy, *listen_ip, *listen_port, 128 *qname, *tagname; 129 int anonymous_only, daemonize, id_count, ipv6_mode, loglevel, max_sessions, 130 rfc_mode, session_count, timeout, verbose; 131 extern char *__progname; 132 133 void 134 buffer_data(struct session *s, struct cbuf *cb, char *buf, size_t len) 135 { 136 if (len < 1) 137 return; 138 139 if (cb->buffer == NULL) 140 if ((cb->buffer = malloc(MAX_LINE)) == NULL) 141 goto error; 142 143 memcpy(cb->buffer, buf, len); 144 cb->buffer_size = len; 145 return; 146 147 error: 148 logmsg(LOG_ERR, "#%d could not allocate memory for buffer", s->id); 149 end_session(s); 150 } 151 152 int 153 client_parse(struct session *s) 154 { 155 /* Reset any previous command. */ 156 s->cmd = CMD_NONE; 157 s->port = 0; 158 159 /* Commands we are looking for are at least 4 chars long. */ 160 if (linelen < 4) 161 return (1); 162 163 if (linebuf[0] == 'P' || linebuf[0] == 'p' || 164 linebuf[0] == 'E' || linebuf[0] == 'e') { 165 if (!client_parse_cmd(s)) 166 return (0); 167 168 /* 169 * Allow active mode connections immediately, instead of 170 * waiting for a positive reply from the server. Some 171 * rare servers/proxies try to probe or setup the data 172 * connection before an actual transfer request. 173 */ 174 if (s->cmd == CMD_PORT || s->cmd == CMD_EPRT) 175 return (allow_data_connection(s)); 176 } 177 178 if (anonymous_only && (linebuf[0] == 'U' || linebuf[0] == 'u')) 179 return (client_parse_anon(s)); 180 181 return (1); 182 } 183 184 int 185 client_parse_anon(struct session *s) 186 { 187 size_t written; 188 189 if (strcasecmp("USER ftp\r\n", linebuf) != 0 && 190 strcasecmp("USER anonymous\r\n", linebuf) != 0) { 191 snprintf(linebuf, sizeof linebuf, 192 "500 Only anonymous FTP allowed\r\n"); 193 logmsg(LOG_DEBUG, "#%d proxy: %s", s->id, linebuf); 194 195 /* Talk back to the client ourself. */ 196 linelen = strlen(linebuf); 197 written = write(s->client_fd, linebuf, linelen); 198 if (written == -1) { 199 logmsg(LOG_ERR, "#%d write failed", s->id); 200 return (0); /* Session will be ended for us */ 201 } else if (written < linelen) { 202 EV_SET(&changes[nchanges++], s->server_fd, 203 EVFILT_READ, EV_DISABLE, 0, 0, s); 204 EV_SET(&changes[nchanges++], s->client_fd, 205 EVFILT_WRITE, EV_ADD, 0, 0, s); 206 buffer_data(s, &s->client, linebuf + written, 207 linelen - written); 208 return (1); 209 } 210 211 /* Clear buffer so it's not sent to the server. */ 212 linebuf[0] = '\0'; 213 linelen = 0; 214 } 215 216 return (1); 217 } 218 219 int 220 client_parse_cmd(struct session *s) 221 { 222 if (strncasecmp("PASV", linebuf, 4) == 0) 223 s->cmd = CMD_PASV; 224 else if (strncasecmp("PORT ", linebuf, 5) == 0) 225 s->cmd = CMD_PORT; 226 else if (strncasecmp("EPSV", linebuf, 4) == 0) 227 s->cmd = CMD_EPSV; 228 else if (strncasecmp("EPRT ", linebuf, 5) == 0) 229 s->cmd = CMD_EPRT; 230 else 231 return (1); 232 233 if (ipv6_mode && (s->cmd == CMD_PASV || s->cmd == CMD_PORT)) { 234 logmsg(LOG_CRIT, "PASV and PORT not allowed with IPv6"); 235 return (0); 236 } 237 238 if (s->cmd == CMD_PORT || s->cmd == CMD_EPRT) { 239 s->port = parse_port(s->cmd); 240 if (s->port < MIN_PORT) { 241 logmsg(LOG_CRIT, "#%d bad port in '%s'", s->id, 242 linebuf); 243 return (0); 244 } 245 s->proxy_port = pick_proxy_port(); 246 proxy_reply(s->cmd, sstosa(&s->proxy_ss), s->proxy_port); 247 logmsg(LOG_DEBUG, "#%d proxy: %s", s->id, linebuf); 248 } 249 250 return (1); 251 } 252 253 void 254 client_read(struct session *s) 255 { 256 size_t buf_avail, bread, bwritten; 257 int n; 258 259 do { 260 buf_avail = sizeof s->cbuf - s->cbuf_valid; 261 bread = read(s->client_fd, s->cbuf + s->cbuf_valid, buf_avail); 262 s->cbuf_valid += bread; 263 264 while ((n = getline(s->cbuf, &s->cbuf_valid)) > 0) { 265 logmsg(LOG_DEBUG, "#%d client: %s", s->id, linebuf); 266 if (!client_parse(s)) { 267 end_session(s); 268 return; 269 } 270 bwritten = write(s->server_fd, linebuf, linelen); 271 if (bwritten == -1) { 272 } else if (bwritten < linelen) { 273 EV_SET(&changes[nchanges++], s->client_fd, 274 EVFILT_READ, EV_DISABLE, 0, 0, s); 275 EV_SET(&changes[nchanges++], s->server_fd, 276 EVFILT_WRITE, EV_ADD, 0, 0, s); 277 buffer_data(s, &s->server, linebuf + bwritten, 278 linelen - bwritten); 279 return; 280 } 281 } 282 283 if (n == -1) { 284 logmsg(LOG_ERR, "#%d client command too long or not" 285 " clean", s->id); 286 end_session(s); 287 return; 288 } 289 } while (bread == buf_avail); 290 } 291 292 void 293 client_write(struct session *s) 294 { 295 size_t written; 296 297 written = write(s->client_fd, s->client.buffer + s->client.buffer_offset, 298 s->client.buffer_size - s->client.buffer_offset); 299 if (written == -1) { 300 logmsg(LOG_ERR, "#%d write failed", s->id); 301 end_session(s); 302 } else if (written == (s->client.buffer_size - s->client.buffer_offset)) { 303 free(s->client.buffer); 304 s->client.buffer = NULL; 305 s->client.buffer_size = 0; 306 s->client.buffer_offset = 0; 307 EV_SET(&changes[nchanges++], s->server_fd, 308 EVFILT_READ, EV_ENABLE, 0, 0, s); 309 } else { 310 s->client.buffer_offset += written; 311 } 312 } 313 314 int 315 drop_privs(void) 316 { 317 struct passwd *pw; 318 319 pw = getpwnam(NOPRIV_USER); 320 if (pw == NULL) 321 return (0); 322 323 tzset(); 324 if (chroot(CHROOT_DIR) != 0 || chdir("/") != 0 || 325 setgroups(1, &pw->pw_gid) != 0 || 326 setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) != 0 || 327 setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) != 0) 328 return (0); 329 330 return (1); 331 } 332 333 void 334 end_session(struct session *s) 335 { 336 int err; 337 338 logmsg(LOG_INFO, "#%d ending session", s->id); 339 340 if (s->client_fd != -1) 341 close(s->client_fd); 342 if (s->server_fd != -1) 343 close(s->server_fd); 344 345 if (s->client.buffer) 346 free(s->client.buffer); 347 if (s->server.buffer) 348 free(s->server.buffer); 349 350 /* Remove rulesets by commiting empty ones. */ 351 err = 0; 352 if (prepare_commit(s->id) == -1) 353 err = errno; 354 else if (do_commit() == -1) { 355 err = errno; 356 do_rollback(); 357 } 358 if (err) 359 logmsg(LOG_ERR, "#%d pf rule removal failed: %s", s->id, 360 strerror(err)); 361 362 LIST_REMOVE(s, entry); 363 free(s); 364 session_count--; 365 } 366 367 int 368 exit_daemon(void) 369 { 370 struct session *s, *tmp; 371 372 LIST_FOREACH_MUTABLE(s, &sessions, entry, tmp) { 373 end_session(s); 374 } 375 376 if (daemonize) 377 closelog(); 378 379 exit(0); 380 381 /* NOTREACHED */ 382 return (-1); 383 } 384 385 int 386 getline(char *buf, size_t *valid) 387 { 388 size_t i; 389 390 if (*valid > MAX_LINE) 391 return (-1); 392 393 /* Copy to linebuf while searching for a newline. */ 394 for (i = 0; i < *valid; i++) { 395 linebuf[i] = buf[i]; 396 if (buf[i] == '\0') 397 return (-1); 398 if (buf[i] == '\n') 399 break; 400 } 401 402 if (i == *valid) { 403 /* No newline found. */ 404 linebuf[0] = '\0'; 405 linelen = 0; 406 if (i < MAX_LINE) 407 return (0); 408 return (-1); 409 } 410 411 linelen = i + 1; 412 linebuf[linelen] = '\0'; 413 *valid -= linelen; 414 415 /* Move leftovers to the start. */ 416 if (*valid != 0) 417 bcopy(buf + linelen, buf, *valid); 418 419 return ((int)linelen); 420 } 421 422 void 423 handle_connection(const int listen_fd) 424 { 425 struct sockaddr_storage tmp_ss; 426 struct sockaddr *client_sa, *server_sa, *fixed_server_sa; 427 struct sockaddr *client_to_proxy_sa, *proxy_to_server_sa; 428 struct session *s; 429 socklen_t len; 430 int client_fd, fc, on; 431 432 /* 433 * We _must_ accept the connection, otherwise libevent will keep 434 * coming back, and we will chew up all CPU. 435 */ 436 client_sa = sstosa(&tmp_ss); 437 len = sizeof(struct sockaddr_storage); 438 if ((client_fd = accept(listen_fd, client_sa, &len)) < 0) { 439 logmsg(LOG_CRIT, "accept failed: %s", strerror(errno)); 440 return; 441 } 442 443 /* Refuse connection if the maximum is reached. */ 444 if (session_count >= max_sessions) { 445 logmsg(LOG_ERR, "client limit (%d) reached, refusing " 446 "connection from %s", max_sessions, sock_ntop(client_sa)); 447 close(client_fd); 448 return; 449 } 450 451 /* Allocate session and copy back the info from the accept(). */ 452 s = init_session(); 453 if (s == NULL) { 454 logmsg(LOG_CRIT, "init_session failed"); 455 close(client_fd); 456 return; 457 } 458 s->client_fd = client_fd; 459 memcpy(sstosa(&s->client_ss), client_sa, client_sa->sa_len); 460 461 /* Cast it once, and be done with it. */ 462 client_sa = sstosa(&s->client_ss); 463 server_sa = sstosa(&s->server_ss); 464 client_to_proxy_sa = sstosa(&tmp_ss); 465 proxy_to_server_sa = sstosa(&s->proxy_ss); 466 fixed_server_sa = sstosa(&fixed_server_ss); 467 468 /* Log id/client early to ease debugging. */ 469 logmsg(LOG_DEBUG, "#%d accepted connection from %s", s->id, 470 sock_ntop(client_sa)); 471 472 /* 473 * Find out the real server and port that the client wanted. 474 */ 475 len = sizeof(struct sockaddr_storage); 476 if ((getsockname(s->client_fd, client_to_proxy_sa, &len)) < 0) { 477 logmsg(LOG_CRIT, "#%d getsockname failed: %s", s->id, 478 strerror(errno)); 479 goto fail; 480 } 481 if (server_lookup(client_sa, client_to_proxy_sa, server_sa) != 0) { 482 logmsg(LOG_CRIT, "#%d server lookup failed (no rdr?)", s->id); 483 goto fail; 484 } 485 if (fixed_server) { 486 memcpy(sstosa(&s->orig_server_ss), server_sa, 487 server_sa->sa_len); 488 memcpy(server_sa, fixed_server_sa, fixed_server_sa->sa_len); 489 } 490 491 /* XXX: check we are not connecting to ourself. */ 492 493 /* 494 * Setup socket and connect to server. 495 */ 496 if ((s->server_fd = socket(server_sa->sa_family, SOCK_STREAM, 497 IPPROTO_TCP)) < 0) { 498 logmsg(LOG_CRIT, "#%d server socket failed: %s", s->id, 499 strerror(errno)); 500 goto fail; 501 } 502 if (fixed_proxy && bind(s->server_fd, sstosa(&fixed_proxy_ss), 503 fixed_proxy_ss.ss_len) != 0) { 504 logmsg(LOG_CRIT, "#%d cannot bind fixed proxy address: %s", 505 s->id, strerror(errno)); 506 goto fail; 507 } 508 509 /* Use non-blocking connect(), see CONNECT_TIMEOUT below. */ 510 if ((fc = fcntl(s->server_fd, F_GETFL)) == -1 || 511 fcntl(s->server_fd, F_SETFL, fc | O_NONBLOCK) == -1) { 512 logmsg(LOG_CRIT, "#%d cannot mark socket non-blocking: %s", 513 s->id, strerror(errno)); 514 goto fail; 515 } 516 if (connect(s->server_fd, server_sa, server_sa->sa_len) < 0 && 517 errno != EINPROGRESS) { 518 logmsg(LOG_CRIT, "#%d proxy cannot connect to server %s: %s", 519 s->id, sock_ntop(server_sa), strerror(errno)); 520 goto fail; 521 } 522 523 len = sizeof(struct sockaddr_storage); 524 if ((getsockname(s->server_fd, proxy_to_server_sa, &len)) < 0) { 525 logmsg(LOG_CRIT, "#%d getsockname failed: %s", s->id, 526 strerror(errno)); 527 goto fail; 528 } 529 530 logmsg(LOG_INFO, "#%d FTP session %d/%d started: client %s to server " 531 "%s via proxy %s ", s->id, session_count, max_sessions, 532 sock_ntop(client_sa), sock_ntop(server_sa), 533 sock_ntop(proxy_to_server_sa)); 534 535 /* Keepalive is nice, but don't care if it fails. */ 536 on = 1; 537 setsockopt(s->client_fd, SOL_SOCKET, SO_KEEPALIVE, (void *)&on, 538 sizeof on); 539 setsockopt(s->server_fd, SOL_SOCKET, SO_KEEPALIVE, (void *)&on, 540 sizeof on); 541 542 EV_SET(&changes[nchanges++], s->client_fd, EVFILT_READ, EV_ADD, 0, 0, s); 543 EV_SET(&changes[nchanges++], s->server_fd, EVFILT_READ, EV_ADD, 0, 0, s); 544 545 return; 546 547 fail: 548 end_session(s); 549 } 550 551 void 552 handle_signal(int sig) 553 { 554 /* 555 * Signal handler rules don't apply. 556 */ 557 558 logmsg(LOG_ERR, "%s exiting on signal %d", __progname, sig); 559 560 exit_daemon(); 561 } 562 563 564 struct session * 565 init_session(void) 566 { 567 struct session *s; 568 569 s = calloc(1, sizeof(struct session)); 570 if (s == NULL) 571 return (NULL); 572 573 s->id = id_count++; 574 s->client_fd = -1; 575 s->server_fd = -1; 576 s->cbuf[0] = '\0'; 577 s->cbuf_valid = 0; 578 s->sbuf[0] = '\0'; 579 s->sbuf_valid = 0; 580 s->client.buffer = NULL; 581 s->client.buffer_size = 0; 582 s->client.buffer_offset = 0; 583 s->server.buffer = NULL; 584 s->server.buffer_size = 0; 585 s->server.buffer_offset = 0; 586 s->cmd = CMD_NONE; 587 s->port = 0; 588 589 LIST_INSERT_HEAD(&sessions, s, entry); 590 session_count++; 591 592 return (s); 593 } 594 595 void 596 logmsg(int pri, const char *message, ...) 597 { 598 va_list ap; 599 600 if (pri > loglevel) 601 return; 602 603 va_start(ap, message); 604 605 if (daemonize) 606 /* syslog does its own vissing. */ 607 vsyslog(pri, message, ap); 608 else { 609 char buf[MAX_LOGLINE]; 610 char visbuf[2 * MAX_LOGLINE]; 611 612 /* We don't care about truncation. */ 613 vsnprintf(buf, sizeof buf, message, ap); 614 strnvis(visbuf, buf, sizeof visbuf, VIS_CSTYLE | VIS_NL); 615 fprintf(stderr, "%s\n", visbuf); 616 } 617 618 va_end(ap); 619 } 620 621 int 622 main(int argc, char *argv[]) 623 { 624 struct rlimit rlp; 625 struct addrinfo hints, *res; 626 int kq, ch, error, listenfd, on; 627 const char *errstr; 628 629 /* Defaults. */ 630 anonymous_only = 0; 631 daemonize = 1; 632 fixed_proxy = NULL; 633 fixed_server = NULL; 634 fixed_server_port = "21"; 635 ipv6_mode = 0; 636 listen_ip = NULL; 637 listen_port = "8021"; 638 loglevel = LOG_NOTICE; 639 max_sessions = 100; 640 qname = NULL; 641 rfc_mode = 0; 642 tagname = NULL; 643 timeout = 24 * 3600; 644 verbose = 0; 645 646 /* Other initialization. */ 647 id_count = 1; 648 session_count = 0; 649 nchanges = 0; 650 651 while ((ch = getopt(argc, argv, "6Aa:b:D:dm:P:p:q:R:rT:t:v")) != -1) { 652 switch (ch) { 653 case '6': 654 ipv6_mode = 1; 655 break; 656 case 'A': 657 anonymous_only = 1; 658 break; 659 case 'a': 660 fixed_proxy = optarg; 661 break; 662 case 'b': 663 listen_ip = optarg; 664 break; 665 case 'D': 666 loglevel = strtonum(optarg, LOG_EMERG, LOG_DEBUG, 667 &errstr); 668 if (errstr) 669 errx(1, "loglevel %s", errstr); 670 break; 671 case 'd': 672 daemonize = 0; 673 break; 674 case 'm': 675 max_sessions = strtonum(optarg, 1, 500, &errstr); 676 if (errstr) 677 errx(1, "max sessions %s", errstr); 678 break; 679 case 'P': 680 fixed_server_port = optarg; 681 break; 682 case 'p': 683 listen_port = optarg; 684 break; 685 case 'q': 686 if (strlen(optarg) >= PF_QNAME_SIZE) 687 errx(1, "queuename too long"); 688 qname = optarg; 689 break; 690 case 'R': 691 fixed_server = optarg; 692 break; 693 case 'r': 694 rfc_mode = 1; 695 break; 696 case 'T': 697 if (strlen(optarg) >= PF_TAG_NAME_SIZE) 698 errx(1, "tagname too long"); 699 tagname = optarg; 700 break; 701 case 't': 702 timeout = strtonum(optarg, 0, 86400, &errstr); 703 if (errstr) 704 errx(1, "timeout %s", errstr); 705 break; 706 case 'v': 707 verbose++; 708 if (verbose > 2) 709 usage(); 710 break; 711 default: 712 usage(); 713 } 714 } 715 716 if (listen_ip == NULL) 717 listen_ip = ipv6_mode ? "::1" : "127.0.0.1"; 718 719 /* Check for root to save the user from cryptic failure messages. */ 720 if (getuid() != 0) 721 errx(1, "needs to start as root"); 722 723 /* Raise max. open files limit to satisfy max. sessions. */ 724 rlp.rlim_cur = rlp.rlim_max = (2 * max_sessions) + 10; 725 if (setrlimit(RLIMIT_NOFILE, &rlp) == -1) 726 err(1, "setrlimit"); 727 728 if (fixed_proxy) { 729 memset(&hints, 0, sizeof hints); 730 hints.ai_flags = AI_NUMERICHOST; 731 hints.ai_family = ipv6_mode ? AF_INET6 : AF_INET; 732 hints.ai_socktype = SOCK_STREAM; 733 error = getaddrinfo(fixed_proxy, NULL, &hints, &res); 734 if (error) 735 errx(1, "getaddrinfo fixed proxy address failed: %s", 736 gai_strerror(error)); 737 memcpy(&fixed_proxy_ss, res->ai_addr, res->ai_addrlen); 738 logmsg(LOG_INFO, "using %s to connect to servers", 739 sock_ntop(sstosa(&fixed_proxy_ss))); 740 freeaddrinfo(res); 741 } 742 743 if (fixed_server) { 744 memset(&hints, 0, sizeof hints); 745 hints.ai_family = ipv6_mode ? AF_INET6 : AF_INET; 746 hints.ai_socktype = SOCK_STREAM; 747 error = getaddrinfo(fixed_server, fixed_server_port, &hints, 748 &res); 749 if (error) 750 errx(1, "getaddrinfo fixed server address failed: %s", 751 gai_strerror(error)); 752 memcpy(&fixed_server_ss, res->ai_addr, res->ai_addrlen); 753 logmsg(LOG_INFO, "using fixed server %s", 754 sock_ntop(sstosa(&fixed_server_ss))); 755 freeaddrinfo(res); 756 } 757 758 /* Setup listener. */ 759 memset(&hints, 0, sizeof hints); 760 hints.ai_flags = AI_NUMERICHOST | AI_PASSIVE; 761 hints.ai_family = ipv6_mode ? AF_INET6 : AF_INET; 762 hints.ai_socktype = SOCK_STREAM; 763 error = getaddrinfo(listen_ip, listen_port, &hints, &res); 764 if (error) 765 errx(1, "getaddrinfo listen address failed: %s", 766 gai_strerror(error)); 767 if ((listenfd = socket(res->ai_family, SOCK_STREAM, IPPROTO_TCP)) == -1) 768 errx(1, "socket failed"); 769 on = 1; 770 if (setsockopt(listenfd, SOL_SOCKET, SO_REUSEADDR, (void *)&on, 771 sizeof on) != 0) 772 err(1, "setsockopt failed"); 773 if (bind(listenfd, (struct sockaddr *)res->ai_addr, 774 (socklen_t)res->ai_addrlen) != 0) 775 err(1, "bind failed"); 776 if (listen(listenfd, TCP_BACKLOG) != 0) 777 err(1, "listen failed"); 778 freeaddrinfo(res); 779 780 /* Initialize pf. */ 781 init_filter(qname, tagname, verbose); 782 783 if (daemonize) { 784 if (daemon(0, 0) == -1) 785 err(1, "cannot daemonize"); 786 openlog(__progname, LOG_PID | LOG_NDELAY, LOG_DAEMON); 787 } 788 789 /* Use logmsg for output from here on. */ 790 791 if (!drop_privs()) { 792 logmsg(LOG_ERR, "cannot drop privileges: %s", strerror(errno)); 793 exit(1); 794 } 795 796 if ((kq = kqueue()) == -1) { 797 logmsg(LOG_ERR, "cannot create new kqueue(2): %s", strerror(errno)); 798 exit(1); 799 } 800 801 /* Setup signal handler. */ 802 signal(SIGPIPE, SIG_IGN); 803 EV_SET(&changes[nchanges++], SIGHUP, EVFILT_SIGNAL, EV_ADD, 0, 0, NULL); 804 EV_SET(&changes[nchanges++], SIGINT, EVFILT_SIGNAL, EV_ADD, 0, 0, NULL); 805 EV_SET(&changes[nchanges++], SIGTERM, EVFILT_SIGNAL, EV_ADD, 0, 0, NULL); 806 807 EV_SET(&changes[nchanges++], listenfd, EVFILT_READ, EV_ADD, 0, 0, NULL); 808 809 logmsg(LOG_NOTICE, "listening on %s port %s", listen_ip, listen_port); 810 811 /* Vroom, vroom. */ 812 for ( ; ; ) { 813 int i, nevents; 814 struct kevent events[KQ_NEVENTS], *event; 815 struct session *s; 816 817 nevents = kevent(kq, &changes[0], nchanges, &events[0], 818 KQ_NEVENTS, NULL); 819 if (nevents == -1) { 820 logmsg(LOG_ERR, "cannot create new kqueue(2): %s", strerror(errno)); 821 exit(1); 822 } 823 nchanges = 0; 824 825 for (i = 0; i < nevents; ++i) { 826 event = &events[i]; 827 828 if (event->filter == EVFILT_SIGNAL) { 829 handle_signal(event->ident); 830 continue; 831 } 832 833 if (event->ident == listenfd) { 834 /* Handle new connection */ 835 handle_connection(event->ident); 836 } else { 837 /* Process existing connection */ 838 s = (struct session *)event->udata; 839 840 if (event->ident == s->client_fd) { 841 if (event->filter == EVFILT_READ) 842 client_read(s); 843 else 844 client_write(s); 845 } else { 846 if (event->filter == EVFILT_READ) 847 server_read(s); 848 else 849 server_write(s); 850 } 851 } 852 853 /* The next loop might overflow changes */ 854 if (nchanges > KQ_NEVENTS - 4) 855 break; 856 } 857 } 858 859 exit_daemon(); 860 861 /* NOTREACHED */ 862 return (1); 863 } 864 865 u_int16_t 866 parse_port(int mode) 867 { 868 unsigned int port, v[6]; 869 int n; 870 char *p; 871 872 /* Find the last space or left-parenthesis. */ 873 for (p = linebuf + linelen; p > linebuf; p--) 874 if (*p == ' ' || *p == '(') 875 break; 876 if (p == linebuf) 877 return (0); 878 879 switch (mode) { 880 case CMD_PORT: 881 n = sscanf(p, " %u,%u,%u,%u,%u,%u", &v[0], &v[1], &v[2], 882 &v[3], &v[4], &v[5]); 883 if (n == 6 && v[0] < 256 && v[1] < 256 && v[2] < 256 && 884 v[3] < 256 && v[4] < 256 && v[5] < 256) 885 return ((v[4] << 8) | v[5]); 886 break; 887 case CMD_PASV: 888 n = sscanf(p, "(%u,%u,%u,%u,%u,%u)", &v[0], &v[1], &v[2], 889 &v[3], &v[4], &v[5]); 890 if (n == 6 && v[0] < 256 && v[1] < 256 && v[2] < 256 && 891 v[3] < 256 && v[4] < 256 && v[5] < 256) 892 return ((v[4] << 8) | v[5]); 893 break; 894 case CMD_EPSV: 895 n = sscanf(p, "(|||%u|)", &port); 896 if (n == 1 && port < 65536) 897 return (port); 898 break; 899 case CMD_EPRT: 900 n = sscanf(p, " |1|%u.%u.%u.%u|%u|", &v[0], &v[1], &v[2], 901 &v[3], &port); 902 if (n == 5 && v[0] < 256 && v[1] < 256 && v[2] < 256 && 903 v[3] < 256 && port < 65536) 904 return (port); 905 n = sscanf(p, " |2|%*[a-fA-F0-9:]|%u|", &port); 906 if (n == 1 && port < 65536) 907 return (port); 908 break; 909 default: 910 return (0); 911 } 912 913 return (0); 914 } 915 916 u_int16_t 917 pick_proxy_port(void) 918 { 919 /* Random should be good enough for avoiding port collisions. */ 920 return (IPPORT_HIFIRSTAUTO + (arc4random() % 921 (IPPORT_HILASTAUTO - IPPORT_HIFIRSTAUTO))); 922 } 923 924 void 925 proxy_reply(int cmd, struct sockaddr *sa, u_int16_t port) 926 { 927 int i, r; 928 929 switch (cmd) { 930 case CMD_PORT: 931 r = snprintf(linebuf, sizeof linebuf, 932 "PORT %s,%u,%u\r\n", sock_ntop(sa), port / 256, 933 port % 256); 934 break; 935 case CMD_PASV: 936 r = snprintf(linebuf, sizeof linebuf, 937 "227 Entering Passive Mode (%s,%u,%u)\r\n", sock_ntop(sa), 938 port / 256, port % 256); 939 break; 940 case CMD_EPRT: 941 if (sa->sa_family == AF_INET) 942 r = snprintf(linebuf, sizeof linebuf, 943 "EPRT |1|%s|%u|\r\n", sock_ntop(sa), port); 944 else if (sa->sa_family == AF_INET6) 945 r = snprintf(linebuf, sizeof linebuf, 946 "EPRT |2|%s|%u|\r\n", sock_ntop(sa), port); 947 break; 948 case CMD_EPSV: 949 r = snprintf(linebuf, sizeof linebuf, 950 "229 Entering Extended Passive Mode (|||%u|)\r\n", port); 951 break; 952 } 953 954 if (r < 0 || r >= sizeof linebuf) { 955 logmsg(LOG_ERR, "proxy_reply failed: %d", r); 956 linebuf[0] = '\0'; 957 linelen = 0; 958 return; 959 } 960 linelen = (size_t)r; 961 962 if (cmd == CMD_PORT || cmd == CMD_PASV) { 963 /* Replace dots in IP address with commas. */ 964 for (i = 0; i < linelen; i++) 965 if (linebuf[i] == '.') 966 linebuf[i] = ','; 967 } 968 } 969 970 int 971 server_parse(struct session *s) 972 { 973 if (s->cmd == CMD_NONE || linelen < 4 || linebuf[0] != '2') 974 goto out; 975 976 if ((s->cmd == CMD_PASV && strncmp("227 ", linebuf, 4) == 0) || 977 (s->cmd == CMD_EPSV && strncmp("229 ", linebuf, 4) == 0)) 978 return (allow_data_connection(s)); 979 980 out: 981 s->cmd = CMD_NONE; 982 s->port = 0; 983 984 return (1); 985 } 986 987 int 988 allow_data_connection(struct session *s) 989 { 990 struct sockaddr *client_sa, *orig_sa, *proxy_sa, *server_sa; 991 int prepared = 0; 992 993 if (s->cmd == CMD_NONE || linelen < 4 || linebuf[0] != '2') 994 goto out; 995 996 /* 997 * The pf rules below do quite some NAT rewriting, to keep up 998 * appearances. Points to keep in mind: 999 * 1) The client must think it's talking to the real server, 1000 * for both control and data connections. Transparently. 1001 * 2) The server must think that the proxy is the client. 1002 * 3) Source and destination ports are rewritten to minimize 1003 * port collisions, to aid security (some systems pick weak 1004 * ports) or to satisfy RFC requirements (source port 20). 1005 */ 1006 1007 /* Cast this once, to make code below it more readable. */ 1008 client_sa = sstosa(&s->client_ss); 1009 server_sa = sstosa(&s->server_ss); 1010 proxy_sa = sstosa(&s->proxy_ss); 1011 if (fixed_server) 1012 /* Fixed server: data connections must appear to come 1013 from / go to the original server, not the fixed one. */ 1014 orig_sa = sstosa(&s->orig_server_ss); 1015 else 1016 /* Server not fixed: orig_server == server. */ 1017 orig_sa = sstosa(&s->server_ss); 1018 1019 /* Passive modes. */ 1020 if (s->cmd == CMD_PASV || s->cmd == CMD_EPSV) { 1021 s->port = parse_port(s->cmd); 1022 if (s->port < MIN_PORT) { 1023 logmsg(LOG_CRIT, "#%d bad port in '%s'", s->id, 1024 linebuf); 1025 return (0); 1026 } 1027 s->proxy_port = pick_proxy_port(); 1028 logmsg(LOG_INFO, "#%d passive: client to server port %d" 1029 " via port %d", s->id, s->port, s->proxy_port); 1030 1031 if (prepare_commit(s->id) == -1) 1032 goto fail; 1033 prepared = 1; 1034 1035 proxy_reply(s->cmd, orig_sa, s->proxy_port); 1036 logmsg(LOG_DEBUG, "#%d proxy: %s", s->id, linebuf); 1037 1038 /* rdr from $client to $orig_server port $proxy_port -> $server 1039 port $port */ 1040 if (add_rdr(s->id, client_sa, orig_sa, s->proxy_port, 1041 server_sa, s->port) == -1) 1042 goto fail; 1043 1044 /* nat from $client to $server port $port -> $proxy */ 1045 if (add_nat(s->id, client_sa, server_sa, s->port, proxy_sa, 1046 PF_NAT_PROXY_PORT_LOW, PF_NAT_PROXY_PORT_HIGH) == -1) 1047 goto fail; 1048 1049 /* pass in from $client to $server port $port */ 1050 if (add_filter(s->id, PF_IN, client_sa, server_sa, 1051 s->port) == -1) 1052 goto fail; 1053 1054 /* pass out from $proxy to $server port $port */ 1055 if (add_filter(s->id, PF_OUT, proxy_sa, server_sa, 1056 s->port) == -1) 1057 goto fail; 1058 } 1059 1060 /* Active modes. */ 1061 if (s->cmd == CMD_PORT || s->cmd == CMD_EPRT) { 1062 logmsg(LOG_INFO, "#%d active: server to client port %d" 1063 " via port %d", s->id, s->port, s->proxy_port); 1064 1065 if (prepare_commit(s->id) == -1) 1066 goto fail; 1067 prepared = 1; 1068 1069 /* rdr from $server to $proxy port $proxy_port -> $client port 1070 $port */ 1071 if (add_rdr(s->id, server_sa, proxy_sa, s->proxy_port, 1072 client_sa, s->port) == -1) 1073 goto fail; 1074 1075 /* nat from $server to $client port $port -> $orig_server port 1076 $natport */ 1077 if (rfc_mode && s->cmd == CMD_PORT) { 1078 /* Rewrite sourceport to RFC mandated 20. */ 1079 if (add_nat(s->id, server_sa, client_sa, s->port, 1080 orig_sa, 20, 20) == -1) 1081 goto fail; 1082 } else { 1083 /* Let pf pick a source port from the standard range. */ 1084 if (add_nat(s->id, server_sa, client_sa, s->port, 1085 orig_sa, PF_NAT_PROXY_PORT_LOW, 1086 PF_NAT_PROXY_PORT_HIGH) == -1) 1087 goto fail; 1088 } 1089 1090 /* pass in from $server to $client port $port */ 1091 if (add_filter(s->id, PF_IN, server_sa, client_sa, s->port) == 1092 -1) 1093 goto fail; 1094 1095 /* pass out from $orig_server to $client port $port */ 1096 if (add_filter(s->id, PF_OUT, orig_sa, client_sa, s->port) == 1097 -1) 1098 goto fail; 1099 } 1100 1101 /* Commit rules if they were prepared. */ 1102 if (prepared && (do_commit() == -1)) { 1103 if (errno != EBUSY) 1104 goto fail; 1105 /* One more try if busy. */ 1106 usleep(5000); 1107 if (do_commit() == -1) 1108 goto fail; 1109 } 1110 1111 out: 1112 s->cmd = CMD_NONE; 1113 s->port = 0; 1114 1115 return (1); 1116 1117 fail: 1118 logmsg(LOG_CRIT, "#%d pf operation failed: %s", s->id, strerror(errno)); 1119 if (prepared) 1120 do_rollback(); 1121 return (0); 1122 } 1123 1124 void 1125 server_read(struct session *s) 1126 { 1127 size_t buf_avail, bread, bwritten; 1128 int n; 1129 1130 do { 1131 buf_avail = sizeof s->sbuf - s->sbuf_valid; 1132 bread = read(s->server_fd, s->sbuf + s->sbuf_valid, buf_avail); 1133 s->sbuf_valid += bread; 1134 1135 while ((n = getline(s->sbuf, &s->sbuf_valid)) > 0) { 1136 logmsg(LOG_DEBUG, "#%d server: %s", s->id, linebuf); 1137 if (!server_parse(s)) { 1138 end_session(s); 1139 return; 1140 } 1141 bwritten = write(s->client_fd, linebuf, linelen); 1142 if (bwritten == -1) { 1143 logmsg(LOG_ERR, "#%d write failed", s->id); 1144 end_session(s); 1145 return; 1146 } else if (bwritten < linelen) { 1147 EV_SET(&changes[nchanges++], s->server_fd, 1148 EVFILT_READ, EV_DISABLE, 0, 0, s); 1149 EV_SET(&changes[nchanges++], s->client_fd, 1150 EVFILT_WRITE, EV_ADD, 0, 0, s); 1151 buffer_data(s, &s->client, linebuf + bwritten, 1152 linelen - bwritten); 1153 return; 1154 } 1155 } 1156 1157 if (n == -1) { 1158 logmsg(LOG_ERR, "#%d server reply too long or not" 1159 " clean", s->id); 1160 end_session(s); 1161 return; 1162 } 1163 } while (bread == buf_avail); 1164 } 1165 1166 void 1167 server_write(struct session *s) 1168 { 1169 size_t written; 1170 1171 written = write(s->server_fd, s->server.buffer + s->server.buffer_offset, 1172 s->server.buffer_size - s->server.buffer_offset); 1173 if (written == -1) { 1174 logmsg(LOG_ERR, "#%d write failed", s->id); 1175 end_session(s); 1176 } else if (written == (s->server.buffer_size - s->server.buffer_offset)) { 1177 free(s->server.buffer); 1178 s->server.buffer = NULL; 1179 s->server.buffer_size = 0; 1180 s->server.buffer_offset = 0; 1181 EV_SET(&changes[nchanges++], s->client_fd, 1182 EVFILT_READ, EV_ENABLE, 0, 0, s); 1183 } else { 1184 s->server.buffer_offset += written; 1185 } 1186 } 1187 1188 const char * 1189 sock_ntop(struct sockaddr *sa) 1190 { 1191 static int n = 0; 1192 1193 /* Cycle to next buffer. */ 1194 n = (n + 1) % NTOP_BUFS; 1195 ntop_buf[n][0] = '\0'; 1196 1197 if (sa->sa_family == AF_INET) { 1198 struct sockaddr_in *sin = (struct sockaddr_in *)sa; 1199 1200 return (inet_ntop(AF_INET, &sin->sin_addr, ntop_buf[n], 1201 sizeof ntop_buf[0])); 1202 } 1203 1204 if (sa->sa_family == AF_INET6) { 1205 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)sa; 1206 1207 return (inet_ntop(AF_INET6, &sin6->sin6_addr, ntop_buf[n], 1208 sizeof ntop_buf[0])); 1209 } 1210 1211 return (NULL); 1212 } 1213 1214 void 1215 usage(void) 1216 { 1217 fprintf(stderr, "usage: %s [-6Adrv] [-a address] [-b address]" 1218 " [-D level] [-m maxsessions]\n [-P port]" 1219 " [-p port] [-q queue] [-R address] [-T tag] [-t timeout]\n", __progname); 1220 exit(1); 1221 } 1222