- tor-commits - lists.torproject.org

[torbrowser/master] add that windows suite to the changelog
by erinn＠torproject.org 23 Oct '11

23 Oct '11

commit 58f8bbb9f75da2e183e8b00f28b0ced26bce9171 Author: Erinn Clark <erinn(a)torproject.org> Date: Sun Jun 5 21:10:54 2011 -0300 add that windows suite to the changelog --- build-scripts/osx.mk | 1 - changelog.win-2.2 | 2 +- 2 files changed, 1 insertions(+), 2 deletions(-) diff --git a/build-scripts/osx.mk b/build-scripts/osx.mk index 47ab77f..8bee9e1 100644 --- a/build-scripts/osx.mk +++ b/build-scripts/osx.mk @@ -213,7 +213,6 @@ all-compressed-bundles: compressed-bundle_ar \ ## clean: - rm -fr $(DISTDIR) rm -fr *.app rm -fr $(DEST) *.stamp rm -f *~ diff --git a/changelog.win-2.2 b/changelog.win-2.2 index d77cab1..2acec07 100644 --- a/changelog.win-2.2 +++ b/changelog.win-2.2 @@ -1,4 +1,4 @@ -Tor Browser Bundle (2.2.27-1) alpha; suite=osx +Tor Browser Bundle (2.2.27-1) alpha; suite=windows * Update Tor to 0.2.2.27-beta * Update HTTPS Everywhere to 0.9.9.development.5

1 0

[torbrowser/master] update tbb osx alpha to 2.2.28, bump tor to 0.2.2.28-beta, libevent to 2.0.12-stable, and extension versions as well
by erinn＠torproject.org 23 Oct '11

23 Oct '11

commit a2d694a6924140f73cef1549588c9b2b92e5dc63 Author: Erinn Clark <erinn(a)torproject.org> Date: Thu Jun 9 04:00:18 2011 -0300 update tbb osx alpha to 2.2.28, bump tor to 0.2.2.28-beta, libevent to 2.0.12-stable, and extension versions as well --- README.OSX-2.2 | 6 +++--- build-scripts/osx.mk | 2 +- build-scripts/versions.mk | 8 +++++--- changelog.osx-2.2 | 7 +++++++ 4 files changed, 16 insertions(+), 7 deletions(-) diff --git a/README.OSX-2.2 b/README.OSX-2.2 index d6a1914..b8d2fc5 100644 --- a/README.OSX-2.2 +++ b/README.OSX-2.2 @@ -5,12 +5,12 @@ Included applications --------------------- Vidalia 0.2.12 (with Qt 4.6.2) -Tor 0.2.2.27-alpha (with libevent-2.0.10-stable, zlib-1.2.5 and openssl-1.0.0d) +Tor 0.2.2.28-beta (with libevent-2.0.12-stable, zlib-1.2.5 and openssl-1.0.0d) Firefox (Tumucumaque) 4.0.1 \_ Torbutton 1.3.3-alpha - |_ NoScript 2.1.0.5 + |_ NoScript 2.1.1 |_ HTTPS-Everywhere 0.9.9.development.5 - |_ BetterPrivacy 1.50 + |_ BetterPrivacy 1.51 Usage ----- diff --git a/build-scripts/osx.mk b/build-scripts/osx.mk index 8bee9e1..12d790c 100644 --- a/build-scripts/osx.mk +++ b/build-scripts/osx.mk @@ -144,7 +144,7 @@ NAME=TorBrowser DISTDIR=tbbosx-alpha-dist ## Version and name of the compressed bundle (also used for source) -VERSION=2.2.27-1-alpha +VERSION=$(RELEASE_VER)-1-alpha DEFAULT_COMPRESSED_BASENAME=TorBrowser-$(VERSION)-osx-$(ARCH_TYPE)- IM_COMPRESSED_BASENAME=TorBrowser-IM-$(VERSION)- DEFAULT_COMPRESSED_NAME=$(DEFAULT_COMPRESSED_BASENAME) diff --git a/build-scripts/versions.mk b/build-scripts/versions.mk index 554d746..777afe1 100644 --- a/build-scripts/versions.mk +++ b/build-scripts/versions.mk @@ -1,16 +1,18 @@ #!/usr/bin/make +RELEASE_VER=2.2.28 + HTTPSEVERY_VER=0.9.9.development.5 FIREFOX_VER=4.0.1 -LIBEVENT_VER=2.0.10-stable +LIBEVENT_VER=2.0.12-stable LIBPNG_VER=1.4.3 -NOSCRIPT_VER=2.1.0.5 +NOSCRIPT_VER=2.1.1 OPENSSL_VER=1.0.0d OTR_VER=3.2.0 PIDGIN_VER=2.6.4 POLIPO_VER=1.0.4.1 QT_VER=4.6.2 -TOR_VER=0.2.2.27-beta +TOR_VER=0.2.2.28-beta TORBUTTON_VER=1.3.3-alpha VIDALIA_VER=0.2.12 ZLIB_VER=1.2.5 diff --git a/changelog.osx-2.2 b/changelog.osx-2.2 index d30069f..6dffa27 100644 --- a/changelog.osx-2.2 +++ b/changelog.osx-2.2 @@ -1,3 +1,10 @@ +Tor Browser Bundle (2.2.28-1) alpha; suite=osx + + * Update Tor to 0.2.2.28-beta + * Update Libevent to 2.0.12-stable + * Update NoScript to 2.1.1 + * Update BetterPrivacy to 1.51 + Tor Browser Bundle (2.2.27-1) alpha; suite=osx * Update Tor to 0.2.2.27-beta

1 0

[torbrowser/master] update OS X launch script so that it will launch in directories with spaces. closes bug #2197.
by erinn＠torproject.org 23 Oct '11

23 Oct '11

commit 6d320ac7f7f1f2b875ae52741142e214d55fa3bf Author: Erinn Clark <erinn(a)torproject.org> Date: Thu Jun 9 03:57:55 2011 -0300 update OS X launch script so that it will launch in directories with spaces. closes bug #2197. --- src/RelativeLink/RelativeLinkOSX.sh | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/src/RelativeLink/RelativeLinkOSX.sh b/src/RelativeLink/RelativeLinkOSX.sh index f60c513..f448cf1 100755 --- a/src/RelativeLink/RelativeLinkOSX.sh +++ b/src/RelativeLink/RelativeLinkOSX.sh @@ -35,4 +35,4 @@ fi # not in debug mode, run proceed normally printf "\nLaunching Tor Browser Bundle for Linux in ${HOME}\n" cd "${HOME}" -open $HOME/Contents/MacOS/Vidalia.app +open "$HOME/Contents/MacOS/Vidalia.app"

1 0

[torbrowser/master] add small shell script for applying firefox patches and number the socks patch
by erinn＠torproject.org 23 Oct '11

23 Oct '11

commit b58e8ff774b8db34b784ff6b3cf339ae2f83f7e0 Author: Erinn Clark <erinn(a)torproject.org> Date: Wed Jun 15 21:53:15 2011 -0300 add small shell script for applying firefox patches and number the socks patch --- build-scripts/patch-firefox-src.sh | 6 + .../001-firefox-4.0-non-blocking-socks.patch | 1637 ++++++++++++++++++++ .../non-blocking-socks-firefox-4.0.patch | 1637 -------------------- 3 files changed, 1643 insertions(+), 1637 deletions(-) diff --git a/build-scripts/patch-firefox-src.sh b/build-scripts/patch-firefox-src.sh new file mode 100755 index 0000000..602612a --- /dev/null +++ b/build-scripts/patch-firefox-src.sh @@ -0,0 +1,6 @@ +#!/bin/sh + +# Cycle through available patches for Firefox and apply them in order. Fail if +# any of them don't apply cleanly. + +for i in *patch; do patch -tp1 <$i || exit 1; done diff --git a/src/current-patches/001-firefox-4.0-non-blocking-socks.patch b/src/current-patches/001-firefox-4.0-non-blocking-socks.patch new file mode 100644 index 0000000..cf5aeae --- /dev/null +++ b/src/current-patches/001-firefox-4.0-non-blocking-socks.patch @@ -0,0 +1,1637 @@ +--- a/netwerk/base/src/nsSocketTransport2.cpp ++++ a/netwerk/base/src/nsSocketTransport2.cpp +@@ -1222,16 +1222,26 @@ nsSocketTransport::InitiateSocket() + // connection... wouldn't we need to call ProxyStartSSL after a call + // to PR_ConnectContinue indicates that we are connected? + // + // XXX this appears to be what the old socket transport did. why + // isn't this broken? + } + } + // ++ // A SOCKS request was rejected; get the actual error code from ++ // the OS error ++ // ++ else if (PR_UNKNOWN_ERROR == code && ++ mProxyTransparent && ++ !mProxyHost.IsEmpty()) { ++ code = PR_GetOSError(); ++ rv = ErrorAccordingToNSPR(code); ++ } ++ // + // The connection was refused... + // + else { + rv = ErrorAccordingToNSPR(code); + if ((rv == NS_ERROR_CONNECTION_REFUSED) && !mProxyHost.IsEmpty()) + rv = NS_ERROR_PROXY_CONNECTION_REFUSED; + } + } +@@ -1544,17 +1554,26 @@ nsSocketTransport::OnSocketReady(PRFileD + // + // If the connect is still not ready, then continue polling... + // + if ((PR_WOULD_BLOCK_ERROR == code) || (PR_IN_PROGRESS_ERROR == code)) { + // Set up the select flags for connect... + mPollFlags = (PR_POLL_EXCEPT | PR_POLL_WRITE); + // Update poll timeout in case it was changed + mPollTimeout = mTimeouts[TIMEOUT_CONNECT]; +- } ++ } ++ // ++ // The SOCKS proxy rejected our request. Find out why. ++ // ++ else if (PR_UNKNOWN_ERROR == code && ++ mProxyTransparent && ++ !mProxyHost.IsEmpty()) { ++ code = PR_GetOSError(); ++ mCondition = ErrorAccordingToNSPR(code); ++ } + else { + // + // else, the connection failed... + // + mCondition = ErrorAccordingToNSPR(code); + if ((mCondition == NS_ERROR_CONNECTION_REFUSED) && !mProxyHost.IsEmpty()) + mCondition = NS_ERROR_PROXY_CONNECTION_REFUSED; + SOCKET_LOG((" connection failed! [reason=%x]\n", mCondition)); +--- a/netwerk/socket/nsSOCKSIOLayer.cpp ++++ a/netwerk/socket/nsSOCKSIOLayer.cpp +@@ -20,16 +20,17 @@ + * Portions created by the Initial Developer are Copyright (C) 1998 + * the Initial Developer. All Rights Reserved. + * + * Contributor(s): + * Justin Bradford <jab(a)atdot.org> + * Bradley Baetz <bbaetz(a)acm.org> + * Darin Fisher <darin(a)meer.net> + * Malcolm Smith <malsmith(a)cs.rmit.edu.au> ++ * Christopher Davis <chrisd(a)torproject.org> + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your +@@ -63,51 +64,115 @@ static PRLogModuleInfo *gSOCKSLog; + + #else + #define LOGDEBUG(args) + #define LOGERROR(args) + #endif + + class nsSOCKSSocketInfo : public nsISOCKSSocketInfo + { ++ enum State { ++ SOCKS_INITIAL, ++ SOCKS_CONNECTING_TO_PROXY, ++ SOCKS4_WRITE_CONNECT_REQUEST, ++ SOCKS4_READ_CONNECT_RESPONSE, ++ SOCKS5_WRITE_AUTH_REQUEST, ++ SOCKS5_READ_AUTH_RESPONSE, ++ SOCKS5_WRITE_CONNECT_REQUEST, ++ SOCKS5_READ_CONNECT_RESPONSE_TOP, ++ SOCKS5_READ_CONNECT_RESPONSE_BOTTOM, ++ SOCKS_CONNECTED, ++ SOCKS_FAILED ++ }; ++ ++ // A buffer of 262 bytes should be enough for any request and response ++ // in case of SOCKS4 as well as SOCKS5 ++ static const PRUint32 BUFFER_SIZE = 262; ++ static const PRUint32 MAX_HOSTNAME_LEN = 255; ++ + public: + nsSOCKSSocketInfo(); +- virtual ~nsSOCKSSocketInfo() {} ++ virtual ~nsSOCKSSocketInfo() { HandshakeFinished(); } + + NS_DECL_ISUPPORTS + NS_DECL_NSISOCKSSOCKETINFO + + void Init(PRInt32 version, + const char *proxyHost, + PRInt32 proxyPort, + const char *destinationHost, + PRUint32 flags); + +- const nsCString &DestinationHost() { return mDestinationHost; } +- const nsCString &ProxyHost() { return mProxyHost; } +- PRInt32 ProxyPort() { return mProxyPort; } +- PRInt32 Version() { return mVersion; } +- PRUint32 Flags() { return mFlags; } ++ void SetConnectTimeout(PRIntervalTime to); ++ PRStatus DoHandshake(PRFileDesc *fd, PRInt16 oflags = -1); ++ PRInt16 GetPollFlags() const; ++ bool IsConnected() const { return mState == SOCKS_CONNECTED; } + + private: ++ void HandshakeFinished(PRErrorCode err = 0); ++ PRStatus ConnectToProxy(PRFileDesc *fd); ++ PRStatus ContinueConnectingToProxy(PRFileDesc *fd, PRInt16 oflags); ++ PRStatus WriteV4ConnectRequest(); ++ PRStatus ReadV4ConnectResponse(); ++ PRStatus WriteV5AuthRequest(); ++ PRStatus ReadV5AuthResponse(); ++ PRStatus WriteV5ConnectRequest(); ++ PRStatus ReadV5AddrTypeAndLength(PRUint8 *type, PRUint32 *len); ++ PRStatus ReadV5ConnectResponseTop(); ++ PRStatus ReadV5ConnectResponseBottom(); ++ ++ void WriteUint8(PRUint8 d); ++ void WriteUint16(PRUint16 d); ++ void WriteUint32(PRUint32 d); ++ void WriteNetAddr(const PRNetAddr *addr); ++ void WriteNetPort(const PRNetAddr *addr); ++ void WriteString(const nsACString &str); ++ ++ PRUint8 ReadUint8(); ++ PRUint16 ReadUint16(); ++ PRUint32 ReadUint32(); ++ void ReadNetAddr(PRNetAddr *addr, PRUint16 fam); ++ void ReadNetPort(PRNetAddr *addr); ++ ++ void WantRead(PRUint32 sz); ++ PRStatus ReadFromSocket(PRFileDesc *fd); ++ PRStatus WriteToSocket(PRFileDesc *fd); ++ ++private: ++ State mState; ++ PRUint8 * mData; ++ PRUint8 * mDataIoPtr; ++ PRUint32 mDataLength; ++ PRUint32 mReadOffset; ++ PRUint32 mAmountToRead; ++ nsCOMPtr<nsIDNSRecord> mDnsRec; ++ + nsCString mDestinationHost; + nsCString mProxyHost; + PRInt32 mProxyPort; + PRInt32 mVersion; // SOCKS version 4 or 5 + PRUint32 mFlags; + PRNetAddr mInternalProxyAddr; + PRNetAddr mExternalProxyAddr; + PRNetAddr mDestinationAddr; ++ PRIntervalTime mTimeout; + }; + + nsSOCKSSocketInfo::nsSOCKSSocketInfo() +- : mProxyPort(-1) ++ : mState(SOCKS_INITIAL) ++ , mDataIoPtr(nsnull) ++ , mDataLength(0) ++ , mReadOffset(0) ++ , mAmountToRead(0) ++ , mProxyPort(-1) + , mVersion(-1) + , mFlags(0) ++ , mTimeout(PR_INTERVAL_NO_TIMEOUT) + { ++ mData = new PRUint8[BUFFER_SIZE]; + PR_InitializeNetAddr(PR_IpAddrAny, 0, &mInternalProxyAddr); + PR_InitializeNetAddr(PR_IpAddrAny, 0, &mExternalProxyAddr); + PR_InitializeNetAddr(PR_IpAddrAny, 0, &mDestinationAddr); + } + + void + nsSOCKSSocketInfo::Init(PRInt32 version, const char *proxyHost, PRInt32 proxyPort, const char *host, PRUint32 flags) + { +@@ -157,647 +222,817 @@ nsSOCKSSocketInfo::GetInternalProxyAddr( + + NS_IMETHODIMP + nsSOCKSSocketInfo::SetInternalProxyAddr(PRNetAddr *aInternalProxyAddr) + { + memcpy(&mInternalProxyAddr, aInternalProxyAddr, sizeof(PRNetAddr)); + return NS_OK; + } + +-static PRInt32 +-pr_RecvAll(PRFileDesc *fd, unsigned char *buf, PRInt32 amount, PRIntn flags, +- PRIntervalTime *timeout) ++// There needs to be a means of distinguishing between connection errors ++// that the SOCKS server reports when it rejects a connection request, and ++// connection errors that happen while attempting to connect to the SOCKS ++// server. Otherwise, Firefox will report incorrectly that the proxy server ++// is refusing connections when a SOCKS request is rejected by the proxy. ++// When a SOCKS handshake failure occurs, the PR error is set to ++// PR_UNKNOWN_ERROR, and the real error code is returned via the OS error. ++void ++nsSOCKSSocketInfo::HandshakeFinished(PRErrorCode err) + { +- PRInt32 bytesRead = 0; +- PRInt32 offset = 0; ++ if (err == 0) { ++ mState = SOCKS_CONNECTED; ++ } else { ++ mState = SOCKS_FAILED; ++ PR_SetError(PR_UNKNOWN_ERROR, err); ++ } + +- while (offset < amount) { +- PRIntervalTime start_time = PR_IntervalNow(); +- bytesRead = PR_Recv(fd, buf + offset, amount - offset, flags, *timeout); +- PRIntervalTime elapsed = PR_IntervalNow() - start_time; +- +- if (elapsed > *timeout) { +- *timeout = 0; +- } else { +- *timeout -= elapsed; +- } +- +- if (bytesRead > 0) { +- offset += bytesRead; +- } else if (bytesRead == 0 || offset != 0) { +- return offset; +- } else { +- return bytesRead; +- } +- +- if (*timeout == 0) { +- LOGERROR(("PR_Recv() timed out. amount = %d. offset = %d.", +- amount, offset)); +- return offset; +- } +- } +- return offset; ++ // We don't need the buffer any longer, so free it. ++ delete [] mData; ++ mData = nsnull; ++ mDataIoPtr = nsnull; ++ mDataLength = 0; ++ mReadOffset = 0; ++ mAmountToRead = 0; + } + +-static PRInt32 +-pr_Send(PRFileDesc *fd, const void *buf, PRInt32 amount, PRIntn flags, +- PRIntervalTime *timeout) ++PRStatus ++nsSOCKSSocketInfo::ConnectToProxy(PRFileDesc *fd) + { +- PRIntervalTime start_time = PR_IntervalNow(); +- PRInt32 retval = PR_Send(fd, buf, amount, flags, *timeout); +- PRIntervalTime elapsed = PR_IntervalNow() - start_time; ++ PRStatus status; ++ nsresult rv; + +- if (elapsed > *timeout) { +- *timeout = 0; +- LOGERROR(("PR_Send() timed out. amount = %d. retval = %d.", +- amount, retval)); +- return retval; +- } else { +- *timeout -= elapsed; +- } ++ NS_ABORT_IF_FALSE(mState == SOCKS_INITIAL, ++ "Must be in initial state to make connection!"); + +- if (retval <= 0) { +- LOGERROR(("PR_Send() failed. amount = %d. retval = %d.", +- amount, retval)); +- } ++ // If we haven't performed the DNS lookup, do that now. ++ if (!mDnsRec) { ++ nsCOMPtr<nsIDNSService> dns = do_GetService(NS_DNSSERVICE_CONTRACTID); ++ if (!dns) ++ return PR_FAILURE; + +- return retval; +-} +- +-// Negotiate a SOCKS 5 connection. Assumes the TCP connection to the socks +-// server port has been established. +-static nsresult +-ConnectSOCKS5(PRFileDesc *fd, const PRNetAddr *addr, PRNetAddr *extAddr, PRIntervalTime timeout) +-{ +- int request_len = 0; +- int response_len = 0; +- int desired_len = 0; +- unsigned char request[22]; +- unsigned char response[262]; +- +- NS_ENSURE_TRUE(fd, NS_ERROR_NOT_INITIALIZED); +- NS_ENSURE_TRUE(addr, NS_ERROR_NOT_INITIALIZED); +- NS_ENSURE_TRUE(extAddr, NS_ERROR_NOT_INITIALIZED); +- +- request[0] = 0x05; // SOCKS version 5 +- request[1] = 0x01; // number of auth procotols we recognize +- // auth protocols +- request[2] = 0x00; // no authentication required +- // compliant implementations MUST implement GSSAPI +- // and SHOULD implement username/password and MAY +- // implement CHAP +- // TODO: we don't implement these +- //request[3] = 0x01; // GSSAPI +- //request[4] = 0x02; // username/password +- //request[5] = 0x03; // CHAP +- +- request_len = 2 + request[1]; +- int write_len = pr_Send(fd, request, request_len, 0, &timeout); +- if (write_len != request_len) { +- return NS_ERROR_FAILURE; +- } +- +- // get the server's response. +- desired_len = 2; +- response_len = pr_RecvAll(fd, response, desired_len, 0, &timeout); +- +- if (response_len < desired_len) { +- LOGERROR(("pr_RecvAll() failed. response_len = %d.", response_len)); +- return NS_ERROR_FAILURE; +- } +- +- if (response[0] != 0x05) { +- // it's a either not SOCKS or not our version +- LOGERROR(("Not a SOCKS 5 reply. Expected: 5; received: %x", response[0])); +- return NS_ERROR_FAILURE; +- } +- switch (response[1]) { +- case 0x00: +- // no auth +- break; +- case 0x01: +- // GSSAPI +- // TODO: implement +- LOGERROR(("Server want to use GSSAPI to authenticate, but we don't support it.")); +- return NS_ERROR_FAILURE; +- case 0x02: +- // username/password +- // TODO: implement +- LOGERROR(("Server want to use username/password to authenticate, but we don't support it.")); +- return NS_ERROR_FAILURE; +- case 0x03: +- // CHAP +- // TODO: implement? +- LOGERROR(("Server want to use CHAP to authenticate, but we don't support it.")); +- return NS_ERROR_FAILURE; +- default: +- // unrecognized auth method +- LOGERROR(("Uncrecognized authentication method received: %x", response[1])); +- return NS_ERROR_FAILURE; +- } +- +- // we are now authenticated, so lets tell +- // the server where to connect to +- +- request_len = 0; +- +- request[0] = 0x05; // SOCKS version 5 +- request[1] = 0x01; // CONNECT command +- request[2] = 0x00; // obligatory reserved field (perfect for MS tampering!) +- +- // get destination port +- PRInt32 destPort = PR_ntohs(PR_NetAddrInetPort(addr)); +- nsSOCKSSocketInfo * info = (nsSOCKSSocketInfo*) fd->secret; +- +- if (info->Flags() & nsISocketProvider::PROXY_RESOLVES_HOST) { +- +- LOGDEBUG(("using server to resolve hostnames rather than resolving it first\n")); +- +- // if the PROXY_RESOLVES_HOST flag is set, we assume +- // that the transport wants us to pass the SOCKS server the +- // hostname and port and let it do the name resolution. +- +- // the real destination hostname and port was stored +- // in our info object earlier when this layer was created. +- +- const nsCString& destHost = info->DestinationHost(); +- +- LOGDEBUG(("host:port -> %s:%li", destHost.get(), destPort)); +- +- request[3] = 0x03; // encoding of destination address (3 == hostname) +- +- int host_len = destHost.Length(); +- if (host_len > 255) { +- // SOCKS5 transmits the length of the hostname in a single char. +- // This gives us an absolute limit of 255 chars in a hostname, and +- // there's nothing we can do to extend it. I don't think many +- // hostnames will ever be bigger than this, so hopefully it's an +- // uneventful abort condition. +- LOGERROR (("Hostname too big for SOCKS5.")); +- return NS_ERROR_INVALID_ARG; +- } +- request[4] = (char) host_len; +- request_len = 5; +- +- // Send the initial header first... +- write_len = pr_Send(fd, request, request_len, 0, &timeout); +- if (write_len != request_len) { +- // bad write +- return NS_ERROR_FAILURE; +- } +- +- // Now send the hostname... +- write_len = pr_Send(fd, destHost.get(), host_len, 0, &timeout); +- if (write_len != host_len) { +- // bad write +- return NS_ERROR_FAILURE; +- } +- +- // There's no data left because we just sent it. +- request_len = 0; +- +- } else if (PR_NetAddrFamily(addr) == PR_AF_INET) { +- +- request[3] = 0x01; // encoding of destination address (1 == IPv4) +- request_len = 8; // 4 for address, 4 SOCKS headers +- +- char * ip = (char*)(&addr->inet.ip); +- request[4] = *ip++; +- request[5] = *ip++; +- request[6] = *ip++; +- request[7] = *ip++; +- +- } else if (PR_NetAddrFamily(addr) == PR_AF_INET6) { +- +- request[3] = 0x04; // encoding of destination address (4 == IPv6) +- request_len = 20; // 16 for address, 4 SOCKS headers +- +- char * ip = (char*)(&addr->ipv6.ip.pr_s6_addr); +- request[4] = *ip++; request[5] = *ip++; +- request[6] = *ip++; request[7] = *ip++; +- request[8] = *ip++; request[9] = *ip++; +- request[10] = *ip++; request[11] = *ip++; +- request[12] = *ip++; request[13] = *ip++; +- request[14] = *ip++; request[15] = *ip++; +- request[16] = *ip++; request[17] = *ip++; +- request[18] = *ip++; request[19] = *ip++; +- +- // we're going to test to see if this address can +- // be mapped back into IPv4 without loss. if so, +- // we'll use IPv4 instead, as reliable SOCKS server +- // support for IPv6 is probably questionable. +- +- if (PR_IsNetAddrType(addr, PR_IpAddrV4Mapped)) { +- request[3] = 0x01; // ipv4 encoding +- request[4] = request[16]; +- request[5] = request[17]; +- request[6] = request[18]; +- request[7] = request[19]; +- request_len -= 12; +- } +- } else { +- // Unknown address type +- LOGERROR(("Don't know what kind of IP address this is.")); +- return NS_ERROR_FAILURE; +- } +- +- // add the destination port to the request +- request[request_len] = (unsigned char)(destPort >> 8); +- request[request_len+1] = (unsigned char)destPort; +- request_len += 2; +- +- write_len = pr_Send(fd, request, request_len, 0, &timeout); +- if (write_len != request_len) { +- // bad write +- return NS_ERROR_FAILURE; +- } +- +- desired_len = 5; +- response_len = pr_RecvAll(fd, response, desired_len, 0, &timeout); +- if (response_len < desired_len) { // bad read +- LOGERROR(("pr_RecvAll() failed getting connect command reply. response_len = %d.", response_len)); +- return NS_ERROR_FAILURE; +- } +- +- if (response[0] != 0x05) { +- // bad response +- LOGERROR(("Not a SOCKS 5 reply. Expected: 5; received: %x", response[0])); +- return NS_ERROR_FAILURE; +- } +- +- switch(response[1]) { +- case 0x00: break; // success +- case 0x01: LOGERROR(("SOCKS 5 server rejected connect request: 01, General SOCKS server failure.")); +- return NS_ERROR_FAILURE; +- case 0x02: LOGERROR(("SOCKS 5 server rejected connect request: 02, Connection not allowed by ruleset.")); +- return NS_ERROR_FAILURE; +- case 0x03: LOGERROR(("SOCKS 5 server rejected connect request: 03, Network unreachable.")); +- return NS_ERROR_FAILURE; +- case 0x04: LOGERROR(("SOCKS 5 server rejected connect request: 04, Host unreachable.")); +- return NS_ERROR_FAILURE; +- case 0x05: LOGERROR(("SOCKS 5 server rejected connect request: 05, Connection refused.")); +- return NS_ERROR_FAILURE; +- case 0x06: LOGERROR(("SOCKS 5 server rejected connect request: 06, TTL expired.")); +- return NS_ERROR_FAILURE; +- case 0x07: LOGERROR(("SOCKS 5 server rejected connect request: 07, Command not supported.")); +- return NS_ERROR_FAILURE; +- case 0x08: LOGERROR(("SOCKS 5 server rejected connect request: 08, Address type not supported.")); +- return NS_ERROR_FAILURE; +- default: LOGERROR(("SOCKS 5 server rejected connect request: %x.", response[1])); +- return NS_ERROR_FAILURE; +- +- +- } +- +- switch (response[3]) { +- case 0x01: // IPv4 +- desired_len = 4 + 2 - 1; +- break; +- case 0x03: // FQDN +- desired_len = response[4] + 2; +- break; +- case 0x04: // IPv6 +- desired_len = 16 + 2 - 1; +- break; +- default: // unknown format +- return NS_ERROR_FAILURE; +- break; +- } +- response_len = pr_RecvAll(fd, response + 5, desired_len, 0, &timeout); +- if (response_len < desired_len) { // bad read +- LOGERROR(("pr_RecvAll() failed getting connect command reply. response_len = %d.", response_len)); +- return NS_ERROR_FAILURE; +- } +- response_len += 5; +- +- // get external bound address (this is what +- // the outside world sees as "us") +- char *ip = nsnull; +- PRUint16 extPort = 0; +- +- switch (response[3]) { +- case 0x01: // IPv4 +- +- extPort = (response[8] << 8) | response[9]; +- +- PR_SetNetAddr(PR_IpAddrAny, PR_AF_INET, extPort, extAddr); +- +- ip = (char*)(&extAddr->inet.ip); +- *ip++ = response[4]; +- *ip++ = response[5]; +- *ip++ = response[6]; +- *ip++ = response[7]; +- +- break; +- case 0x04: // IPv6 +- +- extPort = (response[20] << 8) | response[21]; +- +- PR_SetNetAddr(PR_IpAddrAny, PR_AF_INET6, extPort, extAddr); +- +- ip = (char*)(&extAddr->ipv6.ip.pr_s6_addr); +- *ip++ = response[4]; *ip++ = response[5]; +- *ip++ = response[6]; *ip++ = response[7]; +- *ip++ = response[8]; *ip++ = response[9]; +- *ip++ = response[10]; *ip++ = response[11]; +- *ip++ = response[12]; *ip++ = response[13]; +- *ip++ = response[14]; *ip++ = response[15]; +- *ip++ = response[16]; *ip++ = response[17]; +- *ip++ = response[18]; *ip++ = response[19]; +- +- break; +- case 0x03: // FQDN +- // if we get here, we don't know our external address. +- // however, as that's possibly not critical to the user, +- // we let it slide. +- extPort = (response[response_len - 2] << 8) | +- response[response_len - 1]; +- PR_InitializeNetAddr(PR_IpAddrNull, extPort, extAddr); +- break; +- } +- return NS_OK; +-} +- +-// Negotiate a SOCKS 4 connection. Assumes the TCP connection to the socks +-// server port has been established. +-static nsresult +-ConnectSOCKS4(PRFileDesc *fd, const PRNetAddr *addr, PRIntervalTime timeout) +-{ +- int request_len = 0; +- int write_len; +- int response_len = 0; +- int desired_len = 0; +- char *ip = nsnull; +- unsigned char request[12]; +- unsigned char response[10]; +- +- NS_ENSURE_TRUE(fd, NS_ERROR_NOT_INITIALIZED); +- NS_ENSURE_TRUE(addr, NS_ERROR_NOT_INITIALIZED); +- +- request[0] = 0x04; // SOCKS version 4 +- request[1] = 0x01; // CD command code -- 1 for connect +- +- // destination port +- PRInt32 destPort = PR_ntohs(PR_NetAddrInetPort(addr)); +- +- // store the port +- request[2] = (unsigned char)(destPort >> 8); +- request[3] = (unsigned char)destPort; +- +- // username +- request[8] = 'M'; +- request[9] = 'O'; +- request[10] = 'Z'; +- +- request[11] = 0x00; +- +- request_len = 12; +- +- nsSOCKSSocketInfo * info = (nsSOCKSSocketInfo*) fd->secret; +- +- if (info->Flags() & nsISocketProvider::PROXY_RESOLVES_HOST) { +- +- LOGDEBUG(("using server to resolve hostnames rather than resolving it first\n")); +- +- // if the PROXY_RESOLVES_HOST flag is set, we assume that the +- // transport wants us to pass the SOCKS server the hostname +- // and port and let it do the name resolution. +- +- // an extension to SOCKS 4, called 4a, specifies a way +- // to do this, so we'll try that and hope the +- // server supports it. +- +- // the real destination hostname and port was stored +- // in our info object earlier when this layer was created. +- +- const nsCString& destHost = info->DestinationHost(); +- +- LOGDEBUG(("host:port -> %s:%li\n", destHost.get(), destPort)); +- +- // the IP portion of the query is set to this special address. +- request[4] = 0; +- request[5] = 0; +- request[6] = 0; +- request[7] = 1; +- +- write_len = pr_Send(fd, request, request_len, 0, &timeout); +- if (write_len != request_len) { +- return NS_ERROR_FAILURE; +- } +- +- // Remember the NULL. +- int host_len = destHost.Length() + 1; +- +- write_len = pr_Send(fd, destHost.get(), host_len, 0, &timeout); +- if (write_len != host_len) { +- return NS_ERROR_FAILURE; +- } +- +- // No data to send, just sent it. +- request_len = 0; +- +- } else if (PR_NetAddrFamily(addr) == PR_AF_INET) { // IPv4 +- +- // store the ip +- ip = (char*)(&addr->inet.ip); +- request[4] = *ip++; +- request[5] = *ip++; +- request[6] = *ip++; +- request[7] = *ip++; +- +- } else if (PR_NetAddrFamily(addr) == PR_AF_INET6) { // IPv6 +- +- // IPv4 address encoded in an IPv6 address +- if (PR_IsNetAddrType(addr, PR_IpAddrV4Mapped)) { +- // store the ip +- ip = (char*)(&addr->ipv6.ip.pr_s6_addr[12]); +- request[4] = *ip++; +- request[5] = *ip++; +- request[6] = *ip++; +- request[7] = *ip++; +- } else { +- LOGERROR(("IPv6 is not supported in SOCKS 4.")); +- return NS_ERROR_FAILURE; // SOCKS 4 can't do IPv6 +- } +- +- } else { +- LOGERROR(("Don't know what kind of IP address this is.")); +- return NS_ERROR_FAILURE; // don't recognize this type +- } +- +- if (request_len > 0) { +- write_len = pr_Send(fd, request, request_len, 0, &timeout); +- if (write_len != request_len) { +- return NS_ERROR_FAILURE; ++ rv = dns->Resolve(mProxyHost, 0, getter_AddRefs(mDnsRec)); ++ if (NS_FAILED(rv)) { ++ LOGERROR(("socks: DNS lookup for SOCKS proxy %s failed", ++ mProxyHost.get())); ++ return PR_FAILURE; + } + } + +- // get the server's response +- desired_len = 8; // size of the response +- response_len = pr_RecvAll(fd, response, desired_len, 0, &timeout); +- if (response_len < desired_len) { +- LOGERROR(("pr_RecvAll() failed. response_len = %d.", response_len)); +- return NS_ERROR_FAILURE; ++ do { ++ rv = mDnsRec->GetNextAddr(mProxyPort, &mInternalProxyAddr); ++ // No more addresses to try? If so, we'll need to bail ++ if (NS_FAILED(rv)) { ++ LOGERROR(("socks: unable to connect to SOCKS proxy, %s", ++ mProxyHost.get())); ++ return PR_FAILURE; ++ } ++ ++#if defined(PR_LOGGING) ++ char buf[64]; ++ PR_NetAddrToString(&mInternalProxyAddr, buf, sizeof(buf)); ++ LOGDEBUG(("socks: trying proxy server, %s:%hu", ++ buf, PR_ntohs(PR_NetAddrInetPort(&mInternalProxyAddr)))); ++#endif ++ status = fd->lower->methods->connect(fd->lower, ++ &mInternalProxyAddr, mTimeout); ++ if (status != PR_SUCCESS) { ++ PRErrorCode c = PR_GetError(); ++ // If EINPROGRESS, return now and check back later after polling ++ if (c == PR_WOULD_BLOCK_ERROR || c == PR_IN_PROGRESS_ERROR) { ++ mState = SOCKS_CONNECTING_TO_PROXY; ++ return status; ++ } ++ } ++ } while (status != PR_SUCCESS); ++ ++ // Connected now, start SOCKS ++ if (mVersion == 4) ++ return WriteV4ConnectRequest(); ++ return WriteV5AuthRequest(); ++} ++ ++PRStatus ++nsSOCKSSocketInfo::ContinueConnectingToProxy(PRFileDesc *fd, PRInt16 oflags) ++{ ++ PRStatus status; ++ ++ NS_ABORT_IF_FALSE(mState == SOCKS_CONNECTING_TO_PROXY, ++ "Continuing connection in wrong state!"); ++ ++ LOGDEBUG(("socks: continuing connection to proxy")); ++ ++ status = fd->lower->methods->connectcontinue(fd->lower, oflags); ++ if (status != PR_SUCCESS) { ++ PRErrorCode c = PR_GetError(); ++ if (c != PR_WOULD_BLOCK_ERROR && c != PR_IN_PROGRESS_ERROR) { ++ // A connection failure occured, try another address ++ mState = SOCKS_INITIAL; ++ return ConnectToProxy(fd); ++ } ++ ++ // We're still connecting ++ return PR_FAILURE; + } + +- if ((response[0] != 0x00) && (response[0] != 0x04)) { +- // Novell BorderManager sends a response of type 4, should be zero +- // According to the spec. Cope with this brokenness. +- // it's not a SOCKS 4 reply or version 0 of the reply code +- LOGERROR(("Not a SOCKS 4 reply. Expected: 0; received: %x.", response[0])); +- return NS_ERROR_FAILURE; ++ // Connected now, start SOCKS ++ if (mVersion == 4) ++ return WriteV4ConnectRequest(); ++ return WriteV5AuthRequest(); ++} ++ ++PRStatus ++nsSOCKSSocketInfo::WriteV4ConnectRequest() ++{ ++ PRNetAddr *addr = &mDestinationAddr; ++ PRInt32 proxy_resolve; ++ ++ NS_ABORT_IF_FALSE(mState == SOCKS_CONNECTING_TO_PROXY, ++ "Invalid state!"); ++ ++ proxy_resolve = mFlags & nsISocketProvider::PROXY_RESOLVES_HOST; ++ ++ mDataLength = 0; ++ mState = SOCKS4_WRITE_CONNECT_REQUEST; ++ ++ LOGDEBUG(("socks4: sending connection request (socks4a resolve? %s)", ++ proxy_resolve? "yes" : "no")); ++ ++ // Send a SOCKS 4 connect request. ++ WriteUint8(0x04); // version -- 4 ++ WriteUint8(0x01); // command -- connect ++ WriteNetPort(addr); ++ if (proxy_resolve) { ++ // Add the full name, null-terminated, to the request ++ // according to SOCKS 4a. A fake IP address, with the first ++ // four bytes set to 0 and the last byte set to something other ++ // than 0, is used to notify the proxy that this is a SOCKS 4a ++ // request. This request type works for Tor and perhaps others. ++ WriteUint32(PR_htonl(0x00000001)); // Fake IP ++ WriteUint8(0x00); // Send an emtpy username ++ if (mDestinationHost.Length() > MAX_HOSTNAME_LEN) { ++ LOGERROR(("socks4: destination host name is too long!")); ++ HandshakeFinished(PR_BAD_ADDRESS_ERROR); ++ return PR_FAILURE; ++ } ++ WriteString(mDestinationHost); // Hostname ++ WriteUint8(0x00); ++ } else if (PR_NetAddrFamily(addr) == PR_AF_INET) { ++ WriteNetAddr(addr); // Add the IPv4 address ++ WriteUint8(0x00); // Send an emtpy username ++ } else if (PR_NetAddrFamily(addr) == PR_AF_INET6) { ++ LOGERROR(("socks: SOCKS 4 can't handle IPv6 addresses!")); ++ HandshakeFinished(PR_BAD_ADDRESS_ERROR); ++ return PR_FAILURE; + } + +- if (response[1] != 0x5A) { // = 90: request granted +- // connect request not granted +- LOGERROR(("Connection request refused. Expected: 90; received: %d.", response[1])); +- return NS_ERROR_FAILURE; +- } +- +- return NS_OK; +- ++ return PR_SUCCESS; + } + ++PRStatus ++nsSOCKSSocketInfo::ReadV4ConnectResponse() ++{ ++ NS_ABORT_IF_FALSE(mState == SOCKS4_READ_CONNECT_RESPONSE, ++ "Handling SOCKS 4 connection reply in wrong state!"); ++ NS_ABORT_IF_FALSE(mDataLength == 8, ++ "SOCKS 4 connection reply must be 8 bytes!"); ++ ++ LOGDEBUG(("socks4: checking connection reply")); ++ ++ if (ReadUint8() != 0x00) { ++ LOGERROR(("socks4: wrong connection reply")); ++ HandshakeFinished(PR_CONNECT_REFUSED_ERROR); ++ return PR_FAILURE; ++ } ++ ++ // See if our connection request was granted ++ if (ReadUint8() == 90) { ++ LOGDEBUG(("socks4: connection successful!")); ++ HandshakeFinished(); ++ return PR_SUCCESS; ++ } ++ ++ LOGERROR(("socks4: unable to connect")); ++ HandshakeFinished(PR_CONNECT_REFUSED_ERROR); ++ return PR_FAILURE; ++} ++ ++PRStatus ++nsSOCKSSocketInfo::WriteV5AuthRequest() ++{ ++ NS_ABORT_IF_FALSE(mVersion == 5, "SOCKS version must be 5!"); ++ ++ mState = SOCKS5_WRITE_AUTH_REQUEST; ++ ++ // Send an initial SOCKS 5 greeting ++ LOGDEBUG(("socks5: sending auth methods")); ++ WriteUint8(0x05); // version -- 5 ++ WriteUint8(0x01); // # auth methods -- 1 ++ WriteUint8(0x00); // we don't support authentication ++ ++ return PR_SUCCESS; ++} ++ ++PRStatus ++nsSOCKSSocketInfo::ReadV5AuthResponse() ++{ ++ NS_ABORT_IF_FALSE(mState == SOCKS5_READ_AUTH_RESPONSE, ++ "Handling SOCKS 5 auth method reply in wrong state!"); ++ NS_ABORT_IF_FALSE(mDataLength == 2, ++ "SOCKS 5 auth method reply must be 2 bytes!"); ++ ++ LOGDEBUG(("socks5: checking auth method reply")); ++ ++ // Check version number ++ if (ReadUint8() != 0x05) { ++ LOGERROR(("socks5: unexpected version in the reply")); ++ HandshakeFinished(PR_CONNECT_REFUSED_ERROR); ++ return PR_FAILURE; ++ } ++ ++ // Make sure our authentication choice was accepted ++ if (ReadUint8() != 0x00) { ++ LOGERROR(("socks5: server did not accept our authentication method")); ++ HandshakeFinished(PR_CONNECT_REFUSED_ERROR); ++ return PR_FAILURE; ++ } ++ ++ return WriteV5ConnectRequest(); ++} ++ ++PRStatus ++nsSOCKSSocketInfo::WriteV5ConnectRequest() ++{ ++ // Send SOCKS 5 connect request ++ PRNetAddr *addr = &mDestinationAddr; ++ PRInt32 proxy_resolve; ++ proxy_resolve = mFlags & nsISocketProvider::PROXY_RESOLVES_HOST; ++ ++ LOGDEBUG(("socks5: sending connection request (socks5 resolve? %s)", ++ proxy_resolve? "yes" : "no")); ++ ++ mDataLength = 0; ++ mState = SOCKS5_WRITE_CONNECT_REQUEST; ++ ++ WriteUint8(0x05); // version -- 5 ++ WriteUint8(0x01); // command -- connect ++ WriteUint8(0x00); // reserved ++ ++ // Add the address to the SOCKS 5 request. SOCKS 5 supports several ++ // address types, so we pick the one that works best for us. ++ if (proxy_resolve) { ++ // Add the host name. Only a single byte is used to store the length, ++ // so we must prevent long names from being used. ++ if (mDestinationHost.Length() > MAX_HOSTNAME_LEN) { ++ LOGERROR(("socks5: destination host name is too long!")); ++ HandshakeFinished(PR_BAD_ADDRESS_ERROR); ++ return PR_FAILURE; ++ } ++ WriteUint8(0x03); // addr type -- domainname ++ WriteUint8(mDestinationHost.Length()); // name length ++ WriteString(mDestinationHost); ++ } else if (PR_NetAddrFamily(addr) == PR_AF_INET) { ++ WriteUint8(0x01); // addr type -- IPv4 ++ WriteNetAddr(addr); ++ } else if (PR_NetAddrFamily(addr) == PR_AF_INET6) { ++ WriteUint8(0x04); // addr type -- IPv6 ++ WriteNetAddr(addr); ++ } else { ++ LOGERROR(("socks5: destination address of unknown type!")); ++ HandshakeFinished(PR_BAD_ADDRESS_ERROR); ++ return PR_FAILURE; ++ } ++ ++ WriteNetPort(addr); // port ++ ++ return PR_SUCCESS; ++} ++ ++PRStatus ++nsSOCKSSocketInfo::ReadV5AddrTypeAndLength(PRUint8 *type, PRUint32 *len) ++{ ++ NS_ABORT_IF_FALSE(mState == SOCKS5_READ_CONNECT_RESPONSE_TOP || ++ mState == SOCKS5_READ_CONNECT_RESPONSE_BOTTOM, ++ "Invalid state!"); ++ NS_ABORT_IF_FALSE(mDataLength >= 5, ++ "SOCKS 5 connection reply must be at least 5 bytes!"); ++ ++ // Seek to the address location ++ mReadOffset = 3; ++ ++ *type = ReadUint8(); ++ ++ switch (*type) { ++ case 0x01: // ipv4 ++ *len = 4 - 1; ++ break; ++ case 0x04: // ipv6 ++ *len = 16 - 1; ++ break; ++ case 0x03: // fqdn ++ *len = ReadUint8(); ++ break; ++ default: // wrong address type ++ LOGERROR(("socks5: wrong address type in connection reply!")); ++ return PR_FAILURE; ++ } ++ ++ return PR_SUCCESS; ++} ++ ++PRStatus ++nsSOCKSSocketInfo::ReadV5ConnectResponseTop() ++{ ++ PRUint8 res; ++ PRUint32 len; ++ ++ NS_ABORT_IF_FALSE(mState == SOCKS5_READ_CONNECT_RESPONSE_TOP, ++ "Invalid state!"); ++ NS_ABORT_IF_FALSE(mDataLength == 5, ++ "SOCKS 5 connection reply must be exactly 5 bytes!"); ++ ++ LOGDEBUG(("socks5: checking connection reply")); ++ ++ // Check version number ++ if (ReadUint8() != 0x05) { ++ LOGERROR(("socks5: unexpected version in the reply")); ++ HandshakeFinished(PR_CONNECT_REFUSED_ERROR); ++ return PR_FAILURE; ++ } ++ ++ // Check response ++ res = ReadUint8(); ++ if (res != 0x00) { ++ PRErrorCode c = PR_CONNECT_REFUSED_ERROR; ++ ++ switch (res) { ++ case 0x01: ++ LOGERROR(("socks5: connect failed: " ++ "01, General SOCKS server failure.")); ++ break; ++ case 0x02: ++ LOGERROR(("socks5: connect failed: " ++ "02, Connection not allowed by ruleset.")); ++ break; ++ case 0x03: ++ LOGERROR(("socks5: connect failed: 03, Network unreachable.")); ++ c = PR_NETWORK_UNREACHABLE_ERROR; ++ break; ++ case 0x04: ++ LOGERROR(("socks5: connect failed: 04, Host unreachable.")); ++ break; ++ case 0x05: ++ LOGERROR(("socks5: connect failed: 05, Connection refused.")); ++ break; ++ case 0x06: ++ LOGERROR(("socks5: connect failed: 06, TTL expired.")); ++ c = PR_CONNECT_TIMEOUT_ERROR; ++ break; ++ case 0x07: ++ LOGERROR(("socks5: connect failed: " ++ "07, Command not supported.")); ++ break; ++ case 0x08: ++ LOGERROR(("socks5: connect failed: " ++ "08, Address type not supported.")); ++ c = PR_BAD_ADDRESS_ERROR; ++ break; ++ default: ++ LOGERROR(("socks5: connect failed.")); ++ break; ++ } ++ ++ HandshakeFinished(c); ++ return PR_FAILURE; ++ } ++ ++ if (ReadV5AddrTypeAndLength(&res, &len) != PR_SUCCESS) { ++ HandshakeFinished(PR_BAD_ADDRESS_ERROR); ++ return PR_FAILURE; ++ } ++ ++ mState = SOCKS5_READ_CONNECT_RESPONSE_BOTTOM; ++ WantRead(len + 2); ++ ++ return PR_SUCCESS; ++} ++ ++PRStatus ++nsSOCKSSocketInfo::ReadV5ConnectResponseBottom() ++{ ++ PRUint8 type; ++ PRUint32 len; ++ ++ NS_ABORT_IF_FALSE(mState == SOCKS5_READ_CONNECT_RESPONSE_BOTTOM, ++ "Invalid state!"); ++ ++ if (ReadV5AddrTypeAndLength(&type, &len) != PR_SUCCESS) { ++ HandshakeFinished(PR_BAD_ADDRESS_ERROR); ++ return PR_FAILURE; ++ } ++ ++ NS_ABORT_IF_FALSE(mDataLength == 7+len, ++ "SOCKS 5 unexpected length of connection reply!"); ++ ++ LOGDEBUG(("socks5: loading source addr and port")); ++ // Read what the proxy says is our source address ++ switch (type) { ++ case 0x01: // ipv4 ++ ReadNetAddr(&mExternalProxyAddr, PR_AF_INET); ++ break; ++ case 0x04: // ipv6 ++ ReadNetAddr(&mExternalProxyAddr, PR_AF_INET6); ++ break; ++ case 0x03: // fqdn (skip) ++ mReadOffset += len; ++ mExternalProxyAddr.raw.family = PR_AF_INET; ++ break; ++ } ++ ++ ReadNetPort(&mExternalProxyAddr); ++ ++ LOGDEBUG(("socks5: connected!")); ++ HandshakeFinished(); ++ ++ return PR_SUCCESS; ++} ++ ++void ++nsSOCKSSocketInfo::SetConnectTimeout(PRIntervalTime to) ++{ ++ mTimeout = to; ++} ++ ++PRStatus ++nsSOCKSSocketInfo::DoHandshake(PRFileDesc *fd, PRInt16 oflags) ++{ ++ LOGDEBUG(("socks: DoHandshake(), state = %d", mState)); ++ ++ switch (mState) { ++ case SOCKS_INITIAL: ++ return ConnectToProxy(fd); ++ case SOCKS_CONNECTING_TO_PROXY: ++ return ContinueConnectingToProxy(fd, oflags); ++ case SOCKS4_WRITE_CONNECT_REQUEST: ++ if (WriteToSocket(fd) != PR_SUCCESS) ++ return PR_FAILURE; ++ WantRead(8); ++ mState = SOCKS4_READ_CONNECT_RESPONSE; ++ return PR_SUCCESS; ++ case SOCKS4_READ_CONNECT_RESPONSE: ++ if (ReadFromSocket(fd) != PR_SUCCESS) ++ return PR_FAILURE; ++ return ReadV4ConnectResponse(); ++ ++ case SOCKS5_WRITE_AUTH_REQUEST: ++ if (WriteToSocket(fd) != PR_SUCCESS) ++ return PR_FAILURE; ++ WantRead(2); ++ mState = SOCKS5_READ_AUTH_RESPONSE; ++ return PR_SUCCESS; ++ case SOCKS5_READ_AUTH_RESPONSE: ++ if (ReadFromSocket(fd) != PR_SUCCESS) ++ return PR_FAILURE; ++ return ReadV5AuthResponse(); ++ case SOCKS5_WRITE_CONNECT_REQUEST: ++ if (WriteToSocket(fd) != PR_SUCCESS) ++ return PR_FAILURE; ++ ++ // The SOCKS 5 response to the connection request is variable ++ // length. First, we'll read enough to tell how long the response ++ // is, and will read the rest later. ++ WantRead(5); ++ mState = SOCKS5_READ_CONNECT_RESPONSE_TOP; ++ return PR_SUCCESS; ++ case SOCKS5_READ_CONNECT_RESPONSE_TOP: ++ if (ReadFromSocket(fd) != PR_SUCCESS) ++ return PR_FAILURE; ++ return ReadV5ConnectResponseTop(); ++ case SOCKS5_READ_CONNECT_RESPONSE_BOTTOM: ++ if (ReadFromSocket(fd) != PR_SUCCESS) ++ return PR_FAILURE; ++ return ReadV5ConnectResponseBottom(); ++ ++ case SOCKS_CONNECTED: ++ LOGERROR(("socks: already connected")); ++ HandshakeFinished(PR_IS_CONNECTED_ERROR); ++ return PR_FAILURE; ++ case SOCKS_FAILED: ++ LOGERROR(("socks: already failed")); ++ return PR_FAILURE; ++ } ++ ++ LOGERROR(("socks: executing handshake in invalid state, %d", mState)); ++ HandshakeFinished(PR_INVALID_STATE_ERROR); ++ ++ return PR_FAILURE; ++} ++ ++PRInt16 ++nsSOCKSSocketInfo::GetPollFlags() const ++{ ++ switch (mState) { ++ case SOCKS_CONNECTING_TO_PROXY: ++ return PR_POLL_EXCEPT | PR_POLL_WRITE; ++ case SOCKS4_WRITE_CONNECT_REQUEST: ++ case SOCKS5_WRITE_AUTH_REQUEST: ++ case SOCKS5_WRITE_CONNECT_REQUEST: ++ return PR_POLL_WRITE; ++ case SOCKS4_READ_CONNECT_RESPONSE: ++ case SOCKS5_READ_AUTH_RESPONSE: ++ case SOCKS5_READ_CONNECT_RESPONSE_TOP: ++ case SOCKS5_READ_CONNECT_RESPONSE_BOTTOM: ++ return PR_POLL_READ; ++ default: ++ break; ++ } ++ ++ return 0; ++} ++ ++inline void ++nsSOCKSSocketInfo::WriteUint8(PRUint8 v) ++{ ++ NS_ABORT_IF_FALSE(mDataLength + sizeof(v) <= BUFFER_SIZE, ++ "Can't write that much data!"); ++ mData[mDataLength] = v; ++ mDataLength += sizeof(v); ++} ++ ++inline void ++nsSOCKSSocketInfo::WriteUint16(PRUint16 v) ++{ ++ NS_ABORT_IF_FALSE(mDataLength + sizeof(v) <= BUFFER_SIZE, ++ "Can't write that much data!"); ++ memcpy(mData + mDataLength, &v, sizeof(v)); ++ mDataLength += sizeof(v); ++} ++ ++inline void ++nsSOCKSSocketInfo::WriteUint32(PRUint32 v) ++{ ++ NS_ABORT_IF_FALSE(mDataLength + sizeof(v) <= BUFFER_SIZE, ++ "Can't write that much data!"); ++ memcpy(mData + mDataLength, &v, sizeof(v)); ++ mDataLength += sizeof(v); ++} ++ ++void ++nsSOCKSSocketInfo::WriteNetAddr(const PRNetAddr *addr) ++{ ++ const char *ip = NULL; ++ PRUint32 len = 0; ++ ++ if (PR_NetAddrFamily(addr) == PR_AF_INET) { ++ ip = (const char*)&addr->inet.ip; ++ len = sizeof(addr->inet.ip); ++ } else if (PR_NetAddrFamily(addr) == PR_AF_INET6) { ++ ip = (const char*)addr->ipv6.ip.pr_s6_addr; ++ len = sizeof(addr->ipv6.ip.pr_s6_addr); ++ } ++ ++ NS_ABORT_IF_FALSE(ip != NULL, "Unknown address"); ++ NS_ABORT_IF_FALSE(mDataLength + len <= BUFFER_SIZE, ++ "Can't write that much data!"); ++ ++ memcpy(mData + mDataLength, ip, len); ++ mDataLength += len; ++} ++ ++void ++nsSOCKSSocketInfo::WriteNetPort(const PRNetAddr *addr) ++{ ++ WriteUint16(PR_NetAddrInetPort(addr)); ++} ++ ++void ++nsSOCKSSocketInfo::WriteString(const nsACString &str) ++{ ++ NS_ABORT_IF_FALSE(mDataLength + str.Length() <= BUFFER_SIZE, ++ "Can't write that much data!"); ++ memcpy(mData + mDataLength, str.Data(), str.Length()); ++ mDataLength += str.Length(); ++} ++ ++inline PRUint8 ++nsSOCKSSocketInfo::ReadUint8() ++{ ++ PRUint8 rv; ++ NS_ABORT_IF_FALSE(mReadOffset + sizeof(rv) <= mDataLength, ++ "Not enough space to pop a uint8!"); ++ rv = mData[mReadOffset]; ++ mReadOffset += sizeof(rv); ++ return rv; ++} ++ ++inline PRUint16 ++nsSOCKSSocketInfo::ReadUint16() ++{ ++ PRUint16 rv; ++ NS_ABORT_IF_FALSE(mReadOffset + sizeof(rv) <= mDataLength, ++ "Not enough space to pop a uint16!"); ++ memcpy(&rv, mData + mReadOffset, sizeof(rv)); ++ mReadOffset += sizeof(rv); ++ return rv; ++} ++ ++inline PRUint32 ++nsSOCKSSocketInfo::ReadUint32() ++{ ++ PRUint32 rv; ++ NS_ABORT_IF_FALSE(mReadOffset + sizeof(rv) <= mDataLength, ++ "Not enough space to pop a uint32!"); ++ memcpy(&rv, mData + mReadOffset, sizeof(rv)); ++ mReadOffset += sizeof(rv); ++ return rv; ++} ++ ++void ++nsSOCKSSocketInfo::ReadNetAddr(PRNetAddr *addr, PRUint16 fam) ++{ ++ PRUint32 amt; ++ const PRUint8 *ip = mData + mReadOffset; ++ ++ addr->raw.family = fam; ++ if (fam == PR_AF_INET) { ++ amt = sizeof(addr->inet.ip); ++ NS_ABORT_IF_FALSE(mReadOffset + amt <= mDataLength, ++ "Not enough space to pop an ipv4 addr!"); ++ memcpy(&addr->inet.ip, ip, amt); ++ } else if (fam == PR_AF_INET6) { ++ amt = sizeof(addr->ipv6.ip.pr_s6_addr); ++ NS_ABORT_IF_FALSE(mReadOffset + amt <= mDataLength, ++ "Not enough space to pop an ipv6 addr!"); ++ memcpy(addr->ipv6.ip.pr_s6_addr, ip, amt); ++ } ++ ++ mReadOffset += amt; ++} ++ ++void ++nsSOCKSSocketInfo::ReadNetPort(PRNetAddr *addr) ++{ ++ addr->inet.port = ReadUint16(); ++} ++ ++void ++nsSOCKSSocketInfo::WantRead(PRUint32 sz) ++{ ++ NS_ABORT_IF_FALSE(mDataIoPtr == NULL, ++ "WantRead() called while I/O already in progress!"); ++ NS_ABORT_IF_FALSE(mDataLength + sz <= BUFFER_SIZE, ++ "Can't read that much data!"); ++ mAmountToRead = sz; ++} ++ ++PRStatus ++nsSOCKSSocketInfo::ReadFromSocket(PRFileDesc *fd) ++{ ++ PRInt32 rc; ++ const PRUint8 *end; ++ ++ if (!mAmountToRead) { ++ LOGDEBUG(("socks: ReadFromSocket(), nothing to do")); ++ return PR_SUCCESS; ++ } ++ ++ if (!mDataIoPtr) { ++ mDataIoPtr = mData + mDataLength; ++ mDataLength += mAmountToRead; ++ } ++ ++ end = mData + mDataLength; ++ ++ while (mDataIoPtr < end) { ++ rc = PR_Read(fd, mDataIoPtr, end - mDataIoPtr); ++ if (rc <= 0) { ++ if (rc == 0) { ++ LOGERROR(("socks: proxy server closed connection")); ++ HandshakeFinished(PR_CONNECT_REFUSED_ERROR); ++ return PR_FAILURE; ++ } else if (PR_GetError() == PR_WOULD_BLOCK_ERROR) { ++ LOGDEBUG(("socks: ReadFromSocket(), want read")); ++ } ++ break; ++ } ++ ++ mDataIoPtr += rc; ++ } ++ ++ LOGDEBUG(("socks: ReadFromSocket(), have %u bytes total", ++ unsigned(mDataIoPtr - mData))); ++ if (mDataIoPtr == end) { ++ mDataIoPtr = nsnull; ++ mAmountToRead = 0; ++ mReadOffset = 0; ++ return PR_SUCCESS; ++ } ++ ++ return PR_FAILURE; ++} ++ ++PRStatus ++nsSOCKSSocketInfo::WriteToSocket(PRFileDesc *fd) ++{ ++ PRInt32 rc; ++ const PRUint8 *end; ++ ++ if (!mDataLength) { ++ LOGDEBUG(("socks: WriteToSocket(), nothing to do")); ++ return PR_SUCCESS; ++ } ++ ++ if (!mDataIoPtr) ++ mDataIoPtr = mData; ++ ++ end = mData + mDataLength; ++ ++ while (mDataIoPtr < end) { ++ rc = PR_Write(fd, mDataIoPtr, end - mDataIoPtr); ++ if (rc < 0) { ++ if (PR_GetError() == PR_WOULD_BLOCK_ERROR) { ++ LOGDEBUG(("socks: WriteToSocket(), want write")); ++ } ++ break; ++ } ++ ++ mDataIoPtr += rc; ++ } ++ ++ if (mDataIoPtr == end) { ++ mDataIoPtr = nsnull; ++ mDataLength = 0; ++ mReadOffset = 0; ++ return PR_SUCCESS; ++ } ++ ++ return PR_FAILURE; ++} + + static PRStatus +-nsSOCKSIOLayerConnect(PRFileDesc *fd, const PRNetAddr *addr, PRIntervalTime /*timeout*/) ++nsSOCKSIOLayerConnect(PRFileDesc *fd, const PRNetAddr *addr, PRIntervalTime to) + { ++ PRStatus status; ++ PRNetAddr dst; + ++ nsSOCKSSocketInfo * info = (nsSOCKSSocketInfo*) fd->secret; ++ if (info == NULL) return PR_FAILURE; ++ ++ if (PR_NetAddrFamily(addr) == PR_AF_INET6 && ++ PR_IsNetAddrType(addr, PR_IpAddrV4Mapped)) { ++ const PRUint8 *srcp; ++ ++ LOGDEBUG(("socks: converting ipv4-mapped ipv6 address to ipv4")); ++ ++ // copied from _PR_ConvertToIpv4NetAddr() ++ PR_InitializeNetAddr(PR_IpAddrAny, 0, &dst); ++ srcp = addr->ipv6.ip.pr_s6_addr; ++ memcpy(&dst.inet.ip, srcp + 12, 4); ++ dst.inet.family = PR_AF_INET; ++ dst.inet.port = addr->ipv6.port; ++ } else { ++ memcpy(&dst, addr, sizeof(dst)); ++ } ++ ++ info->SetDestinationAddr(&dst); ++ info->SetConnectTimeout(to); ++ ++ do { ++ status = info->DoHandshake(fd, -1); ++ } while (status == PR_SUCCESS && !info->IsConnected()); ++ ++ return status; ++} ++ ++static PRStatus ++nsSOCKSIOLayerConnectContinue(PRFileDesc *fd, PRInt16 oflags) ++{ + PRStatus status; + + nsSOCKSSocketInfo * info = (nsSOCKSSocketInfo*) fd->secret; + if (info == NULL) return PR_FAILURE; + +- // First, we need to look up our proxy... +- const nsCString &proxyHost = info->ProxyHost(); ++ do { ++ status = info->DoHandshake(fd, oflags); ++ } while (status == PR_SUCCESS && !info->IsConnected()); + +- if (proxyHost.IsEmpty()) +- return PR_FAILURE; ++ return status; ++} + +- PRInt32 socksVersion = info->Version(); ++static PRInt16 ++nsSOCKSIOLayerPoll(PRFileDesc *fd, PRInt16 in_flags, PRInt16 *out_flags) ++{ ++ nsSOCKSSocketInfo * info = (nsSOCKSSocketInfo*) fd->secret; ++ if (info == NULL) return PR_FAILURE; + +- LOGDEBUG(("nsSOCKSIOLayerConnect SOCKS %u; proxyHost: %s.", socksVersion, proxyHost.get())); +- +- // Sync resolve the proxy hostname. +- PRNetAddr proxyAddr; +- nsCOMPtr<nsIDNSRecord> rec; +- nsresult rv; +- { +- nsCOMPtr<nsIDNSService> dns = do_GetService(NS_DNSSERVICE_CONTRACTID); +- if (!dns) +- return PR_FAILURE; +- +- rv = dns->Resolve(proxyHost, 0, getter_AddRefs(rec)); +- if (NS_FAILED(rv)) +- return PR_FAILURE; ++ if (!info->IsConnected()) { ++ *out_flags = 0; ++ return info->GetPollFlags(); + } + +- info->SetInternalProxyAddr(&proxyAddr); +- +- // For now, we'll do this as a blocking connect, +- // but with nspr 4.1, the necessary functions to +- // do a non-blocking connect will be available +- +- // Preserve the non-blocking state of the socket +- PRBool nonblocking; +- PRSocketOptionData sockopt; +- sockopt.option = PR_SockOpt_Nonblocking; +- status = PR_GetSocketOption(fd, &sockopt); +- +- if (PR_SUCCESS != status) { +- LOGERROR(("PR_GetSocketOption() failed. status = %x.", status)); +- return status; +- } +- +- // Store blocking option +- nonblocking = sockopt.value.non_blocking; +- +- sockopt.option = PR_SockOpt_Nonblocking; +- sockopt.value.non_blocking = PR_FALSE; +- status = PR_SetSocketOption(fd, &sockopt); +- +- if (PR_SUCCESS != status) { +- LOGERROR(("PR_SetSocketOption() failed. status = %x.", status)); +- return status; +- } +- +- // Now setup sockopts, so we can restore the value later. +- sockopt.option = PR_SockOpt_Nonblocking; +- sockopt.value.non_blocking = nonblocking; +- +- // This connectWait should be long enough to connect to local proxy +- // servers, but not much longer. Since this protocol negotiation +- // uses blocking network calls, the app can appear to hang for a maximum +- // of this time if the user presses the STOP button during the SOCKS +- // connection negotiation. Note that this value only applies to the +- // connecting to the SOCKS server: once the SOCKS connection has been +- // established, the value is not used anywhere else. +- PRIntervalTime connectWait = PR_SecondsToInterval(10); +- +- // Connect to the proxy server. +- PRInt32 addresses = 0; +- do { +- rv = rec->GetNextAddr(info->ProxyPort(), &proxyAddr); +- if (NS_FAILED(rv)) { +- status = PR_FAILURE; +- break; +- } +- ++addresses; +- status = fd->lower->methods->connect(fd->lower, &proxyAddr, connectWait); +- } while (PR_SUCCESS != status); +- +- if (PR_SUCCESS != status) { +- LOGERROR(("Failed to TCP connect to the proxy server (%s): timeout = %d, status = %x, tried %d addresses.", proxyHost.get(), connectWait, status, addresses)); +- PR_SetSocketOption(fd, &sockopt); +- return status; +- } +- +- +- // We are now connected to the SOCKS proxy server. +- // Now we will negotiate a connection to the desired server. +- +- // External IP address returned from ConnectSOCKS5(). Not supported in SOCKS4. +- PRNetAddr extAddr; +- PR_InitializeNetAddr(PR_IpAddrNull, 0, &extAddr); +- +- NS_ASSERTION((socksVersion == 4) || (socksVersion == 5), "SOCKS Version must be selected"); +- +- // Try to connect via SOCKS 5. +- if (socksVersion == 5) { +- rv = ConnectSOCKS5(fd, addr, &extAddr, connectWait); +- +- if (NS_FAILED(rv)) { +- PR_SetSocketOption(fd, &sockopt); +- return PR_FAILURE; +- } +- +- } +- +- // Try to connect via SOCKS 4. +- else { +- rv = ConnectSOCKS4(fd, addr, connectWait); +- +- if (NS_FAILED(rv)) { +- PR_SetSocketOption(fd, &sockopt); +- return PR_FAILURE; +- } +- +- } +- +- +- info->SetDestinationAddr((PRNetAddr*)addr); +- info->SetExternalProxyAddr(&extAddr); +- +- // restore non-blocking option +- PR_SetSocketOption(fd, &sockopt); +- +- // we're set-up and connected. +- // this socket can be used as normal now. +- +- return PR_SUCCESS; ++ return fd->lower->methods->poll(fd->lower, in_flags, out_flags); + } + + static PRStatus + nsSOCKSIOLayerClose(PRFileDesc *fd) + { + nsSOCKSSocketInfo * info = (nsSOCKSSocketInfo*) fd->secret; + PRDescIdentity id = PR_GetLayersIdentity(fd); + +@@ -880,16 +1115,18 @@ nsSOCKSIOLayerAddToSocket(PRInt32 family + + + if (firstTime) + { + nsSOCKSIOLayerIdentity = PR_GetUniqueIdentity("SOCKS layer"); + nsSOCKSIOLayerMethods = *PR_GetDefaultIOMethods(); + + nsSOCKSIOLayerMethods.connect = nsSOCKSIOLayerConnect; ++ nsSOCKSIOLayerMethods.connectcontinue = nsSOCKSIOLayerConnectContinue; ++ nsSOCKSIOLayerMethods.poll = nsSOCKSIOLayerPoll; + nsSOCKSIOLayerMethods.bind = nsSOCKSIOLayerBind; + nsSOCKSIOLayerMethods.acceptread = nsSOCKSIOLayerAcceptRead; + nsSOCKSIOLayerMethods.getsockname = nsSOCKSIOLayerGetName; + nsSOCKSIOLayerMethods.getpeername = nsSOCKSIOLayerGetPeerName; + nsSOCKSIOLayerMethods.accept = nsSOCKSIOLayerAccept; + nsSOCKSIOLayerMethods.listen = nsSOCKSIOLayerListen; + nsSOCKSIOLayerMethods.close = nsSOCKSIOLayerClose; + diff --git a/src/current-patches/non-blocking-socks-firefox-4.0.patch b/src/current-patches/non-blocking-socks-firefox-4.0.patch deleted file mode 100644 index cf5aeae..0000000 --- a/src/current-patches/non-blocking-socks-firefox-4.0.patch +++ /dev/null @@ -1,1637 +0,0 @@ ---- a/netwerk/base/src/nsSocketTransport2.cpp -+++ a/netwerk/base/src/nsSocketTransport2.cpp -@@ -1222,16 +1222,26 @@ nsSocketTransport::InitiateSocket() - // connection... wouldn't we need to call ProxyStartSSL after a call - // to PR_ConnectContinue indicates that we are connected? - // - // XXX this appears to be what the old socket transport did. why - // isn't this broken? - } - } - // -+ // A SOCKS request was rejected; get the actual error code from -+ // the OS error -+ // -+ else if (PR_UNKNOWN_ERROR == code && -+ mProxyTransparent && -+ !mProxyHost.IsEmpty()) { -+ code = PR_GetOSError(); -+ rv = ErrorAccordingToNSPR(code); -+ } -+ // - // The connection was refused... - // - else { - rv = ErrorAccordingToNSPR(code); - if ((rv == NS_ERROR_CONNECTION_REFUSED) && !mProxyHost.IsEmpty()) - rv = NS_ERROR_PROXY_CONNECTION_REFUSED; - } - } -@@ -1544,17 +1554,26 @@ nsSocketTransport::OnSocketReady(PRFileD - // - // If the connect is still not ready, then continue polling... - // - if ((PR_WOULD_BLOCK_ERROR == code) || (PR_IN_PROGRESS_ERROR == code)) { - // Set up the select flags for connect... - mPollFlags = (PR_POLL_EXCEPT | PR_POLL_WRITE); - // Update poll timeout in case it was changed - mPollTimeout = mTimeouts[TIMEOUT_CONNECT]; -- } -+ } -+ // -+ // The SOCKS proxy rejected our request. Find out why. -+ // -+ else if (PR_UNKNOWN_ERROR == code && -+ mProxyTransparent && -+ !mProxyHost.IsEmpty()) { -+ code = PR_GetOSError(); -+ mCondition = ErrorAccordingToNSPR(code); -+ } - else { - // - // else, the connection failed... - // - mCondition = ErrorAccordingToNSPR(code); - if ((mCondition == NS_ERROR_CONNECTION_REFUSED) && !mProxyHost.IsEmpty()) - mCondition = NS_ERROR_PROXY_CONNECTION_REFUSED; - SOCKET_LOG((" connection failed! [reason=%x]\n", mCondition)); ---- a/netwerk/socket/nsSOCKSIOLayer.cpp -+++ a/netwerk/socket/nsSOCKSIOLayer.cpp -@@ -20,16 +20,17 @@ - * Portions created by the Initial Developer are Copyright (C) 1998 - * the Initial Developer. All Rights Reserved. - * - * Contributor(s): - * Justin Bradford <jab(a)atdot.org> - * Bradley Baetz <bbaetz(a)acm.org> - * Darin Fisher <darin(a)meer.net> - * Malcolm Smith <malsmith(a)cs.rmit.edu.au> -+ * Christopher Davis <chrisd(a)torproject.org> - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your -@@ -63,51 +64,115 @@ static PRLogModuleInfo *gSOCKSLog; - - #else - #define LOGDEBUG(args) - #define LOGERROR(args) - #endif - - class nsSOCKSSocketInfo : public nsISOCKSSocketInfo - { -+ enum State { -+ SOCKS_INITIAL, -+ SOCKS_CONNECTING_TO_PROXY, -+ SOCKS4_WRITE_CONNECT_REQUEST, -+ SOCKS4_READ_CONNECT_RESPONSE, -+ SOCKS5_WRITE_AUTH_REQUEST, -+ SOCKS5_READ_AUTH_RESPONSE, -+ SOCKS5_WRITE_CONNECT_REQUEST, -+ SOCKS5_READ_CONNECT_RESPONSE_TOP, -+ SOCKS5_READ_CONNECT_RESPONSE_BOTTOM, -+ SOCKS_CONNECTED, -+ SOCKS_FAILED -+ }; -+ -+ // A buffer of 262 bytes should be enough for any request and response -+ // in case of SOCKS4 as well as SOCKS5 -+ static const PRUint32 BUFFER_SIZE = 262; -+ static const PRUint32 MAX_HOSTNAME_LEN = 255; -+ - public: - nsSOCKSSocketInfo(); -- virtual ~nsSOCKSSocketInfo() {} -+ virtual ~nsSOCKSSocketInfo() { HandshakeFinished(); } - - NS_DECL_ISUPPORTS - NS_DECL_NSISOCKSSOCKETINFO - - void Init(PRInt32 version, - const char *proxyHost, - PRInt32 proxyPort, - const char *destinationHost, - PRUint32 flags); - -- const nsCString &DestinationHost() { return mDestinationHost; } -- const nsCString &ProxyHost() { return mProxyHost; } -- PRInt32 ProxyPort() { return mProxyPort; } -- PRInt32 Version() { return mVersion; } -- PRUint32 Flags() { return mFlags; } -+ void SetConnectTimeout(PRIntervalTime to); -+ PRStatus DoHandshake(PRFileDesc *fd, PRInt16 oflags = -1); -+ PRInt16 GetPollFlags() const; -+ bool IsConnected() const { return mState == SOCKS_CONNECTED; } - - private: -+ void HandshakeFinished(PRErrorCode err = 0); -+ PRStatus ConnectToProxy(PRFileDesc *fd); -+ PRStatus ContinueConnectingToProxy(PRFileDesc *fd, PRInt16 oflags); -+ PRStatus WriteV4ConnectRequest(); -+ PRStatus ReadV4ConnectResponse(); -+ PRStatus WriteV5AuthRequest(); -+ PRStatus ReadV5AuthResponse(); -+ PRStatus WriteV5ConnectRequest(); -+ PRStatus ReadV5AddrTypeAndLength(PRUint8 *type, PRUint32 *len); -+ PRStatus ReadV5ConnectResponseTop(); -+ PRStatus ReadV5ConnectResponseBottom(); -+ -+ void WriteUint8(PRUint8 d); -+ void WriteUint16(PRUint16 d); -+ void WriteUint32(PRUint32 d); -+ void WriteNetAddr(const PRNetAddr *addr); -+ void WriteNetPort(const PRNetAddr *addr); -+ void WriteString(const nsACString &str); -+ -+ PRUint8 ReadUint8(); -+ PRUint16 ReadUint16(); -+ PRUint32 ReadUint32(); -+ void ReadNetAddr(PRNetAddr *addr, PRUint16 fam); -+ void ReadNetPort(PRNetAddr *addr); -+ -+ void WantRead(PRUint32 sz); -+ PRStatus ReadFromSocket(PRFileDesc *fd); -+ PRStatus WriteToSocket(PRFileDesc *fd); -+ -+private: -+ State mState; -+ PRUint8 * mData; -+ PRUint8 * mDataIoPtr; -+ PRUint32 mDataLength; -+ PRUint32 mReadOffset; -+ PRUint32 mAmountToRead; -+ nsCOMPtr<nsIDNSRecord> mDnsRec; -+ - nsCString mDestinationHost; - nsCString mProxyHost; - PRInt32 mProxyPort; - PRInt32 mVersion; // SOCKS version 4 or 5 - PRUint32 mFlags; - PRNetAddr mInternalProxyAddr; - PRNetAddr mExternalProxyAddr; - PRNetAddr mDestinationAddr; -+ PRIntervalTime mTimeout; - }; - - nsSOCKSSocketInfo::nsSOCKSSocketInfo() -- : mProxyPort(-1) -+ : mState(SOCKS_INITIAL) -+ , mDataIoPtr(nsnull) -+ , mDataLength(0) -+ , mReadOffset(0) -+ , mAmountToRead(0) -+ , mProxyPort(-1) - , mVersion(-1) - , mFlags(0) -+ , mTimeout(PR_INTERVAL_NO_TIMEOUT) - { -+ mData = new PRUint8[BUFFER_SIZE]; - PR_InitializeNetAddr(PR_IpAddrAny, 0, &mInternalProxyAddr); - PR_InitializeNetAddr(PR_IpAddrAny, 0, &mExternalProxyAddr); - PR_InitializeNetAddr(PR_IpAddrAny, 0, &mDestinationAddr); - } - - void - nsSOCKSSocketInfo::Init(PRInt32 version, const char *proxyHost, PRInt32 proxyPort, const char *host, PRUint32 flags) - { -@@ -157,647 +222,817 @@ nsSOCKSSocketInfo::GetInternalProxyAddr( - - NS_IMETHODIMP - nsSOCKSSocketInfo::SetInternalProxyAddr(PRNetAddr *aInternalProxyAddr) - { - memcpy(&mInternalProxyAddr, aInternalProxyAddr, sizeof(PRNetAddr)); - return NS_OK; - } - --static PRInt32 --pr_RecvAll(PRFileDesc *fd, unsigned char *buf, PRInt32 amount, PRIntn flags, -- PRIntervalTime *timeout) -+// There needs to be a means of distinguishing between connection errors -+// that the SOCKS server reports when it rejects a connection request, and -+// connection errors that happen while attempting to connect to the SOCKS -+// server. Otherwise, Firefox will report incorrectly that the proxy server -+// is refusing connections when a SOCKS request is rejected by the proxy. -+// When a SOCKS handshake failure occurs, the PR error is set to -+// PR_UNKNOWN_ERROR, and the real error code is returned via the OS error. -+void -+nsSOCKSSocketInfo::HandshakeFinished(PRErrorCode err) - { -- PRInt32 bytesRead = 0; -- PRInt32 offset = 0; -+ if (err == 0) { -+ mState = SOCKS_CONNECTED; -+ } else { -+ mState = SOCKS_FAILED; -+ PR_SetError(PR_UNKNOWN_ERROR, err); -+ } - -- while (offset < amount) { -- PRIntervalTime start_time = PR_IntervalNow(); -- bytesRead = PR_Recv(fd, buf + offset, amount - offset, flags, *timeout); -- PRIntervalTime elapsed = PR_IntervalNow() - start_time; -- -- if (elapsed > *timeout) { -- *timeout = 0; -- } else { -- *timeout -= elapsed; -- } -- -- if (bytesRead > 0) { -- offset += bytesRead; -- } else if (bytesRead == 0 || offset != 0) { -- return offset; -- } else { -- return bytesRead; -- } -- -- if (*timeout == 0) { -- LOGERROR(("PR_Recv() timed out. amount = %d. offset = %d.", -- amount, offset)); -- return offset; -- } -- } -- return offset; -+ // We don't need the buffer any longer, so free it. -+ delete [] mData; -+ mData = nsnull; -+ mDataIoPtr = nsnull; -+ mDataLength = 0; -+ mReadOffset = 0; -+ mAmountToRead = 0; - } - --static PRInt32 --pr_Send(PRFileDesc *fd, const void *buf, PRInt32 amount, PRIntn flags, -- PRIntervalTime *timeout) -+PRStatus -+nsSOCKSSocketInfo::ConnectToProxy(PRFileDesc *fd) - { -- PRIntervalTime start_time = PR_IntervalNow(); -- PRInt32 retval = PR_Send(fd, buf, amount, flags, *timeout); -- PRIntervalTime elapsed = PR_IntervalNow() - start_time; -+ PRStatus status; -+ nsresult rv; - -- if (elapsed > *timeout) { -- *timeout = 0; -- LOGERROR(("PR_Send() timed out. amount = %d. retval = %d.", -- amount, retval)); -- return retval; -- } else { -- *timeout -= elapsed; -- } -+ NS_ABORT_IF_FALSE(mState == SOCKS_INITIAL, -+ "Must be in initial state to make connection!"); - -- if (retval <= 0) { -- LOGERROR(("PR_Send() failed. amount = %d. retval = %d.", -- amount, retval)); -- } -+ // If we haven't performed the DNS lookup, do that now. -+ if (!mDnsRec) { -+ nsCOMPtr<nsIDNSService> dns = do_GetService(NS_DNSSERVICE_CONTRACTID); -+ if (!dns) -+ return PR_FAILURE; - -- return retval; --} -- --// Negotiate a SOCKS 5 connection. Assumes the TCP connection to the socks --// server port has been established. --static nsresult --ConnectSOCKS5(PRFileDesc *fd, const PRNetAddr *addr, PRNetAddr *extAddr, PRIntervalTime timeout) --{ -- int request_len = 0; -- int response_len = 0; -- int desired_len = 0; -- unsigned char request[22]; -- unsigned char response[262]; -- -- NS_ENSURE_TRUE(fd, NS_ERROR_NOT_INITIALIZED); -- NS_ENSURE_TRUE(addr, NS_ERROR_NOT_INITIALIZED); -- NS_ENSURE_TRUE(extAddr, NS_ERROR_NOT_INITIALIZED); -- -- request[0] = 0x05; // SOCKS version 5 -- request[1] = 0x01; // number of auth procotols we recognize -- // auth protocols -- request[2] = 0x00; // no authentication required -- // compliant implementations MUST implement GSSAPI -- // and SHOULD implement username/password and MAY -- // implement CHAP -- // TODO: we don't implement these -- //request[3] = 0x01; // GSSAPI -- //request[4] = 0x02; // username/password -- //request[5] = 0x03; // CHAP -- -- request_len = 2 + request[1]; -- int write_len = pr_Send(fd, request, request_len, 0, &timeout); -- if (write_len != request_len) { -- return NS_ERROR_FAILURE; -- } -- -- // get the server's response. -- desired_len = 2; -- response_len = pr_RecvAll(fd, response, desired_len, 0, &timeout); -- -- if (response_len < desired_len) { -- LOGERROR(("pr_RecvAll() failed. response_len = %d.", response_len)); -- return NS_ERROR_FAILURE; -- } -- -- if (response[0] != 0x05) { -- // it's a either not SOCKS or not our version -- LOGERROR(("Not a SOCKS 5 reply. Expected: 5; received: %x", response[0])); -- return NS_ERROR_FAILURE; -- } -- switch (response[1]) { -- case 0x00: -- // no auth -- break; -- case 0x01: -- // GSSAPI -- // TODO: implement -- LOGERROR(("Server want to use GSSAPI to authenticate, but we don't support it.")); -- return NS_ERROR_FAILURE; -- case 0x02: -- // username/password -- // TODO: implement -- LOGERROR(("Server want to use username/password to authenticate, but we don't support it.")); -- return NS_ERROR_FAILURE; -- case 0x03: -- // CHAP -- // TODO: implement? -- LOGERROR(("Server want to use CHAP to authenticate, but we don't support it.")); -- return NS_ERROR_FAILURE; -- default: -- // unrecognized auth method -- LOGERROR(("Uncrecognized authentication method received: %x", response[1])); -- return NS_ERROR_FAILURE; -- } -- -- // we are now authenticated, so lets tell -- // the server where to connect to -- -- request_len = 0; -- -- request[0] = 0x05; // SOCKS version 5 -- request[1] = 0x01; // CONNECT command -- request[2] = 0x00; // obligatory reserved field (perfect for MS tampering!) -- -- // get destination port -- PRInt32 destPort = PR_ntohs(PR_NetAddrInetPort(addr)); -- nsSOCKSSocketInfo * info = (nsSOCKSSocketInfo*) fd->secret; -- -- if (info->Flags() & nsISocketProvider::PROXY_RESOLVES_HOST) { -- -- LOGDEBUG(("using server to resolve hostnames rather than resolving it first\n")); -- -- // if the PROXY_RESOLVES_HOST flag is set, we assume -- // that the transport wants us to pass the SOCKS server the -- // hostname and port and let it do the name resolution. -- -- // the real destination hostname and port was stored -- // in our info object earlier when this layer was created. -- -- const nsCString& destHost = info->DestinationHost(); -- -- LOGDEBUG(("host:port -> %s:%li", destHost.get(), destPort)); -- -- request[3] = 0x03; // encoding of destination address (3 == hostname) -- -- int host_len = destHost.Length(); -- if (host_len > 255) { -- // SOCKS5 transmits the length of the hostname in a single char. -- // This gives us an absolute limit of 255 chars in a hostname, and -- // there's nothing we can do to extend it. I don't think many -- // hostnames will ever be bigger than this, so hopefully it's an -- // uneventful abort condition. -- LOGERROR (("Hostname too big for SOCKS5.")); -- return NS_ERROR_INVALID_ARG; -- } -- request[4] = (char) host_len; -- request_len = 5; -- -- // Send the initial header first... -- write_len = pr_Send(fd, request, request_len, 0, &timeout); -- if (write_len != request_len) { -- // bad write -- return NS_ERROR_FAILURE; -- } -- -- // Now send the hostname... -- write_len = pr_Send(fd, destHost.get(), host_len, 0, &timeout); -- if (write_len != host_len) { -- // bad write -- return NS_ERROR_FAILURE; -- } -- -- // There's no data left because we just sent it. -- request_len = 0; -- -- } else if (PR_NetAddrFamily(addr) == PR_AF_INET) { -- -- request[3] = 0x01; // encoding of destination address (1 == IPv4) -- request_len = 8; // 4 for address, 4 SOCKS headers -- -- char * ip = (char*)(&addr->inet.ip); -- request[4] = *ip++; -- request[5] = *ip++; -- request[6] = *ip++; -- request[7] = *ip++; -- -- } else if (PR_NetAddrFamily(addr) == PR_AF_INET6) { -- -- request[3] = 0x04; // encoding of destination address (4 == IPv6) -- request_len = 20; // 16 for address, 4 SOCKS headers -- -- char * ip = (char*)(&addr->ipv6.ip.pr_s6_addr); -- request[4] = *ip++; request[5] = *ip++; -- request[6] = *ip++; request[7] = *ip++; -- request[8] = *ip++; request[9] = *ip++; -- request[10] = *ip++; request[11] = *ip++; -- request[12] = *ip++; request[13] = *ip++; -- request[14] = *ip++; request[15] = *ip++; -- request[16] = *ip++; request[17] = *ip++; -- request[18] = *ip++; request[19] = *ip++; -- -- // we're going to test to see if this address can -- // be mapped back into IPv4 without loss. if so, -- // we'll use IPv4 instead, as reliable SOCKS server -- // support for IPv6 is probably questionable. -- -- if (PR_IsNetAddrType(addr, PR_IpAddrV4Mapped)) { -- request[3] = 0x01; // ipv4 encoding -- request[4] = request[16]; -- request[5] = request[17]; -- request[6] = request[18]; -- request[7] = request[19]; -- request_len -= 12; -- } -- } else { -- // Unknown address type -- LOGERROR(("Don't know what kind of IP address this is.")); -- return NS_ERROR_FAILURE; -- } -- -- // add the destination port to the request -- request[request_len] = (unsigned char)(destPort >> 8); -- request[request_len+1] = (unsigned char)destPort; -- request_len += 2; -- -- write_len = pr_Send(fd, request, request_len, 0, &timeout); -- if (write_len != request_len) { -- // bad write -- return NS_ERROR_FAILURE; -- } -- -- desired_len = 5; -- response_len = pr_RecvAll(fd, response, desired_len, 0, &timeout); -- if (response_len < desired_len) { // bad read -- LOGERROR(("pr_RecvAll() failed getting connect command reply. response_len = %d.", response_len)); -- return NS_ERROR_FAILURE; -- } -- -- if (response[0] != 0x05) { -- // bad response -- LOGERROR(("Not a SOCKS 5 reply. Expected: 5; received: %x", response[0])); -- return NS_ERROR_FAILURE; -- } -- -- switch(response[1]) { -- case 0x00: break; // success -- case 0x01: LOGERROR(("SOCKS 5 server rejected connect request: 01, General SOCKS server failure.")); -- return NS_ERROR_FAILURE; -- case 0x02: LOGERROR(("SOCKS 5 server rejected connect request: 02, Connection not allowed by ruleset.")); -- return NS_ERROR_FAILURE; -- case 0x03: LOGERROR(("SOCKS 5 server rejected connect request: 03, Network unreachable.")); -- return NS_ERROR_FAILURE; -- case 0x04: LOGERROR(("SOCKS 5 server rejected connect request: 04, Host unreachable.")); -- return NS_ERROR_FAILURE; -- case 0x05: LOGERROR(("SOCKS 5 server rejected connect request: 05, Connection refused.")); -- return NS_ERROR_FAILURE; -- case 0x06: LOGERROR(("SOCKS 5 server rejected connect request: 06, TTL expired.")); -- return NS_ERROR_FAILURE; -- case 0x07: LOGERROR(("SOCKS 5 server rejected connect request: 07, Command not supported.")); -- return NS_ERROR_FAILURE; -- case 0x08: LOGERROR(("SOCKS 5 server rejected connect request: 08, Address type not supported.")); -- return NS_ERROR_FAILURE; -- default: LOGERROR(("SOCKS 5 server rejected connect request: %x.", response[1])); -- return NS_ERROR_FAILURE; -- -- -- } -- -- switch (response[3]) { -- case 0x01: // IPv4 -- desired_len = 4 + 2 - 1; -- break; -- case 0x03: // FQDN -- desired_len = response[4] + 2; -- break; -- case 0x04: // IPv6 -- desired_len = 16 + 2 - 1; -- break; -- default: // unknown format -- return NS_ERROR_FAILURE; -- break; -- } -- response_len = pr_RecvAll(fd, response + 5, desired_len, 0, &timeout); -- if (response_len < desired_len) { // bad read -- LOGERROR(("pr_RecvAll() failed getting connect command reply. response_len = %d.", response_len)); -- return NS_ERROR_FAILURE; -- } -- response_len += 5; -- -- // get external bound address (this is what -- // the outside world sees as "us") -- char *ip = nsnull; -- PRUint16 extPort = 0; -- -- switch (response[3]) { -- case 0x01: // IPv4 -- -- extPort = (response[8] << 8) | response[9]; -- -- PR_SetNetAddr(PR_IpAddrAny, PR_AF_INET, extPort, extAddr); -- -- ip = (char*)(&extAddr->inet.ip); -- *ip++ = response[4]; -- *ip++ = response[5]; -- *ip++ = response[6]; -- *ip++ = response[7]; -- -- break; -- case 0x04: // IPv6 -- -- extPort = (response[20] << 8) | response[21]; -- -- PR_SetNetAddr(PR_IpAddrAny, PR_AF_INET6, extPort, extAddr); -- -- ip = (char*)(&extAddr->ipv6.ip.pr_s6_addr); -- *ip++ = response[4]; *ip++ = response[5]; -- *ip++ = response[6]; *ip++ = response[7]; -- *ip++ = response[8]; *ip++ = response[9]; -- *ip++ = response[10]; *ip++ = response[11]; -- *ip++ = response[12]; *ip++ = response[13]; -- *ip++ = response[14]; *ip++ = response[15]; -- *ip++ = response[16]; *ip++ = response[17]; -- *ip++ = response[18]; *ip++ = response[19]; -- -- break; -- case 0x03: // FQDN -- // if we get here, we don't know our external address. -- // however, as that's possibly not critical to the user, -- // we let it slide. -- extPort = (response[response_len - 2] << 8) | -- response[response_len - 1]; -- PR_InitializeNetAddr(PR_IpAddrNull, extPort, extAddr); -- break; -- } -- return NS_OK; --} -- --// Negotiate a SOCKS 4 connection. Assumes the TCP connection to the socks --// server port has been established. --static nsresult --ConnectSOCKS4(PRFileDesc *fd, const PRNetAddr *addr, PRIntervalTime timeout) --{ -- int request_len = 0; -- int write_len; -- int response_len = 0; -- int desired_len = 0; -- char *ip = nsnull; -- unsigned char request[12]; -- unsigned char response[10]; -- -- NS_ENSURE_TRUE(fd, NS_ERROR_NOT_INITIALIZED); -- NS_ENSURE_TRUE(addr, NS_ERROR_NOT_INITIALIZED); -- -- request[0] = 0x04; // SOCKS version 4 -- request[1] = 0x01; // CD command code -- 1 for connect -- -- // destination port -- PRInt32 destPort = PR_ntohs(PR_NetAddrInetPort(addr)); -- -- // store the port -- request[2] = (unsigned char)(destPort >> 8); -- request[3] = (unsigned char)destPort; -- -- // username -- request[8] = 'M'; -- request[9] = 'O'; -- request[10] = 'Z'; -- -- request[11] = 0x00; -- -- request_len = 12; -- -- nsSOCKSSocketInfo * info = (nsSOCKSSocketInfo*) fd->secret; -- -- if (info->Flags() & nsISocketProvider::PROXY_RESOLVES_HOST) { -- -- LOGDEBUG(("using server to resolve hostnames rather than resolving it first\n")); -- -- // if the PROXY_RESOLVES_HOST flag is set, we assume that the -- // transport wants us to pass the SOCKS server the hostname -- // and port and let it do the name resolution. -- -- // an extension to SOCKS 4, called 4a, specifies a way -- // to do this, so we'll try that and hope the -- // server supports it. -- -- // the real destination hostname and port was stored -- // in our info object earlier when this layer was created. -- -- const nsCString& destHost = info->DestinationHost(); -- -- LOGDEBUG(("host:port -> %s:%li\n", destHost.get(), destPort)); -- -- // the IP portion of the query is set to this special address. -- request[4] = 0; -- request[5] = 0; -- request[6] = 0; -- request[7] = 1; -- -- write_len = pr_Send(fd, request, request_len, 0, &timeout); -- if (write_len != request_len) { -- return NS_ERROR_FAILURE; -- } -- -- // Remember the NULL. -- int host_len = destHost.Length() + 1; -- -- write_len = pr_Send(fd, destHost.get(), host_len, 0, &timeout); -- if (write_len != host_len) { -- return NS_ERROR_FAILURE; -- } -- -- // No data to send, just sent it. -- request_len = 0; -- -- } else if (PR_NetAddrFamily(addr) == PR_AF_INET) { // IPv4 -- -- // store the ip -- ip = (char*)(&addr->inet.ip); -- request[4] = *ip++; -- request[5] = *ip++; -- request[6] = *ip++; -- request[7] = *ip++; -- -- } else if (PR_NetAddrFamily(addr) == PR_AF_INET6) { // IPv6 -- -- // IPv4 address encoded in an IPv6 address -- if (PR_IsNetAddrType(addr, PR_IpAddrV4Mapped)) { -- // store the ip -- ip = (char*)(&addr->ipv6.ip.pr_s6_addr[12]); -- request[4] = *ip++; -- request[5] = *ip++; -- request[6] = *ip++; -- request[7] = *ip++; -- } else { -- LOGERROR(("IPv6 is not supported in SOCKS 4.")); -- return NS_ERROR_FAILURE; // SOCKS 4 can't do IPv6 -- } -- -- } else { -- LOGERROR(("Don't know what kind of IP address this is.")); -- return NS_ERROR_FAILURE; // don't recognize this type -- } -- -- if (request_len > 0) { -- write_len = pr_Send(fd, request, request_len, 0, &timeout); -- if (write_len != request_len) { -- return NS_ERROR_FAILURE; -+ rv = dns->Resolve(mProxyHost, 0, getter_AddRefs(mDnsRec)); -+ if (NS_FAILED(rv)) { -+ LOGERROR(("socks: DNS lookup for SOCKS proxy %s failed", -+ mProxyHost.get())); -+ return PR_FAILURE; - } - } - -- // get the server's response -- desired_len = 8; // size of the response -- response_len = pr_RecvAll(fd, response, desired_len, 0, &timeout); -- if (response_len < desired_len) { -- LOGERROR(("pr_RecvAll() failed. response_len = %d.", response_len)); -- return NS_ERROR_FAILURE; -+ do { -+ rv = mDnsRec->GetNextAddr(mProxyPort, &mInternalProxyAddr); -+ // No more addresses to try? If so, we'll need to bail -+ if (NS_FAILED(rv)) { -+ LOGERROR(("socks: unable to connect to SOCKS proxy, %s", -+ mProxyHost.get())); -+ return PR_FAILURE; -+ } -+ -+#if defined(PR_LOGGING) -+ char buf[64]; -+ PR_NetAddrToString(&mInternalProxyAddr, buf, sizeof(buf)); -+ LOGDEBUG(("socks: trying proxy server, %s:%hu", -+ buf, PR_ntohs(PR_NetAddrInetPort(&mInternalProxyAddr)))); -+#endif -+ status = fd->lower->methods->connect(fd->lower, -+ &mInternalProxyAddr, mTimeout); -+ if (status != PR_SUCCESS) { -+ PRErrorCode c = PR_GetError(); -+ // If EINPROGRESS, return now and check back later after polling -+ if (c == PR_WOULD_BLOCK_ERROR || c == PR_IN_PROGRESS_ERROR) { -+ mState = SOCKS_CONNECTING_TO_PROXY; -+ return status; -+ } -+ } -+ } while (status != PR_SUCCESS); -+ -+ // Connected now, start SOCKS -+ if (mVersion == 4) -+ return WriteV4ConnectRequest(); -+ return WriteV5AuthRequest(); -+} -+ -+PRStatus -+nsSOCKSSocketInfo::ContinueConnectingToProxy(PRFileDesc *fd, PRInt16 oflags) -+{ -+ PRStatus status; -+ -+ NS_ABORT_IF_FALSE(mState == SOCKS_CONNECTING_TO_PROXY, -+ "Continuing connection in wrong state!"); -+ -+ LOGDEBUG(("socks: continuing connection to proxy")); -+ -+ status = fd->lower->methods->connectcontinue(fd->lower, oflags); -+ if (status != PR_SUCCESS) { -+ PRErrorCode c = PR_GetError(); -+ if (c != PR_WOULD_BLOCK_ERROR && c != PR_IN_PROGRESS_ERROR) { -+ // A connection failure occured, try another address -+ mState = SOCKS_INITIAL; -+ return ConnectToProxy(fd); -+ } -+ -+ // We're still connecting -+ return PR_FAILURE; - } - -- if ((response[0] != 0x00) && (response[0] != 0x04)) { -- // Novell BorderManager sends a response of type 4, should be zero -- // According to the spec. Cope with this brokenness. -- // it's not a SOCKS 4 reply or version 0 of the reply code -- LOGERROR(("Not a SOCKS 4 reply. Expected: 0; received: %x.", response[0])); -- return NS_ERROR_FAILURE; -+ // Connected now, start SOCKS -+ if (mVersion == 4) -+ return WriteV4ConnectRequest(); -+ return WriteV5AuthRequest(); -+} -+ -+PRStatus -+nsSOCKSSocketInfo::WriteV4ConnectRequest() -+{ -+ PRNetAddr *addr = &mDestinationAddr; -+ PRInt32 proxy_resolve; -+ -+ NS_ABORT_IF_FALSE(mState == SOCKS_CONNECTING_TO_PROXY, -+ "Invalid state!"); -+ -+ proxy_resolve = mFlags & nsISocketProvider::PROXY_RESOLVES_HOST; -+ -+ mDataLength = 0; -+ mState = SOCKS4_WRITE_CONNECT_REQUEST; -+ -+ LOGDEBUG(("socks4: sending connection request (socks4a resolve? %s)", -+ proxy_resolve? "yes" : "no")); -+ -+ // Send a SOCKS 4 connect request. -+ WriteUint8(0x04); // version -- 4 -+ WriteUint8(0x01); // command -- connect -+ WriteNetPort(addr); -+ if (proxy_resolve) { -+ // Add the full name, null-terminated, to the request -+ // according to SOCKS 4a. A fake IP address, with the first -+ // four bytes set to 0 and the last byte set to something other -+ // than 0, is used to notify the proxy that this is a SOCKS 4a -+ // request. This request type works for Tor and perhaps others. -+ WriteUint32(PR_htonl(0x00000001)); // Fake IP -+ WriteUint8(0x00); // Send an emtpy username -+ if (mDestinationHost.Length() > MAX_HOSTNAME_LEN) { -+ LOGERROR(("socks4: destination host name is too long!")); -+ HandshakeFinished(PR_BAD_ADDRESS_ERROR); -+ return PR_FAILURE; -+ } -+ WriteString(mDestinationHost); // Hostname -+ WriteUint8(0x00); -+ } else if (PR_NetAddrFamily(addr) == PR_AF_INET) { -+ WriteNetAddr(addr); // Add the IPv4 address -+ WriteUint8(0x00); // Send an emtpy username -+ } else if (PR_NetAddrFamily(addr) == PR_AF_INET6) { -+ LOGERROR(("socks: SOCKS 4 can't handle IPv6 addresses!")); -+ HandshakeFinished(PR_BAD_ADDRESS_ERROR); -+ return PR_FAILURE; - } - -- if (response[1] != 0x5A) { // = 90: request granted -- // connect request not granted -- LOGERROR(("Connection request refused. Expected: 90; received: %d.", response[1])); -- return NS_ERROR_FAILURE; -- } -- -- return NS_OK; -- -+ return PR_SUCCESS; - } - -+PRStatus -+nsSOCKSSocketInfo::ReadV4ConnectResponse() -+{ -+ NS_ABORT_IF_FALSE(mState == SOCKS4_READ_CONNECT_RESPONSE, -+ "Handling SOCKS 4 connection reply in wrong state!"); -+ NS_ABORT_IF_FALSE(mDataLength == 8, -+ "SOCKS 4 connection reply must be 8 bytes!"); -+ -+ LOGDEBUG(("socks4: checking connection reply")); -+ -+ if (ReadUint8() != 0x00) { -+ LOGERROR(("socks4: wrong connection reply")); -+ HandshakeFinished(PR_CONNECT_REFUSED_ERROR); -+ return PR_FAILURE; -+ } -+ -+ // See if our connection request was granted -+ if (ReadUint8() == 90) { -+ LOGDEBUG(("socks4: connection successful!")); -+ HandshakeFinished(); -+ return PR_SUCCESS; -+ } -+ -+ LOGERROR(("socks4: unable to connect")); -+ HandshakeFinished(PR_CONNECT_REFUSED_ERROR); -+ return PR_FAILURE; -+} -+ -+PRStatus -+nsSOCKSSocketInfo::WriteV5AuthRequest() -+{ -+ NS_ABORT_IF_FALSE(mVersion == 5, "SOCKS version must be 5!"); -+ -+ mState = SOCKS5_WRITE_AUTH_REQUEST; -+ -+ // Send an initial SOCKS 5 greeting -+ LOGDEBUG(("socks5: sending auth methods")); -+ WriteUint8(0x05); // version -- 5 -+ WriteUint8(0x01); // # auth methods -- 1 -+ WriteUint8(0x00); // we don't support authentication -+ -+ return PR_SUCCESS; -+} -+ -+PRStatus -+nsSOCKSSocketInfo::ReadV5AuthResponse() -+{ -+ NS_ABORT_IF_FALSE(mState == SOCKS5_READ_AUTH_RESPONSE, -+ "Handling SOCKS 5 auth method reply in wrong state!"); -+ NS_ABORT_IF_FALSE(mDataLength == 2, -+ "SOCKS 5 auth method reply must be 2 bytes!"); -+ -+ LOGDEBUG(("socks5: checking auth method reply")); -+ -+ // Check version number -+ if (ReadUint8() != 0x05) { -+ LOGERROR(("socks5: unexpected version in the reply")); -+ HandshakeFinished(PR_CONNECT_REFUSED_ERROR); -+ return PR_FAILURE; -+ } -+ -+ // Make sure our authentication choice was accepted -+ if (ReadUint8() != 0x00) { -+ LOGERROR(("socks5: server did not accept our authentication method")); -+ HandshakeFinished(PR_CONNECT_REFUSED_ERROR); -+ return PR_FAILURE; -+ } -+ -+ return WriteV5ConnectRequest(); -+} -+ -+PRStatus -+nsSOCKSSocketInfo::WriteV5ConnectRequest() -+{ -+ // Send SOCKS 5 connect request -+ PRNetAddr *addr = &mDestinationAddr; -+ PRInt32 proxy_resolve; -+ proxy_resolve = mFlags & nsISocketProvider::PROXY_RESOLVES_HOST; -+ -+ LOGDEBUG(("socks5: sending connection request (socks5 resolve? %s)", -+ proxy_resolve? "yes" : "no")); -+ -+ mDataLength = 0; -+ mState = SOCKS5_WRITE_CONNECT_REQUEST; -+ -+ WriteUint8(0x05); // version -- 5 -+ WriteUint8(0x01); // command -- connect -+ WriteUint8(0x00); // reserved -+ -+ // Add the address to the SOCKS 5 request. SOCKS 5 supports several -+ // address types, so we pick the one that works best for us. -+ if (proxy_resolve) { -+ // Add the host name. Only a single byte is used to store the length, -+ // so we must prevent long names from being used. -+ if (mDestinationHost.Length() > MAX_HOSTNAME_LEN) { -+ LOGERROR(("socks5: destination host name is too long!")); -+ HandshakeFinished(PR_BAD_ADDRESS_ERROR); -+ return PR_FAILURE; -+ } -+ WriteUint8(0x03); // addr type -- domainname -+ WriteUint8(mDestinationHost.Length()); // name length -+ WriteString(mDestinationHost); -+ } else if (PR_NetAddrFamily(addr) == PR_AF_INET) { -+ WriteUint8(0x01); // addr type -- IPv4 -+ WriteNetAddr(addr); -+ } else if (PR_NetAddrFamily(addr) == PR_AF_INET6) { -+ WriteUint8(0x04); // addr type -- IPv6 -+ WriteNetAddr(addr); -+ } else { -+ LOGERROR(("socks5: destination address of unknown type!")); -+ HandshakeFinished(PR_BAD_ADDRESS_ERROR); -+ return PR_FAILURE; -+ } -+ -+ WriteNetPort(addr); // port -+ -+ return PR_SUCCESS; -+} -+ -+PRStatus -+nsSOCKSSocketInfo::ReadV5AddrTypeAndLength(PRUint8 *type, PRUint32 *len) -+{ -+ NS_ABORT_IF_FALSE(mState == SOCKS5_READ_CONNECT_RESPONSE_TOP || -+ mState == SOCKS5_READ_CONNECT_RESPONSE_BOTTOM, -+ "Invalid state!"); -+ NS_ABORT_IF_FALSE(mDataLength >= 5, -+ "SOCKS 5 connection reply must be at least 5 bytes!"); -+ -+ // Seek to the address location -+ mReadOffset = 3; -+ -+ *type = ReadUint8(); -+ -+ switch (*type) { -+ case 0x01: // ipv4 -+ *len = 4 - 1; -+ break; -+ case 0x04: // ipv6 -+ *len = 16 - 1; -+ break; -+ case 0x03: // fqdn -+ *len = ReadUint8(); -+ break; -+ default: // wrong address type -+ LOGERROR(("socks5: wrong address type in connection reply!")); -+ return PR_FAILURE; -+ } -+ -+ return PR_SUCCESS; -+} -+ -+PRStatus -+nsSOCKSSocketInfo::ReadV5ConnectResponseTop() -+{ -+ PRUint8 res; -+ PRUint32 len; -+ -+ NS_ABORT_IF_FALSE(mState == SOCKS5_READ_CONNECT_RESPONSE_TOP, -+ "Invalid state!"); -+ NS_ABORT_IF_FALSE(mDataLength == 5, -+ "SOCKS 5 connection reply must be exactly 5 bytes!"); -+ -+ LOGDEBUG(("socks5: checking connection reply")); -+ -+ // Check version number -+ if (ReadUint8() != 0x05) { -+ LOGERROR(("socks5: unexpected version in the reply")); -+ HandshakeFinished(PR_CONNECT_REFUSED_ERROR); -+ return PR_FAILURE; -+ } -+ -+ // Check response -+ res = ReadUint8(); -+ if (res != 0x00) { -+ PRErrorCode c = PR_CONNECT_REFUSED_ERROR; -+ -+ switch (res) { -+ case 0x01: -+ LOGERROR(("socks5: connect failed: " -+ "01, General SOCKS server failure.")); -+ break; -+ case 0x02: -+ LOGERROR(("socks5: connect failed: " -+ "02, Connection not allowed by ruleset.")); -+ break; -+ case 0x03: -+ LOGERROR(("socks5: connect failed: 03, Network unreachable.")); -+ c = PR_NETWORK_UNREACHABLE_ERROR; -+ break; -+ case 0x04: -+ LOGERROR(("socks5: connect failed: 04, Host unreachable.")); -+ break; -+ case 0x05: -+ LOGERROR(("socks5: connect failed: 05, Connection refused.")); -+ break; -+ case 0x06: -+ LOGERROR(("socks5: connect failed: 06, TTL expired.")); -+ c = PR_CONNECT_TIMEOUT_ERROR; -+ break; -+ case 0x07: -+ LOGERROR(("socks5: connect failed: " -+ "07, Command not supported.")); -+ break; -+ case 0x08: -+ LOGERROR(("socks5: connect failed: " -+ "08, Address type not supported.")); -+ c = PR_BAD_ADDRESS_ERROR; -+ break; -+ default: -+ LOGERROR(("socks5: connect failed.")); -+ break; -+ } -+ -+ HandshakeFinished(c); -+ return PR_FAILURE; -+ } -+ -+ if (ReadV5AddrTypeAndLength(&res, &len) != PR_SUCCESS) { -+ HandshakeFinished(PR_BAD_ADDRESS_ERROR); -+ return PR_FAILURE; -+ } -+ -+ mState = SOCKS5_READ_CONNECT_RESPONSE_BOTTOM; -+ WantRead(len + 2); -+ -+ return PR_SUCCESS; -+} -+ -+PRStatus -+nsSOCKSSocketInfo::ReadV5ConnectResponseBottom() -+{ -+ PRUint8 type; -+ PRUint32 len; -+ -+ NS_ABORT_IF_FALSE(mState == SOCKS5_READ_CONNECT_RESPONSE_BOTTOM, -+ "Invalid state!"); -+ -+ if (ReadV5AddrTypeAndLength(&type, &len) != PR_SUCCESS) { -+ HandshakeFinished(PR_BAD_ADDRESS_ERROR); -+ return PR_FAILURE; -+ } -+ -+ NS_ABORT_IF_FALSE(mDataLength == 7+len, -+ "SOCKS 5 unexpected length of connection reply!"); -+ -+ LOGDEBUG(("socks5: loading source addr and port")); -+ // Read what the proxy says is our source address -+ switch (type) { -+ case 0x01: // ipv4 -+ ReadNetAddr(&mExternalProxyAddr, PR_AF_INET); -+ break; -+ case 0x04: // ipv6 -+ ReadNetAddr(&mExternalProxyAddr, PR_AF_INET6); -+ break; -+ case 0x03: // fqdn (skip) -+ mReadOffset += len; -+ mExternalProxyAddr.raw.family = PR_AF_INET; -+ break; -+ } -+ -+ ReadNetPort(&mExternalProxyAddr); -+ -+ LOGDEBUG(("socks5: connected!")); -+ HandshakeFinished(); -+ -+ return PR_SUCCESS; -+} -+ -+void -+nsSOCKSSocketInfo::SetConnectTimeout(PRIntervalTime to) -+{ -+ mTimeout = to; -+} -+ -+PRStatus -+nsSOCKSSocketInfo::DoHandshake(PRFileDesc *fd, PRInt16 oflags) -+{ -+ LOGDEBUG(("socks: DoHandshake(), state = %d", mState)); -+ -+ switch (mState) { -+ case SOCKS_INITIAL: -+ return ConnectToProxy(fd); -+ case SOCKS_CONNECTING_TO_PROXY: -+ return ContinueConnectingToProxy(fd, oflags); -+ case SOCKS4_WRITE_CONNECT_REQUEST: -+ if (WriteToSocket(fd) != PR_SUCCESS) -+ return PR_FAILURE; -+ WantRead(8); -+ mState = SOCKS4_READ_CONNECT_RESPONSE; -+ return PR_SUCCESS; -+ case SOCKS4_READ_CONNECT_RESPONSE: -+ if (ReadFromSocket(fd) != PR_SUCCESS) -+ return PR_FAILURE; -+ return ReadV4ConnectResponse(); -+ -+ case SOCKS5_WRITE_AUTH_REQUEST: -+ if (WriteToSocket(fd) != PR_SUCCESS) -+ return PR_FAILURE; -+ WantRead(2); -+ mState = SOCKS5_READ_AUTH_RESPONSE; -+ return PR_SUCCESS; -+ case SOCKS5_READ_AUTH_RESPONSE: -+ if (ReadFromSocket(fd) != PR_SUCCESS) -+ return PR_FAILURE; -+ return ReadV5AuthResponse(); -+ case SOCKS5_WRITE_CONNECT_REQUEST: -+ if (WriteToSocket(fd) != PR_SUCCESS) -+ return PR_FAILURE; -+ -+ // The SOCKS 5 response to the connection request is variable -+ // length. First, we'll read enough to tell how long the response -+ // is, and will read the rest later. -+ WantRead(5); -+ mState = SOCKS5_READ_CONNECT_RESPONSE_TOP; -+ return PR_SUCCESS; -+ case SOCKS5_READ_CONNECT_RESPONSE_TOP: -+ if (ReadFromSocket(fd) != PR_SUCCESS) -+ return PR_FAILURE; -+ return ReadV5ConnectResponseTop(); -+ case SOCKS5_READ_CONNECT_RESPONSE_BOTTOM: -+ if (ReadFromSocket(fd) != PR_SUCCESS) -+ return PR_FAILURE; -+ return ReadV5ConnectResponseBottom(); -+ -+ case SOCKS_CONNECTED: -+ LOGERROR(("socks: already connected")); -+ HandshakeFinished(PR_IS_CONNECTED_ERROR); -+ return PR_FAILURE; -+ case SOCKS_FAILED: -+ LOGERROR(("socks: already failed")); -+ return PR_FAILURE; -+ } -+ -+ LOGERROR(("socks: executing handshake in invalid state, %d", mState)); -+ HandshakeFinished(PR_INVALID_STATE_ERROR); -+ -+ return PR_FAILURE; -+} -+ -+PRInt16 -+nsSOCKSSocketInfo::GetPollFlags() const -+{ -+ switch (mState) { -+ case SOCKS_CONNECTING_TO_PROXY: -+ return PR_POLL_EXCEPT | PR_POLL_WRITE; -+ case SOCKS4_WRITE_CONNECT_REQUEST: -+ case SOCKS5_WRITE_AUTH_REQUEST: -+ case SOCKS5_WRITE_CONNECT_REQUEST: -+ return PR_POLL_WRITE; -+ case SOCKS4_READ_CONNECT_RESPONSE: -+ case SOCKS5_READ_AUTH_RESPONSE: -+ case SOCKS5_READ_CONNECT_RESPONSE_TOP: -+ case SOCKS5_READ_CONNECT_RESPONSE_BOTTOM: -+ return PR_POLL_READ; -+ default: -+ break; -+ } -+ -+ return 0; -+} -+ -+inline void -+nsSOCKSSocketInfo::WriteUint8(PRUint8 v) -+{ -+ NS_ABORT_IF_FALSE(mDataLength + sizeof(v) <= BUFFER_SIZE, -+ "Can't write that much data!"); -+ mData[mDataLength] = v; -+ mDataLength += sizeof(v); -+} -+ -+inline void -+nsSOCKSSocketInfo::WriteUint16(PRUint16 v) -+{ -+ NS_ABORT_IF_FALSE(mDataLength + sizeof(v) <= BUFFER_SIZE, -+ "Can't write that much data!"); -+ memcpy(mData + mDataLength, &v, sizeof(v)); -+ mDataLength += sizeof(v); -+} -+ -+inline void -+nsSOCKSSocketInfo::WriteUint32(PRUint32 v) -+{ -+ NS_ABORT_IF_FALSE(mDataLength + sizeof(v) <= BUFFER_SIZE, -+ "Can't write that much data!"); -+ memcpy(mData + mDataLength, &v, sizeof(v)); -+ mDataLength += sizeof(v); -+} -+ -+void -+nsSOCKSSocketInfo::WriteNetAddr(const PRNetAddr *addr) -+{ -+ const char *ip = NULL; -+ PRUint32 len = 0; -+ -+ if (PR_NetAddrFamily(addr) == PR_AF_INET) { -+ ip = (const char*)&addr->inet.ip; -+ len = sizeof(addr->inet.ip); -+ } else if (PR_NetAddrFamily(addr) == PR_AF_INET6) { -+ ip = (const char*)addr->ipv6.ip.pr_s6_addr; -+ len = sizeof(addr->ipv6.ip.pr_s6_addr); -+ } -+ -+ NS_ABORT_IF_FALSE(ip != NULL, "Unknown address"); -+ NS_ABORT_IF_FALSE(mDataLength + len <= BUFFER_SIZE, -+ "Can't write that much data!"); -+ -+ memcpy(mData + mDataLength, ip, len); -+ mDataLength += len; -+} -+ -+void -+nsSOCKSSocketInfo::WriteNetPort(const PRNetAddr *addr) -+{ -+ WriteUint16(PR_NetAddrInetPort(addr)); -+} -+ -+void -+nsSOCKSSocketInfo::WriteString(const nsACString &str) -+{ -+ NS_ABORT_IF_FALSE(mDataLength + str.Length() <= BUFFER_SIZE, -+ "Can't write that much data!"); -+ memcpy(mData + mDataLength, str.Data(), str.Length()); -+ mDataLength += str.Length(); -+} -+ -+inline PRUint8 -+nsSOCKSSocketInfo::ReadUint8() -+{ -+ PRUint8 rv; -+ NS_ABORT_IF_FALSE(mReadOffset + sizeof(rv) <= mDataLength, -+ "Not enough space to pop a uint8!"); -+ rv = mData[mReadOffset]; -+ mReadOffset += sizeof(rv); -+ return rv; -+} -+ -+inline PRUint16 -+nsSOCKSSocketInfo::ReadUint16() -+{ -+ PRUint16 rv; -+ NS_ABORT_IF_FALSE(mReadOffset + sizeof(rv) <= mDataLength, -+ "Not enough space to pop a uint16!"); -+ memcpy(&rv, mData + mReadOffset, sizeof(rv)); -+ mReadOffset += sizeof(rv); -+ return rv; -+} -+ -+inline PRUint32 -+nsSOCKSSocketInfo::ReadUint32() -+{ -+ PRUint32 rv; -+ NS_ABORT_IF_FALSE(mReadOffset + sizeof(rv) <= mDataLength, -+ "Not enough space to pop a uint32!"); -+ memcpy(&rv, mData + mReadOffset, sizeof(rv)); -+ mReadOffset += sizeof(rv); -+ return rv; -+} -+ -+void -+nsSOCKSSocketInfo::ReadNetAddr(PRNetAddr *addr, PRUint16 fam) -+{ -+ PRUint32 amt; -+ const PRUint8 *ip = mData + mReadOffset; -+ -+ addr->raw.family = fam; -+ if (fam == PR_AF_INET) { -+ amt = sizeof(addr->inet.ip); -+ NS_ABORT_IF_FALSE(mReadOffset + amt <= mDataLength, -+ "Not enough space to pop an ipv4 addr!"); -+ memcpy(&addr->inet.ip, ip, amt); -+ } else if (fam == PR_AF_INET6) { -+ amt = sizeof(addr->ipv6.ip.pr_s6_addr); -+ NS_ABORT_IF_FALSE(mReadOffset + amt <= mDataLength, -+ "Not enough space to pop an ipv6 addr!"); -+ memcpy(addr->ipv6.ip.pr_s6_addr, ip, amt); -+ } -+ -+ mReadOffset += amt; -+} -+ -+void -+nsSOCKSSocketInfo::ReadNetPort(PRNetAddr *addr) -+{ -+ addr->inet.port = ReadUint16(); -+} -+ -+void -+nsSOCKSSocketInfo::WantRead(PRUint32 sz) -+{ -+ NS_ABORT_IF_FALSE(mDataIoPtr == NULL, -+ "WantRead() called while I/O already in progress!"); -+ NS_ABORT_IF_FALSE(mDataLength + sz <= BUFFER_SIZE, -+ "Can't read that much data!"); -+ mAmountToRead = sz; -+} -+ -+PRStatus -+nsSOCKSSocketInfo::ReadFromSocket(PRFileDesc *fd) -+{ -+ PRInt32 rc; -+ const PRUint8 *end; -+ -+ if (!mAmountToRead) { -+ LOGDEBUG(("socks: ReadFromSocket(), nothing to do")); -+ return PR_SUCCESS; -+ } -+ -+ if (!mDataIoPtr) { -+ mDataIoPtr = mData + mDataLength; -+ mDataLength += mAmountToRead; -+ } -+ -+ end = mData + mDataLength; -+ -+ while (mDataIoPtr < end) { -+ rc = PR_Read(fd, mDataIoPtr, end - mDataIoPtr); -+ if (rc <= 0) { -+ if (rc == 0) { -+ LOGERROR(("socks: proxy server closed connection")); -+ HandshakeFinished(PR_CONNECT_REFUSED_ERROR); -+ return PR_FAILURE; -+ } else if (PR_GetError() == PR_WOULD_BLOCK_ERROR) { -+ LOGDEBUG(("socks: ReadFromSocket(), want read")); -+ } -+ break; -+ } -+ -+ mDataIoPtr += rc; -+ } -+ -+ LOGDEBUG(("socks: ReadFromSocket(), have %u bytes total", -+ unsigned(mDataIoPtr - mData))); -+ if (mDataIoPtr == end) { -+ mDataIoPtr = nsnull; -+ mAmountToRead = 0; -+ mReadOffset = 0; -+ return PR_SUCCESS; -+ } -+ -+ return PR_FAILURE; -+} -+ -+PRStatus -+nsSOCKSSocketInfo::WriteToSocket(PRFileDesc *fd) -+{ -+ PRInt32 rc; -+ const PRUint8 *end; -+ -+ if (!mDataLength) { -+ LOGDEBUG(("socks: WriteToSocket(), nothing to do")); -+ return PR_SUCCESS; -+ } -+ -+ if (!mDataIoPtr) -+ mDataIoPtr = mData; -+ -+ end = mData + mDataLength; -+ -+ while (mDataIoPtr < end) { -+ rc = PR_Write(fd, mDataIoPtr, end - mDataIoPtr); -+ if (rc < 0) { -+ if (PR_GetError() == PR_WOULD_BLOCK_ERROR) { -+ LOGDEBUG(("socks: WriteToSocket(), want write")); -+ } -+ break; -+ } -+ -+ mDataIoPtr += rc; -+ } -+ -+ if (mDataIoPtr == end) { -+ mDataIoPtr = nsnull; -+ mDataLength = 0; -+ mReadOffset = 0; -+ return PR_SUCCESS; -+ } -+ -+ return PR_FAILURE; -+} - - static PRStatus --nsSOCKSIOLayerConnect(PRFileDesc *fd, const PRNetAddr *addr, PRIntervalTime /*timeout*/) -+nsSOCKSIOLayerConnect(PRFileDesc *fd, const PRNetAddr *addr, PRIntervalTime to) - { -+ PRStatus status; -+ PRNetAddr dst; - -+ nsSOCKSSocketInfo * info = (nsSOCKSSocketInfo*) fd->secret; -+ if (info == NULL) return PR_FAILURE; -+ -+ if (PR_NetAddrFamily(addr) == PR_AF_INET6 && -+ PR_IsNetAddrType(addr, PR_IpAddrV4Mapped)) { -+ const PRUint8 *srcp; -+ -+ LOGDEBUG(("socks: converting ipv4-mapped ipv6 address to ipv4")); -+ -+ // copied from _PR_ConvertToIpv4NetAddr() -+ PR_InitializeNetAddr(PR_IpAddrAny, 0, &dst); -+ srcp = addr->ipv6.ip.pr_s6_addr; -+ memcpy(&dst.inet.ip, srcp + 12, 4); -+ dst.inet.family = PR_AF_INET; -+ dst.inet.port = addr->ipv6.port; -+ } else { -+ memcpy(&dst, addr, sizeof(dst)); -+ } -+ -+ info->SetDestinationAddr(&dst); -+ info->SetConnectTimeout(to); -+ -+ do { -+ status = info->DoHandshake(fd, -1); -+ } while (status == PR_SUCCESS && !info->IsConnected()); -+ -+ return status; -+} -+ -+static PRStatus -+nsSOCKSIOLayerConnectContinue(PRFileDesc *fd, PRInt16 oflags) -+{ - PRStatus status; - - nsSOCKSSocketInfo * info = (nsSOCKSSocketInfo*) fd->secret; - if (info == NULL) return PR_FAILURE; - -- // First, we need to look up our proxy... -- const nsCString &proxyHost = info->ProxyHost(); -+ do { -+ status = info->DoHandshake(fd, oflags); -+ } while (status == PR_SUCCESS && !info->IsConnected()); - -- if (proxyHost.IsEmpty()) -- return PR_FAILURE; -+ return status; -+} - -- PRInt32 socksVersion = info->Version(); -+static PRInt16 -+nsSOCKSIOLayerPoll(PRFileDesc *fd, PRInt16 in_flags, PRInt16 *out_flags) -+{ -+ nsSOCKSSocketInfo * info = (nsSOCKSSocketInfo*) fd->secret; -+ if (info == NULL) return PR_FAILURE; - -- LOGDEBUG(("nsSOCKSIOLayerConnect SOCKS %u; proxyHost: %s.", socksVersion, proxyHost.get())); -- -- // Sync resolve the proxy hostname. -- PRNetAddr proxyAddr; -- nsCOMPtr<nsIDNSRecord> rec; -- nsresult rv; -- { -- nsCOMPtr<nsIDNSService> dns = do_GetService(NS_DNSSERVICE_CONTRACTID); -- if (!dns) -- return PR_FAILURE; -- -- rv = dns->Resolve(proxyHost, 0, getter_AddRefs(rec)); -- if (NS_FAILED(rv)) -- return PR_FAILURE; -+ if (!info->IsConnected()) { -+ *out_flags = 0; -+ return info->GetPollFlags(); - } - -- info->SetInternalProxyAddr(&proxyAddr); -- -- // For now, we'll do this as a blocking connect, -- // but with nspr 4.1, the necessary functions to -- // do a non-blocking connect will be available -- -- // Preserve the non-blocking state of the socket -- PRBool nonblocking; -- PRSocketOptionData sockopt; -- sockopt.option = PR_SockOpt_Nonblocking; -- status = PR_GetSocketOption(fd, &sockopt); -- -- if (PR_SUCCESS != status) { -- LOGERROR(("PR_GetSocketOption() failed. status = %x.", status)); -- return status; -- } -- -- // Store blocking option -- nonblocking = sockopt.value.non_blocking; -- -- sockopt.option = PR_SockOpt_Nonblocking; -- sockopt.value.non_blocking = PR_FALSE; -- status = PR_SetSocketOption(fd, &sockopt); -- -- if (PR_SUCCESS != status) { -- LOGERROR(("PR_SetSocketOption() failed. status = %x.", status)); -- return status; -- } -- -- // Now setup sockopts, so we can restore the value later. -- sockopt.option = PR_SockOpt_Nonblocking; -- sockopt.value.non_blocking = nonblocking; -- -- // This connectWait should be long enough to connect to local proxy -- // servers, but not much longer. Since this protocol negotiation -- // uses blocking network calls, the app can appear to hang for a maximum -- // of this time if the user presses the STOP button during the SOCKS -- // connection negotiation. Note that this value only applies to the -- // connecting to the SOCKS server: once the SOCKS connection has been -- // established, the value is not used anywhere else. -- PRIntervalTime connectWait = PR_SecondsToInterval(10); -- -- // Connect to the proxy server. -- PRInt32 addresses = 0; -- do { -- rv = rec->GetNextAddr(info->ProxyPort(), &proxyAddr); -- if (NS_FAILED(rv)) { -- status = PR_FAILURE; -- break; -- } -- ++addresses; -- status = fd->lower->methods->connect(fd->lower, &proxyAddr, connectWait); -- } while (PR_SUCCESS != status); -- -- if (PR_SUCCESS != status) { -- LOGERROR(("Failed to TCP connect to the proxy server (%s): timeout = %d, status = %x, tried %d addresses.", proxyHost.get(), connectWait, status, addresses)); -- PR_SetSocketOption(fd, &sockopt); -- return status; -- } -- -- -- // We are now connected to the SOCKS proxy server. -- // Now we will negotiate a connection to the desired server. -- -- // External IP address returned from ConnectSOCKS5(). Not supported in SOCKS4. -- PRNetAddr extAddr; -- PR_InitializeNetAddr(PR_IpAddrNull, 0, &extAddr); -- -- NS_ASSERTION((socksVersion == 4) || (socksVersion == 5), "SOCKS Version must be selected"); -- -- // Try to connect via SOCKS 5. -- if (socksVersion == 5) { -- rv = ConnectSOCKS5(fd, addr, &extAddr, connectWait); -- -- if (NS_FAILED(rv)) { -- PR_SetSocketOption(fd, &sockopt); -- return PR_FAILURE; -- } -- -- } -- -- // Try to connect via SOCKS 4. -- else { -- rv = ConnectSOCKS4(fd, addr, connectWait); -- -- if (NS_FAILED(rv)) { -- PR_SetSocketOption(fd, &sockopt); -- return PR_FAILURE; -- } -- -- } -- -- -- info->SetDestinationAddr((PRNetAddr*)addr); -- info->SetExternalProxyAddr(&extAddr); -- -- // restore non-blocking option -- PR_SetSocketOption(fd, &sockopt); -- -- // we're set-up and connected. -- // this socket can be used as normal now. -- -- return PR_SUCCESS; -+ return fd->lower->methods->poll(fd->lower, in_flags, out_flags); - } - - static PRStatus - nsSOCKSIOLayerClose(PRFileDesc *fd) - { - nsSOCKSSocketInfo * info = (nsSOCKSSocketInfo*) fd->secret; - PRDescIdentity id = PR_GetLayersIdentity(fd); - -@@ -880,16 +1115,18 @@ nsSOCKSIOLayerAddToSocket(PRInt32 family - - - if (firstTime) - { - nsSOCKSIOLayerIdentity = PR_GetUniqueIdentity("SOCKS layer"); - nsSOCKSIOLayerMethods = *PR_GetDefaultIOMethods(); - - nsSOCKSIOLayerMethods.connect = nsSOCKSIOLayerConnect; -+ nsSOCKSIOLayerMethods.connectcontinue = nsSOCKSIOLayerConnectContinue; -+ nsSOCKSIOLayerMethods.poll = nsSOCKSIOLayerPoll; - nsSOCKSIOLayerMethods.bind = nsSOCKSIOLayerBind; - nsSOCKSIOLayerMethods.acceptread = nsSOCKSIOLayerAcceptRead; - nsSOCKSIOLayerMethods.getsockname = nsSOCKSIOLayerGetName; - nsSOCKSIOLayerMethods.getpeername = nsSOCKSIOLayerGetPeerName; - nsSOCKSIOLayerMethods.accept = nsSOCKSIOLayerAccept; - nsSOCKSIOLayerMethods.listen = nsSOCKSIOLayerListen; - nsSOCKSIOLayerMethods.close = nsSOCKSIOLayerClose; -

1 0

[torbrowser/master] update firefox build target so that it really builds things automatically
by erinn＠torproject.org 23 Oct '11

23 Oct '11

commit c2da9ee4f34b7339395ec7ace064c1880af68049 Author: Erinn Clark <erinn(a)torproject.org> Date: Wed Jun 15 21:55:24 2011 -0300 update firefox build target so that it really builds things automatically --- build-scripts/osx.mk | 7 ++++++- 1 files changed, 6 insertions(+), 1 deletions(-) diff --git a/build-scripts/osx.mk b/build-scripts/osx.mk index 12d790c..1fa698f 100644 --- a/build-scripts/osx.mk +++ b/build-scripts/osx.mk @@ -101,8 +101,13 @@ build-tor: cd $(TOR_DIR) && make cd $(TOR_DIR) && make install +FIREFOX_DIR=$(FETCH_DIR)/mozilla-2.0 build-firefox: - echo "We're using a prebuilt firefox. Fix this someday!" + cp ../src/current-patches/*firefox* $(FIREFOX_DIR) + cp patch-firefox-src.sh $(FIREFOX_DIR) + cp $(CONFIG_SRC)/mozconfig-osx-$(ARCH_TYPE) $(FIREFOX_DIR)/mozconfig + cd $(FIREFOX_DIR) && ./patch-firefox-src.sh + cd $(FIREFOX_DIR) && make -f client.mk build build-all-binaries: build-zlib build-openssl build-vidalia build-libevent build-tor echo "If we're here, we've done something right."

1 0

[torbrowser/master] bump versions: tbb osx to 2.2.24-1-alpha, tor to 0.2.2.24-alpha, vidalia to 0.2.12, and noscript to 2.1.0.1
by erinn＠torproject.org 23 Oct '11

23 Oct '11

commit b798f34bc132afbf9380272e210cefe5317c8bcc Author: Erinn Clark <erinn(a)torproject.org> Date: Mon Apr 11 14:43:26 2011 +0200 bump versions: tbb osx to 2.2.24-1-alpha, tor to 0.2.2.24-alpha, vidalia to 0.2.12, and noscript to 2.1.0.1 --- build-scripts/osx.mk | 2 +- build-scripts/versions.mk | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/build-scripts/osx.mk b/build-scripts/osx.mk index 2b2de3f..dc86ae5 100644 --- a/build-scripts/osx.mk +++ b/build-scripts/osx.mk @@ -144,7 +144,7 @@ NAME=TorBrowser DISTDIR=tbbosx-alpha-dist ## Version and name of the compressed bundle (also used for source) -VERSION=2.2.23-2-alpha +VERSION=2.2.24-1-alpha DEFAULT_COMPRESSED_BASENAME=TorBrowser-$(VERSION)-osx-$(ARCH_TYPE)- IM_COMPRESSED_BASENAME=TorBrowser-IM-$(VERSION)- DEFAULT_COMPRESSED_NAME=$(DEFAULT_COMPRESSED_BASENAME) diff --git a/build-scripts/versions.mk b/build-scripts/versions.mk index 539bc55..016df29 100644 --- a/build-scripts/versions.mk +++ b/build-scripts/versions.mk @@ -4,14 +4,14 @@ HTTPSEVERY_VER=0.9.9.development.4 FIREFOX_VER=4.0 LIBEVENT_VER=2.0.10-stable LIBPNG_VER=1.4.3 -NOSCRIPT_VER=2.0.9.9 +NOSCRIPT_VER=2.1.0.1 OPENSSL_VER=1.0.0d OTR_VER=3.2.0 PIDGIN_VER=2.6.4 QT_VER=4.6.2 -TOR_VER=0.2.2.23-alpha +TOR_VER=0.2.2.24-alpha TORBUTTON_VER=1.3.2-alpha -VIDALIA_VER=0.2.10 +VIDALIA_VER=0.2.12 ZLIB_VER=1.2.5 ## Extension IDs

1 0

[torbrowser/master] Merge branches 'windows-maint-2.2' and 'maint-2.2' into maint-2.2
by erinn＠torproject.org 23 Oct '11

23 Oct '11

commit 047c5a299f04084c041cc211d537c60e9f06d883 Author: Erinn Clark <erinn(a)torproject.org> Date: Fri Apr 22 16:55:29 2011 +0300 Merge branches 'windows-maint-2.2' and 'maint-2.2' into maint-2.2

1 0

[torbrowser/master] update the windows makefile with lots of new build commands and paths so that everything can be built automatically
by erinn＠torproject.org 23 Oct '11

23 Oct '11

commit 16eb02c879192601f20307128f34186917c21a97 Author: Erinn Clark <erinn(a)torproject.org> Date: Fri Apr 22 13:45:41 2011 +0000 update the windows makefile with lots of new build commands and paths so that everything can be built automatically --- build-scripts/windows.mk | 131 +++++++++++++++++++++++++------------------- src/RelativeLink/Makefile | 1 + 2 files changed, 75 insertions(+), 57 deletions(-) diff --git a/build-scripts/windows.mk b/build-scripts/windows.mk index 533d1ee..74e06f0 100644 --- a/build-scripts/windows.mk +++ b/build-scripts/windows.mk @@ -55,7 +55,7 @@ WINRAR="/c/Program Files/WinRAR/WinRAR.exe" ## Location of directory for source unpacking -FETCH_DIR=$(PWD)/build-alpha-$(ARCH_TYPE) +FETCH_DIR=$(PWD)/build-alpha-windows ## Location of directory for prefix/destdir/compiles/etc BUILT_DIR=$(FETCH_DIR)/built TBB_FINAL=$(BUILT_DIR)/tbbwin-alpha-dist @@ -65,15 +65,14 @@ source-dance: fetch-source unpack-source ZLIB_DIR=$(FETCH_DIR)/zlib-$(ZLIB_VER) ZLIB_OPTS=--prefix=$(BUILT_DIR) -ZLIB_LDFLAGS=-Wl,--nxcompat -Wl,--dynamicbase +ZLIB_LDFLAGS="-Wl,--nxcompat -Wl,--dynamicbase" build-zlib: - cd $(ZLIB_DIR) && CFLAGS=$(ZLIB_LDFLAGS) ./configure $(ZLIB_OPTS) + cd $(ZLIB_DIR) && LDFLAGS=$(ZLIB_LDFLAGS) ./configure $(ZLIB_OPTS) cd $(ZLIB_DIR) && make cd $(ZLIB_DIR) && make install OPENSSL_DIR=$(FETCH_DIR)/openssl-$(OPENSSL_VER) -OPENSSL_OPTS=-no-idea -no-rc5 -no-md2 shared zlib --prefix=$(BUILT_DIR) --openssldir=$(BUILT_DIR) -L$(BUILT_DIR)/lib \ - -Wl,--nxcompat -Wl,dynamicbase -I$(BUILT_DIR)/include +OPENSSL_OPTS=-no-idea -no-rc5 -no-md2 shared zlib --prefix=$(BUILT_DIR) --openssldir=$(BUILT_DIR) -L$(BUILT_DIR)/lib -Wl,--nxcompat -Wl,--dynamicbase -I$(BUILT_DIR)/include build-openssl: cd $(OPENSSL_DIR) && ./config $(OPENSSL_OPTS) cd $(OPENSSL_DIR) && make depend @@ -81,24 +80,31 @@ build-openssl: cd $(OPENSSL_DIR) && make install VIDALIA_DIR=$(FETCH_DIR)/vidalia-$(VIDALIA_VER) -VIDALIA_OPTS=-DWIN2K=1 -DCMAKE_BUILD_TYPE=minsizerel -DMINGW_BINARY_DIR=$(MING) -DOPENSSL_BINARY_DIR=$(OPENSSL) -DWIX_BINARY_DIR=$(WIX) +VIDALIA_OPTS=-DCMAKE_EXE_LINKER_FLAGS="-static-libstdc++" -DWIN2K=1 -DQT_MAKE_EXECUTABLE=/c/Qt/$(QT_VER)/bin/qmake -DCMAKE_BUILD_TYPE=minsizerel -DMINGW_BINARY_DIR=$(MING) -DOPENSSL_BINARY_DIR=$(OPENSSL) -DWIX_BINARY_DIR=$(WIX_LIB) build-vidalia: -mkdir $(VIDALIA_DIR)/build - cd $(VIDALIA_DIR)/build && cmake -G "MinGW Makefiles" $(VIDALIA_OPTS) .. + cd $(VIDALIA_DIR)/build && cmake -G "MSYS Makefiles" $(VIDALIA_OPTS) .. + cd $(VIDALIA_DIR)/build && make LIBEVENT_DIR=$(FETCH_DIR)/libevent-$(LIBEVENT_VER) LIBEVENT_CFLAGS="-O -g" +LIBEVENT_LDFLAGS="-Wl,--nxcompat -Wl,--dynamicbase" LIBEVENT_OPTS=--prefix=$(BUILT_DIR) --enable-static --disable-shared --disable-dependency-tracking build-libevent: - cd $(LIBEVENT_DIR) && CFLAGS=$(LIBEVENT_CFLAGS) ./configure $(LIBEVENT_OPTS) + cd $(LIBEVENT_DIR) && CFLAGS=$(LIBEVENT_CFLAGS) LDFLAGS=$(LIBEVENT_LDFLAGS) ./configure $(LIBEVENT_OPTS) cd $(LIBEVENT_DIR) && make -j2 - cd $(LIBEVENT_DIR) && sudo make install + cd $(LIBEVENT_DIR) && make install + +POLIPO_DIR=$(FETCH_DIR)/polipo-$(POLIPO_VER) +POLIPO_MAKEFILE=$(CONFIG_SRC)/polipo-Makefile +POLIPO_LDFLAGS="-Wl,--nxcompat -Wl,--dynamicbase" +build-polipo: + cd $(POLIPO_DIR) && LDFLAGS=$(POLIPO_LDFLAGS) make && PREFIX=$(FETCH_DIR)/built/ make install.binary TOR_DIR=$(FETCH_DIR)/tor-$(TOR_VER) -TOR_CFLAGS="-O -g -arch $(ARCH_TYPE) -I$(BUILT_DIR)/include" +TOR_CFLAGS="-O -g -I$(BUILT_DIR)/include" TOR_LDFLAGS="-L$(BUILT_DIR)/lib" -TOR_OPTS=--enable-static-openssl --enable-static-libevent --with-openssl-dir=$(OPENSSL) --with-libevent-dir=$(BUILT_DIR)/lib \ - --prefix=$(BUILT_DIR) --disable-dependency-tracking +TOR_OPTS=--enable-static-libevent --with-libevent-dir=$(BUILT_DIR)/lib --prefix=$(BUILT_DIR) build-tor: cd $(TOR_DIR) && CFLAGS=$(TOR_CFLAGS) LDFLAGS=$(TOR_LDFLAGS) ./configure $(TOR_OPTS) cd $(TOR_DIR) && make @@ -121,8 +127,6 @@ OPENSSL=$(COMPILED_LIBS) ZLIB=$(COMPILED_LIBS) LIBEVENT=$(COMPILED_LIBS) -## Location of utility applications -WGET:=$(shell which wget) ## Size of split archive volumes for WinRAR SPLITSIZE=1440k @@ -131,10 +135,10 @@ SPLITSIZE=1440k CONFIG_SRC=config ## Destination for the generic bundle -DEST=generic-bundle +DEST="Generic Bundle" ## Name of the bundle -NAME=TorBrowser +NAME="Tor Browser" ## Where shall we put the finished files for distribution? DISTDIR=tbbwin-alpha-dist @@ -153,7 +157,7 @@ COMPRESSED_NAME=$(DEFAULT_COMPRESSED_NAME) endif ## Extensions to install by default -DEFAULT_EXTENSIONS=torbutton.xpi +DEFAULT_EXTENSIONS=torbutton-alpha.xpi ## Where to download Torbutton from TORBUTTON=https://www.torproject.org/torbutton/releases/torbutton-$(TORBUTT… @@ -226,7 +230,7 @@ reallyclean: clean virus-scan: $(VIRUSSCAN) $(VIDALIA)/build/src/vidalia/vidalia.exe - $(VIRUSSCAN) $(POLIPO)/polipo.exe + $(VIRUSSCAN) $(COMPILED_BINS)/polipo.exe $(VIRUSSCAN) $(TOR)/src/or/tor.exe $(VIRUSSCAN) $(TOR)/src/tools/tor-resolve.exe @@ -257,11 +261,11 @@ directory-structure: install-binaries: cp $(MING)/mingwm10.dll $(APPDIR) cp $(MING)/libgnurx-0.dll $(APPDIR) - cp $(QT)/QtCore4.dll $(QT)/QtGui4.dll $(QT)/QtNetwork4.dll $(QT)/QtXml4.dll $(QT)/libgcc_s_dw2-1.dll $(APPDIR) - cp $(OPENSSL)/ssleay32.dll $(APPDIR) - cp $(OPENSSL)/libeay32.dll $(APPDIR) + cp $(QT_LIB)/QtCore4.dll $(QT_LIB)/QtGui4.dll $(QT_LIB)/QtNetwork4.dll $(QT_LIB)/QtXml4.dll $(QT_LIB)/libgcc_s_dw2-1.dll $(APPDIR) + cp $(OPENSSL_LIB)/ssleay32.dll $(APPDIR) + cp $(OPENSSL_LIB)/libeay32.dll $(APPDIR) cp $(VIDALIA)/build/src/vidalia/vidalia.exe $(APPDIR) - cp $(POLIPO)/polipo.exe $(APPDIR) + cp $(COMPILED_BINS)/polipo.exe $(APPDIR) cp $(TOR)/src/or/tor.exe $(TOR)/src/tools/tor-resolve.exe $(APPDIR) ## Fixup @@ -273,40 +277,30 @@ install-docs: mkdir -p $(DOCSDIR)/MinGW mkdir -p $(DOCSDIR)/Polipo cp $(VIDALIA)/LICENSE* $(VIDALIA)/CREDITS $(DOCSDIR)/Vidalia - cp $(TOR)/LICENSE $(TOR)/AUTHORS $(TOR)/README $(DOCSDIR)/Tor - cp $(QT)/../LICENSE.GPL* $(QT)/../LICENSE.LGPL $(DOCSDIR)/Qt - cp $(MING)/../COPYING $(DOCSDIR)/MinGW + cp $(TOR)/LICENSE $(TOR)/README $(DOCSDIR)/Tor + cp $(QT_LIB)/../LICENSE.GPL* $(QT_LIB)/../LICENSE.LGPL $(DOCSDIR)/Qt + cp $(MING)/../msys/1.0/share/doc/MSYS/COPYING $(DOCSDIR)/MinGW cp $(POLIPO)/COPYING $(POLIPO)/README.Windows $(DOCSDIR)/Polipo - cp ../changelog.windows-2.2 $(DOCSDIR)/changelog - cp ../README.WINDOWS-2.2 $(DOCSDIR)/README-TorBrowserBundle - -## Copy over Firefox -install-firefox: - cp -R $(FIREFOX) $(DEST)/FirefoxPortable + cp ../changelog.win-2.2 $(DOCSDIR)/changelog + cp ../README.WIN-2.2 $(DOCSDIR)/README-TorBrowserBundle -## Configure Firefox, Vidalia, Polipo and Tor -configure-apps: - ## Configure Firefox preferences - #mkdir -p $(DEST)/.mozilla/Firefox/firefox.default - cp -R $(CONFIG_SRC)/firefox-profiles.ini $(DEST)/Contents/MacOS/Firefox.app/Contents/MacOS/Data/profiles.ini - cp $(CONFIG_SRC)/bookmarks.html $(DEST)/Contents/MacOS/Firefox.app/Contents/MacOS/Data/profile - cp $(CONFIG_SRC)/no-polipo-4.0.js $(DEST)/Contents/MacOS/Firefox.app/Contents/MacOS/Data/profile/prefs.js - cp $(CONFIG_SRC)/Info.plist $(DEST)/Contents - cp $(CONFIG_SRC)/PkgInfo $(DEST)/Contents - cp $(CONFIG_SRC)/qt.conf $(DEST)/Contents/Resources - cp $(CONFIG_SRC)/vidalia.icns $(DEST)/Contents/Resources +## Copy over FirefoxPortable +install-firefoxportable: + cp -r $(FIREFOX) $(DEST)/FirefoxPortable ## Copy over PidginPortable install-pidginportable: ifeq ($(USE_PIDGIN),1) - cp -R $(PIDGIN) $(DEST)/PidginPortable + cp -r $(PIDGIN) $(DEST)/PidginPortable endif ## Configure Firefox, FirefoxPortable, Vidalia, Polipo and Tor configure-apps: + mkdir -p $(DEST)/FirefoxPortable/Data/profile ## Configure Firefox preferences - cp $(CONFIG_SRC)/no-polipo-4.0.js $(DEST)/FirefoxPortable/App/DefaultData/profile/ + cp $(CONFIG_SRC)/windows-4.0.js $(DEST)/FirefoxPortable/App/DefaultData/profile/prefs.js + cp $(CONFIG_SRC)/windows-4.0.js $(DEST)/FirefoxPortable/Data/profile/prefs.js cp $(CONFIG_SRC)/bookmarks.html $(DEST)/FirefoxPortable/App/DefaultData/profile/ ## Set up alternate launcher @@ -344,7 +338,7 @@ launcher: ## ## Torbutton development version -torbutton.xpi: +torbutton-alpha.xpi: $(WGET) -O $@ $(TORBUTTON) ## English comes as default @@ -353,33 +347,33 @@ langpack_en-US.xpi: ## BetterPrivacy betterprivacy.xpi: - $(WGET) --no-check-certificate -O $@ $(BETTERPRIVACY) + $(WGET) -O $@ $(BETTERPRIVACY) ## NoScript development version noscript.xpi: - $(WGET) --no-check-certificate -O $@ $(NOSCRIPT) + $(WGET) -O $@ $(NOSCRIPT) ## HTTPS Everywhere httpseverywhere.xpi: - $(WGET) --no-check-certificate -O $@ $(HTTPSEVERYWHERE) + $(WGET) -O $@ $(HTTPSEVERYWHERE) ## Generic language pack rule langpack_%.xpi: - $(WGET) --no-check-certificate -O $@ $(MOZILLA_LANGUAGE)/$*.xpi + $(WGET) -O $@ $(MOZILLA_LANGUAGE)/$*.xpi ## ## Customize the bundle ## bundle_%: - LANGCODE=$* make bundle-localized + LANGCODE=$* make -f windows.mk bundle-localized compressed-bundle_%: - LANGCODE=$* make compressed-bundle-localized + LANGCODE=$* make -f windows.mk compressed-bundle-localized split-bundle_%: - LANGCODE=$* make split-bundle-localized + LANGCODE=$* make -f windows.mk split-bundle-localized bundle-localized_%.stamp: - make copy-files_$* install-extensions patch-vidalia-language patch-firefox-language patch-pidgin-language + make -f windows.mk copy-files_$* install-extensions install-torbutton install-httpseverywhere install-betterprivacy install-noscript patch-vidalia-language patch-firefox-language patch-pidgin-language touch bundle-localized_$*.stamp bundle-localized: bundle-localized_$(LANGCODE).stamp @@ -396,19 +390,41 @@ split-bundle-localized: bundle-localized_$(LANGCODE).stamp copy-files_%: generic-bundle.stamp rm -fr $(NAME)_$* mkdir $(NAME)_$* - cp -R $(DEST) $(NAME)_$*/$(NAME) + cp -r $(DEST) $(NAME)_$*/$(NAME) BUNDLE=$(NAME)_$(LANGCODE)/$(NAME) DUMMYPROFILE=$(BUNDLE)/FirefoxPortable/App/DummyProfile install-extensions: $(filter-out langpack_en-US.xpi,langpack_$(LANGCODE).xpi) ## Make a dummy profile to stop Firefox creating some large files - cp -R $(BUNDLE)/FirefoxPortable/App/DefaultData $(DUMMYPROFILE) + cp -r $(BUNDLE)/FirefoxPortable/App/DefaultData $(DUMMYPROFILE) + mkdir -p $(BUNDLE)/FirefoxPortable/Data/profile/extensions ifneq ($(LANGCODE), en-US) - mv langpack_$(LANGCODE).xpi $(BUNDLE)/FirefoxPortable/App/Firefox/extensions/langpack-$(LANGCODE)\(a)firefox.mozilla.org.zip - $(SEVENZIP) x -o$(BUNDLE)/FirefoxPortable/App/Firefox/extensions/langpack-$(LANGCODE)\(a)firefox.mozilla.org $(BUNDLE)/FirefoxPortable/App/Firefox/extensions/langpack-$(LANGCODE)\(a)firefox.mozilla.org.zip + mv langpack_$(LANGCODE).xpi $(BUNDLE)/FirefoxPortable/Data/profile/extensions/langpack-$(LANGCODE)\(a)firefox.mozilla.org.zip + $(SEVENZIP) x -o$(BUNDLE)/FirefoxPortable/Data/profile/extensions/langpack-$(LANGCODE)\(a)firefox.mozilla.org $(BUNDLE)/FirefoxPortable/Data/profile/extensions/langpack-$(LANGCODE)\(a)firefox.mozilla.org.zip endif rm -fr $(DUMMYPROFILE) +install-torbutton: torbutton-alpha.xpi + mkdir -p $(BUNDLE)/FirefoxPortable/Data/profile/extensions/{e0204bd5-9d31-402b-a99d-a6aa8ffebdca} + cp torbutton-alpha.xpi $(BUNDLE)/FirefoxPortable/Data/profile/extensions/{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}/torbutton.zip + (cd $(BUNDLE)/FirefoxPortable/Data/profile/extensions/{e0204bd5-9d31-402b-a99d-a6aa8ffebdca} && $(SEVENZIP) x *.zip && rm *.zip) + +install-httpseverywhere: httpseverywhere.xpi + mkdir -p $(BUNDLE)/FirefoxPortable/Data/profile/extensions/https-everywhere(a)eff.org + cp httpseverywhere.xpi $(BUNDLE)/FirefoxPortable/Data/profile/extensions/https-everywhere(a)eff.org/httpseverywhere.zip + (cd $(BUNDLE)/FirefoxPortable/Data/profile/extensions/https-everywhere(a)eff.org && $(SEVENZIP) x *.zip && rm *.zip) + +install-betterprivacy: betterprivacy.xpi + mkdir -p $(BUNDLE)/FirefoxPortable/Data/profile/extensions/\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3\} + cp betterprivacy.xpi $(BUNDLE)/FirefoxPortable/Data/profile/extensions/\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3\}/betterprivacy.zip + (cd $(BUNDLE)/FirefoxPortable/Data/profile/extensions/\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3\} && $(SEVENZIP) x *.zip && rm *.zip) + +install-noscript: noscript.xpi + mkdir -p $(BUNDLE)/FirefoxPortable/Data/profile/extensions/\{73a6fe31-595d-460b-a920-fcc0f8843232\} + cp noscript.xpi $(BUNDLE)/FirefoxPortable/Data/profile/extensions/\{73a6fe31-595d-460b-a920-fcc0f8843232\}/noscript.zip + (cd $(BUNDLE)/FirefoxPortable/Data/profile/extensions/\{73a6fe31-595d-460b-a920-fcc0f8843232\} && $(SEVENZIP) x *.zip && rm *.zip) + + ## Set the language for Vidalia patch-vidalia-language: ## Patch Vidalia @@ -426,6 +442,7 @@ endif patch-firefox-language: ## Patch Firefox prefs.js ./patch-firefox-language.sh $(BUNDLE)/FirefoxPortable/App/DefaultData/profile/prefs.js $(LANGCODE) + ./patch-firefox-language.sh $(BUNDLE)/FirefoxPortable/Data/profile/prefs.js $(LANGCODE) ### ### Utilities diff --git a/src/RelativeLink/Makefile b/src/RelativeLink/Makefile index ed1aca2..ebf77cd 100644 --- a/src/RelativeLink/Makefile +++ b/src/RelativeLink/Makefile @@ -7,6 +7,7 @@ APPNAME = StartTorBrowserBundle.exe OBJECTS = RelativeLink-res.rc.o RelativeLink.o CFLAGS = -Wall -mwindows -static +CC = gcc all: RelativeLink

1 0

[torbrowser/master] update windows changelog for tbb with firefox4 for windows
by erinn＠torproject.org 23 Oct '11

23 Oct '11

commit 98d7c61b8cd473d470fc821cb42a9c6c2f75768e Author: Erinn Clark <erinn(a)torproject.org> Date: Mon Apr 25 00:00:03 2011 +0300 update windows changelog for tbb with firefox4 for windows --- changelog.win-2.2 | 4 +++- 1 files changed, 3 insertions(+), 1 deletions(-) diff --git a/changelog.win-2.2 b/changelog.win-2.2 index fa800eb..0d83cfd 100644 --- a/changelog.win-2.2 +++ b/changelog.win-2.2 @@ -4,8 +4,10 @@ Tor Browser Bundle (2.2.24-1) alpha; suite=windows * Update Tor to 0.2.2.24-alpha * Update Torbutton to 1.3.2-alpha * Update OpenSSL to 1.0.0d + * Update Libevent to 2.0.10-stable * Update HTTPS-Everywhere to 0.9.9.development.4 * Add NoScript 2.0.9.9 * Add BetterPrivacy 1.49 + * The Opa Heinz release - -- Erinn Clark <erinn(a)torproject.org> Tue Apr 19 01:38:53 IDT 2011 + -- Erinn Clark <erinn(a)torproject.org> Sun Apr 24 23:56:34 IDT 2011

1 0

[torbrowser/master] add windows firefox 4 prefs
by erinn＠torproject.org 23 Oct '11

23 Oct '11

commit 147f793c6d257a53ba6d1e3c77693355e39f4866 Author: Erinn Clark <erinn(a)torproject.org> Date: Fri Apr 22 13:50:29 2011 +0000 add windows firefox 4 prefs --- build-scripts/config/windows-4.0.js | 175 +++++++++++++++++++++++++++++++++++ 1 files changed, 175 insertions(+), 0 deletions(-) diff --git a/build-scripts/config/windows-4.0.js b/build-scripts/config/windows-4.0.js new file mode 100644 index 0000000..b35a3a8 --- /dev/null +++ b/build-scripts/config/windows-4.0.js @@ -0,0 +1,175 @@ +# Mozilla User Preferences + +/* Do not edit this file. + * + * If you make changes to this file while the application is running, + * the changes will be overwritten when the application exits. + * + * To make a manual change to preferences, you can visit the URL about:config + * For more information, see http://www.mozilla.org/unix/customizing.html#prefs + */ + +user_pref("app.update.auto", false); +user_pref("app.update.enabled", false); +user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1216566538); +user_pref("app.update.lastUpdateTime.background-update-timer", 1216566535); +user_pref("app.update.lastUpdateTime.blocklist-background-update-timer", 1216566538); +user_pref("app.update.lastUpdateTime.microsummary-generator-update-timer", 1232574822); +user_pref("app.update.lastUpdateTime.search-engine-update-timer", 1216566539); +user_pref("browser.bookmarks.livemark_refresh_seconds", 31536000); +user_pref("browser.cache.disk.capacity", 0); +user_pref("browser.cache.disk.enable", false); +user_pref("browser.cache.disk.smart_size.enabled", false); +user_pref("browser.cache.disk.smart_size.first_run", false); +user_pref("browser.cache.offline.enable", false); +user_pref("browser.chrome.favicons", false); +user_pref("browser.chrome.image_icons.max_size", 0); +user_pref("browser.chrome.site_icons", false); +user_pref("browser.download.manager.retention", 1); +user_pref("browser.download.useDownloadDir", false); +user_pref("browser.formfill.enable", false); +user_pref("browser.history_expire_days.mirror", 0); +user_pref("browser.microsummary.updateGenerators", false); +user_pref("browser.migration.version", 5); +user_pref("browser.places.importBookmarksHTML", false); +user_pref("browser.places.importDefaults", false); +user_pref("browser.places.leftPaneFolderId", -1); +user_pref("browser.places.migratePostDataAnnotations", false); +user_pref("browser.places.smartBookmarksVersion", 2); +user_pref("browser.places.updateRecentTagsUri", false); +user_pref("browser.preferences.advanced.selectedTabIndex", 0); +user_pref("browser.privatebrowsing.autostart", true); +user_pref("browser.rights.3.shown", true); +user_pref("browser.safebrowsing.enabled", false); +user_pref("browser.safebrowsing.malware.enabled", false); +user_pref("browser.search.suggest.enabled", false); +user_pref("browser.search.update", false); +user_pref("browser.sessionstore.privacy_level", 2); +user_pref("browser.sessionstore.resume_session_once", true); +user_pref("browser.shell.checkDefaultBrowser", false); +user_pref("browser.startup.homepage", "https://check.torproject.org/?lang=en-US&small=1"); +user_pref("browser.startup.homepage_override.buildID", "20110325121920"); +user_pref("browser.startup.homepage_override.mstone", "rv:2.0"); +user_pref("browser.urlbar.autocomplete.enabled", false); +user_pref("browser.zoom.siteSpecific", false); +user_pref("capability.policy.maonoscript.javascript.enabled", "allAccess"); +user_pref("capability.policy.maonoscript.sites", "addons.mozilla.org about: about:addons about:blank about:blocked about:certerror about:config about:crashes about:credits about:home about:neterror about:plugins about:privatebrowsing about:sessionrestore chrome: resource:"); +user_pref("dom.event.contextmenu.enabled", false); +user_pref("dom.storage.enabled", false); +user_pref("extensions.bootstrappedAddons", "{}"); +user_pref("extensions.bprivacy.DataDir", "/Users/erinn/Library/Preferences/Macromedia"); +user_pref("extensions.bprivacy.donotaskforfolder", true); +user_pref("extensions.bprivacy.donotaskonexit", true); +user_pref("extensions.bprivacy.initiated", true); +user_pref("extensions.checkCompatibility.4.0", false); +user_pref("extensions.checkUpdateSecurity", false); +user_pref("extensions.databaseSchema", 3); +user_pref("extensions.enabledAddons", "https-everywhere@eff.org:0.9.9.development.4,{73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9,{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.49,{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.3.2-alpha,{972ce4c6-7e08-4474-a285-3208198ce6fd}:4.0"); +user_pref("extensions.enabledItems", "langpack-en-US@firefox.mozilla.org:,{73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.57,{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.4,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.8"); +user_pref("extensions.enabledScopes", 5); +user_pref("extensions.lastAppVersion", "4.0"); +user_pref("extensions.pendingOperations", false); +user_pref("extensions.torbutton.fresh_install", false); +user_pref("extensions.torbutton.http_port", 8118); +user_pref("extensions.torbutton.http_proxy", "127.0.0.1"); +user_pref("extensions.torbutton.https_port", 8118); +user_pref("extensions.torbutton.https_proxy", "127.0.0.1"); +user_pref("extensions.torbutton.locked_mode", true); +user_pref("extensions.torbutton.normal_exit", true); +user_pref("extensions.torbutton.proxies_applied", true); +user_pref("extensions.torbutton.restore_tor", true); +user_pref("extensions.torbutton.saved.auto_update", false); +user_pref("extensions.torbutton.saved.share_proxy_settings", false); +user_pref("extensions.torbutton.saved.socks_version", 5); +user_pref("extensions.torbutton.saved.type", 1); +user_pref("extensions.torbutton.settings_applied", true); +user_pref("extensions.torbutton.socks_host", "127.0.0.1"); +user_pref("extensions.torbutton.socks_port", 9050); +user_pref("extensions.torbutton.startup", true); +user_pref("extensions.torbutton.tor_enabled", true); +user_pref("extensions.torbutton.tor_memory_jar", true); +user_pref("extensions.torbutton.tz_string", "UTC+00:00"); +user_pref("extensions.update.enabled", false); +user_pref("extensions.update.notifyUser", false); +user_pref("general.appname.override", "Netscape"); +user_pref("general.appversion.override", "5.0 (Windows; en-US)"); +user_pref("general.buildID.override", "0"); +user_pref("general.oscpu.override", "Windows NT 6.1"); +user_pref("general.platform.override", "Win32"); +user_pref("general.productSub.override", "20100401"); +user_pref("general.useragent.override", "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3"); +user_pref("general.useragent.vendor", ""); +user_pref("general.useragent.vendorSub", ""); +user_pref("geo.enabled", false); +user_pref("geo.wifi.uri", ""); +user_pref("intl.accept_languages", "en-us, en"); +user_pref("intl.charsetmenu.browser.cache", "UTF-8"); +user_pref("network.cookie.cookieBehavior", 1); +user_pref("network.cookie.lifetimePolicy", 2); +user_pref("network.cookie.prefsMigrated", true); +user_pref("network.hosts.pop_server", ""); +user_pref("network.protocol-handler.external-default", false); +user_pref("network.protocol-handler.external.mailto", false); +user_pref("network.protocol-handler.external.news", false); +user_pref("network.protocol-handler.external.nntp", false); +user_pref("network.protocol-handler.external.snews", false); +user_pref("network.protocol-handler.warn-external.mailto", true); +user_pref("network.protocol-handler.warn-external.news", true); +user_pref("network.protocol-handler.warn-external.nntp", true); +user_pref("network.protocol-handler.warn-external.snews", true); +user_pref("network.proxy.http", "127.0.0.1"); +user_pref("network.proxy.http_port", 8118); +user_pref("network.proxy.no_proxies_on", "127.0.0.1"); +user_pref("network.proxy.socks", "127.0.0.1"); +user_pref("network.proxy.socks_port", 9050); +user_pref("network.proxy.socks_remote_dns", true); +user_pref("network.proxy.ssl", "127.0.0.1"); +user_pref("network.proxy.ssl_port", 8118); +user_pref("network.proxy.type", 1); +user_pref("network.security.ports.banned", "8118,8123,9050,9051"); +user_pref("noscript.ABE.enabled", false); +user_pref("noscript.ABE.notify", false); +user_pref("noscript.ABE.wanIpAsLocal", false); +user_pref("noscript.autoReload", false); +user_pref("noscript.contentBlocker", true); +user_pref("noscript.default", "about:blank about:credits addons.mozilla.org flashgot.net google.com gstatic.com googlesyndication.com informaction.com yahoo.com yimg.com maone.net noscript.net hotmail.com msn.com passport.com passport.net passportimages.com live.com"); +user_pref("noscript.firstRunRedirection", false); +user_pref("noscript.global", true); +user_pref("noscript.gtemp", ""); +user_pref("noscript.opacizeObject", 3); +user_pref("noscript.options.tabSelectedIndexes", "5,0,0"); +user_pref("noscript.policynames", ""); +user_pref("noscript.secureCookies", true); +user_pref("noscript.showAllowPage", false); +user_pref("noscript.showBaseDomain", false); +user_pref("noscript.showDistrust", false); +user_pref("noscript.showRecentlyBlocked", false); +user_pref("noscript.showRevokeTemp", false); +user_pref("noscript.showTemp", false); +user_pref("noscript.showTempAllowPage", false); +user_pref("noscript.showTempToPerm", false); +user_pref("noscript.showUntrusted", false); +user_pref("noscript.subscription.lastCheck", -142148139); +user_pref("noscript.temp", ""); +user_pref("noscript.untrusted", ""); +user_pref("noscript.version", "2.0.9.9"); +user_pref("places.history.enabled", false); +user_pref("places.history.expiration.transient_current_max_pages", 120795); +user_pref("plugin.disable_full_page_plugin_for_types", "application/asx,video/x-ms-asf-plugin,application/x-mplayer2,video/x-ms-asf,video/x-ms-wm,audio/x-ms-wma,audio/x-ms-wax,video/x-ms-wmv,video/x-ms-wvx,application/x-drm-v2,application/x-drm"); +user_pref("plugin.expose_full_path", true); +user_pref("plugin.scan.4xPluginFolder", false); +user_pref("plugin.scan.Acrobat", "99.0"); +user_pref("plugin.scan.Quicktime", "99.0"); +user_pref("plugin.scan.SunJRE", "99.0"); +user_pref("plugin.scan.WindowsMediaPlayer", "99.0"); +user_pref("plugin.scan.plid.all", false); +user_pref("privacy.sanitize.migrateFx3Prefs", true); +user_pref("security.enable_java", false); +user_pref("signon.rememberSignons", false); +user_pref("urlclassifier.keyupdatetime.https://sb-ssl.google.com/safebrowsing/newkey", 1235166825); +user_pref("urlclassifier.tableversion.goog-black-enchash", "1.55536"); +user_pref("urlclassifier.tableversion.goog-black-url", "1.23256"); +user_pref("urlclassifier.tableversion.goog-white-domain", "1.481"); +user_pref("urlclassifier.tableversion.goog-white-url", "1.371"); +user_pref("xpinstall.whitelist.add", ""); +user_pref("xpinstall.whitelist.add.36", "");

1 0