[gnurl] 195/411: libssh2: handle the SSH protocols done over HTTPS proxy

gnunet-svn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[gnurl] 195/411: libssh2: handle the SSH protocols done over HTTPS proxy

From:	gnunet
Subject:	[gnurl] 195/411: libssh2: handle the SSH protocols done over HTTPS proxy
Date:	Wed, 13 Jan 2021 01:20:10 +0100

This is an automated email from the git hooks/post-receive script.

nikita pushed a commit to branch master
in repository gnurl.

commit edfb6168e9d3c7d3b0befc6977c2256c095a6690
Author: Daniel Stenberg <daniel@haxx.se>
AuthorDate: Mon Sep 28 14:02:27 2020 +0200

    libssh2: handle the SSH protocols done over HTTPS proxy
    
    Reported-by: Robin Douine
    Fixes #4295
    Closes #6021
---
 lib/vssh/libssh2.c | 91 +++++++++++++++++++++++++++++++++++++++++++++++++-----
 1 file changed, 83 insertions(+), 8 deletions(-)

diff --git a/lib/vssh/libssh2.c b/lib/vssh/libssh2.c
index c90d6367f..d983cc9a9 100644
--- a/lib/vssh/libssh2.c
+++ b/lib/vssh/libssh2.c
@@ -3039,6 +3039,42 @@ static CURLcode ssh_setup_connection(struct connectdata 
*conn)
 static Curl_recv scp_recv, sftp_recv;
 static Curl_send scp_send, sftp_send;
 
+static ssize_t ssh_tls_recv(libssh2_socket_t sock, void *buffer,
+                            size_t length, int flags, void **abstract)
+{
+  struct connectdata *conn = (struct connectdata *)*abstract;
+  ssize_t nread;
+  CURLcode result;
+  (void)flags;
+
+  result = Curl_read(conn, sock, buffer, length, &nread);
+  if(result == CURLE_AGAIN)
+    return -EAGAIN; /* magic return code for libssh2 */
+  else if(result)
+    return -1; /* generic error */
+  if(conn->data->set.verbose)
+    Curl_debug(conn->data, CURLINFO_DATA_IN, (char *)buffer, (size_t)nread);
+  return nread;
+}
+
+static ssize_t ssh_tls_send(libssh2_socket_t sock, const void *buffer,
+                            size_t length, int flags, void **abstract)
+{
+  struct connectdata *conn = (struct connectdata *)*abstract;
+  ssize_t nwrite;
+  CURLcode result;
+  (void)flags;
+
+  result = Curl_write(conn, sock, buffer, length, &nwrite);
+  if(result == CURLE_AGAIN)
+    return -EAGAIN; /* magic return code for libssh2 */
+  else if(result)
+    return -1; /* error */
+  if(conn->data->set.verbose)
+    Curl_debug(conn->data, CURLINFO_DATA_OUT, (char *)buffer, (size_t)nwrite);
+  return nwrite;
+}
+
 /*
  * Curl_ssh_connect() gets called from Curl_protocol_connect() to allow us to
  * do protocol-specific actions at connect-time.
@@ -3060,14 +3096,6 @@ static CURLcode ssh_connect(struct connectdata *conn, 
bool *done)
      function to make the re-use checks properly be able to check this bit. */
   connkeep(conn, "SSH default");
 
-  if(conn->handler->protocol & CURLPROTO_SCP) {
-    conn->recv[FIRSTSOCKET] = scp_recv;
-    conn->send[FIRSTSOCKET] = scp_send;
-  }
-  else {
-    conn->recv[FIRSTSOCKET] = sftp_recv;
-    conn->send[FIRSTSOCKET] = sftp_send;
-  }
   ssh = &conn->proto.sshc;
 
 #ifdef CURL_LIBSSH2_DEBUG
@@ -3088,6 +3116,53 @@ static CURLcode ssh_connect(struct connectdata *conn, 
bool *done)
     return CURLE_FAILED_INIT;
   }
 
+  if(conn->http_proxy.proxytype == CURLPROXY_HTTPS) {
+    /*
+     * This crazy union dance is here to avoid assigning a void pointer a
+     * function pointer as it is invalid C. The problem is of course that
+     * libssh2 has such an API...
+     */
+    union receive {
+      void *recvp;
+      ssize_t (*recvptr)(libssh2_socket_t, void *, size_t, int, void **);
+    };
+    union transfer {
+      void *sendp;
+      ssize_t (*sendptr)(libssh2_socket_t, const void *, size_t, int, void **);
+    };
+    union receive sshrecv;
+    union transfer sshsend;
+
+    sshrecv.recvptr = ssh_tls_recv;
+    sshsend.sendptr = ssh_tls_send;
+
+    infof(data, "Uses HTTPS proxy!\n");
+    /*
+      Setup libssh2 callbacks to make it read/write TLS from the socket.
+
+      ssize_t
+      recvcb(libssh2_socket_t sock, void *buffer, size_t length,
+      int flags, void **abstract);
+
+      ssize_t
+      sendcb(libssh2_socket_t sock, const void *buffer, size_t length,
+      int flags, void **abstract);
+
+    */
+    libssh2_session_callback_set(ssh->ssh_session,
+                                 LIBSSH2_CALLBACK_RECV, sshrecv.recvp);
+    libssh2_session_callback_set(ssh->ssh_session,
+                                 LIBSSH2_CALLBACK_SEND, sshsend.sendp);
+  }
+  else if(conn->handler->protocol & CURLPROTO_SCP) {
+    conn->recv[FIRSTSOCKET] = scp_recv;
+    conn->send[FIRSTSOCKET] = scp_send;
+  }
+  else {
+    conn->recv[FIRSTSOCKET] = sftp_recv;
+    conn->send[FIRSTSOCKET] = sftp_send;
+  }
+
   if(data->set.ssh_compression) {
 #if LIBSSH2_VERSION_NUM >= 0x010208
     if(libssh2_session_flag(ssh->ssh_session, LIBSSH2_FLAG_COMPRESS, 1) < 0)

-- 
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.

[Prev in Thread]

Current Thread

[Next in Thread]

[gnurl] 204/411: examples/README: convert to markdown, (continued)
- [gnurl] 204/411: examples/README: convert to markdown, gnunet, 2021/01/12
- [gnurl] 252/411: http3: fix two build errors, silence warnings, gnunet, 2021/01/12
- [gnurl] 191/411: schannel: return CURLE_PEER_FAILED_VERIFICATION for untrusted root, gnunet, 2021/01/12
- [gnurl] 264/411: CMake: call the feature unixsockets without dash, gnunet, 2021/01/12
- [gnurl] 207/411: tests/unit/README: convert to markdown, gnunet, 2021/01/12
- [gnurl] 261/411: RELEASE-NOTES: synced, gnunet, 2021/01/12
- [gnurl] 215/411: test1465: verify --libcurl with binary POST data, gnunet, 2021/01/12
- [gnurl] 192/411: ROADMAP: updates and cleanups, gnunet, 2021/01/12
- [gnurl] 242/411: RELEASE-NOTES: synced, gnunet, 2021/01/12
- [gnurl] 262/411: runtests: revert the mistaken edit of $CURL, gnunet, 2021/01/12
- [gnurl] 195/411: libssh2: handle the SSH protocols done over HTTPS proxy, gnunet <=
- [gnurl] 230/411: src/Makefile.m32: fix undefined curlx_dyn_* errors, gnunet, 2021/01/12
- [gnurl] 263/411: CI/travis: add brotli and zstd to the libssh2 build, gnunet, 2021/01/12
- [gnurl] 203/411: configure: don't say HTTPS-proxy is enabled when disabled!, gnunet, 2021/01/12
- [gnurl] 245/411: docs/FEATURE: convert to markdown, gnunet, 2021/01/12
- [gnurl] 229/411: HISTORY: curl verifies SSL certs by default since version 7.10, gnunet, 2021/01/12
- [gnurl] 219/411: docs/opts: fix typos in two manual pages, gnunet, 2021/01/12
- [gnurl] 201/411: MANUAL: update examples to resolve without redirects, gnunet, 2021/01/12
- [gnurl] 210/411: vtls: deduplicate some DISABLE_PROXY ifdefs, gnunet, 2021/01/12
- [gnurl] 248/411: urlapi: URL encode a '+' in the query part, gnunet, 2021/01/12
- [gnurl] 257/411: CURLOPT_NOBODY.3: fix typo, gnunet, 2021/01/12

Prev by Date: [gnurl] 262/411: runtests: revert the mistaken edit of $CURL
Next by Date: [gnurl] 230/411: src/Makefile.m32: fix undefined curlx_dyn_* errors
Previous by thread: [gnurl] 262/411: runtests: revert the mistaken edit of $CURL
Next by thread: [gnurl] 230/411: src/Makefile.m32: fix undefined curlx_dyn_* errors
Index(es):
- Date
- Thread