/* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson * Copyright (c) 2007-2018, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #include "orconfig.h" #include "lib/arch/bytes.h" #include "lib/log/log.h" #include "lib/malloc/malloc.h" #include "lib/net/address.h" #include "lib/net/resolve.h" #include "lib/net/socket.h" #include "lib/sandbox/sandbox.h" #include "lib/string/util_string.h" #include "lib/net/socks5_status.h" #include "socks5.h" #include #include #include #include #ifdef HAVE_NETINET_IN_H #include #endif #ifdef HAVE_ARPA_INET_H #include #endif #ifdef HAVE_SYS_SOCKET_H #include #endif #ifdef HAVE_SYS_TYPES_H #include /* Must be included before sys/stat.h for Ultrix */ #endif #ifdef HAVE_ERRNO_H #include #endif #ifdef _WIN32 #include #include #endif #define RESPONSE_LEN_4 8 #define log_sock_error(act, _s) \ STMT_BEGIN log_fn(LOG_ERR, LD_NET, "Error while %s: %s", act, \ tor_socket_strerror(tor_socket_errno(_s))); STMT_END static void usage(void) ATTR_NORETURN; /** * Set out to a pointer to newly allocated buffer containing * SOCKS4a RESOLVE request with username and hostname. * Return number of bytes in the buffer if succeeded or -1 if failed. */ static ssize_t build_socks4a_resolve_request(uint8_t **out, const char *username, const char *hostname) { tor_assert(out); tor_assert(username); tor_assert(hostname); const char *errmsg = NULL; uint8_t *output = NULL; socks4_client_request_t *rq = socks4_client_request_new(); socks4_client_request_set_version(rq, 4); socks4_client_request_set_command(rq, CMD_RESOLVE); socks4_client_request_set_port(rq, 0); socks4_client_request_set_addr(rq, 0x00000001u); socks4_client_request_set_username(rq, username); socks4_client_request_set_socks4a_addr_hostname(rq, hostname); errmsg = socks4_client_request_check(rq); if (errmsg) { goto cleanup; } ssize_t encoded_len = socks4_client_request_encoded_len(rq); if (encoded_len <= 0) { errmsg = "socks4_client_request_encoded_len failed"; goto cleanup; } output = tor_malloc(encoded_len); memset(output, 0, encoded_len); encoded_len = socks4_client_request_encode(output, encoded_len, rq); if (encoded_len <= 0) { errmsg = "socks4_client_request_encode failed"; goto cleanup; } *out = output; cleanup: socks4_client_request_free(rq); if (errmsg) { log_err(LD_NET, "build_socks4a_resolve_request failed: %s", errmsg); *out = NULL; tor_free(output); } return errmsg ? -1 : encoded_len; } #define SOCKS5_ATYPE_HOSTNAME 0x03 #define SOCKS5_ATYPE_IPV4 0x01 #define SOCKS5_ATYPE_IPV6 0x04 /** * Set out to pointer to newly allocated buffer containing * SOCKS5 RESOLVE/RESOLVE_PTR request with given hostname. * Generate a reverse request if reverse is true. * Return the number of bytes in the buffer if succeeded or -1 if failed. */ static ssize_t build_socks5_resolve_request(uint8_t **out, const char *hostname, int reverse) { const char *errmsg = NULL; uint8_t *outbuf = NULL; int is_ip_address; tor_addr_t addr; size_t addrlen; int ipv6; is_ip_address = tor_addr_parse(&addr, hostname) != -1; if (!is_ip_address && reverse) { log_err(LD_GENERAL, "Tried to do a reverse lookup on a non-IP!"); return -1; } ipv6 = reverse && tor_addr_family(&addr) == AF_INET6; addrlen = reverse ? (ipv6 ? 16 : 4) : 1 + strlen(hostname); if (addrlen > UINT8_MAX) { log_err(LD_GENERAL, "Hostname is too long!"); return -1; } socks5_client_request_t *rq = socks5_client_request_new(); socks5_client_request_set_version(rq, 5); /* RESOLVE_PTR or RESOLVE */ socks5_client_request_set_command(rq, reverse ? CMD_RESOLVE_PTR : CMD_RESOLVE); socks5_client_request_set_reserved(rq, 0); uint8_t atype = SOCKS5_ATYPE_HOSTNAME; if (reverse) atype = ipv6 ? SOCKS5_ATYPE_IPV6 : SOCKS5_ATYPE_IPV4; socks5_client_request_set_atype(rq, atype); switch (atype) { case SOCKS5_ATYPE_IPV4: { socks5_client_request_set_dest_addr_ipv4(rq, tor_addr_to_ipv4h(&addr)); } break; case SOCKS5_ATYPE_IPV6: { uint8_t *ipv6_array = socks5_client_request_getarray_dest_addr_ipv6(rq); tor_assert(ipv6_array); memcpy(ipv6_array, tor_addr_to_in6_addr8(&addr), 16); } break; case SOCKS5_ATYPE_HOSTNAME: { domainname_t *dn = domainname_new(); domainname_set_len(dn, addrlen - 1); domainname_setlen_name(dn, addrlen - 1); char *dn_buf = domainname_getarray_name(dn); memcpy(dn_buf, hostname, addrlen - 1); errmsg = domainname_check(dn); if (errmsg) { domainname_free(dn); goto cleanup; } else { socks5_client_request_set_dest_addr_domainname(rq, dn); } } break; default: tor_assert_unreached(); break; } socks5_client_request_set_dest_port(rq, 0); errmsg = socks5_client_request_check(rq); if (errmsg) { goto cleanup; } ssize_t encoded_len = socks5_client_request_encoded_len(rq); if (encoded_len < 0) { errmsg = "Cannot predict encoded length"; goto cleanup; } outbuf = tor_malloc(encoded_len); memset(outbuf, 0, encoded_len); encoded_len = socks5_client_request_encode(outbuf, encoded_len, rq); if (encoded_len < 0) { errmsg = "encoding failed"; goto cleanup; } *out = outbuf; cleanup: socks5_client_request_free(rq); if (errmsg) { tor_free(outbuf); log_err(LD_NET, "build_socks5_resolve_request failed with error: %s", errmsg); } return errmsg ? -1 : encoded_len; } /** Set *out to a newly allocated SOCKS4a resolve request with * username and hostname as provided. Return the number * of bytes in the request. */ static ssize_t build_socks_resolve_request(uint8_t **out, const char *username, const char *hostname, int reverse, int version) { tor_assert(out); tor_assert(username); tor_assert(hostname); tor_assert(version == 4 || version == 5); if (version == 4) { return build_socks4a_resolve_request(out, username, hostname); } else if (version == 5) { return build_socks5_resolve_request(out, hostname, reverse); } tor_assert_unreached(); return -1; } static void onion_warning(const char *hostname) { log_warn(LD_NET, "%s is a hidden service; those don't have IP addresses. " "You can use the AutomapHostsOnResolve option to have Tor return a " "fake address for hidden services. Or you can have your " "application send the address to Tor directly; we recommend an " "application that uses SOCKS 5 with hostnames.", hostname); } /** Given a len-byte SOCKS4a response in response, set * *addr_out to the address it contains (in host order). * Return 0 on success, -1 on error. */ static int parse_socks4a_resolve_response(const char *hostname, const char *response, size_t len, tor_addr_t *addr_out) { uint8_t status; tor_assert(response); tor_assert(addr_out); if (len < RESPONSE_LEN_4) { log_warn(LD_PROTOCOL,"Truncated socks response."); return -1; } if (((uint8_t)response[0])!=0) { /* version: 0 */ log_warn(LD_PROTOCOL,"Nonzero version in socks response: bad format."); return -1; } status = (uint8_t)response[1]; if (get_uint16(response+2)!=0) { /* port: 0 */ log_warn(LD_PROTOCOL,"Nonzero port in socks response: bad format."); return -1; } if (status != 90) { log_warn(LD_NET,"Got status response '%d': socks request failed.", status); if (!strcasecmpend(hostname, ".onion")) { onion_warning(hostname); return -1; } return -1; } tor_addr_from_ipv4n(addr_out, get_uint32(response+4)); return 0; } /* It would be nice to let someone know what SOCKS5 issue a user may have */ static const char * socks5_reason_to_string(char reason) { switch (reason) { case SOCKS5_SUCCEEDED: return "succeeded"; case SOCKS5_GENERAL_ERROR: return "general error"; case SOCKS5_NOT_ALLOWED: return "not allowed"; case SOCKS5_NET_UNREACHABLE: return "network is unreachable"; case SOCKS5_HOST_UNREACHABLE: return "host is unreachable"; case SOCKS5_CONNECTION_REFUSED: return "connection refused"; case SOCKS5_TTL_EXPIRED: return "ttl expired"; case SOCKS5_COMMAND_NOT_SUPPORTED: return "command not supported"; case SOCKS5_ADDRESS_TYPE_NOT_SUPPORTED: return "address type not supported"; default: return "unknown SOCKS5 code"; } } /** Send a resolve request for hostname to the Tor listening on * sockshost:socksport. Store the resulting IPv4 * address (in host order) into *result_addr. */ static int do_resolve(const char *hostname, const tor_addr_t *sockshost, uint16_t socksport, int reverse, int version, tor_addr_t *result_addr, char **result_hostname) { int s = -1; struct sockaddr_storage ss; socklen_t socklen; uint8_t *req = NULL; ssize_t len = 0; tor_assert(hostname); tor_assert(result_addr); tor_assert(version == 4 || version == 5); tor_addr_make_unspec(result_addr); *result_hostname = NULL; s = tor_open_socket(PF_INET,SOCK_STREAM,IPPROTO_TCP); if (s<0) { log_sock_error("creating_socket", -1); return -1; } socklen = tor_addr_to_sockaddr(sockshost, socksport, (struct sockaddr *)&ss, sizeof(ss)); if (connect(s, (struct sockaddr*)&ss, socklen)) { log_sock_error("connecting to SOCKS host", s); goto err; } if (version == 5) { char method_buf[2]; if (write_all_to_socket(s, (const char *)"\x05\x01\x00", 3) != 3) { log_err(LD_NET, "Error sending SOCKS5 method list."); goto err; } if (read_all_from_socket(s, method_buf, 2) != 2) { log_err(LD_NET, "Error reading SOCKS5 methods."); goto err; } if (method_buf[0] != '\x05') { log_err(LD_NET, "Unrecognized socks version: %u", (unsigned)method_buf[0]); goto err; } if (method_buf[1] != '\x00') { log_err(LD_NET, "Unrecognized socks authentication method: %u", (unsigned)method_buf[1]); goto err; } } if ((len = build_socks_resolve_request(&req, "", hostname, reverse, version))<0) { log_err(LD_BUG,"Error generating SOCKS request"); tor_assert(!req); goto err; } if (write_all_to_socket(s, (const char *)req, len) != len) { log_sock_error("sending SOCKS request", s); tor_free(req); goto err; } tor_free(req); if (version == 4) { char reply_buf[RESPONSE_LEN_4]; if (read_all_from_socket(s, reply_buf, RESPONSE_LEN_4) != RESPONSE_LEN_4) { log_err(LD_NET, "Error reading SOCKS4 response."); goto err; } if (parse_socks4a_resolve_response(hostname, reply_buf, RESPONSE_LEN_4, result_addr)<0) { goto err; } } else { char reply_buf[16]; if (read_all_from_socket(s, reply_buf, 4) != 4) { log_err(LD_NET, "Error reading SOCKS5 response."); goto err; } if (reply_buf[0] != 5) { log_err(LD_NET, "Bad SOCKS5 reply version."); goto err; } /* Give a user some useful feedback about SOCKS5 errors */ if (reply_buf[1] != 0) { log_warn(LD_NET,"Got SOCKS5 status response '%u': %s", (unsigned)reply_buf[1], socks5_reason_to_string(reply_buf[1])); if (reply_buf[1] == 4 && !strcasecmpend(hostname, ".onion")) { onion_warning(hostname); } goto err; } if (reply_buf[3] == 1) { /* IPv4 address */ if (read_all_from_socket(s, reply_buf, 4) != 4) { log_err(LD_NET, "Error reading address in socks5 response."); goto err; } tor_addr_from_ipv4n(result_addr, get_uint32(reply_buf)); } else if (reply_buf[3] == 4) { /* IPv6 address */ if (read_all_from_socket(s, reply_buf, 16) != 16) { log_err(LD_NET, "Error reading address in socks5 response."); goto err; } tor_addr_from_ipv6_bytes(result_addr, reply_buf); } else if (reply_buf[3] == 3) { /* Domain name */ size_t result_len; if (read_all_from_socket(s, reply_buf, 1) != 1) { log_err(LD_NET, "Error reading address_length in socks5 response."); goto err; } result_len = *(uint8_t*)(reply_buf); *result_hostname = tor_malloc(result_len+1); if (read_all_from_socket(s, *result_hostname, result_len) != (int) result_len) { log_err(LD_NET, "Error reading hostname in socks5 response."); goto err; } (*result_hostname)[result_len] = '\0'; } } tor_close_socket(s); return 0; err: tor_close_socket(s); return -1; } /** Print a usage message and exit. */ static void usage(void) { puts("Syntax: tor-resolve [-4] [-5] [-v] [-x] [-p port] " "hostname [sockshost[:socksport]]"); exit(1); } /** Entry point to tor-resolve */ int main(int argc, char **argv) { tor_addr_t sockshost; uint16_t socksport = 0, port_option = 0; int isSocks4 = 0, isVerbose = 0, isReverse = 0; char **arg; int n_args; tor_addr_t result; char *result_hostname = NULL; init_logging(1); sandbox_disable_getaddrinfo_cache(); arg = &argv[1]; n_args = argc-1; if (!n_args) usage(); if (!strcmp(arg[0],"--version")) { printf("Tor version %s.\n",VERSION); return 0; } while (n_args && *arg[0] == '-') { if (!strcmp("-v", arg[0])) isVerbose = 1; else if (!strcmp("-4", arg[0])) isSocks4 = 1; else if (!strcmp("-5", arg[0])) isSocks4 = 0; else if (!strcmp("-x", arg[0])) isReverse = 1; else if (!strcmp("-p", arg[0])) { int p; if (n_args < 2) { fprintf(stderr, "No arguments given to -p\n"); usage(); } p = atoi(arg[1]); if (p<1 || p > 65535) { fprintf(stderr, "-p requires a number between 1 and 65535\n"); usage(); } port_option = (uint16_t) p; ++arg; /* skip the port */ --n_args; } else { fprintf(stderr, "Unrecognized flag '%s'\n", arg[0]); usage(); } ++arg; --n_args; } if (isSocks4 && isReverse) { fprintf(stderr, "Reverse lookups not supported with SOCKS4a\n"); usage(); } log_severity_list_t *severities = tor_malloc_zero(sizeof(log_severity_list_t)); if (isVerbose) set_log_severity_config(LOG_DEBUG, LOG_ERR, severities); else set_log_severity_config(LOG_WARN, LOG_ERR, severities); add_stream_log(severities, "", fileno(stderr)); tor_free(severities); if (n_args == 1) { log_debug(LD_CONFIG, "defaulting to localhost"); tor_addr_from_ipv4h(&sockshost, 0x7f000001u); /* localhost */ if (port_option) { log_debug(LD_CONFIG, "Using port %d", (int)port_option); socksport = port_option; } else { log_debug(LD_CONFIG, "defaulting to port 9050"); socksport = 9050; /* 9050 */ } } else if (n_args == 2) { if (tor_addr_port_lookup(arg[1], &sockshost, &socksport)<0) { fprintf(stderr, "Couldn't parse/resolve address %s", arg[1]); return 1; } if (socksport && port_option && socksport != port_option) { log_warn(LD_CONFIG, "Conflicting ports; using %d, not %d", (int)socksport, (int)port_option); } else if (port_option) { socksport = port_option; } else if (!socksport) { log_debug(LD_CONFIG, "defaulting to port 9050"); socksport = 9050; } } else { usage(); } if (network_init()<0) { log_err(LD_BUG,"Error initializing network; exiting."); return 1; } if (do_resolve(arg[0], &sockshost, socksport, isReverse, isSocks4 ? 4 : 5, &result, &result_hostname)) return 1; if (result_hostname) { printf("%s\n", result_hostname); } else { printf("%s\n", fmt_addr(&result)); } return 0; }