[stunnel-users] Help Needed
Alexander Lazic
al-stunnel at none.at
Thu Feb 17 19:41:05 CET 2005
Hi,
i have try to add the X-Forwarded-For Header, based on
http://www.stunnel.org/patches/desc/xforwardedfor_jrd.html,
into stunnel 4.07, but i don't come to a solution :-(
I have try to add i into 'client.c => transfer()'.
Please can anybody review the attached Patch and point me to the right
way ;-)
I'am not shure that i add the 'insert' into the right place :-(
Thanx for help ;-))
al ;-)
-------------- next part --------------
Only in src: .deps
Only in src: .libs
Only in src: Makefile
diff -ru ../stunnel-4.07/src//client.c src/client.c
--- ../stunnel-4.07/src//client.c Sun Jan 2 22:35:22 2005
+++ src/client.c Thu Feb 17 19:33:26 2005
@@ -111,6 +111,7 @@
#endif
c->remote_fd.fd=-1;
c->ssl=NULL;
+ c->header_length = 0;
cleanup(c, do_client(c));
#ifdef USE_FORK
if(!c->opt->option.remote) /* 'exec' specified */
@@ -194,6 +195,14 @@
c->accepting_address);
return -1;
}
+
+ /* create X-Forwarded-For header if necessary */
+ if (c->opt->option.xforwardedfor) {
+ sprintf(c->header_buff, "X-Forwarded-For: %s\r\n", s_ntop_host_only(c->accepting_address, &c->peer_addr.addr[0]));
+ c->header_length = strlen(c->header_buff);
+ s_log(LOG_DEBUG, "X-Forwarded-For header is '%s' [%d]", c->header_buff, c->header_length);
+ }
+
s_log(LOG_NOTICE, "%s connected from %s",
c->opt->servname, c->accepting_address);
}
@@ -362,6 +371,7 @@
/* 0=not closing SSL, 1=initiate SSL_shutdown,
* 2=retry SSL_shutdown, 3=SSL_shutdown done */
int watchdog=0; /* a counter to detect an infinite loop */
+ int header_sent = 0;
c->sock_ptr=c->ssl_ptr=0;
sock_rd=sock_wr=ssl_rd=ssl_wr=1;
@@ -457,7 +467,30 @@
s_log(LOG_DEBUG, "No data written to the socket: retrying");
break;
default:
+ /* insert X-Forwarded-For header if desired and not yet included */
+ if (c->opt->option.xforwardedfor && ! header_sent) {
+ s_log(LOG_DEBUG, "ssl_buff :%.*s: ssl_ptr :%d:\n", num,c->ssl_buff, c->ssl_ptr);
+ char *eol = memchr(c->ssl_buff, '\n', num);
+
+ if (eol) {
+
+ /* make room for X-Forwarded-For header */
+ memmove(eol+1+c->header_length, eol+1, num-((eol-(c->ssl_buff+c->ssl_ptr))+1));
+
+ /* insert X-Forwarded-For header */
+ memcpy(eol + 1, c->header_buff, c->header_length);
+ num += c->header_length;
+ c->ssl_ptr+=num;
+ s_log(LOG_DEBUG, "re-written buffer is '%.*s' [%d]\r\n", num, c->ssl_buff, num);
+ }else{
+ s_log(LOG_DEBUG, "can't add X-Forwarded-For header ssl_buff :%s: ssl_ptr :%d: eol :%s:\n", c->ssl_buff, c->ssl_ptr,eol?eol:"(null)");
+ }
+ header_sent = 1;
+ }
+
+ s_log(LOG_DEBUG, "before memmove() sslbuffer is '%s' [%d]\r\n", c->ssl_buff, c->ssl_ptr);
memmove(c->ssl_buff, c->ssl_buff+num, c->ssl_ptr-num);
+ s_log(LOG_DEBUG, "after memmove() sslbuffer is '%s' [%d]\r\n", c->ssl_buff, c->ssl_ptr);
if(c->ssl_ptr==BUFFSIZE)
check_SSL_pending=1;
c->ssl_ptr-=num;
@@ -479,6 +512,7 @@
/* I want to SSL_write but read from the underlying */
/* socket needed for the SSL protocol */
)) {
+ s_log(LOG_DEBUG, "ssl_wr sslbuffer is '%s' [%d]\r\n", c->ssl_buff, c->ssl_ptr);
num=SSL_write(c->ssl, c->sock_buff, c->sock_ptr);
switch(err=SSL_get_error(c->ssl, num)) {
@@ -677,7 +711,7 @@
static void print_cipher(CLI *c) { /* print negotiated cipher */
#if SSLEAY_VERSION_NUMBER <= 0x0800
- s_log(LOG_INFO, "%s opened with SSLv%d, cipher %s",
+ s_log(LOG_NOTICE, "%s opened with SSLv%d, cipher %s",
c->opt->servname, ssl->session->ssl_version, SSL_get_cipher(c->ssl));
#else
SSL_CIPHER *cipher;
@@ -689,7 +723,7 @@
len=strlen(buf);
if(len>0)
buf[len-1]='\0';
- s_log(LOG_INFO, "Negotiated ciphers: %s", buf);
+ s_log(LOG_NOTICE, "Negotiated ciphers: %s", buf);
#endif
}
Only in src: client.o
Only in src: env.lo
Only in src: libstunnel.la
Only in src: log.o
diff -ru ../stunnel-4.07/src//network.c src/network.c
--- ../stunnel-4.07/src//network.c Mon Jan 3 00:20:27 2005
+++ src/network.c Mon Jan 10 08:29:26 2005
@@ -501,6 +501,19 @@
return text;
}
+char *s_ntop_host_only(char *text, SOCKADDR_UNION *addr) {
+ char host[IPLEN-6], port[6];
+
+ if(getnameinfo(&addr->sa, addr_len(*addr),
+ host, IPLEN-6, port, 6, NI_NUMERICHOST|NI_NUMERICSERV)) {
+ sockerror("getnameinfo");
+ strcpy(text, "unresolvable IP");
+ return text;
+ }
+ strcpy(text, host);
+ return text;
+}
+
/**************************************** My getaddrinfo() and getnameinfo() */
/* implementations are limited to functionality needed by stunnel */
Only in src: network.o
diff -ru ../stunnel-4.07/src//options.c src/options.c
--- ../stunnel-4.07/src//options.c Fri Dec 31 09:53:40 2004
+++ src/options.c Mon Jan 10 08:32:55 2005
@@ -980,6 +980,29 @@
}
#endif
+ /* xforwardedfor */
+ switch(cmd) {
+ case CMD_INIT:
+ section->option.xforwardedfor=0;
+ break;
+ case CMD_EXEC:
+ if(strcasecmp(opt, "xforwardedfor"))
+ break;
+ if(!strcasecmp(arg, "yes"))
+ section->option.xforwardedfor=1;
+ else if(!strcasecmp(arg, "no"))
+ section->option.xforwardedfor=0;
+ else
+ return "argument should be either 'yes' or 'no'";
+ return NULL; /* OK */
+ case CMD_DEFAULT:
+ break;
+ case CMD_HELP:
+ log_raw("%-15s = yes|no send X-Forwarded-For HTTP headers",
+ "xforwardedfor");
+ break;
+ }
+
if(cmd==CMD_EXEC)
return option_not_found;
return NULL; /* OK */
Only in src: options.o
Only in src: protocol.o
diff -ru ../stunnel-4.07/src//prototypes.h src/prototypes.h
--- ../stunnel-4.07/src//prototypes.h Sun Jan 2 23:43:23 2005
+++ src/prototypes.h Mon Jan 10 08:34:59 2005
@@ -198,6 +198,7 @@
unsigned int delayed_lookup:1;
unsigned int accept:1;
unsigned int remote:1;
+ unsigned int xforwardedfor:1;
#ifndef USE_WIN32
unsigned int program:1;
unsigned int pty:1;
@@ -255,6 +256,8 @@
FD *sock_rfd, *sock_wfd; /* Read and write socket descriptors */
FD *ssl_rfd, *ssl_wfd; /* Read and write SSL descriptors */
int sock_bytes, ssl_bytes; /* Bytes written to socket and ssl */
+ char header_buff[48]; /* Text of X-Forwarded-For header */
+ int header_length; /* Length of X-Forwarded-For header */
} CLI;
extern int max_clients;
@@ -311,6 +314,7 @@
int name2addrlist(SOCKADDR_LIST *, char *, char *);
int hostport2addrlist(SOCKADDR_LIST *, char *, char *);
char *s_ntop(char *, SOCKADDR_UNION *);
+char *s_ntop_host_only(char *, SOCKADDR_UNION *);
/**************************************** Prototypes for gui.c */
Only in src: pty.o
Only in src: ssl.o
Only in src: sthreads.o
Only in src: stunnel
Only in src: stunnel.o
Only in src: stunnel3
More information about the stunnel-users
mailing list