MeshCentral/MeshAgent
1
0
Fork 0
mirror of https://github.com/Ylianst/MeshAgent synced 2025-12-10 13:23:41 +00:00
Code Issues Releases Wiki Activity

Updated proxy support, to defer DNS resolve to proxy

Browse Source
This commit is contained in:
Bryan Roe
2021-06-24 22:16:03 -07:00
parent f38283a9d8
commit 4f0b8f9eb4
4 changed files with 105 additions and 91 deletions
Download Patch File Download Diff File Expand all files Collapse all files

96
meshcore/agentcore.c
View File

@@ -3643,8 +3643,8 @@ void MeshServer_ConnectEx(MeshAgentHostContainer *agent)
ILibWebClient_RequestToken reqToken; ILibWebClient_RequestToken reqToken;
parser_result *rs; parser_result *rs;
parser_result_field *f; parser_result_field *f;
size_t useproxy = 0;
char webproxy[1024];
if (agent->timerLogging != 0 && agent->retryTimerSet != 0) if (agent->timerLogging != 0 && agent->retryTimerSet != 0)
{ {
@@ -3750,14 +3750,37 @@ void MeshServer_ConnectEx(MeshAgentHostContainer *agent)
serverUrlLen = (int)strnlen_s(serverUrl, serverUrlLen); serverUrlLen = (int)strnlen_s(serverUrl, serverUrlLen);
} }
if ((ILibSimpleDataStore_GetEx(agent->masterDb, "ignoreProxyFile", 15, ILibScratchPad, sizeof(ILibScratchPad)) == 0) && ((len = ILibSimpleDataStore_Get(agent->masterDb, "WebProxy", webproxy, sizeof(webproxy))) != 0 || (len = MeshAgent_GetSystemProxy(agent, webproxy, sizeof(webproxy))) != 0))
{
// Proxy was enabled/configured
if (agent->triedNoProxy_Index < agent->serverIndex && agent->proxyServer != NULL)
{
// First attempt with proxy failed, so lets try again without a proxy
agent->triedNoProxy_Index++;
agent->proxyServer = NULL;
if (duk_peval_string(agent->meshCoreCtx, "require('global-tunnel');") == 0)
{
duk_get_prop_string(agent->meshCoreCtx, -1, "end"); // [tunnel][end]
duk_swap_top(agent->meshCoreCtx, -2); // [end][this]
duk_pcall_method(agent->meshCoreCtx, 0); // [undefined]
}
duk_pop(agent->meshCoreCtx); // ...
useproxy = 0;
}
else
{
useproxy = len;
}
}
#ifndef MICROSTACK_NOTLS #ifndef MICROSTACK_NOTLS
ILibParseUriResult result = ILibParseUri(serverUrl, &host, &port, &path, &meshServer); ILibParseUriResult result = ILibParseUri(serverUrl, &host, &port, &path, useproxy ? NULL : &meshServer);
#else #else
ILibParseUri(serverUrl, &host, &port, &path, &meshServer); ILibParseUri(serverUrl, &host, &port, &path, &meshServer);
#endif #endif
if (useproxy == 0)
{
if (meshServer.sin6_family == AF_UNSPEC) if (meshServer.sin6_family == AF_UNSPEC)
{ {
// Could not resolve host name // Could not resolve host name
@@ -3789,9 +3812,10 @@ void MeshServer_ConnectEx(MeshAgentHostContainer *agent)
} }
// Update the DNS entry in the db. (It only updates if it changed) // Update the DNS entry in the db. (It only updates if it changed)
len=sprintf_s(ILibScratchPad, sizeof(ILibScratchPad), "DNS[%s]", host); len = sprintf_s(ILibScratchPad, sizeof(ILibScratchPad), "DNS[%s]", host);
char *tmp = ILibRemoteLogging_ConvertAddress((struct sockaddr*)&meshServer); char *tmp = ILibRemoteLogging_ConvertAddress((struct sockaddr*)&meshServer);
ILibSimpleDataStore_PutEx(agent->masterDb, ILibScratchPad, len,tmp , (int)strnlen_s(tmp, sizeof(ILibScratchPad))); ILibSimpleDataStore_PutEx(agent->masterDb, ILibScratchPad, len, tmp, (int)strnlen_s(tmp, sizeof(ILibScratchPad)));
}
} }
ILibRemoteLogging_printf(ILibChainGetLogger(agent->chain), ILibRemoteLogging_Modules_Agent_GuardPost, ILibRemoteLogging_Flags_VerbosityLevel_1, "AgentCore: Attempting connection to: %s", serverUrl); ILibRemoteLogging_printf(ILibChainGetLogger(agent->chain), ILibRemoteLogging_Modules_Agent_GuardPost, ILibRemoteLogging_Flags_VerbosityLevel_1, "AgentCore: Attempting connection to: %s", serverUrl);
@@ -3848,11 +3872,11 @@ void MeshServer_ConnectEx(MeshAgentHostContainer *agent)
free(path); free(path);
if (meshServer.sin6_family != AF_UNSPEC) if (useproxy != 0 || meshServer.sin6_family != AF_UNSPEC)
{ {
strcpy_s(agent->serverip, sizeof(agent->serverip), ILibRemoteLogging_ConvertAddress((struct sockaddr*)&meshServer)); if (useproxy == 0) { strcpy_s(agent->serverip, sizeof(agent->serverip), ILibRemoteLogging_ConvertAddress((struct sockaddr*)&meshServer)); }
printf("Connecting to: %s\n", agent->serveruri); printf("Connecting %sto: %s\n", useproxy!=0?"(via proxy) ":"", agent->serveruri);
if (agent->logUpdate != 0 || agent->controlChannelDebug != 0) { ILIBLOGMESSAGEX("Connecting to: %s", agent->serveruri); } if (agent->logUpdate != 0 || agent->controlChannelDebug != 0) { ILIBLOGMESSAGEX("Connecting %sto: %s", useproxy != 0 ? "(via proxy) " : "", agent->serveruri); }
ILibWebClient_AddWebSocketRequestHeaders(req, 65535, MeshServer_OnSendOK); ILibWebClient_AddWebSocketRequestHeaders(req, 65535, MeshServer_OnSendOK);
@@ -3866,51 +3890,22 @@ void MeshServer_ConnectEx(MeshAgentHostContainer *agent)
ILibWebClient_Request_SetHTTPS(reqToken, result == ILibParseUriResult_TLS ? ILibWebClient_RequestToken_USE_HTTPS : ILibWebClient_RequestToken_USE_HTTP); ILibWebClient_Request_SetHTTPS(reqToken, result == ILibParseUriResult_TLS ? ILibWebClient_RequestToken_USE_HTTPS : ILibWebClient_RequestToken_USE_HTTP);
ILibWebClient_Request_SetSNI(reqToken, host, (int)strnlen_s(host, serverUrlLen)); ILibWebClient_Request_SetSNI(reqToken, host, (int)strnlen_s(host, serverUrlLen));
#endif #endif
if ((ILibSimpleDataStore_GetEx(agent->masterDb, "ignoreProxyFile", 15, ILibScratchPad, sizeof(ILibScratchPad)) == 0) && ((len = ILibSimpleDataStore_Get(agent->masterDb, "WebProxy", ILibScratchPad, sizeof(ILibScratchPad))) != 0 || (len = MeshAgent_GetSystemProxy(agent, ILibScratchPad, sizeof(ILibScratchPad))) != 0))
if (useproxy != 0)
{ {
#ifdef MICROSTACK_PROXY // Setup Proxy Configuration
duk_eval_string(agent->meshCoreCtx, "require('http')"); // [http] duk_eval_string(agent->meshCoreCtx, "require('http')"); // [http]
duk_get_prop_string(agent->meshCoreCtx, -1, "parseUri"); // [http][parse] duk_get_prop_string(agent->meshCoreCtx, -1, "parseUri"); // [http][parse]
duk_swap_top(agent->meshCoreCtx, -2); // [parse][this] duk_swap_top(agent->meshCoreCtx, -2); // [parse][this]
duk_push_string(agent->meshCoreCtx, ILibScratchPad); // [parse][this][uri] duk_push_string(agent->meshCoreCtx, webproxy); // [parse][this][uri]
if (duk_pcall_method(agent->meshCoreCtx, 1) == 0) // [uri] if (duk_pcall_method(agent->meshCoreCtx, 1) == 0) // [uri]
{ {
unsigned short proxyPort = (unsigned short)Duktape_GetIntPropertyValue(agent->meshCoreCtx, -1, "port", 80); unsigned short proxyPort = (unsigned short)Duktape_GetIntPropertyValue(agent->meshCoreCtx, -1, "port", 80);
char *proxyHost = (char*)Duktape_GetStringPropertyValue(agent->meshCoreCtx, -1, "host", NULL); char *proxyHost = (char*)Duktape_GetStringPropertyValue(agent->meshCoreCtx, -1, "host", NULL);
char *proxyUsername = (char*)Duktape_GetStringPropertyValue(agent->meshCoreCtx, -1, "username", NULL); char *proxyUsername = (char*)Duktape_GetStringPropertyValue(agent->meshCoreCtx, -1, "username", NULL);
char *proxyPassword = (char*)Duktape_GetStringPropertyValue(agent->meshCoreCtx, -1, "password", NULL); char *proxyPassword = (char*)Duktape_GetStringPropertyValue(agent->meshCoreCtx, -1, "password", NULL);
agent->proxyServer = ILibWebClient_SetProxy2(reqToken, proxyHost, proxyPort, proxyUsername, proxyPassword, host, port);
if (agent->triedNoProxy_Index < agent->serverIndex && agent->proxyServer != NULL)
{
printf("Disabling Proxy: %s:%u\n", proxyHost, proxyPort);
agent->triedNoProxy_Index++;
agent->proxyServer = ILibWebClient_SetProxy(reqToken, NULL, 0, NULL, NULL);;
if (duk_peval_string(agent->meshCoreCtx, "require('global-tunnel');") == 0)
{
duk_get_prop_string(agent->meshCoreCtx, -1, "end"); // [tunnel][end]
duk_swap_top(agent->meshCoreCtx, -2); // [end][this]
duk_pcall_method(agent->meshCoreCtx, 0); // [undefined]
}
duk_pop(agent->meshCoreCtx); // ...
}
else
{
printf("Using proxy: %s:%u\n", proxyHost, proxyPort);
if (proxyUsername != NULL)
{
printf(" => with username: %s\n", proxyUsername);
}
if (agent->logUpdate != 0)
{
ILIBLOGMESSAGEX("Using proxy: %s:%u", proxyHost, proxyPort);
if (proxyUsername != NULL)
{
ILIBLOGMESSAGEX(" => with username: %s", proxyUsername);
}
}
agent->proxyServer = ILibWebClient_SetProxy(reqToken, proxyHost, proxyPort, proxyUsername, proxyPassword);
if (agent->proxyServer != NULL) if (agent->proxyServer != NULL)
{ {
ILibDuktape_globalTunnel_data *proxy = ILibDuktape_GetNewGlobalTunnel(agent->meshCoreCtx); ILibDuktape_globalTunnel_data *proxy = ILibDuktape_GetNewGlobalTunnel(agent->meshCoreCtx);
@@ -3922,16 +3917,7 @@ void MeshServer_ConnectEx(MeshAgentHostContainer *agent)
} }
} }
} }
} duk_pop(agent->meshCoreCtx);
duk_pop(agent->meshCoreCtx); // ...
#else
ILibRemoteLogging_printf(ILibChainGetLogger(agent->chain), ILibRemoteLogging_Modules_Agent_GuardPost | ILibRemoteLogging_Modules_ConsolePrint, ILibRemoteLogging_Flags_VerbosityLevel_1, "AgentCore.MeshServer_ConnectEx(): Proxy Specified, but support was not enabled in this build");
#endif
}
else
{
// No Proxy was specified
agent->triedNoProxy_Index++;
} }
agent->serverConnectionState = 1; // We are trying to connect agent->serverConnectionState = 1; // We are trying to connect
} }

2
microstack/ILibAsyncSocket.c
View File

@@ -153,7 +153,6 @@ typedef struct ILibAsyncSocketModule
#ifdef MICROSTACK_PROXY #ifdef MICROSTACK_PROXY
// The address and port of a HTTPS proxy // The address and port of a HTTPS proxy
struct sockaddr_in6 ProxyAddress; struct sockaddr_in6 ProxyAddress;
char ProxiedHost[255];
char ProxiedRemoteHost[255]; char ProxiedRemoteHost[255];
int ProxyState; int ProxyState;
char* ProxyUser; char* ProxyUser;
@@ -1061,6 +1060,7 @@ void ILibAsyncSocket_ClearProxySettings(void *socketModule)
{ {
struct ILibAsyncSocketModule *module = (struct ILibAsyncSocketModule*)socketModule; struct ILibAsyncSocketModule *module = (struct ILibAsyncSocketModule*)socketModule;
memset(&(module->ProxyAddress), 0, sizeof(struct sockaddr_in6)); memset(&(module->ProxyAddress), 0, sizeof(struct sockaddr_in6));
memset(module->ProxiedRemoteHost, 0, sizeof(module->ProxiedRemoteHost));
module->ProxyState = 0; module->ProxyState = 0;
} }

35
microstack/ILibWebClient.c
View File

@@ -209,6 +209,9 @@ typedef struct ILibWebClientDataObject
char CNONCE[17]; char CNONCE[17];
struct sockaddr_in6 remote; struct sockaddr_in6 remote;
struct sockaddr_in6 proxy; struct sockaddr_in6 proxy;
char proxy_username[255];
char proxy_password[255];
char proxy_remoteHostAndPort[255];
struct ILibWebClientManager *Parent; struct ILibWebClientManager *Parent;
char* DigestData; char* DigestData;
@@ -2320,13 +2323,13 @@ void ILibWebClient_PreProcess(void* WebClientModule, fd_set *readset, fd_set *wr
if (wcdo->proxy.sin6_family != AF_UNSPEC) if (wcdo->proxy.sin6_family != AF_UNSPEC)
{ {
// Use Proxy // Use Proxy
ILibAsyncSocket_ConnectToProxy( ILibAsyncSocket_ConnectToProxyEx(
wcm->socks[i], wcm->socks[i],
NULL, NULL,
(struct sockaddr*)&wcdo->remote, wcdo->proxy_remoteHostAndPort,
(struct sockaddr*)&wcdo->proxy, (struct sockaddr*)&wcdo->proxy,
NULL, wcdo->proxy_username[0]==NULL?NULL:wcdo->proxy_username,
NULL, wcdo->proxy_password[0]==NULL?NULL:wcdo->proxy_password,
ILibWebClient_OnInterrupt, ILibWebClient_OnInterrupt,
wcdo); wcdo);
} }
@@ -3816,6 +3819,9 @@ struct sockaddr_in6* ILibWebClient_SetProxy(ILibWebClient_RequestToken token, ch
{ {
ILibWebClientDataObject *wcdo = ILibWebClient_GetStateObjectFromRequestToken(token); ILibWebClientDataObject *wcdo = ILibWebClient_GetStateObjectFromRequestToken(token);
if (wcdo == NULL) { return(NULL); } if (wcdo == NULL) { return(NULL); }
memset(wcdo->proxy_username, 0, sizeof(wcdo->proxy_username));
memset(wcdo->proxy_password, 0, sizeof(wcdo->proxy_password));
if (proxyHost == NULL) if (proxyHost == NULL)
{ {
memset(&(wcdo->proxy), 0, sizeof(struct sockaddr_in6)); memset(&(wcdo->proxy), 0, sizeof(struct sockaddr_in6));
@@ -3830,14 +3836,35 @@ struct sockaddr_in6* ILibWebClient_SetProxy(ILibWebClient_RequestToken token, ch
} }
else else
{ {
if (username != NULL) { strncpy_s(wcdo->proxy_username, sizeof(wcdo->proxy_username), username, strnlen_s(username, sizeof(wcdo->proxy_username))); }
if (password != NULL) { strncpy_s(wcdo->proxy_password, sizeof(wcdo->proxy_password), password, strnlen_s(password, sizeof(wcdo->proxy_password))); }
return(&(wcdo->proxy)); return(&(wcdo->proxy));
} }
} }
struct sockaddr_in6* ILibWebClient_SetProxy2(ILibWebClient_RequestToken token, char *proxyHost, unsigned short proxyPort, char *username, char *password, char* remoteHost, unsigned short remotePort)
{
ILibWebClientDataObject *wcdo = ILibWebClient_GetStateObjectFromRequestToken(token);
struct sockaddr_in6* ret = NULL;
if (wcdo != NULL) { memset(wcdo->proxy_remoteHostAndPort, 0, sizeof(wcdo->proxy_remoteHostAndPort)); }
if ((ret = ILibWebClient_SetProxy(token, proxyHost, proxyPort, username, password)) != NULL)
{
if (sprintf_s(wcdo->proxy_remoteHostAndPort, sizeof(wcdo->proxy_remoteHostAndPort), "%s:%u", remoteHost, remotePort) < 0)
{
ILibWebClient_SetProxy(token, NULL, 0, NULL, NULL);
ret = NULL;
}
}
return(ret);
}
void ILibWebClient_SetProxyEx(ILibWebClient_RequestToken token, struct sockaddr_in6* proxyServer, char *username, char *password) void ILibWebClient_SetProxyEx(ILibWebClient_RequestToken token, struct sockaddr_in6* proxyServer, char *username, char *password)
{ {
ILibWebClientDataObject *wcdo = ILibWebClient_GetStateObjectFromRequestToken(token); ILibWebClientDataObject *wcdo = ILibWebClient_GetStateObjectFromRequestToken(token);
if (wcdo == NULL) { return; } if (wcdo == NULL) { return; }
memset(wcdo->proxy_username, 0, sizeof(wcdo->proxy_username));
memset(wcdo->proxy_password, 0, sizeof(wcdo->proxy_password));
if (username != NULL) { strncpy_s(wcdo->proxy_username, sizeof(wcdo->proxy_username), username, strnlen_s(username, sizeof(wcdo->proxy_username))); }
if (password != NULL) { strncpy_s(wcdo->proxy_password, sizeof(wcdo->proxy_password), password, strnlen_s(password, sizeof(wcdo->proxy_password))); }
memcpy_s(&(wcdo->proxy), sizeof(struct sockaddr_in6), proxyServer, sizeof(struct sockaddr_in6)); memcpy_s(&(wcdo->proxy), sizeof(struct sockaddr_in6), proxyServer, sizeof(struct sockaddr_in6));
} }
#endif #endif

1
microstack/ILibWebClient.h
View File

@@ -285,6 +285,7 @@ int ILibWebClient_Digest_NeedAuthenticate(ILibWebClient_StateObject state);
char* ILibWebClient_Digest_GetRealm(ILibWebClient_StateObject state); char* ILibWebClient_Digest_GetRealm(ILibWebClient_StateObject state);
void ILibWebClient_GenerateAuthenticationHeader(ILibWebClient_StateObject state, ILibHTTPPacket *packet, char* username, char* password); void ILibWebClient_GenerateAuthenticationHeader(ILibWebClient_StateObject state, ILibHTTPPacket *packet, char* username, char* password);
#ifdef MICROSTACK_PROXY #ifdef MICROSTACK_PROXY
struct sockaddr_in6* ILibWebClient_SetProxy2(ILibWebClient_RequestToken token, char *proxyHost, unsigned short proxyPort, char *username, char *password, char* remoteHost, unsigned short remotePort);
struct sockaddr_in6* ILibWebClient_SetProxy(ILibWebClient_RequestToken token, char *proxyHost, unsigned short proxyPort, char *username, char *password); struct sockaddr_in6* ILibWebClient_SetProxy(ILibWebClient_RequestToken token, char *proxyHost, unsigned short proxyPort, char *username, char *password);
void ILibWebClient_SetProxyEx(ILibWebClient_RequestToken token, struct sockaddr_in6* proxyServer, char *username, char *password); void ILibWebClient_SetProxyEx(ILibWebClient_RequestToken token, struct sockaddr_in6* proxyServer, char *username, char *password);
#endif #endif