Context Navigation

Back to Ticket #13816

Ticket #13816: socks5-3.0.6.patch

File socks5-3.0.6.patch, 12.1 KB (added by eric-macosforge@…, 17 years ago)
Patch to privoxy 3.0.6 to add SOCKS 5 support

config

diff -r 6ce92f2e919b config

a	b	buffer-limit 4096
991	991	#
992	992
993	993	#
994		# 5.2. forward-socks4 ~~and forward-socks4a~~
	994	# 5.2. forward-socks4, forward-socks4a and forward-socks5
995	995	# =======================================
996	996	#
997	997	# Specifies:
…	…	buffer-limit 4096
1023	1023	# Multiple lines are OK, they are checked in sequence, and the
1024	1024	# last match wins.
1025	1025	#
1026		# The difference between forward-socks4 and forward-socks4a
1027		# is that in the SOCKS 4A protocol, the DNS resolution of the
1028		# target hostname happens on the SOCKS server, while in SOCKS 4
1029		# it happens locally.
	1026
	1027	# The difference between forward-socks4 and either
	1028	# forward-socks4a or forward-socks5 is that in the SOCKS 4A and
	1029	# SOCKS 5 protocols, the DNS resolution of the target hostname
	1030	# happens on the SOCKS server, while in SOCKS 4 it happens
	1031	# locally.
1030	1032	#
1031	1033	# If http_parent is ".", then requests are not forwarded to another
1032	1034	# HTTP proxy but are made (HTTP-wise) directly to the web servers,
…	…	buffer-limit 4096
1046	1048	# HTTP parent looks like this:
1047	1049	#
1048	1050	# forward-socks4 / socks-gw.example.com:1080 .
	1051	#
	1052	# ssh dynamic forwarding can handle either SOCKS 4 or SOCKS 5
	1053	# requests. But name lookups on the server can only be done with
	1054	# SOCKS 5. To chain Privoxy and ssh dynamic forwarding using
	1055	# SOCKS5 when they are both running on the same system, you
	1056	# should use the rule:
	1057	#
	1058	# forward-socks5 / 127.0.0.1:3129 .
	1059	#
	1060	# This presumes, of course, that you've configured your ssh
	1061	# connection with 'DynamicForward 3129'.
1049	1062	#
1050	1063	# To chain Privoxy and Tor, both running on the same system,
1051	1064	# you should use the rule:

gateway.c

diff -r 6ce92f2e919b gateway.c

  static jb_socket socks4_connect(const st
                                 int target_port,
                                 struct client_state *csp);
+static jb_socket socks5_connect(const struct forward_spec * fwd,
+                                const char * target_host,
+                                int target_port,
+                                struct client_state *csp);
 #define SOCKS_REQUEST_GRANTED          90
 #define SOCKS_REQUEST_REJECT           91
 #define SOCKS_REQUEST_IDENT_FAILED     92
 #define SOCKS_REQUEST_IDENT_CONFLICT   93
+#define SOCKS5_REQUEST_GRANTED             0
+#define SOCKS5_REQUEST_FAILED              1
+#define SOCKS5_REQUEST_DENIED              2
+#define SOCKS5_REQUEST_NETWORK_UNREACHABLE 3
+#define SOCKS5_REQUEST_HOST_UNREACHABLE    4
+#define SOCKS5_REQUEST_CONNECTION_REFUSEDD 5
+#define SOCKS5_REQUEST_TTL_EXPIRED         6
+#define SOCKS5_REQUEST_PROTOCOL_ERROR      7
+#define SOCKS5_REQUEST_BAD_ADDRESS_TYPE    8
 /* structure of a socks client operation */
 struct socks_op {
-…
+ jb_socket forwarded_connect(const struct
       case SOCKS_4:
       case SOCKS_4A:
          return (socks4_connect(fwd, dest_host, dest_port, csp));
+      case SOCKS_5:
+         return (socks5_connect(fwd, dest_host, dest_port, csp));
       default:
          /* Should never get here */
-…
+ static jb_socket socks4_connect(const st
+}
+/*********************************************************************
+ *
+ * Function    :  socks4_connect
+ *
+ * Description :  Connect to the SOCKS server, and connect through
+ *                it to the specified server.   This handles
+ *                all the SOCKS negotiation, and returns a file
+ *                descriptor for a socket which can be treated as a
+ *                normal (non-SOCKS) socket.
+ *
+ * Parameters  :
+ *          1  :  fwd = Specifies the SOCKS proxy to use.
+ *          2  :  target_host = The final server to connect to.
+ *          3  :  target_port = The final port to connect to.
+ *          4  :  csp = Current client state (buffers, headers, etc...)
+ *
+ * Returns     :  JB_INVALID_SOCKET => failure, else a socket file descriptor.
+ *
+ *********************************************************************/
+static jb_socket socks5_connect(const struct forward_spec * fwd,
+                                const char * target_host,
+                                int target_port,
+                                struct client_state *csp)
+{
+   int err = 0;
+   char cbuf[BUFFER_SIZE];
+   char sbuf[BUFFER_SIZE];
+   size_t client_pos = 0;
+   ssize_t server_size = 0;
+   size_t hostlen = 0;
+   jb_socket sfd;
+   if ((fwd->gateway_host == NULL) || (*fwd->gateway_host == '\0'))
+   {
+      log_error(LOG_LEVEL_CONNECT, "socks5_connect: NULL gateway host specified");
+      err = 1;
+   }
+   if (fwd->gateway_port <= 0)
+   {
+      log_error(LOG_LEVEL_CONNECT, "socks5_connect: invalid gateway port specified");
+      err = 1;
+   }
+   hostlen = strlen(target_host);
+   if (hostlen > 0xff)
+   {
+      log_error(LOG_LEVEL_CONNECT, "socks5_connect: target host name is longer than 255 characters.");
+      err = 1;
+   }
+   if (fwd->type != SOCKS_5)
+   {
+      /* Should never get here */
+      log_error(LOG_LEVEL_FATAL, "SOCKS4 impossible internal error - bad SOCKS type.");
+      err = 1;
+   }
+   if (err)
+   {
+      errno = EINVAL;
+      return(JB_INVALID_SOCKET);
+   }
+   /* pass the request to the socks server */
+   sfd = connect_to(fwd->gateway_host, fwd->gateway_port, csp);
+   if (sfd == JB_INVALID_SOCKET)
+   {
+      return(JB_INVALID_SOCKET);
+   }
+   cbuf[client_pos++] = '\x05'; // Version
+   cbuf[client_pos++] = '\x01'; // One authentication method supported
+   cbuf[client_pos++] = '\x00'; // The no authentication authentication method
+   if (write_socket(sfd, cbuf, client_pos))
+   {
+      log_error(LOG_LEVEL_CONNECT, "SOCKS5 negotiation write failed...");
+      close_socket(sfd);
+      return(JB_INVALID_SOCKET);
+   }
+   if (read_socket(sfd, sbuf, sizeof(sbuf)) != 2)
+   {
+      log_error(LOG_LEVEL_CONNECT, "SOCKS5 negotiation read failed...");
+      err = 1;
+   }
+   if (!err && (sbuf[0] != '\x05'))
+   {
+      log_error(LOG_LEVEL_CONNECT, "SOCKS5 negotiation protocol version error");
+      err = 1;
+   }
+   if (!err && (sbuf[1] == '\xff'))
+   {
+      log_error(LOG_LEVEL_CONNECT, "SOCKS5 authentication required");
+      err = 1;
+   }
+   if (!err && (sbuf[1] != '\x00'))
+   {
+      log_error(LOG_LEVEL_CONNECT, "SOCKS5 negotiation protocol error");
+      err = 1;
+   }
+   if (err)
+   {
+      close_socket(sfd);
+      errno = EINVAL;
+      return(JB_INVALID_SOCKET);
+   }
+   client_pos = 0;
+   cbuf[client_pos++] = '\x05'; // Version
+   cbuf[client_pos++] = '\x01'; // TCP connect
+   cbuf[client_pos++] = '\x00'; // Reserved, must be 0x00
+   cbuf[client_pos++] = '\x03'; // Address is domain name
+   cbuf[client_pos++] = (char)(hostlen & 0xffu);
+   strncpy(cbuf + client_pos, target_host, 0xffu);
+   client_pos += (hostlen & 0xffu);
+   cbuf[client_pos++] = (char)((target_port >> 8) & 0xffu);
+   cbuf[client_pos++] = (char)((target_port     ) & 0xffu);
+   if (write_socket(sfd, cbuf, client_pos))
+   {
+      log_error(LOG_LEVEL_CONNECT, "SOCKS5 negotiation write failed...");
+      close_socket(sfd);
+      errno = EINVAL;
+      return(JB_INVALID_SOCKET);
+   }
+   server_size = read_socket(sfd, sbuf, sizeof(sbuf));
+   if (server_size < 3)
+   {
+      log_error(LOG_LEVEL_CONNECT, "SOCKS5 negotiation read failed...");
+      err = 1;
+   }
+   if (!err && (sbuf[0] != '\x05'))
+   {
+      log_error(LOG_LEVEL_CONNECT, "SOCKS5 negotiation protocol version error");
+      err = 1;
+   }
+   if (!err && (sbuf[2] != '\x00'))
+   {
+      log_error(LOG_LEVEL_CONNECT, "SOCKS5 negotiation protocol error");
+      err = 1;
+   }
+   if (!err)
+   {
+      switch (sbuf[1]) {
+       case SOCKS5_REQUEST_GRANTED:
+         return(sfd);
+         break;
+       case SOCKS5_REQUEST_FAILED:
+         log_error(LOG_LEVEL_CONNECT, "SOCKS5 request failed");
+         break;
+       case SOCKS5_REQUEST_DENIED:
+         log_error(LOG_LEVEL_CONNECT, "SOCKS5 request denied");
+         break;
+       case SOCKS5_REQUEST_NETWORK_UNREACHABLE:
+         log_error(LOG_LEVEL_CONNECT, "SOCKS5 request - network unreachable");
+         break;
+       case SOCKS5_REQUEST_HOST_UNREACHABLE:
+         log_error(LOG_LEVEL_CONNECT, "SOCKS5 request - host unreachable");
+         break;
+       case SOCKS5_REQUEST_CONNECTION_REFUSEDD:
+         log_error(LOG_LEVEL_CONNECT, "SOCKS5 request - connection refused");
+         break;
+       case SOCKS5_REQUEST_TTL_EXPIRED:
+         log_error(LOG_LEVEL_CONNECT, "SOCKS5 request - TTL expired");
+         break;
+       case SOCKS5_REQUEST_PROTOCOL_ERROR:
+         log_error(LOG_LEVEL_CONNECT, "SOCKS5 request - client protocol error");
+         break;
+       case SOCKS5_REQUEST_BAD_ADDRESS_TYPE:
+         log_error(LOG_LEVEL_CONNECT, "SOCKS5 request - domain names unsupported");
+         break;
+       default:
+         log_error(LOG_LEVEL_CONNECT, "SOCKS5 negotiation protocol error");
+         break;
+      }
+      err = 1;
+   }
+   close_socket(sfd);
+   errno = EINVAL;
+   return(JB_INVALID_SOCKET);
+}
 /*
   Local Variables:
   tab-width: 3

loadcfg.c

diff -r 6ce92f2e919b loadcfg.c

  static struct file_list *current_configf
 #define hash_forward                      2029845ul /* "forward" */
 #define hash_forward_socks4            3963965521ul /* "forward-socks4" */
 #define hash_forward_socks4a           2639958518ul /* "forward-socks4a" */
+#define hash_forward_socks5            3963965522ul /* "forward-socks5" */
 #define hash_forwarded_connect_retries  101465292ul /* "forwarded-connect-retries" */
 #define hash_jarfile                      2046641ul /* "jarfile" */
 #define hash_listen_address            1255650842ul /* "listen-address" */
-…
+ struct configuration_spec * load_config(
       struct forward_spec *cur_fwd;
       int vec_count;
       char *vec[3];
+      unsigned long int directive_hash = 0ul;
       strcpy(tmp, buf);
-…
+ struct configuration_spec * load_config(
       savearg(cmd, arg, config);
+      switch( hash_string( cmd ) )
+      directive_hash = hash_string( cmd );
+      switch( directive_hash )
+      {
 /* *************************************************************************
  * actionsfile actions-file-name
-…
+ struct configuration_spec * load_config(
  * forward-socks4a url-pattern socks-proxy[:port] (.|http-proxy[:port])
  * *************************************************************************/
          case hash_forward_socks4a:
+         case hash_forward_socks5:
             vec_count = ssplit(arg, " \t", vec, SZ(vec), 1, 1);
             if (vec_count != 3)
-…
+ struct configuration_spec * load_config(
                continue;
+            }
+            cur_fwd->type = SOCKS_4A;
+            if (directive_hash == hash_forward_socks4a) {
+               cur_fwd->type = SOCKS_4A;
+            } else {
+               cur_fwd->type = SOCKS_5;
+            }
             /* Save the URL pattern */
             if (create_url_spec(cur_fwd->url, vec[0]))

project.h

diff -r 6ce92f2e919b project.h

  struct block_spec
 #define SOCKS_NONE    0    /**< Don't use a SOCKS server               */
 #define SOCKS_4      40    /**< original SOCKS 4 protocol              */
 #define SOCKS_4A     41    /**< as modified for hosts w/o external DNS */
+#define SOCKS_5      50    /**< as modified for hosts w/o external DNS */
 /**
-…
+ struct forward_spec
    /** URL pattern that this forward_spec is for. */
    struct url_spec url[1];
    /** Connection type.  Must be SOCKS_NONE, SOCKS_4, or SOCKS_4A. */
+   /** Connection type.  Must be SOCKS_NONE, SOCKS_4, SOCKS_4A or SOCKS_5. */
    int   type;
    /** SOCKS server hostname.  Only valid if "type" is SOCKS_4 or SOCKS_4A. */

Download in other formats:

Original Format