tor-commits April 2014

tor-commits@lists.torproject.org

22 participants
2020 discussions

[torsocks/master] Fix: check strdup return value in config-file.c
by dgoulet＠torproject.org 04 Apr '14

04 Apr '14

commit 12460511b2f900f5a1b5cde891dc97e1bfa3167d Author: David Goulet <dgoulet(a)ev0ke.net> Date: Thu Feb 20 15:41:04 2014 +0000 Fix: check strdup return value in config-file.c Signed-off-by: David Goulet <dgoulet(a)ev0ke.net> --- src/common/config-file.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/common/config-file.c b/src/common/config-file.c index 39ca792..61a0f90 100644 --- a/src/common/config-file.c +++ b/src/common/config-file.c @@ -152,6 +152,10 @@ static int set_tor_address(const char *addr, struct configuration *config) config->conf_file.tor_domain = CONNECTION_DOMAIN_INET6; } config->conf_file.tor_address = strdup(addr); + if (!config->conf_file.tor_address) { + ret = -ENOMEM; + goto error; + } DBG("Config file setting tor address to %s", addr); ret = 0;

1 0

[torsocks/master] Fix: overload listen and not bind
by dgoulet＠torproject.org 04 Apr '14

04 Apr '14

commit 94ac23e2ea4d937839460367c123fd54f505e2d3 Author: David Goulet <dgoulet(a)ev0ke.net> Date: Thu Feb 20 14:39:57 2014 +0000 Fix: overload listen and not bind Signed-off-by: David Goulet <dgoulet(a)ev0ke.net> --- src/lib/Makefile.am | 2 +- src/lib/bind.c | 46 ---------------------------------------------- src/lib/listen.c | 46 ++++++++++++++++++++++++++++++++++++++++++++++ src/lib/torsocks.h | 22 +++++++++++----------- 4 files changed, 58 insertions(+), 58 deletions(-) diff --git a/src/lib/Makefile.am b/src/lib/Makefile.am index 403fab3..cccecf1 100644 --- a/src/lib/Makefile.am +++ b/src/lib/Makefile.am @@ -9,6 +9,6 @@ lib_LTLIBRARIES = libtorsocks.la libtorsocks_la_SOURCES = torsocks.c torsocks.h \ connect.c gethostbyname.c getaddrinfo.c close.c \ getpeername.c socket.c syscall.c socketpair.c recv.c \ - exit.c accept.c bind.c + exit.c accept.c listen.c libtorsocks_la_LIBADD = $(top_builddir)/src/common/libcommon.la diff --git a/src/lib/bind.c b/src/lib/bind.c deleted file mode 100644 index 3b1ba91..0000000 --- a/src/lib/bind.c +++ /dev/null @@ -1,46 +0,0 @@ -/* - * Copyright (C) 2014 - David Goulet <dgoulet(a)ev0ke.net> - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License, version 2 only, as - * published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for - * more details. - * - * You should have received a copy of the GNU General Public License along with - * this program; if not, write to the Free Software Foundation, Inc., 51 - * Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - */ - -#include <assert.h> - -#include "torsocks.h" - -TSOCKS_LIBC_DECL(bind, LIBC_BIND_RET_TYPE, LIBC_BIND_SIG) - -/* - * Torsocks call for bind(2). - */ -LIBC_BIND_RET_TYPE tsocks_bind(LIBC_BIND_SIG) -{ - DBG("[accept] Syscall denied since inbound connection are not allowed."); - - /* - * Bind is completely denied here since this means that the application - * can accept inbound connections that are obviously NOT handled by the Tor - * network thus reject this call. - */ - errno = EPERM; - return -1; -} - -/* - * Libc hijacked symbol bind(2). - */ -LIBC_BIND_DECL -{ - return tsocks_bind(LIBC_BIND_ARGS); -} diff --git a/src/lib/listen.c b/src/lib/listen.c new file mode 100644 index 0000000..e72f1f6 --- /dev/null +++ b/src/lib/listen.c @@ -0,0 +1,46 @@ +/* + * Copyright (C) 2014 - David Goulet <dgoulet(a)ev0ke.net> + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License, version 2 only, as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for + * more details. + * + * You should have received a copy of the GNU General Public License along with + * this program; if not, write to the Free Software Foundation, Inc., 51 + * Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include <assert.h> + +#include "torsocks.h" + +TSOCKS_LIBC_DECL(listen, LIBC_LISTEN_RET_TYPE, LIBC_LISTEN_SIG) + +/* + * Torsocks call for listen(2). + */ +LIBC_LISTEN_RET_TYPE tsocks_listen(LIBC_LISTEN_SIG) +{ + DBG("[accept] Syscall denied since inbound connection are not allowed."); + + /* + * Bind is completely denied here since this means that the application + * can accept inbound connections that are obviously NOT handled by the Tor + * network thus reject this call. + */ + errno = EPERM; + return -1; +} + +/* + * Libc hijacked symbol listen(2). + */ +LIBC_LISTEN_DECL +{ + return tsocks_listen(LIBC_LISTEN_ARGS); +} diff --git a/src/lib/torsocks.h b/src/lib/torsocks.h index 4dd0281..01c25b0 100644 --- a/src/lib/torsocks.h +++ b/src/lib/torsocks.h @@ -177,13 +177,13 @@ struct hostent **result, int *h_errnop int sockfd, struct sockaddr *addr, socklen_t *addrlen #define LIBC_ACCEPT_ARGS sockfd, addr, addrlen -/* bind(2) */ -#define LIBC_BIND_NAME bind -#define LIBC_BIND_NAME_STR XSTR(LIBC_BIND_NAME) -#define LIBC_BIND_RET_TYPE int -#define LIBC_BIND_SIG \ - int sockfd, const struct sockaddr *addr, socklen_t addrlen -#define LIBC_BIND_ARGS sockfd, addr, addrlen +/* listen(2) */ +#define LIBC_LISTEN_NAME listen +#define LIBC_LISTEN_NAME_STR XSTR(LIBC_LISTEN_NAME) +#define LIBC_LISTEN_RET_TYPE int +#define LIBC_LISTEN_SIG \ + int sockfd, int backlog +#define LIBC_LISTEN_ARGS sockfd, backlog #else #error "OS not supported." @@ -357,10 +357,10 @@ extern TSOCKS_LIBC_DECL(accept4, LIBC_ACCEPT4_RET_TYPE, LIBC_ACCEPT4_SIG) LIBC_ACCEPT4_NAME(LIBC_ACCEPT4_SIG) #endif -/* bind(2) */ -extern TSOCKS_LIBC_DECL(bind, LIBC_BIND_RET_TYPE, LIBC_BIND_SIG) -#define LIBC_BIND_DECL LIBC_BIND_RET_TYPE \ - LIBC_BIND_NAME(LIBC_BIND_SIG) +/* listen(2) */ +extern TSOCKS_LIBC_DECL(bind, LIBC_LISTEN_RET_TYPE, LIBC_LISTEN_SIG) +#define LIBC_LISTEN_DECL LIBC_LISTEN_RET_TYPE \ + LIBC_LISTEN_NAME(LIBC_LISTEN_SIG) /* * Those are actions to do during the lookup process of libc symbols. For

1 0

[torsocks/master] Fix: handle conn. type domain name for socks5 connect
by dgoulet＠torproject.org 04 Apr '14

04 Apr '14

commit 713c70741ceadd201c6b8e558ab2ac71c1c1286e Author: David Goulet <dgoulet(a)ev0ke.net> Date: Tue Feb 25 21:44:33 2014 -0500 Fix: handle conn. type domain name for socks5 connect Signed-off-by: David Goulet <dgoulet(a)ev0ke.net> --- src/common/socks5.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/common/socks5.c b/src/common/socks5.c index 9525d04..bea583b 100644 --- a/src/common/socks5.c +++ b/src/common/socks5.c @@ -135,6 +135,11 @@ int socks5_connect(struct connection *conn) * remote IPv6, we have to connect to the Tor daemon in v6. */ switch (conn->dest_addr.domain) { + case CONNECTION_DOMAIN_NAME: + /* + * For a domain name such as an onion address, use the default IPv4 to + * connect to the Tor SOCKS port. + */ case CONNECTION_DOMAIN_INET: socks5_addr = (struct sockaddr *) &tsocks_config.socks5_addr.u.sin; len = sizeof(tsocks_config.socks5_addr.u.sin);

1 0

[torsocks/master] Add SOCKS5 username/password authentication
by dgoulet＠torproject.org 04 Apr '14

04 Apr '14

commit 4f1a12e2893f609ac4dee54f21b55a6c4080aea5 Author: David Goulet <dgoulet(a)ev0ke.net> Date: Sun Mar 2 17:37:27 2014 -0500 Add SOCKS5 username/password authentication Using RFC1929, implement username/password authentication for circuit isolation feature of Tor daemon. This adds SOCKS5Username and SOCKS5Password option to torsocks.conf and also environment variable to control them (TORSOCKS_USERNAME/PASSWORD). Signed-off-by: David Goulet <dgoulet(a)ev0ke.net> --- doc/torsocks.8 | 10 +++++ doc/torsocks.conf | 7 +++ doc/torsocks.conf.5 | 12 ++++++ src/common/config-file.c | 80 ++++++++++++++++++++++++++++++++++ src/common/config-file.h | 19 +++++++++ src/common/defaults.h | 4 ++ src/common/socks5.c | 106 ++++++++++++++++++++++++++++++++++++++++++++-- src/common/socks5.h | 21 ++++++++- src/lib/torsocks.c | 79 +++++++++++++++++++++++++++++++--- 9 files changed, 328 insertions(+), 10 deletions(-) diff --git a/doc/torsocks.8 b/doc/torsocks.8 index e91c356..eb4c7dd 100644 --- a/doc/torsocks.8 +++ b/doc/torsocks.8 @@ -84,6 +84,16 @@ Control whether or not the time is added to each logging line. (default: 1) .IP TORSOCKS_LOG_FILE_PATH If set, torsocks will log in the file set by this variable. (default: stderr) +.PP +.IP TORSOCKS_USERNAME +Set the username for the SOCKS5 authentication method. Password MUST be set +also with the variable below. + +.PP +.IP TORSOCKS_PASSWORD +Set the password for the SOCKS5 authentication method. Username MUST be set +also with the variable above. + .SH KNOWN ISSUES .SS DNS diff --git a/doc/torsocks.conf b/doc/torsocks.conf index f5b4924..7653818 100644 --- a/doc/torsocks.conf +++ b/doc/torsocks.conf @@ -17,3 +17,10 @@ TorPort 9050 # ever need to actually connect to. This is similar to the MapAddress feature # of the main tor daemon. OnionAddrRange 127.42.42.0/24 + +# SOCKS5 Username and Password. This is used to isolate the torsocks connection +# circuit from other streams in Tor. Use with option IsolateSOCKSAuth (on by +# default) in tor(1). TORSOCKS_USERNAME and TORSOCKS_PASSWORD environment +# variable overrides these options. +#SOCKS5Username <username> +#SOCKS5Password <password> diff --git a/doc/torsocks.conf.5 b/doc/torsocks.conf.5 index cdafad0..6cd600f 100644 --- a/doc/torsocks.conf.5 +++ b/doc/torsocks.conf.5 @@ -59,6 +59,18 @@ course, you should pick a block of addresses which you aren't going to ever need to actually connect to. This is similar to the MapAddress feature of the main tor daemon. (default: 127.42.42.0/24) +.TP +.I SOCKS5Username +Username to use for SOCKS5 authentication method that makes the connections to +Tor to use a different circuit from other existing streams. If set, the +SOCKS5Password must be specified also. (Default: none). + +.TP +.I SOCKS5Password +Password to use for SOCKS5 authentication method that makes the connections to +Tor to use a different circuit from other existing streams. If set, the +SOCKS5Username must be specified also. (Default: none). + .SH EXAMPLE $ export TORSOCKS_CONF_FILE=$PWD/torsocks.conf $ torsocks ssh account(a)sshserver.com diff --git a/src/common/config-file.c b/src/common/config-file.c index 61a0f90..aaaa663 100644 --- a/src/common/config-file.c +++ b/src/common/config-file.c @@ -35,6 +35,76 @@ static const char *conf_toraddr_str = "TorAddress"; static const char *conf_torport_str = "TorPort"; static const char *conf_onion_str = "OnionAddrRange"; +static const char *conf_socks5_user_str = "SOCKS5Username"; +static const char *conf_socks5_pass_str = "SOCKS5Password"; + +/* + * Once this value reaches 2, it means both user and password for a SOCKS5 + * connection has been set thus use them./ + */ +static unsigned int both_socks5_pass_user_set; + +/* + * Set the SOCKS5 username to the given configuration. + * + * Return 0 on success else a negative value. + */ +int conf_file_set_socks5_user(const char *username, + struct configuration *config) +{ + int ret; + + assert(username); + assert(config); + + if (strlen(username) > sizeof(config->conf_file.socks5_username)) { + ERR("[config] Invalid %s value for %s", username, + conf_socks5_user_str); + ret = -EINVAL; + goto error; + } + + strncpy(config->conf_file.socks5_username, username, strlen(username)); + if (++both_socks5_pass_user_set == 2) { + config->socks5_use_auth = 1; + } + DBG("[config] %s set to %s", conf_socks5_user_str, username); + return 0; + +error: + return ret; +} + +/* + * Set the SOCKS5 password to the given configuration. + * + * Return 0 on success else a negative value. + */ +int conf_file_set_socks5_pass(const char *password, + struct configuration *config) +{ + int ret; + + assert(password); + assert(config); + + if (strlen(password) > sizeof(config->conf_file.socks5_password)) { + ERR("[config] Invalid %s value for %s", password, + conf_socks5_pass_str); + ret = -EINVAL; + goto error; + } + + strncpy(config->conf_file.socks5_password, password, strlen(password)); + if (++both_socks5_pass_user_set == 2) { + config->socks5_use_auth = 1; + } + DBG("[config] %s set to %s", conf_socks5_pass_str, password); + return 0; + +error: + return ret; +} /* * Set the onion pool address range in the configuration object using the value @@ -203,6 +273,16 @@ static int parse_config_line(const char *line, struct configuration *config) if (ret < 0) { goto error; } + } else if (!strcmp(tokens[0], conf_socks5_user_str)) { + ret = conf_file_set_socks5_user(tokens[1], config); + if (ret < 0) { + goto error; + } + } else if (!strcmp(tokens[0], conf_socks5_pass_str)) { + ret = conf_file_set_socks5_pass(tokens[1], config); + if (ret < 0) { + goto error; + } } else { WARN("Config file contains unknown value: %s", line); } diff --git a/src/common/config-file.h b/src/common/config-file.h index 1fc23bf..04dbf42 100644 --- a/src/common/config-file.h +++ b/src/common/config-file.h @@ -23,6 +23,7 @@ #include <netinet/in.h> #include "connection.h" +#include "socks5.h" /* * Represent the values in a configuration file (torsocks.conf). Basically, @@ -42,6 +43,13 @@ struct config_file { */ in_addr_t onion_base; uint8_t onion_mask; + + /* + * Username and password for Tor stream isolation for the SOCKS5 connection + * method. + */ + char socks5_username[SOCKS5_USERNAME_LEN]; + char socks5_password[SOCKS5_PASSWORD_LEN]; }; /* @@ -57,9 +65,20 @@ struct configuration { * Socks5 address so basically where to connect to Tor. */ struct connection_addr socks5_addr; + + /* + * Indicate if we should use SOCKS5 authentication. If this value is set, + * both the username and password in the configuration file MUST be + * initialized to something of len > 0. + */ + unsigned int socks5_use_auth:1; }; int config_file_read(const char *filename, struct configuration *config); void config_file_destroy(struct config_file *conf); +int conf_file_set_socks5_pass(const char *password, + struct configuration *config); +int conf_file_set_socks5_user(const char *username, + struct configuration *config); #endif /* CONFIG_FILE_H */ diff --git a/src/common/defaults.h b/src/common/defaults.h index b2ad372..fe35a6d 100644 --- a/src/common/defaults.h +++ b/src/common/defaults.h @@ -59,4 +59,8 @@ #define DEFAULT_ONION_ADDR_RANGE "127.42.42.0" #define DEFAULT_ONION_ADDR_MASK "24" +/* Env. variable for SOCKS5 authentication */ +#define DEFAULT_SOCKS5_USER_ENV "TORSOCKS_USERNAME" +#define DEFAULT_SOCKS5_PASS_ENV "TORSOCKS_PASSWORD" + #endif /* TORSOCKS_DEFAULTS_H */ diff --git a/src/common/socks5.c b/src/common/socks5.c index bea583b..9610f51 100644 --- a/src/common/socks5.c +++ b/src/common/socks5.c @@ -43,7 +43,7 @@ static ssize_t recv_data(int fd, void *buf, size_t len) index = 0; do { read_len = recv(fd, buf + index, read_left, 0); - if (read_len < 0) { + if (read_len <= 0) { ret = -errno; if (errno == EINTR) { /* Try again after interruption. */ @@ -54,6 +54,10 @@ static ssize_t recv_data(int fd, void *buf, size_t len) ret = index; } continue; + } else if (read_len == 0) { + /* Orderly shutdown from Tor daemon. Stop. */ + ret = -1; + goto error; } else { PERROR("recv socks5 data"); goto error; @@ -181,7 +185,7 @@ error: * Return 0 on success or else a negative errno value. */ ATTR_HIDDEN -int socks5_send_method(struct connection *conn) +int socks5_send_method(struct connection *conn, uint8_t type) { int ret = 0; ssize_t ret_send; @@ -192,7 +196,7 @@ int socks5_send_method(struct connection *conn) msg.ver = SOCKS5_VERSION; msg.nmethods = 0x01; - msg.methods = SOCKS5_NO_AUTH_METHOD; + msg.methods = type; DBG("Socks5 sending method ver: %d, nmethods 0x%02x, methods 0x%02x", msg.ver, msg.nmethods, msg.methods); @@ -244,6 +248,102 @@ error: } /* + * Send a username/password request to the given connection connected to the + * SOCKS5 Tor port. + * + * Return 0 on success else a negative errno value. + */ +ATTR_HIDDEN +int socks5_send_user_pass_request(struct connection *conn, + const char *user, const char *pass) +{ + int ret; + size_t data_len, user_len, pass_len; + ssize_t ret_send; + /* + * As stated in rfc1929, 3 bytes for ver, ulen, plen, the maximum len for + * the username and the password. + */ + unsigned char buffer[(3 * sizeof(uint8_t)) + + (SOCKS5_USERNAME_LEN + SOCKS5_PASSWORD_LEN)]; + + assert(conn); + assert(conn->fd >= 0); + assert(user); + assert(pass); + + user_len = strlen(user); + pass_len = strlen(pass); + /* Extra protection. */ + if (user_len > SOCKS5_USERNAME_LEN || + pass_len > SOCKS5_PASSWORD_LEN) { + ret = -EINVAL; + goto error; + } + + /* + * Ok so we have to setup the SOCKS5 payload since the strings are of + * variable len. + */ + buffer[0] = SOCKS5_USER_PASS_VER; + buffer[1] = user_len; + data_len = 2; + memcpy(buffer + data_len, user, user_len); + data_len += user_len; + memcpy(buffer + data_len, &pass_len, 1); + data_len += 1; + memcpy(buffer + data_len, pass, pass_len); + data_len += pass_len; + + ret_send = send_data(conn->fd, buffer, data_len); + if (ret_send < 0) { + ret = ret_send; + goto error; + } + /* Data was sent successfully. */ + ret = 0; + + DBG("Socks5 username %s and password %s sent successfully", user, pass); + +error: + return ret; +} + +/* + * Receive username/password reply for the given connection connected to the + * SOCKS5 Tor port. + * + * Return 0 on success else a negative errno value. + */ +ATTR_HIDDEN +int socks5_recv_user_pass_reply(struct connection *conn) +{ + int ret; + ssize_t ret_recv; + struct socks5_user_pass_reply msg; + + assert(conn); + assert(conn->fd >= 0); + + ret_recv = recv_data(conn->fd, &msg, sizeof(msg)); + if (ret_recv < 0) { + ret = ret_recv; + goto error; + } + + if (msg.status != SOCKS5_REPLY_SUCCESS) { + ret = -EINVAL; + goto error; + } + /* All good */ + ret = 0; + +error: + DBG("Socks5 username/password auth status %d", msg.status); + return ret; +} + +/* * Send a connect request to the SOCKS5 server using the given connection and * the destination address in it pointing to the destination that needs to be * reached through Tor. diff --git a/src/common/socks5.h b/src/common/socks5.h index e2ca52f..d589c14 100644 --- a/src/common/socks5.h +++ b/src/common/socks5.h @@ -32,8 +32,12 @@ * METHOD" [00] is supported and should be used. */ #define SOCKS5_NO_AUTH_METHOD 0x00 +#define SOCKS5_USER_PASS_METHOD 0x02 #define SOCKS5_NO_ACCPT_METHOD 0xFF +/* SOCKS5 rfc1929 username and password authentication. */ +#define SOCKS5_USER_PASS_VER 0x01 + /* Request command. */ #define SOCKS5_CMD_CONNECT 0x01 #define SOCKS5_CMD_RESOLVE 0xF0 @@ -55,6 +59,10 @@ #define SOCKS5_REPLY_CMD_NOTSUP 0x07 #define SOCKS5_REPLY_ADR_NOTSUP 0x08 +/* As described in rfc1929. */ +#define SOCKS5_USERNAME_LEN 255 +#define SOCKS5_PASSWORD_LEN 255 + /* Request data structure for the method. */ struct socks5_method_req { uint8_t ver; @@ -118,12 +126,23 @@ struct socks5_reply { uint8_t atyp; }; +/* Username/password reply message. */ +struct socks5_user_pass_reply { + uint8_t ver; + uint8_t status; +}; + int socks5_connect(struct connection *conn); /* Method messaging. */ -int socks5_send_method(struct connection *conn); +int socks5_send_method(struct connection *conn, uint8_t type); int socks5_recv_method(struct connection *conn); +/* Username/Password request. */ +int socks5_send_user_pass_request(struct connection *conn, + const char *user, const char *pass); +int socks5_recv_user_pass_reply(struct connection *conn); + /* Connect request. */ int socks5_send_connect_request(struct connection *conn); int socks5_recv_connect_reply(struct connection *conn); diff --git a/src/lib/torsocks.c b/src/lib/torsocks.c index 9b3100c..b8f38fb 100644 --- a/src/lib/torsocks.c +++ b/src/lib/torsocks.c @@ -66,6 +66,45 @@ static void clean_exit(int status) } /* + * Read SOCKS5 username and password environment variable and if found set them + * in the configuration. If we are setuid, return gracefully. + */ +static void read_user_pass_env(void) +{ + int ret; + const char *username, *password; + + if (is_suid) { + goto end; + } + + username = getenv(DEFAULT_SOCKS5_USER_ENV); + password = getenv(DEFAULT_SOCKS5_PASS_ENV); + if (!username && !password) { + goto end; + } + + ret = conf_file_set_socks5_user(username, &tsocks_config); + if (ret < 0) { + goto error; + } + + ret = conf_file_set_socks5_pass(password, &tsocks_config); + if (ret < 0) { + goto error; + } + +end: + return; +error: + /* + * Error while setting user/pass variable. Stop everything so the user can + * be notified and fix the issue. + */ + clean_exit(EXIT_FAILURE); +} + +/* * Initialize torsocks configuration from a given conf file or the default one. */ static void init_config(void) @@ -119,6 +158,9 @@ static void init_config(void) */ clean_exit(EXIT_FAILURE); } + + /* Handle SOCKS5 user/pass env. variables. */ + read_user_pass_env(); } /* @@ -261,7 +303,8 @@ static void __attribute__((destructor)) tsocks_exit(void) * * Return 0 on success else a negative value. */ -static int setup_tor_connection(struct connection *conn) +static int setup_tor_connection(struct connection *conn, + uint8_t socks5_method) { int ret; @@ -274,7 +317,7 @@ static int setup_tor_connection(struct connection *conn) goto error; } - ret = socks5_send_method(conn); + ret = socks5_send_method(conn, socks5_method); if (ret < 0) { goto error; } @@ -330,7 +373,8 @@ error: /* * Initiate a SOCK5 connection to the Tor network using the given connection. * The socks5 API will use the torsocks configuration object to find the tor - * daemon. + * daemon. If a username/password has been set use that method for the SOCKS5 + * connection. * * Return 0 on success or else a negative value being the errno value that * needs to be sent back. @@ -338,16 +382,39 @@ error: int tsocks_connect_to_tor(struct connection *conn) { int ret; + uint8_t socks5_method; assert(conn); DBG("Connecting to the Tor network on fd %d", conn->fd); - ret = setup_tor_connection(conn); + /* Is this configuration is set to use SOCKS5 authentication. */ + if (tsocks_config.socks5_use_auth) { + socks5_method = SOCKS5_USER_PASS_METHOD; + } else { + socks5_method = SOCKS5_NO_AUTH_METHOD; + } + + ret = setup_tor_connection(conn, socks5_method); if (ret < 0) { goto error; } + /* For the user/pass method, send the request before connect. */ + if (socks5_method == SOCKS5_USER_PASS_METHOD) { + ret = socks5_send_user_pass_request(conn, + tsocks_config.conf_file.socks5_username, + tsocks_config.conf_file.socks5_password); + if (ret < 0) { + goto error; + } + + ret = socks5_recv_user_pass_reply(conn); + if (ret < 0) { + goto error; + } + } + ret = socks5_send_connect_request(conn); if (ret < 0) { goto error; @@ -422,7 +489,7 @@ int tsocks_tor_resolve(int af, const char *hostname, void *ip_addr) goto error; } - ret = setup_tor_connection(&conn); + ret = setup_tor_connection(&conn, SOCKS5_NO_AUTH_METHOD); if (ret < 0) { goto end_close; } @@ -470,7 +537,7 @@ int tsocks_tor_resolve_ptr(const char *addr, char **ip, int af) } conn.dest_addr.domain = CONNECTION_DOMAIN_INET; - ret = setup_tor_connection(&conn); + ret = setup_tor_connection(&conn, SOCKS5_NO_AUTH_METHOD); if (ret < 0) { goto end_close; }

1 0

[torsocks/master] Add -u/-p/-d to torsocks script
by dgoulet＠torproject.org 04 Apr '14

04 Apr '14

commit f0250901ac3ecef397bd86782ebbc3ced7f0d502 Author: David Goulet <dgoulet(a)ev0ke.net> Date: Mon Mar 3 15:04:43 2014 -0500 Add -u/-p/-d to torsocks script The -u, --user and -p, --pass are for the SOCKS5 authentication where -d, --debug is to set torsocks in DEBUG mode. Improve the usage output and make sure torsocks on/off is being sourced else exit with error. Signed-off-by: David Goulet <dgoulet(a)ev0ke.net> --- src/bin/torsocks.in | 125 ++++++++++++++++++++++++++++++++++++--------------- 1 file changed, 90 insertions(+), 35 deletions(-) diff --git a/src/bin/torsocks.in b/src/bin/torsocks.in index 9abc5e8..a392d0b 100644 --- a/src/bin/torsocks.in +++ b/src/bin/torsocks.in @@ -100,7 +100,9 @@ torify_app () # NEVER remove that line or else nothing it torified. set_ld_preload - if [ -z $app_path ]; then + if [ -z $1 ]; then + echo "Please provide an application to torify." >&2 + elif [ -z $app_path ]; then echo "ERROR: $1 cannot be found." >&2 exit 1 elif [ -u $app_path -o -g $app_path ]; then @@ -123,14 +125,32 @@ usage () echo " -h, --help Show this help" echo " --shell Spawn a torified shell" echo " --version Show version" - echo " on, off Add or remove torsocks library from @LDPRELOAD@" - echo " show, sh Show the current value of the @LDPRELOAD@" + echo " -d, --debug Set debug mode." + echo " -u, --user NAME Username for the SOCKS5 authentication" + echo " -p, --pass NAME Password for the SOCKS5 authentication" + echo " on, off Set/Unset your shell to use Torsocks by default" + echo " Make sure to source the call when using this option. (See Examples)" + echo " show, sh Show the current value of the LD_PRELOAD" echo "" - echo "Example:" + echo "Examples:" + echo "" + echo "Simple use of torsocks with SSH" echo " $ torsocks ssh user(a)host.com -p 1234" echo "" + echo "Set your current shell in Tor mode." + echo " $ . torsocks on" + echo "" echo "Please see torsocks(1), torsocks.conf(5) and torsocks(8) for more information." +} +# Check if we are being sourced. +check_script_sourced() +{ + if [ "$_" = "$0" ]; then + echo "Torsocks MUST be sourced for this command to work" >&2 + echo " $ . torsocks $1" >&2 + exit 1 + fi } if [ $# -eq 0 ] ; then @@ -144,34 +164,69 @@ if [ ! -f $SHLIB ]; then exit fi -case "$1" in - on) - set_ld_preload - ;; - off) - export @LDPRELOAD@=`echo -n $@LDPRELOAD@ | sed "s#$SHLIB *##"` - if [ -z "$@LDPRELOAD@" ]; then - unset @LDPRELOAD@ - case "$OSTYPE" in - darwin*) - unset DYLD_FORCE_FLAT_NAMESPACE - ;; - esac - fi - ;; - show|sh) - echo "@LDPRELOAD@=\"$@LDPRELOAD@\"" - ;; - -h|--help|-?) - usage - ;; - --shell) - tor_shell - ;; - --version) - echo "Torsocks @VERSION@" - ;; - *) - torify_app "$@" - ;; -esac +while true; +do + case "$1" in + on) + check_script_sourced $1 + set_ld_preload + echo "Tor mode activated. Every command will be torified for this shell." + break + ;; + off) + check_script_sourced $1 + export @LDPRELOAD@=`echo -n $@LDPRELOAD@ | sed "s#$SHLIB *##"` + if [ -z "$@LDPRELOAD@" ]; then + unset @LDPRELOAD@ + case "$OSTYPE" in + darwin*) + unset DYLD_FORCE_FLAT_NAMESPACE + ;; + esac + fi + echo "Tor mode deactivated. Command will NOT go through Tor anymore." + break + ;; + show|sh) + echo "@LDPRELOAD@=\"$@LDPRELOAD@\"" + break + ;; + -h|--help) + usage + break + ;; + -u|--user) + if [ -z $2 ]; then + echo "Missing username to -u" >&2 + exit 1 + fi + export TORSOCKS_USERNAME=$2 + shift + ;; + -p|--pass) + if [ -z $2 ]; then + echo "Missing password to -p" >&2 + exit 1 + fi + export TORSOCKS_PASSWORD=$2 + shift + ;; + -d|--debug) + # Set full DEBUG with 5 being the highest possible level. + export TORSOCKS_LOG_LEVEL=5 + ;; + --shell) + tor_shell + break + ;; + --version) + echo "Torsocks @VERSION@" + break + ;; + *) + torify_app "$@" + break + ;; + esac + shift +done

1 0

[torsocks/master] Test: add socks5 tests
by dgoulet＠torproject.org 04 Apr '14

04 Apr '14

commit 20e0b3820577e006858b17633290d7f04eab9166 Author: Luke Gallagher <luke(a)hypergeometric.net> Date: Thu Feb 13 10:43:43 2014 +1100 Test: add socks5 tests Introduce function pointers for send_data and recv_data so they can be replaced for testing. Closes #25 Signed-off-by: David Goulet <dgoulet(a)ev0ke.net> --- .gitignore | 1 + src/common/socks5.c | 41 +- src/common/socks5.h | 3 + tests/test_list | 1 + tests/unit/Makefile.am | 8 +- tests/unit/test_socks5.c | 1262 ++++++++++++++++++++++++++++++++++++++++++++++ 6 files changed, 1313 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index eb70007..5394c5b 100644 --- a/.gitignore +++ b/.gitignore @@ -48,3 +48,4 @@ tests/unit/test_onion tests/unit/test_connection tests/unit/test_utils tests/unit/test_config-file +tests/unit/test_socks5 diff --git a/src/common/socks5.c b/src/common/socks5.c index e725c56..3c9544a 100644 --- a/src/common/socks5.c +++ b/src/common/socks5.c @@ -32,7 +32,7 @@ * * Return the number of bytes received or a negative errno error. */ -static ssize_t recv_data(int fd, void *buf, size_t len) +static ssize_t recv_data_impl(int fd, void *buf, size_t len) { ssize_t ret, read_len, read_left, index; @@ -75,12 +75,17 @@ error: } /* + * Initialize recv_data function pointer. + */ +static ssize_t (*recv_data)(int, void *, size_t) = recv_data_impl; + +/* * Send data to a given file descriptor using send(2). This handles partial * send and EINTR. * * Return the number of bytes sent or a negative errno error. */ -static ssize_t send_data(int fd, const void *buf, size_t len) +static ssize_t send_data_impl(int fd, const void *buf, size_t len) { ssize_t ret, sent_len, sent_left, index; @@ -119,6 +124,11 @@ error: } /* + * Initialize send_data function pointer. + */ +static ssize_t (*send_data)(int, const void *, size_t) = send_data_impl; + +/* * Connect to socks5 server address from the global configuration. * * Return 0 on success or else a negative value. @@ -812,3 +822,30 @@ error: free(hostname); return ret; } + +/* + * Initialize the function pointers send_data and recv_data. Passing in a NULL + * value will reset them to the original implementations. + * + * Note that where send_data and recv_data are defined they are initialized to + * the default implementations. + * + * The ability to set the send/recv data functions are mainly for the tests so + * error/validation can be inject in the SOCKS5 codeflow. + */ +ATTR_HIDDEN +void socks5_init(ssize_t (*new_send_data)(int, const void *, size_t), + ssize_t (*new_recv_data)(int, void *, size_t)) +{ + if (!new_send_data) { + send_data = send_data_impl; + } else { + send_data = new_send_data; + } + + if (!new_recv_data) { + recv_data = recv_data_impl; + } else { + recv_data = new_recv_data; + } +} diff --git a/src/common/socks5.h b/src/common/socks5.h index d589c14..35c7d2b 100644 --- a/src/common/socks5.h +++ b/src/common/socks5.h @@ -154,4 +154,7 @@ int socks5_recv_resolve_reply(struct connection *conn, void *addr, int socks5_recv_resolve_ptr_reply(struct connection *conn, char **_hostname); int socks5_send_resolve_ptr_request(struct connection *conn, const void *ip, int af); +void socks5_init(ssize_t (*new_send_data)(int, const void *, size_t), + ssize_t (*new_recv_data)(int, void *, size_t)); + #endif /* TORSOCKS_SOCKS_H */ diff --git a/tests/test_list b/tests/test_list index e1fa93b..0c22c5e 100644 --- a/tests/test_list +++ b/tests/test_list @@ -3,3 +3,4 @@ ./unit/test_connection ./unit/test_utils ./unit/test_config-file +./unit/test_socks5 diff --git a/tests/unit/Makefile.am b/tests/unit/Makefile.am index f2b5efa..3fd9c19 100644 --- a/tests/unit/Makefile.am +++ b/tests/unit/Makefile.am @@ -2,13 +2,16 @@ AM_CFLAGS = -I$(top_srcdir)/include \ -I$(top_srcdir)/src \ -I$(top_srcdir)/tests/utils/ \ -I$(srcdir) \ + -I$(top_srcdir)/src/lib \ -DTORSOCKS_FIXTURE_PATH=\"`pwd`/fixtures/\" LIBTAP=$(top_builddir)/tests/utils/tap/libtap.la LIBCOMMON=$(top_builddir)/src/common/libcommon.la -noinst_PROGRAMS = test_onion test_connection test_utils test_config-file +LIBTORSOCKS=$(top_builddir)/src/lib/libtorsocks.la + +noinst_PROGRAMS = test_onion test_connection test_utils test_config-file test_socks5 EXTRA_DIST = fixtures @@ -23,3 +26,6 @@ test_utils_LDADD = $(LIBTAP) $(LIBCOMMON) test_config_file_SOURCES = test_config-file.c test_config_file_LDADD = $(LIBTAP) $(LIBCOMMON) + +test_socks5_SOURCES = test_socks5.c +test_socks5_LDADD = $(LIBTAP) $(LIBCOMMON) $(LIBTORSOCKS) diff --git a/tests/unit/test_socks5.c b/tests/unit/test_socks5.c new file mode 100644 index 0000000..b3ed081 --- /dev/null +++ b/tests/unit/test_socks5.c @@ -0,0 +1,1262 @@ +/* + * Copyright (C) 2013 - David Goulet <dgoulet(a)ev0ke.net> + * Luke Gallagher <luke(a)hypergeometric.net> + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License, version 2 only, as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for + * more details. + * + * You should have received a copy of the GNU General Public License along with + * this program; if not, write to the Free Software Foundation, Inc., 51 + * Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include <stdio.h> +#include <stdlib.h> +#include <arpa/inet.h> + +#include <common/connection.h> +#include <common/defaults.h> +#include <common/socks5.h> + +#include <tap/tap.h> + +#define NUM_TESTS 41 + +static struct socks5_method_req method_req; +static struct socks5_request req; +static struct socks5_request_ipv4 req_ipv4; +static struct socks5_request_ipv6 req_ipv6; +static struct socks5_request_domain req_name; +static struct socks5_request_resolve req_resolve; +static struct socks5_request_resolve_ptr req_resolve_ptr; + +static struct connection *get_connection_stub(void) +{ + struct connection *conn = NULL; + struct connection_addr c_addr; + + connection_addr_set(CONNECTION_DOMAIN_INET, + DEFAULT_TOR_ADDRESS, + DEFAULT_TOR_PORT, + &c_addr); + conn = connection_create(1, (struct sockaddr *) &c_addr.u.sin); + + return conn; +} + +static struct connection *get_connection_ipv6_stub(void) +{ + struct connection *conn = NULL; + struct connection_addr c_addr; + + connection_addr_set(CONNECTION_DOMAIN_INET6, "::1", 9050, &c_addr); + conn = connection_create(1, (struct sockaddr *) &c_addr.u.sin6); + + return conn; +} + +static struct connection *get_connection_domain_stub(void) +{ + struct connection *conn = NULL; + char addr_str[] = "example.org"; + + conn = connection_create(1, NULL); + conn->dest_addr.domain = CONNECTION_DOMAIN_NAME; + conn->dest_addr.hostname.addr = strndup(addr_str, strlen(addr_str)); + conn->dest_addr.hostname.port = htons(9050); + + return conn; +} + +static void set_socks5_request(const void *buffer) +{ + req.ver = ((struct socks5_request *)buffer)->ver; + req.cmd = ((struct socks5_request *)buffer)->cmd; + req.rsv = ((struct socks5_request *)buffer)->rsv; + req.atyp = ((struct socks5_request *)buffer)->atyp; +} + +static ssize_t socks5_send_data_error_stub(int fd, const void *buf, size_t len) +{ + return -1; +} + +static ssize_t socks5_recv_data_error_stub(int fd, void *buf, size_t len) +{ + return -1; +} + +/* + * socks5_send_method test doubles. + */ + +static ssize_t socks5_send_method_valid_spy(int fd, const void *buf, size_t len) +{ + method_req.ver = ((struct socks5_method_req *)buf)->ver; + method_req.nmethods = ((struct socks5_method_req *)buf)->nmethods; + method_req.methods = ((struct socks5_method_req *)buf)->methods; + + return 1; +} + +/* + * socks5_recv_method test doubles. + */ + +static ssize_t socks5_recv_method_valid_stub(int fd, void *buf, size_t len) +{ + ((struct socks5_method_res *)buf)->ver = SOCKS5_VERSION; + ((struct socks5_method_res *)buf)->method = SOCKS5_NO_AUTH_METHOD; + + return 1; +} + +static ssize_t socks5_recv_method_wrong_version_stub(int fd, void *buf, + size_t len) +{ + ((struct socks5_method_res *)buf)->ver = 0x04; + ((struct socks5_method_res *)buf)->method = SOCKS5_NO_AUTH_METHOD; + + return 1; +} + +static ssize_t socks5_recv_method_no_accept_stub(int fd, void *buf, size_t len) +{ + ((struct socks5_method_res *)buf)->ver = SOCKS5_VERSION; + ((struct socks5_method_res *)buf)->method = SOCKS5_NO_ACCPT_METHOD; + + return 1; +} + +/* + * send_connect_request test doubles + */ + +static ssize_t socks5_send_connect_request_ipv4_spy(int fd, const void *buf, + size_t len) +{ + ssize_t buf_len = 0; + + set_socks5_request(buf); + buf_len += sizeof(struct socks5_request); + + req_ipv4 = (*(struct socks5_request_ipv4 *) (buf + buf_len)); + + return 1; +} + +static ssize_t socks5_send_connect_request_ipv6_spy(int fd, const void *buf, + size_t len) +{ + ssize_t buf_len = 0; + + set_socks5_request(buf); + buf_len += sizeof(struct socks5_request); + + req_ipv6 = (*(struct socks5_request_ipv6 *) (buf + buf_len)); + + return 1; +} + +static ssize_t socks5_send_connect_request_domain_spy(int fd, const void *buf, + size_t len) +{ + ssize_t buf_len = 0; + + set_socks5_request(buf); + buf_len += sizeof(struct socks5_request); + + /* + * Use memcpy since req_name.name is variable length. + */ + memcpy(&req_name.len, buf + buf_len, sizeof(req_name.len)); + buf_len += sizeof(req_name.len); + memcpy(&req_name.name, buf + buf_len, req_name.len); + buf_len += req_name.len; + memcpy(&req_name.port, buf + buf_len, sizeof(req_name.port)); + + return 1; +} + +/* + * socks5_receive_connect_reply test doubles. + */ + +static ssize_t socks5_recv_connect_reply_ipv4_success_stub(int fd, void *buf, + size_t len) +{ + ((struct socks5_reply *)buf)->ver = SOCKS5_VERSION; + ((struct socks5_reply *)buf)->rep = SOCKS5_REPLY_SUCCESS; + ((struct socks5_reply *)buf)->rsv = 0; + ((struct socks5_reply *)buf)->atyp = SOCKS5_ATYP_IPV4; + + return 1; +} + +static ssize_t socks5_recv_connect_reply_ipv4_fail_stub(int fd, void *buf, + size_t len) +{ + ((struct socks5_reply *)buf)->ver = SOCKS5_VERSION; + ((struct socks5_reply *)buf)->rep = SOCKS5_REPLY_FAIL; + ((struct socks5_reply *)buf)->rsv = 0; + ((struct socks5_reply *)buf)->atyp = SOCKS5_ATYP_IPV4; + + return 1; +} + +static ssize_t socks5_recv_connect_reply_ipv4_deny_rule_stub(int fd, void *buf, + size_t len) +{ + ((struct socks5_reply *)buf)->ver = SOCKS5_VERSION; + ((struct socks5_reply *)buf)->rep = SOCKS5_REPLY_DENY_RULE; + ((struct socks5_reply *)buf)->rsv = 0; + ((struct socks5_reply *)buf)->atyp = SOCKS5_ATYP_IPV4; + + return 1; +} + +static ssize_t socks5_recv_connect_reply_ipv4_no_net_stub(int fd, void *buf, + size_t len) +{ + ((struct socks5_reply *)buf)->ver = SOCKS5_VERSION; + ((struct socks5_reply *)buf)->rep = SOCKS5_REPLY_NO_NET; + ((struct socks5_reply *)buf)->rsv = 0; + ((struct socks5_reply *)buf)->atyp = SOCKS5_ATYP_IPV4; + + return 1; +} + +static ssize_t socks5_recv_connect_reply_ipv4_no_host_stub(int fd, void *buf, + size_t len) +{ + ((struct socks5_reply *)buf)->ver = SOCKS5_VERSION; + ((struct socks5_reply *)buf)->rep = SOCKS5_REPLY_NO_HOST; + ((struct socks5_reply *)buf)->rsv = 0; + ((struct socks5_reply *)buf)->atyp = SOCKS5_ATYP_IPV4; + + return 1; +} + +static ssize_t socks5_recv_connect_reply_ipv4_refused_stub(int fd, void *buf, + size_t len) +{ + ((struct socks5_reply *)buf)->ver = SOCKS5_VERSION; + ((struct socks5_reply *)buf)->rep = SOCKS5_REPLY_REFUSED; + ((struct socks5_reply *)buf)->rsv = 0; + ((struct socks5_reply *)buf)->atyp = SOCKS5_ATYP_IPV4; + + return 1; +} + +static ssize_t socks5_recv_connect_reply_ipv4_ttl_expired_stub(int fd, void *buf, + size_t len) +{ + ((struct socks5_reply *)buf)->ver = SOCKS5_VERSION; + ((struct socks5_reply *)buf)->rep = SOCKS5_REPLY_TTL_EXP; + ((struct socks5_reply *)buf)->rsv = 0; + ((struct socks5_reply *)buf)->atyp = SOCKS5_ATYP_IPV4; + + return 1; +} + +static ssize_t socks5_recv_connect_reply_ipv4_cmd_not_supported_stub(int fd, + void *buf, size_t len) +{ + ((struct socks5_reply *)buf)->ver = SOCKS5_VERSION; + ((struct socks5_reply *)buf)->rep = SOCKS5_REPLY_CMD_NOTSUP; + ((struct socks5_reply *)buf)->rsv = 0; + ((struct socks5_reply *)buf)->atyp = SOCKS5_ATYP_IPV4; + + return 1; +} + +static ssize_t socks5_recv_connect_reply_ipv4_addr_not_supported_stub(int fd, + void *buf, size_t len) +{ + ((struct socks5_reply *)buf)->ver = SOCKS5_VERSION; + ((struct socks5_reply *)buf)->rep = SOCKS5_REPLY_ADR_NOTSUP; + ((struct socks5_reply *)buf)->rsv = 0; + ((struct socks5_reply *)buf)->atyp = SOCKS5_ATYP_IPV4; + + return 1; +} + +static ssize_t socks5_recv_connect_reply_ipv4_unkown_stub(int fd, void *buf, + size_t len) +{ + ((struct socks5_reply *)buf)->ver = SOCKS5_VERSION; + ((struct socks5_reply *)buf)->rep = 0x9; /* unassigned code */ + ((struct socks5_reply *)buf)->rsv = 0; + ((struct socks5_reply *)buf)->atyp = SOCKS5_ATYP_IPV4; + + return 1; +} + +static ssize_t socks5_recv_connect_reply_ipv6_success_stub(int fd, void *buf, + size_t len) +{ + ((struct socks5_reply *)buf)->ver = SOCKS5_VERSION; + ((struct socks5_reply *)buf)->rep = SOCKS5_REPLY_SUCCESS; + ((struct socks5_reply *)buf)->rsv = 0; + ((struct socks5_reply *)buf)->atyp = SOCKS5_ATYP_IPV6; + + return 1; +} + +/* + * socks5_send_resolve_request test doubles. + */ + +static ssize_t socks5_send_resolve_request_valid_spy(int fd, const void *buf, + size_t len) +{ + ssize_t buf_len = 0; + + set_socks5_request(buf); + buf_len += sizeof(struct socks5_request); + + memcpy(&req_resolve.len, buf + buf_len, sizeof(req_resolve.len)); + buf_len += sizeof(req_resolve.len); + memcpy(&req_resolve.name, buf + buf_len, req_resolve.len); + + return 1; +} + +/* + * socks5_recv_resolve_reply test doubles. + */ + +static ssize_t socks5_recv_resolve_reply_ipv4_stub(int fd, void *buf, + size_t len) +{ + static int count = 0; + uint8_t ipv4_stub[4]; + + if (0 == count) { + /* first call to recv_data */ + ((struct socks5_reply *)buf)->ver = SOCKS5_VERSION; + ((struct socks5_reply *)buf)->rep = SOCKS5_REPLY_SUCCESS; + ((struct socks5_reply *)buf)->atyp = SOCKS5_ATYP_IPV4; + } else { + /* second call to recv data */ + inet_pton(AF_INET, "127.0.0.1", &ipv4_stub); + memcpy(buf, &ipv4_stub, len); + } + + count++; + + return 1; +} + +static ssize_t socks5_recv_resolve_reply_ipv6_stub(int fd, void *buf, + size_t len) +{ + static int count = 0; + uint8_t ipv6_stub[16]; + + if (0 == count) { + /* first call to recv_data */ + ((struct socks5_reply *)buf)->ver = SOCKS5_VERSION; + ((struct socks5_reply *)buf)->rep = SOCKS5_REPLY_SUCCESS; + ((struct socks5_reply *)buf)->atyp = SOCKS5_ATYP_IPV6; + } else { + /* second call to recv data */ + inet_pton(AF_INET6, "::1", &ipv6_stub); + memcpy(buf, &ipv6_stub, len); + } + + count++; + + return 1; +} + +static ssize_t socks5_recv_resolve_reply_incorrect_version_stub(int fd, + void *buf, size_t len) +{ + ((struct socks5_reply *)buf)->ver = 0x04; + ((struct socks5_reply *)buf)->rep = SOCKS5_REPLY_SUCCESS; + ((struct socks5_reply *)buf)->atyp = SOCKS5_ATYP_IPV4; + + return 1; +} + +static ssize_t socks5_recv_resolve_reply_response_error_stub(int fd, void *buf, + size_t len) +{ + ((struct socks5_reply *)buf)->ver = SOCKS5_VERSION; + ((struct socks5_reply *)buf)->rep = SOCKS5_REPLY_FAIL; + ((struct socks5_reply *)buf)->atyp = SOCKS5_ATYP_IPV4; + + return 1; +} + +static ssize_t socks5_recv_resolve_reply_address_type_error_stub(int fd, + void *buf, size_t len) +{ + ((struct socks5_reply *)buf)->ver = SOCKS5_VERSION; + ((struct socks5_reply *)buf)->rep = SOCKS5_REPLY_SUCCESS; + ((struct socks5_reply *)buf)->atyp = SOCKS5_ATYP_DOMAIN; + + return 1; +} + +static ssize_t socks5_recv_resolve_reply_addrlen_error_stub(int fd, void *buf, + size_t len) +{ + ((struct socks5_reply *)buf)->ver = SOCKS5_VERSION; + ((struct socks5_reply *)buf)->rep = SOCKS5_REPLY_SUCCESS; + ((struct socks5_reply *)buf)->atyp = SOCKS5_ATYP_IPV4; + + return 10; +} + +/* + * socks5_send_resolve_ptr_request test doubles. + */ + +static ssize_t socks5_send_resolve_ptr_request_ipv4_spy(int fd, + const void *buf, size_t len) +{ + int buf_len = 0; + + set_socks5_request(buf); + buf_len += sizeof(struct socks5_request); + + req_resolve_ptr = (*(struct socks5_request_resolve_ptr *) (buf + buf_len)); + + return 1; +} + +static ssize_t socks5_send_resolve_ptr_request_ipv6_spy(int fd, + const void *buf, size_t len) +{ + int buf_len = 0; + + set_socks5_request(buf); + buf_len += sizeof(struct socks5_request); + + req_resolve_ptr = (*(struct socks5_request_resolve_ptr *) (buf + buf_len)); + + return 1; +} + +/* + * socks5_recv_resolve_ptr_reply test doubles. + */ + +static ssize_t socks5_recv_resolve_ptr_reply_stub(int fd, void *buf, + size_t len) +{ + static int count = 0; + int buf_len = 0; + char hostname[] = "example.org"; + + if (0 == count) { + /* first call to recv_data */ + ((struct socks5_reply *)buf)->ver = SOCKS5_VERSION; + ((struct socks5_reply *)buf)->rep = SOCKS5_REPLY_SUCCESS; + ((struct socks5_reply *)buf)->rsv = 0; + ((struct socks5_reply *)buf)->atyp = SOCKS5_ATYP_DOMAIN; + + buf_len += sizeof(struct socks5_reply); + (*(uint8_t *)(buf + buf_len)) = strlen(hostname); + } else { + /* second call to recv data */ + memcpy(buf, &hostname, len); + } + + count++; + + return 1; +} + +static ssize_t socks5_recv_resolve_ptr_reply_atyp_error_stub(int fd, void *buf, + size_t len) +{ + ((struct socks5_reply *)buf)->ver = SOCKS5_VERSION; + ((struct socks5_reply *)buf)->rep = SOCKS5_REPLY_SUCCESS; + ((struct socks5_reply *)buf)->rsv = 0; + ((struct socks5_reply *)buf)->atyp = SOCKS5_ATYP_IPV4; + + return 1; +} + +/* + * socks5 tests + */ + +static void test_socks5_send_method_valid(void) +{ + int ret; + struct connection *conn_stub; + + conn_stub = get_connection_stub(); + socks5_init(socks5_send_method_valid_spy, NULL); + + ret = socks5_send_method(conn_stub, SOCKS5_NO_AUTH_METHOD); + + ok(ret == 0 && + method_req.ver == SOCKS5_VERSION && + method_req.nmethods == 0x01 && + method_req.methods == SOCKS5_NO_AUTH_METHOD, + "socks5 send method valid"); + + connection_destroy(conn_stub); + socks5_init(NULL, NULL); +} + +static void test_socks5_send_method_failure(void) +{ + int ret; + struct connection *conn_stub; + + conn_stub = get_connection_stub(); + socks5_init(socks5_send_data_error_stub, NULL); + + ret = socks5_send_method(conn_stub, SOCKS5_NO_AUTH_METHOD); + + ok(ret == -1, "socks5 send method returns send error code"); + + connection_destroy(conn_stub); + socks5_init(NULL, NULL); +} + +static void test_socks5_recv_method_valid(void) +{ + int ret; + struct connection *conn_stub; + + conn_stub = get_connection_stub(); + socks5_init(NULL, socks5_recv_method_valid_stub); + + ret = socks5_recv_method(conn_stub); + + ok(ret == 0, "socks5 recv method valid response"); + + connection_destroy(conn_stub); + socks5_init(NULL, NULL); +} + +static void test_socks5_recv_method_failure(void) +{ + int ret; + struct connection *conn_stub; + + conn_stub = get_connection_stub(); + socks5_init(NULL, socks5_recv_data_error_stub); + + ret = socks5_recv_method(conn_stub); + + ok(ret == -1, "socks5 recv method returns recv error code"); + + connection_destroy(conn_stub); + socks5_init(NULL, NULL); +} + +static void test_socks5_recv_method_incorrect_version(void) +{ + int ret; + struct connection *conn_stub; + + conn_stub = get_connection_stub(); + socks5_init(NULL, socks5_recv_method_wrong_version_stub); + + ret = socks5_recv_method(conn_stub); + + ok(ret == -ECONNABORTED, "socks5 recv method returns ECONNABORTED when " + "incorrect version"); + + connection_destroy(conn_stub); + socks5_init(NULL, NULL); +} + +static void test_socks5_recv_method_no_accept(void) +{ + int ret; + struct connection *conn_stub; + + conn_stub = get_connection_stub(); + socks5_init(NULL, socks5_recv_method_no_accept_stub); + + ret = socks5_recv_method(conn_stub); + + ok(ret == -ECONNABORTED, "socks5 recv method returns ECONNABORTED when " + "no accept method"); + + connection_destroy(conn_stub); + socks5_init(NULL, NULL); +} + +static void test_socks5_send_connect_request(void) +{ + int ret; + struct connection *conn_stub; + char ip[INET6_ADDRSTRLEN]; + + conn_stub = get_connection_stub(); + socks5_init(socks5_send_connect_request_ipv4_spy, NULL); + + ret = socks5_send_connect_request(conn_stub); + + inet_ntop(AF_INET, + (struct sockaddr_in *)&req_ipv4.addr, + ip, INET6_ADDRSTRLEN); + + ok(ret == 0 && + req.ver == SOCKS5_VERSION && + req.cmd == SOCKS5_CMD_CONNECT && + req.rsv == 0 && + req.atyp == SOCKS5_ATYP_IPV4 && + strncmp(ip, "127.0.0.1", INET6_ADDRSTRLEN) == 0 && + req_ipv4.port == htons(9050), + "socks5 send connect request IPv4"); + + connection_destroy(conn_stub); + socks5_init(NULL, NULL); + + /* IPv6 */ + + conn_stub = get_connection_ipv6_stub(); + socks5_init(socks5_send_connect_request_ipv6_spy, NULL); + + ret = socks5_send_connect_request(conn_stub); + + inet_ntop(AF_INET6, + (struct sockaddr_in *)&req_ipv6.addr, + ip, INET6_ADDRSTRLEN); + + ok(ret == 0 && + req.ver == SOCKS5_VERSION && + req.cmd == SOCKS5_CMD_CONNECT && + req.rsv == 0 && + req.atyp == SOCKS5_ATYP_IPV6 && + strncmp(ip, "::1", INET6_ADDRSTRLEN) == 0 && + req_ipv6.port == htons(9050), + "socks5 send connect request IPv6"); + + /* Domain name */ + + conn_stub = get_connection_domain_stub(); + socks5_init(socks5_send_connect_request_domain_spy, NULL); + + ret = socks5_send_connect_request(conn_stub); + + ok(ret == 0 && + req.ver == SOCKS5_VERSION && + req.cmd == SOCKS5_CMD_CONNECT && + req.rsv == 0 && + req.atyp == SOCKS5_ATYP_DOMAIN && + strncmp((char *)req_name.name, + "example.org", + req_name.len) == 0 && + req_name.port == htons(9050), + "socks5 send connect request domain name"); + + /* Unkown connection domain */ + + conn_stub = get_connection_stub(); + conn_stub->dest_addr.domain = 0; + socks5_init(socks5_send_connect_request_domain_spy, NULL); + + ret = socks5_send_connect_request(conn_stub); + + ok(ret == -EINVAL, "socks5 send connect request returns error for " + "unkown connection domain"); +} + +static void test_socks5_send_connect_request_failure(void) +{ + int ret; + struct connection *conn_stub; + + conn_stub = get_connection_stub(); + socks5_init(socks5_send_data_error_stub, NULL); + + ret = socks5_send_connect_request(conn_stub); + + ok(ret == -1, "socks5 connect request returns error code from send"); + + connection_destroy(conn_stub); + socks5_init(NULL, NULL); +} + +static void test_socks5_recv_connect_reply_success(void) +{ + int ret; + struct connection *conn_stub; + + conn_stub = get_connection_stub(); + socks5_init(NULL, socks5_recv_connect_reply_ipv4_success_stub); + + ret = socks5_recv_connect_reply(conn_stub); + + ok(ret == 0, "socks5 reply success"); + + connection_destroy(conn_stub); + socks5_init(NULL, NULL); +} + +static void test_socks5_recv_connect_reply_fail(void) +{ + int ret; + struct connection *conn_stub; + + conn_stub = get_connection_stub(); + socks5_init(NULL, socks5_recv_connect_reply_ipv4_fail_stub); + + ret = socks5_recv_connect_reply(conn_stub); + + ok(ret == -ECONNREFUSED, "socks5 reply fail"); + + connection_destroy(conn_stub); + socks5_init(NULL, NULL); +} + +static void test_socks5_recv_connect_reply_deny_rule(void) +{ + int ret; + struct connection *conn_stub; + + conn_stub = get_connection_stub(); + socks5_init(NULL, socks5_recv_connect_reply_ipv4_deny_rule_stub); + + ret = socks5_recv_connect_reply(conn_stub); + + ok(ret == -ECONNABORTED, "socks5 reply deny rule"); + + connection_destroy(conn_stub); + socks5_init(NULL, NULL); +} + +static void test_socks5_recv_connect_reply_no_net(void) +{ + int ret; + struct connection *conn_stub; + + conn_stub = get_connection_stub(); + socks5_init(NULL, socks5_recv_connect_reply_ipv4_no_net_stub); + + ret = socks5_recv_connect_reply(conn_stub); + + ok(ret == -ENETUNREACH, "socks5 reply no net"); + + connection_destroy(conn_stub); + socks5_init(NULL, NULL); +} + +static void test_socks5_recv_connect_reply_no_host(void) +{ + int ret; + struct connection *conn_stub; + + conn_stub = get_connection_stub(); + socks5_init(NULL, socks5_recv_connect_reply_ipv4_no_host_stub); + + ret = socks5_recv_connect_reply(conn_stub); + + ok(ret == -EHOSTUNREACH, "socks5 reply no host"); + + connection_destroy(conn_stub); + socks5_init(NULL, NULL); +} + +static void test_socks5_recv_connect_reply_refused(void) +{ + int ret; + struct connection *conn_stub; + + conn_stub = get_connection_stub(); + socks5_init(NULL, socks5_recv_connect_reply_ipv4_refused_stub); + + ret = socks5_recv_connect_reply(conn_stub); + + ok(ret == -ECONNREFUSED, "socks5 reply refused"); + + connection_destroy(conn_stub); + socks5_init(NULL, NULL); +} + +static void test_socks5_recv_connect_reply_ttl_expired(void) +{ + int ret; + struct connection *conn_stub; + + conn_stub = get_connection_stub(); + socks5_init(NULL, socks5_recv_connect_reply_ipv4_ttl_expired_stub); + + ret = socks5_recv_connect_reply(conn_stub); + + ok(ret == -ETIMEDOUT, "socks5 reply TTL expired"); + + connection_destroy(conn_stub); + socks5_init(NULL, NULL); +} + +static void test_socks5_recv_connect_reply_cmd_not_supported(void) +{ + int ret; + struct connection *conn_stub; + + conn_stub = get_connection_stub(); + socks5_init(NULL, + socks5_recv_connect_reply_ipv4_cmd_not_supported_stub); + + ret = socks5_recv_connect_reply(conn_stub); + + ok(ret == -ECONNREFUSED, "socks5 reply command not supported"); + + connection_destroy(conn_stub); + socks5_init(NULL, NULL); +} + +static void test_socks5_recv_connect_reply_addr_not_supported(void) +{ + int ret; + struct connection *conn_stub; + + conn_stub = get_connection_stub(); + socks5_init(NULL, + socks5_recv_connect_reply_ipv4_addr_not_supported_stub); + + ret = socks5_recv_connect_reply(conn_stub); + + ok(ret == -ECONNREFUSED, "socks5 reply address type not supported"); + + connection_destroy(conn_stub); + socks5_init(NULL, NULL); +} + +static void test_socks5_recv_connect_reply_unkown(void) +{ + int ret; + struct connection *conn_stub; + + conn_stub = get_connection_stub(); + socks5_init(NULL, socks5_recv_connect_reply_ipv4_unkown_stub); + + ret = socks5_recv_connect_reply(conn_stub); + + ok(ret == -ECONNABORTED, "socks5 reply unkown code"); + + connection_destroy(conn_stub); + socks5_init(NULL, NULL); +} + +static void test_socks5_recv_connect_reply_ipv6_success(void) +{ + int ret; + struct connection *conn_stub; + + conn_stub = get_connection_stub(); + socks5_init(NULL, socks5_recv_connect_reply_ipv6_success_stub); + + ret = socks5_recv_connect_reply(conn_stub); + + ok(ret == 0, "socks5 reply IPv6 success"); + + connection_destroy(conn_stub); + socks5_init(NULL, NULL); +} + +static void test_socks5_send_resolve_request_valid(void) +{ + int ret; + struct connection *conn_stub; + + conn_stub = get_connection_stub(); + socks5_init(socks5_send_resolve_request_valid_spy, NULL); + + ret = socks5_send_resolve_request("foo", conn_stub); + + ok(ret == 0 && + req.ver == SOCKS5_VERSION && + req.cmd == SOCKS5_CMD_RESOLVE && + req.rsv == 0 && + req.atyp == SOCKS5_ATYP_DOMAIN && + strcmp((char *)req_resolve.name, "foo") == 0 && + req_resolve.len == strlen("foo"), + "socks5 resolve request valid"); + + connection_destroy(conn_stub); + socks5_init(NULL, NULL); +} + +static void test_socks5_send_resolve_request_failure(void) +{ + int ret; + struct connection *conn_stub; + + conn_stub = get_connection_stub(); + socks5_init(socks5_send_data_error_stub, NULL); + + ret = socks5_send_resolve_request("foo", conn_stub); + + ok(ret == -1, "socks5 resolve request returns send error code"); + + connection_destroy(conn_stub); + socks5_init(NULL, NULL); + + /* hostname greater than 255 in length */ + + conn_stub = get_connection_stub(); + /* no need to stub send_data it should not get called */ + + char long_hostname[257]; + memset(long_hostname, 0x41, sizeof(long_hostname)); + long_hostname[256] = '\0'; + + ret = socks5_send_resolve_request(long_hostname, conn_stub); + + ok(ret == -EINVAL, "socks5 resolve request hostname greater " + "than UINT8_MAX"); + + connection_destroy(conn_stub); +} + +static void test_socks5_recv_resolve_reply_valid(void) +{ + int ret; + struct connection *conn_stub; + uint32_t ipv4_addr; + uint8_t ipv6_addr[16]; + char ip_str[INET6_ADDRSTRLEN]; + + conn_stub = get_connection_stub(); + socks5_init(NULL, socks5_recv_resolve_reply_ipv4_stub); + + ret = socks5_recv_resolve_reply(conn_stub, &ipv4_addr, sizeof(uint32_t)); + + inet_ntop(AF_INET, &ipv4_addr, ip_str, INET_ADDRSTRLEN); + + ok(ret == 0 && + strncmp(ip_str, "127.0.0.1", INET_ADDRSTRLEN) == 0, + "socks5 resolve reply valid IPv4 address"); + + connection_destroy(conn_stub); + socks5_init(NULL, NULL); + + /* IPv6 */ + + conn_stub = get_connection_ipv6_stub(); + socks5_init(NULL, socks5_recv_resolve_reply_ipv6_stub); + + ret = socks5_recv_resolve_reply(conn_stub, &ipv6_addr, sizeof(ipv6_addr)); + + inet_ntop(AF_INET6, &ipv6_addr, ip_str, INET6_ADDRSTRLEN); + + ok(ret == 0 && + strncmp(ip_str, "::1", INET6_ADDRSTRLEN) == 0, + "socks5 resolve reply valid IPv6 address"); + + connection_destroy(conn_stub); + socks5_init(NULL, NULL); +} + +static void test_socks5_recv_resolve_reply_failure(void) +{ + int ret; + struct connection *conn_stub; + uint32_t dummy_ip_addr; + + conn_stub = get_connection_stub(); + socks5_init(NULL, socks5_recv_data_error_stub); + + ret = socks5_recv_resolve_reply(conn_stub, &dummy_ip_addr, + sizeof(dummy_ip_addr)); + + ok(ret == -1, "socks5 resolve reply returns recv error code"); + + connection_destroy(conn_stub); + socks5_init(NULL, NULL); +} + +static void test_socks5_recv_resolve_reply_incorrect_version(void) +{ + int ret; + struct connection *conn_stub; + uint32_t dummy_ip_addr; + + conn_stub = get_connection_stub(); + socks5_init(NULL, socks5_recv_resolve_reply_incorrect_version_stub); + + ret = socks5_recv_resolve_reply(conn_stub, &dummy_ip_addr, + sizeof(dummy_ip_addr)); + + ok(ret == -ECONNABORTED, "socks5 resolve reply incorrect version"); + + connection_destroy(conn_stub); + socks5_init(NULL, NULL); +} + +static void test_socks5_recv_resolve_reply_response_error(void) +{ + int ret; + struct connection *conn_stub; + uint32_t dummy_ip_addr; + + conn_stub = get_connection_stub(); + socks5_init(NULL, socks5_recv_resolve_reply_response_error_stub); + + ret = socks5_recv_resolve_reply(conn_stub, &dummy_ip_addr, + sizeof(dummy_ip_addr)); + + ok(ret == -ECONNABORTED, "socks5 resolve reply response error"); + + connection_destroy(conn_stub); + socks5_init(NULL, NULL); +} + +static void test_socks5_recv_resolve_reply_address_type_error(void) +{ + int ret; + struct connection *conn_stub; + uint32_t dummy_ip_addr; + + conn_stub = get_connection_stub(); + socks5_init(NULL, socks5_recv_resolve_reply_address_type_error_stub); + + ret = socks5_recv_resolve_reply(conn_stub, &dummy_ip_addr, + sizeof(dummy_ip_addr)); + + ok(ret == -EINVAL, "socks5 resolve reply address type error"); + + connection_destroy(conn_stub); + socks5_init(NULL, NULL); +} + +static void test_socks5_recv_resolve_reply_addrlen_error(void) +{ + int ret; + struct connection *conn_stub; + uint32_t dummy_ip_addr; + + conn_stub = get_connection_stub(); + socks5_init(NULL, socks5_recv_resolve_reply_addrlen_error_stub); + + ret = socks5_recv_resolve_reply(conn_stub, &dummy_ip_addr, 1); + + ok(ret == -EINVAL, "socks5 resolve reply address length error"); + + connection_destroy(conn_stub); + socks5_init(NULL, NULL); +} + +static void test_socks5_send_resolve_ptr_request_valid(void) +{ + int ret; + struct connection *conn_stub; + uint32_t ipv4_addr_stub; + uint8_t ipv6_addr_stub[16]; + char ip_str[INET6_ADDRSTRLEN]; + + conn_stub = get_connection_stub(); + socks5_init(socks5_send_resolve_ptr_request_ipv4_spy, NULL); + inet_pton(AF_INET, "127.0.0.1", &ipv4_addr_stub); + + ret = socks5_send_resolve_ptr_request(conn_stub, &ipv4_addr_stub, AF_INET); + + inet_ntop(AF_INET, &req_resolve_ptr, ip_str, INET_ADDRSTRLEN); + + ok(ret == 0 && + req.ver == SOCKS5_VERSION && + req.cmd == SOCKS5_CMD_RESOLVE_PTR && + req.rsv == 0 && + req.atyp == SOCKS5_ATYP_IPV4 && + strncmp(ip_str, "127.0.0.1", INET_ADDRSTRLEN) == 0, + "socks5 send resolve ptr request valid IPv4"); + + connection_destroy(conn_stub); + socks5_init(NULL, NULL); + + /* IPv6 */ + + conn_stub = get_connection_ipv6_stub(); + socks5_init(socks5_send_resolve_ptr_request_ipv6_spy, NULL); + inet_pton(AF_INET6, "::1", ipv6_addr_stub); + + ret = socks5_send_resolve_ptr_request(conn_stub, ipv6_addr_stub, AF_INET6); + + inet_ntop(AF_INET6, ipv6_addr_stub, ip_str, INET6_ADDRSTRLEN); + + ok(ret == 0 && + req.ver == SOCKS5_VERSION && + req.cmd == SOCKS5_CMD_RESOLVE_PTR && + req.rsv == 0 && + req.atyp == SOCKS5_ATYP_IPV6 && + strncmp(ip_str, "::1", INET6_ADDRSTRLEN) == 0, + "socks5 send resolve ptr request valid IPv6"); + + connection_destroy(conn_stub); + socks5_init(NULL, NULL); +} + +static void test_socks5_send_resolve_ptr_request_failure(void) +{ + int ret; + struct connection *conn_stub; + uint32_t addr_stub; + + conn_stub = get_connection_stub(); + socks5_init(socks5_send_data_error_stub, NULL); + inet_pton(AF_INET, "127.0.0.1", &addr_stub); + + ret = socks5_send_resolve_ptr_request(conn_stub, &addr_stub, AF_INET); + + ok(ret == -1, "socks5 resolve ptr request returns send error code"); + + connection_destroy(conn_stub); + socks5_init(NULL, NULL); + + /* Unkown domain */ + + conn_stub = get_connection_domain_stub(); + + ret = socks5_send_resolve_ptr_request(conn_stub, &addr_stub, 3); + + ok(ret == -EINVAL, "socks5 send resolve ptr request unkown domain"); + + connection_destroy(conn_stub); +} + +static void test_socks5_recv_resolve_ptr_reply_valid(void) +{ + int ret; + struct connection *conn_stub; + char *hostname = NULL; + + conn_stub = get_connection_stub(); + socks5_init(NULL, socks5_recv_resolve_ptr_reply_stub); + + ret = socks5_recv_resolve_ptr_reply(conn_stub, &hostname); + + ok(ret == 0 && + strncmp(hostname, "example.org", strlen(hostname)) == 0, + "socks5 recv resolve ptr reply valid"); + + connection_destroy(conn_stub); + socks5_init(NULL, NULL); + free(hostname); +} + +static void test_socks5_recv_resolve_ptr_reply_failure(void) +{ + int ret; + struct connection *conn_stub; + char *hostname = NULL; + + conn_stub = get_connection_stub(); + socks5_init(NULL, socks5_recv_data_error_stub); + + ret = socks5_recv_resolve_ptr_reply(conn_stub, &hostname); + + ok(ret == -1, "socks5 recv resolve ptr reply returns recv error code"); + + connection_destroy(conn_stub); + socks5_init(NULL, NULL); + free(hostname); +} + +static void test_socks5_recv_resolve_ptr_reply_incorrect_version(void) +{ + int ret; + struct connection *conn_stub; + char *hostname = NULL; + + conn_stub = get_connection_stub(); + socks5_init(NULL, socks5_recv_resolve_reply_incorrect_version_stub); + + ret = socks5_recv_resolve_ptr_reply(conn_stub, &hostname); + + ok(ret == -ECONNABORTED, "socks5 recv resolve ptr reply incorrect version"); + + connection_destroy(conn_stub); + socks5_init(NULL, NULL); + free(hostname); +} + +static void test_socks5_recv_resolve_ptr_reply_response_error(void) +{ + int ret; + struct connection *conn_stub; + char *hostname = NULL; + + conn_stub = get_connection_stub(); + socks5_init(NULL, socks5_recv_resolve_reply_response_error_stub); + + ret = socks5_recv_resolve_ptr_reply(conn_stub, &hostname); + + ok(ret == -ECONNABORTED, "socks5 recv resolve ptr reply response error"); + + connection_destroy(conn_stub); + socks5_init(NULL, NULL); + free(hostname); +} + +static void test_socks5_recv_resolve_ptr_reply_atyp_error(void) +{ + int ret; + struct connection *conn_stub; + char *hostname = NULL; + + conn_stub = get_connection_stub(); + socks5_init(NULL, socks5_recv_resolve_ptr_reply_atyp_error_stub); + + ret = socks5_recv_resolve_ptr_reply(conn_stub, &hostname); + + ok(ret == -EINVAL, "socks5 recv resolve ptr reply atyp error"); + + connection_destroy(conn_stub); + socks5_init(NULL, NULL); + free(hostname); +} + +int main(int argc, char **argv) +{ + /* Libtap call for the number of tests planned. */ + plan_tests(NUM_TESTS); + + diag("socks5 tests"); + + test_socks5_send_method_valid(); + test_socks5_send_method_failure(); + test_socks5_recv_method_valid(); + test_socks5_recv_method_failure(); + test_socks5_recv_method_incorrect_version(); + test_socks5_recv_method_no_accept(); + test_socks5_send_connect_request(); + test_socks5_send_connect_request_failure(); + test_socks5_recv_connect_reply_success(); + test_socks5_recv_connect_reply_fail(); + test_socks5_recv_connect_reply_deny_rule(); + test_socks5_recv_connect_reply_no_net(); + test_socks5_recv_connect_reply_no_host(); + test_socks5_recv_connect_reply_refused(); + test_socks5_recv_connect_reply_ttl_expired(); + test_socks5_recv_connect_reply_cmd_not_supported(); + test_socks5_recv_connect_reply_addr_not_supported(); + test_socks5_recv_connect_reply_unkown(); + test_socks5_recv_connect_reply_ipv6_success(); + test_socks5_send_resolve_request_valid(); + test_socks5_send_resolve_request_failure(); + test_socks5_recv_resolve_reply_valid(); + test_socks5_recv_resolve_reply_failure(); + test_socks5_recv_resolve_reply_incorrect_version(); + test_socks5_recv_resolve_reply_response_error(); + test_socks5_recv_resolve_reply_address_type_error(); + test_socks5_recv_resolve_reply_addrlen_error(); + test_socks5_send_resolve_ptr_request_valid(); + test_socks5_send_resolve_ptr_request_failure(); + test_socks5_recv_resolve_ptr_reply_valid(); + test_socks5_recv_resolve_ptr_reply_failure(); + test_socks5_recv_resolve_ptr_reply_incorrect_version(); + test_socks5_recv_resolve_ptr_reply_response_error(); + test_socks5_recv_resolve_ptr_reply_atyp_error(); + + return exit_status(); +}

1 0

[torsocks/master] Fix: check SOCKS5 user/pass before setting them in config
by dgoulet＠torproject.org 04 Apr '14

04 Apr '14

commit 647bb224055fa5667f70b388ad0d8df6ced83c4b Author: David Goulet <dgoulet(a)ev0ke.net> Date: Mon Mar 3 15:04:36 2014 -0500 Fix: check SOCKS5 user/pass before setting them in config Signed-off-by: David Goulet <dgoulet(a)ev0ke.net> --- src/lib/torsocks.c | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/src/lib/torsocks.c b/src/lib/torsocks.c index b8f38fb..a20e94f 100644 --- a/src/lib/torsocks.c +++ b/src/lib/torsocks.c @@ -84,14 +84,23 @@ static void read_user_pass_env(void) goto end; } - ret = conf_file_set_socks5_user(username, &tsocks_config); - if (ret < 0) { - goto error; + /* + * Only set the values if they were provided. It's possible that a user + * wants to only set one of the values through an env. variable and the + * other through the configuration file. + */ + if (username) { + ret = conf_file_set_socks5_user(username, &tsocks_config); + if (ret < 0) { + goto error; + } } - ret = conf_file_set_socks5_pass(password, &tsocks_config); - if (ret < 0) { - goto error; + if (password) { + ret = conf_file_set_socks5_pass(password, &tsocks_config); + if (ret < 0) { + goto error; + } } end:

1 0

[torsocks/master] Extras: add bash and zsh completion file
by dgoulet＠torproject.org 04 Apr '14

04 Apr '14

commit 4593534a8fe6a5ea90fcce7c10940e31322768a8 Author: David Goulet <dgoulet(a)ev0ke.net> Date: Mon Mar 3 16:40:43 2014 -0500 Extras: add bash and zsh completion file Those files need to be installed by hand or from your distribution package. They've been taken from the old torsocks (1.3) package. Signed-off-by: David Goulet <dgoulet(a)ev0ke.net> --- Makefile.am | 4 ++-- configure.ac | 1 + extras/torsocks-bash_completion | 3 +++ extras/torsocks-zsh_completion | 9 +++++++++ 4 files changed, 15 insertions(+), 2 deletions(-) diff --git a/Makefile.am b/Makefile.am index 7c3253a..d53b5fc 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1,7 +1,7 @@ ACLOCAL_AMFLAGS = -I config -SUBDIRS = src doc tests +SUBDIRS = src doc tests extras dist_doc_DATA = ChangeLog -EXTRA_DIST = gpl-2.0.txt +EXTRA_DIST = gpl-2.0.txt extras/torsocks-bash_completion diff --git a/configure.ac b/configure.ac index a3cadf1..92999f3 100644 --- a/configure.ac +++ b/configure.ac @@ -257,6 +257,7 @@ AC_SUBST(DEFAULT_INCLUDES) AC_CONFIG_FILES([ Makefile + extras/Makefile src/Makefile src/bin/Makefile src/bin/torsocks diff --git a/extras/Makefile.am b/extras/Makefile.am new file mode 100644 index 0000000..e69de29 diff --git a/extras/torsocks-bash_completion b/extras/torsocks-bash_completion new file mode 100644 index 0000000..c54aada --- /dev/null +++ b/extras/torsocks-bash_completion @@ -0,0 +1,3 @@ +#-*- mode: shell-script;-*- + +complete -F _command torsocks diff --git a/extras/torsocks-zsh_completion b/extras/torsocks-zsh_completion new file mode 100644 index 0000000..ebb71dc --- /dev/null +++ b/extras/torsocks-zsh_completion @@ -0,0 +1,9 @@ +#compdef - torsocks + +# precommands is made local in _main_complete +precommands+=($words[1]) + +shift words +(( CURRENT-- )) + +_normal

1 0

[torsocks/master] Fix: move functions in file and set hidden attribute
by dgoulet＠torproject.org 04 Apr '14

04 Apr '14

commit d8de94d57f695c4011535c5a1ec8fad60b37ac69 Author: David Goulet <dgoulet(a)ev0ke.net> Date: Mon Mar 3 15:55:06 2014 -0500 Fix: move functions in file and set hidden attribute Signed-off-by: David Goulet <dgoulet(a)ev0ke.net> --- src/common/config-file.c | 126 +++++++++++++++++++++++----------------------- 1 file changed, 64 insertions(+), 62 deletions(-) diff --git a/src/common/config-file.c b/src/common/config-file.c index aaaa663..2882678 100644 --- a/src/common/config-file.c +++ b/src/common/config-file.c @@ -45,68 +45,6 @@ static const char *conf_socks5_pass_str = "SOCKS5Password"; static unsigned int both_socks5_pass_user_set; /* - * Set the SOCKS5 username to the given configuration. - * - * Return 0 on success else a negative value. - */ -int conf_file_set_socks5_user(const char *username, - struct configuration *config) -{ - int ret; - - assert(username); - assert(config); - - if (strlen(username) > sizeof(config->conf_file.socks5_username)) { - ERR("[config] Invalid %s value for %s", username, - conf_socks5_user_str); - ret = -EINVAL; - goto error; - } - - strncpy(config->conf_file.socks5_username, username, strlen(username)); - if (++both_socks5_pass_user_set == 2) { - config->socks5_use_auth = 1; - } - DBG("[config] %s set to %s", conf_socks5_user_str, username); - return 0; - -error: - return ret; -} - -/* - * Set the SOCKS5 password to the given configuration. - * - * Return 0 on success else a negative value. - */ -int conf_file_set_socks5_pass(const char *password, - struct configuration *config) -{ - int ret; - - assert(password); - assert(config); - - if (strlen(password) > sizeof(config->conf_file.socks5_password)) { - ERR("[config] Invalid %s value for %s", password, - conf_socks5_pass_str); - ret = -EINVAL; - goto error; - } - - strncpy(config->conf_file.socks5_password, password, strlen(password)); - if (++both_socks5_pass_user_set == 2) { - config->socks5_use_auth = 1; - } - DBG("[config] %s set to %s", conf_socks5_pass_str, password); - return 0; - -error: - return ret; -} - -/* * Set the onion pool address range in the configuration object using the value * found in the conf file. * @@ -330,6 +268,70 @@ error: } /* + * Set the SOCKS5 username to the given configuration. + * + * Return 0 on success else a negative value. + */ +ATTR_HIDDEN +int conf_file_set_socks5_user(const char *username, + struct configuration *config) +{ + int ret; + + assert(username); + assert(config); + + if (strlen(username) > sizeof(config->conf_file.socks5_username)) { + ERR("[config] Invalid %s value for %s", username, + conf_socks5_user_str); + ret = -EINVAL; + goto error; + } + + strncpy(config->conf_file.socks5_username, username, strlen(username)); + if (++both_socks5_pass_user_set == 2) { + config->socks5_use_auth = 1; + } + DBG("[config] %s set to %s", conf_socks5_user_str, username); + return 0; + +error: + return ret; +} + +/* + * Set the SOCKS5 password to the given configuration. + * + * Return 0 on success else a negative value. + */ +ATTR_HIDDEN +int conf_file_set_socks5_pass(const char *password, + struct configuration *config) +{ + int ret; + + assert(password); + assert(config); + + if (strlen(password) > sizeof(config->conf_file.socks5_password)) { + ERR("[config] Invalid %s value for %s", password, + conf_socks5_pass_str); + ret = -EINVAL; + goto error; + } + + strncpy(config->conf_file.socks5_password, password, strlen(password)); + if (++both_socks5_pass_user_set == 2) { + config->socks5_use_auth = 1; + } + DBG("[config] %s set to %s", conf_socks5_pass_str, password); + return 0; + +error: + return ret; +} + +/* * Read and populate the given config parsed data structure. * * Return 0 on success or else a negative value.

1 0

[torsocks/master] Fix: assert conn->fd typo
by dgoulet＠torproject.org 04 Apr '14

04 Apr '14

commit 19ff1a81a826c4c2ab74d6cef45a9e4cd1c15704 Author: Luke Gallagher <luke(a)hypergeometric.net> Date: Wed Feb 19 11:39:19 2014 +1100 Fix: assert conn->fd typo Signed-off-by: David Goulet <dgoulet(a)ev0ke.net> --- src/common/socks5.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/common/socks5.c b/src/common/socks5.c index 9610f51..e725c56 100644 --- a/src/common/socks5.c +++ b/src/common/socks5.c @@ -465,7 +465,7 @@ int socks5_recv_connect_reply(struct connection *conn) size_t recv_len; assert(conn); - assert(conn >= 0); + assert(conn->fd >= 0); /* Beginning of the payload we are receiving. */ recv_len = sizeof(msg);

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

tor-commits April 2014