tor-commits April 2014

tor-commits@lists.torproject.org

22 participants
2020 discussions

[torsocks/master] Implement the gethostbyname(3) torsocks call
by dgoulet＠torproject.org 04 Apr '14

04 Apr '14

commit c5f350d37f0a6c9ca81965bec71b5bb99e481bc2 Author: David Goulet <dgoulet(a)ev0ke.net> Date: Sat Jun 22 15:28:50 2013 -0400 Implement the gethostbyname(3) torsocks call Signed-off-by: David Goulet <dgoulet(a)ev0ke.net> --- src/common/socks5.c | 112 ++++++++++++++++++++++++++++++++++++++++ src/common/socks5.h | 14 ++++- src/lib/torsocks.c | 141 +++++++++++++++++++++++++++++++++++++++++++++++++-- src/lib/torsocks.h | 27 ++++++++++ 4 files changed, 288 insertions(+), 6 deletions(-) diff --git a/src/common/socks5.c b/src/common/socks5.c index eb3baef..4e218e3 100644 --- a/src/common/socks5.c +++ b/src/common/socks5.c @@ -17,6 +17,7 @@ #include <assert.h> #include <errno.h> +#include <inttypes.h> #include <lib/torsocks.h> @@ -362,3 +363,114 @@ int socks5_recv_connect_reply(struct connection *conn) error: return ret; } + +/* + * Send a SOCKS5 Tor resolve request for a given hostname using an already + * connected connection. + * + * Return 0 on success or else a negative value. + */ +int socks5_send_resolve_request(const char *hostname, struct connection *conn) +{ + int ret, ret_send; + /* Buffer to send won't go over a full TCP size. */ + char buffer[1500]; + size_t name_len, msg_len, data_len; + struct socks5_request msg; + struct socks5_request_resolve req; + + assert(hostname); + assert(conn); + assert(conn->fd >= 0); + + memset(buffer, 0, sizeof(buffer)); + msg_len = sizeof(msg); + + msg.ver = SOCKS5_VERSION; + msg.cmd = SOCKS5_CMD_RESOLVE; + /* Always zeroed. */ + msg.rsv = 0; + /* By default we use IPv4 address. */ + msg.atyp = SOCKS5_ATYP_DOMAIN; + + name_len = strlen(hostname); + if (name_len > sizeof(req.name)) { + ret = -EINVAL; + goto error; + } + + /* Setup resolve request. */ + req.len = name_len; + memcpy(req.name, hostname, name_len); + + /* Copy final buffer. */ + memcpy(buffer, &msg, msg_len); + memcpy(buffer + msg_len, &req, sizeof(req)); + data_len = msg_len + sizeof(req); + + ret_send = send_data(conn->fd, &buffer, data_len); + if (ret_send < 0) { + ret = ret_send; + goto error; + } + + /* Data was sent successfully. */ + ret = 0; + DBG("[socks5] Resolve for %s sent successfully", hostname); + +error: + return ret; +} + +/* + * Receive a Tor resolve reply on the given connection. The ip address pointer + * is populated with the replied value or else untouched on error. + * + * Return 0 on success else a negative value. + */ +int socks5_recv_resolve_reply(struct connection *conn, uint32_t *ip_addr) +{ + int ret; + ssize_t ret_recv; + struct { + struct socks5_reply msg; + uint32_t addr; + } buffer; + + assert(conn); + assert(conn >= 0); + assert(ip_addr); + + ret_recv = recv_data(conn->fd, &buffer, sizeof(buffer)); + if (ret_recv < 0) { + ret = ret_recv; + goto error; + } + + if (buffer.msg.ver != SOCKS5_VERSION) { + ERR("Bad SOCKS5 version reply"); + ret = -ECONNABORTED; + goto error; + } + + if (buffer.msg.rep != SOCKS5_REPLY_SUCCESS) { + ERR("Unable to resolve. Status reply: %d", buffer.msg.rep); + ret = -ECONNABORTED; + goto error; + } + + if (buffer.msg.atyp == SOCKS5_ATYP_IPV4) { + *ip_addr = buffer.addr; + } else { + ERR("Bad SOCKS5 atyp reply %d", buffer.msg.atyp); + ret = -EINVAL; + goto error; + } + + /* Everything went well and ip_addr has been populated. */ + ret = 0; + DBG("[socks5] Resolve reply received: %" PRIu32, *ip_addr); + +error: + return ret; +} diff --git a/src/common/socks5.h b/src/common/socks5.h index 34935f4..c11c097 100644 --- a/src/common/socks5.h +++ b/src/common/socks5.h @@ -34,8 +34,10 @@ #define SOCKS5_NO_AUTH_METHOD 0x00 #define SOCKS5_NO_ACCPT_METHOD 0xFF -/* Request to connect. */ +/* Request command. */ #define SOCKS5_CMD_CONNECT 0x01 +#define SOCKS5_CMD_RESOLVE 0xF0 +#define SOCKS5_CMD_RESOLVE_PTR 0xF1 /* Address type. */ #define SOCKS5_ATYP_IPV4 0x01 @@ -94,6 +96,12 @@ struct socks5_request_domain { uint16_t port; }; +/* Use for the Tor resolve command. */ +struct socks5_request_resolve { + uint8_t len; + char name[UINT8_MAX]; +}; + /* Non variable part of a reply. */ struct socks5_reply { uint8_t ver; @@ -112,4 +120,8 @@ int socks5_recv_method(struct connection *conn); int socks5_send_connect_request(struct connection *conn); int socks5_recv_connect_reply(struct connection *conn); +/* Tor DNS resolve. */ +int socks5_send_resolve_request(const char *hostname, struct connection *conn); +int socks5_recv_resolve_reply(struct connection *conn, uint32_t *ip_addr); + #endif /* TORSOCKS_SOCKS_H */ diff --git a/src/lib/torsocks.c b/src/lib/torsocks.c index 0382d38..f6e3501 100644 --- a/src/lib/torsocks.c +++ b/src/lib/torsocks.c @@ -17,6 +17,7 @@ * Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ +#include <arpa/inet.h> #include <assert.h> #include <dlfcn.h> #include <stdlib.h> @@ -215,6 +216,38 @@ static void __attribute__((destructor)) tsocks_exit(void) } /* + * Setup a Tor connection meaning initiating the initial SOCKS5 handshake. + * + * Return 0 on success else a negative value. + */ +static int setup_tor_connection(struct connection *conn) +{ + int ret; + + assert(conn); + + DBG("Setting up a connection to the Tor network on fd %d", conn->fd); + + ret = socks5_connect(conn); + if (ret < 0) { + goto error; + } + + ret = socks5_send_method(conn); + if (ret < 0) { + goto error; + } + + ret = socks5_recv_method(conn); + if (ret < 0) { + goto error; + } + +error: + return ret; +} + +/* * Initiate a SOCK5 connection to the Tor network using the given connection. * The socks5 API will use the torsocks configuration object to find the tor * daemon. @@ -230,31 +263,67 @@ static int connect_to_tor_network(struct connection *conn) DBG("Connecting to the Tor network on fd %d", conn->fd); - ret = socks5_connect(conn); + ret = setup_tor_connection(conn); if (ret < 0) { goto error; } - ret = socks5_send_method(conn); + ret = socks5_send_connect_request(conn); if (ret < 0) { goto error; } - ret = socks5_recv_method(conn); + ret = socks5_recv_connect_reply(conn); if (ret < 0) { goto error; } - ret = socks5_send_connect_request(conn); +error: + return ret; +} + +/* + * Resolve a hostname through Tor and set the ip address in the given pointer. + * + * Return 0 on success else a negative value and the result addr is untouched. + */ +static int tor_resolve(const char *hostname, uint32_t *ip_addr) +{ + int ret; + struct connection conn; + + assert(hostname); + assert(ip_addr); + + DBG("Resolving %s on the Tor network", hostname); + + conn.fd = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP); + if (conn.fd < 0) { + PERROR("socket"); + ret = -errno; + goto error; + } + + ret = setup_tor_connection(&conn); if (ret < 0) { goto error; } - ret = socks5_recv_connect_reply(conn); + ret = socks5_send_resolve_request(hostname, &conn); if (ret < 0) { goto error; } + ret = socks5_recv_resolve_reply(&conn, ip_addr); + if (ret < 0) { + goto error; + } + + ret = close(conn.fd); + if (ret < 0) { + PERROR("close"); + } + error: return ret; } @@ -347,3 +416,65 @@ LIBC_CONNECT_DECL TSOCKS_SYM_EXIT_NOT_FOUND); return tsocks_connect(LIBC_CONNECT_ARGS); } + +/* + * Torsocks call for gethostbyname(3). + * + * NOTE: This call is OBSOLETE in the glibc. + */ +LIBC_GETHOSTBYNAME_RET_TYPE tsocks_gethostbyname(LIBC_GETHOSTBYNAME_SIG) +{ + int ret; + uint32_t ip; + const char *ret_str; + + DBG("[gethostbyname] Requesting %s hostname", __name); + + if (!__name) { + h_errno = HOST_NOT_FOUND; + goto error; + } + + /* Resolve the given hostname through Tor. */ + ret = tor_resolve(__name, &ip); + if (ret < 0) { + goto error; + } + + /* Reset static host entry of tsocks. */ + memset(&tsocks_he, 0, sizeof(tsocks_he)); + memset(tsocks_he_addr_list, 0, sizeof(tsocks_he_addr_list)); + memset(tsocks_he_addr, 0, sizeof(tsocks_he_addr)); + + ret_str = inet_ntop(AF_INET, &ip, tsocks_he_addr, sizeof(tsocks_he_addr)); + if (!ret_str) { + PERROR("inet_ntop"); + h_errno = NO_ADDRESS; + goto error; + } + + tsocks_he_addr_list[0] = tsocks_he_addr; + tsocks_he_addr_list[1] = NULL; + + tsocks_he.h_name = (char *) __name; + tsocks_he.h_aliases = NULL; + tsocks_he.h_length = sizeof(in_addr_t); + tsocks_he.h_addrtype = AF_INET; + tsocks_he.h_addr_list = tsocks_he_addr_list; + + DBG("Hostname %s resolved to %s", __name, tsocks_he_addr); + + errno = 0; + return &tsocks_he; + +error: + return NULL; +} + +/* + * Libc hijacked symbol gethostbyname(3). + */ +LIBC_GETHOSTBYNAME_DECL +{ + return tsocks_gethostbyname(LIBC_GETHOSTBYNAME_ARGS); +} diff --git a/src/lib/torsocks.h b/src/lib/torsocks.h index 9ba2955..7581764 100644 --- a/src/lib/torsocks.h +++ b/src/lib/torsocks.h @@ -33,6 +33,7 @@ #if (defined(__linux__) || defined(__FreeBSD__) || defined(__darwin__)) +/* connect(2) */ #include <sys/types.h> #include <sys/socket.h> @@ -44,6 +45,25 @@ #define LIBC_CONNECT_ARGS \ __sockfd, __addr, __addrlen +/* gethostbyname(3) */ +#include <netdb.h> + +/* + * The man page specifies that this call can return a pointers to static data + * meaning that the caller needs to copy the returned data and not forced to + * use free(). So, we use static memory here to mimic the libc call and avoid + * memory leaks. This also void the need of hijacking freehostent(3). + */ +struct hostent tsocks_he; +char *tsocks_he_addr_list[2]; +char tsocks_he_addr[INET_ADDRSTRLEN]; + +#define LIBC_GETHOSTBYNAME_NAME gethostbyname +#define LIBC_GETHOSTBYNAME_NAME_STR XSTR(LIBC_GETHOSTBYNAME_NAME) +#define LIBC_GETHOSTBYNAME_RET_TYPE struct hostent * +#define LIBC_GETHOSTBYNAME_SIG const char *__name +#define LIBC_GETHOSTBYNAME_ARGS __name + #else #error "OS not supported." #endif /* __linux__ , __FreeBSD__, __darwin__ */ @@ -58,12 +78,19 @@ TSOCKS_LIBC_DECL(connect, LIBC_CONNECT_RET_TYPE, LIBC_CONNECT_SIG) #define LIBC_CONNECT_DECL \ LIBC_CONNECT_RET_TYPE LIBC_CONNECT_NAME(LIBC_CONNECT_SIG) +/* gethostbyname(3) */ +TSOCKS_LIBC_DECL(gethostbyname, LIBC_GETHOSTBYNAME_RET_TYPE, + LIBC_GETHOSTBYNAME_SIG) +#define LIBC_GETHOSTBYNAME_DECL LIBC_GETHOSTBYNAME_RET_TYPE \ + LIBC_GETHOSTBYNAME_NAME(LIBC_GETHOSTBYNAME_SIG) + /* * Those are actions to do during the lookup process of libc symbols. For * instance the connect(2) syscall is essential to Torsocks so the function * call exits if not found. */ enum tsocks_sym_action { + TSOCKS_SYM_DO_NOTHING = 0, TSOCKS_SYM_EXIT_NOT_FOUND = 1, };

1 0

[torsocks/master] Implement the getaddrinfo(3) torsocks call
by dgoulet＠torproject.org 04 Apr '14

04 Apr '14

commit 5c5707e9684932d7659b4e6166dc1ec9facef317 Author: David Goulet <dgoulet(a)ev0ke.net> Date: Sat Jun 22 20:19:50 2013 -0400 Implement the getaddrinfo(3) torsocks call The tor resolve API does not support IPv6 yet at this commit so getaddrinfo basically only supports IPv4 for now. Signed-off-by: David Goulet <dgoulet(a)ev0ke.net> --- src/lib/torsocks.c | 79 ++++++++++++++++++++++++++++++++++++++++++++++++++++ src/lib/torsocks.h | 17 +++++++++++ 2 files changed, 96 insertions(+) diff --git a/src/lib/torsocks.c b/src/lib/torsocks.c index f6e3501..7793e38 100644 --- a/src/lib/torsocks.c +++ b/src/lib/torsocks.c @@ -362,6 +362,9 @@ LIBC_CONNECT_RET_TYPE tsocks_connect(LIBC_CONNECT_SIG) goto error; } + DBG("[connect] Socket family %s and type %d", + __addr->sa_family == AF_INET ? "AF_INET" : "AF_INET6", sock_type); + /* * Lock registry to get the connection reference if one. In this code path, * if a connection object is found, it will not be used since a double @@ -478,3 +481,79 @@ LIBC_GETHOSTBYNAME_DECL { return tsocks_gethostbyname(LIBC_GETHOSTBYNAME_ARGS); } + +/* + * Torsocks call for getaddrinfo(3). + */ +LIBC_GETADDRINFO_RET_TYPE tsocks_getaddrinfo(LIBC_GETADDRINFO_SIG) +{ + int ret, af; + struct in_addr addr4; + struct in6_addr addr6; + void *addr; + char *ip_str, ipv4[INET_ADDRSTRLEN], ipv6[INET6_ADDRSTRLEN]; + socklen_t ip_str_size; + const char *node; + + DBG("[getaddrinfo] Requesting %s hostname", __node); + + if (!__node) { + ret = EAI_NONAME; + goto error; + } + + /* Use right domain for the next step. */ + switch (__hints->ai_family) { + default: + /* Default value is to use IPv4. */ + case AF_INET: + addr = &addr4; + ip_str = ipv4; + ip_str_size = sizeof(ipv4); + af = AF_INET; + break; + case AF_INET6: + addr = &addr6; + ip_str = ipv6; + ip_str_size = sizeof(ipv6); + af = AF_INET6; + break; + } + + ret = inet_pton(af, __node, &addr); + if (ret == 0) { + /* The node most probably is a DNS name. */ + ret = tor_resolve(__node, (uint32_t *) addr); + if (ret < 0) { + ret = EAI_FAIL; + goto error; + } + + (void) inet_ntop(af, addr, ip_str, ip_str_size); + node = ip_str; + DBG("[getaddrinfo] Node %s resolved to %s", __node, node); + } else { + node = __node; + DBG("[getaddrinfo] Node %s will be passed to the libc call", node); + } + + ret = tsocks_libc_getaddrinfo(node, __service, __hints, __res); + if (ret) { + goto error; + } + + return 0; + +error: + return ret; +} + +/* + * Libc hijacked symbol getaddrinfo(3). + */ +LIBC_GETADDRINFO_DECL +{ + tsocks_libc_getaddrinfo = find_libc_symbol(LIBC_GETADDRINFO_NAME_STR, + TSOCKS_SYM_EXIT_NOT_FOUND); + return tsocks_getaddrinfo(LIBC_GETADDRINFO_ARGS); +} diff --git a/src/lib/torsocks.h b/src/lib/torsocks.h index 7581764..adbe67f 100644 --- a/src/lib/torsocks.h +++ b/src/lib/torsocks.h @@ -64,6 +64,17 @@ char tsocks_he_addr[INET_ADDRSTRLEN]; #define LIBC_GETHOSTBYNAME_SIG const char *__name #define LIBC_GETHOSTBYNAME_ARGS __name +/* getaddrinfo(3) */ +#include <netdb.h> + +#define LIBC_GETADDRINFO_NAME getaddrinfo +#define LIBC_GETADDRINFO_NAME_STR XSTR(LIBC_GETADDRINFO_NAME) +#define LIBC_GETADDRINFO_RET_TYPE int +#define LIBC_GETADDRINFO_SIG \ + const char *__node, const char *__service, const struct addrinfo *__hints,\ + struct addrinfo **__res +#define LIBC_GETADDRINFO_ARGS __node, __service, __hints, __res + #else #error "OS not supported." #endif /* __linux__ , __FreeBSD__, __darwin__ */ @@ -84,6 +95,12 @@ TSOCKS_LIBC_DECL(gethostbyname, LIBC_GETHOSTBYNAME_RET_TYPE, #define LIBC_GETHOSTBYNAME_DECL LIBC_GETHOSTBYNAME_RET_TYPE \ LIBC_GETHOSTBYNAME_NAME(LIBC_GETHOSTBYNAME_SIG) +/* getaddrinfo(3) */ +TSOCKS_LIBC_DECL(getaddrinfo, LIBC_GETADDRINFO_RET_TYPE, + LIBC_GETADDRINFO_SIG) +#define LIBC_GETADDRINFO_DECL LIBC_GETADDRINFO_RET_TYPE \ + LIBC_GETADDRINFO_NAME(LIBC_GETADDRINFO_SIG) + /* * Those are actions to do during the lookup process of libc symbols. For * instance the connect(2) syscall is essential to Torsocks so the function

1 0

[torsocks/master] Fix: set maximum possible buffer in SOCKS5 resolve req.
by dgoulet＠torproject.org 04 Apr '14

04 Apr '14

commit 04a5f2d99dd7196289ad225bb0c674e51a84ceaf Author: David Goulet <dgoulet(a)ev0ke.net> Date: Sun Jun 23 15:02:31 2013 -0400 Fix: set maximum possible buffer in SOCKS5 resolve req. Signed-off-by: David Goulet <dgoulet(a)ev0ke.net> --- src/common/socks5.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/common/socks5.c b/src/common/socks5.c index fcb30d7..e06528a 100644 --- a/src/common/socks5.c +++ b/src/common/socks5.c @@ -394,8 +394,11 @@ error: int socks5_send_resolve_request(const char *hostname, struct connection *conn) { int ret, ret_send; - /* Buffer to send won't go over a full TCP size. */ - char buffer[1500]; + /* + * Can't go bigger than that. 4 bytes for the header, 1 for the name len + * and 255 for the name. + */ + char buffer[260]; size_t name_len, msg_len, data_len; struct socks5_request msg; struct socks5_request_resolve req;

1 0

[torsocks/master] Implement gethostbyname2() GNU extension call
by dgoulet＠torproject.org 04 Apr '14

04 Apr '14

commit c9beeafef8afaae18e25ac13bea616d4f7513992 Author: David Goulet <dgoulet(a)ev0ke.net> Date: Sun Jun 23 21:04:31 2013 -0400 Implement gethostbyname2() GNU extension call Signed-off-by: David Goulet <dgoulet(a)ev0ke.net> --- src/lib/gethostbyname.c | 29 +++++++++++++++++++++++++++++ src/lib/torsocks.h | 13 +++++++++++++ 2 files changed, 42 insertions(+) diff --git a/src/lib/gethostbyname.c b/src/lib/gethostbyname.c index 58a7290..d9afec9 100644 --- a/src/lib/gethostbyname.c +++ b/src/lib/gethostbyname.c @@ -19,6 +19,7 @@ #include <arpa/inet.h> #include <assert.h> +#include <stdlib.h> #include <common/log.h> @@ -84,3 +85,31 @@ LIBC_GETHOSTBYNAME_DECL { return tsocks_gethostbyname(LIBC_GETHOSTBYNAME_ARGS); } + +/* + * Torsocks call for gethostbyname2(3). + * + * This call, like gethostbyname(), returns pointer to static data thus is + * absolutely not reentrant. + */ +LIBC_GETHOSTBYNAME2_RET_TYPE tsocks_gethostbyname2(LIBC_GETHOSTBYNAME2_SIG) +{ + /* + * For now, there is no way of resolving a domain name to IPv6 through Tor + * so only accept INET request thus using the original gethostbyname(). + */ + if (__af != AF_INET) { + h_errno = HOST_NOT_FOUND; + return NULL; + } + + return tsocks_gethostbyname(__name); +} + +/* + * Libc hijacked symbol gethostbyname2(3). + */ +LIBC_GETHOSTBYNAME2_DECL +{ + return tsocks_gethostbyname2(LIBC_GETHOSTBYNAME2_ARGS); +} diff --git a/src/lib/torsocks.h b/src/lib/torsocks.h index de62c33..0121716 100644 --- a/src/lib/torsocks.h +++ b/src/lib/torsocks.h @@ -64,6 +64,13 @@ char tsocks_he_addr[INET_ADDRSTRLEN]; #define LIBC_GETHOSTBYNAME_SIG const char *__name #define LIBC_GETHOSTBYNAME_ARGS __name +/* gethostbyname2(3) - GNU extension to avoid static data. */ +#define LIBC_GETHOSTBYNAME2_NAME gethostbyname2 +#define LIBC_GETHOSTBYNAME2_NAME_STR XSTR(LIBC_GETHOSTBYNAME2_NAME) +#define LIBC_GETHOSTBYNAME2_RET_TYPE struct hostent * +#define LIBC_GETHOSTBYNAME2_SIG const char *__name, int __af +#define LIBC_GETHOSTBYNAME2_ARGS __name, __af + /* getaddrinfo(3) */ #include <netdb.h> @@ -95,6 +102,12 @@ TSOCKS_LIBC_DECL(gethostbyname, LIBC_GETHOSTBYNAME_RET_TYPE, #define LIBC_GETHOSTBYNAME_DECL LIBC_GETHOSTBYNAME_RET_TYPE \ LIBC_GETHOSTBYNAME_NAME(LIBC_GETHOSTBYNAME_SIG) +/* gethostbyname2(3) */ +TSOCKS_LIBC_DECL(gethostbyname2, LIBC_GETHOSTBYNAME2_RET_TYPE, + LIBC_GETHOSTBYNAME2_SIG) +#define LIBC_GETHOSTBYNAME2_DECL LIBC_GETHOSTBYNAME2_RET_TYPE \ + LIBC_GETHOSTBYNAME2_NAME(LIBC_GETHOSTBYNAME2_SIG) + /* getaddrinfo(3) */ TSOCKS_LIBC_DECL(getaddrinfo, LIBC_GETADDRINFO_RET_TYPE, LIBC_GETADDRINFO_SIG)

1 0

[torsocks/master] Separate libc call in specific files
by dgoulet＠torproject.org 04 Apr '14

04 Apr '14

commit cb980d0533539790127ac59509fcce96f8a3e996 Author: David Goulet <dgoulet(a)ev0ke.net> Date: Sun Jun 23 13:20:11 2013 -0400 Separate libc call in specific files No code has been changed, only function renaming in torsocks.c and a non static function move at the end of torsocks.c Signed-off-by: David Goulet <dgoulet(a)ev0ke.net> --- src/lib/Makefile.am | 3 +- src/lib/connect.c | 117 +++++++++++++++++++++ src/lib/getaddrinfo.c | 101 ++++++++++++++++++ src/lib/gethostbyname.c | 86 ++++++++++++++++ src/lib/torsocks.c | 263 +++-------------------------------------------- src/lib/torsocks.h | 5 + 6 files changed, 327 insertions(+), 248 deletions(-) diff --git a/src/lib/Makefile.am b/src/lib/Makefile.am index 3c7b3df..bf9237e 100644 --- a/src/lib/Makefile.am +++ b/src/lib/Makefile.am @@ -10,7 +10,8 @@ EXTRA_DIST = torsocks.in usewithtor.in lib_LTLIBRARIES = libtorsocks.la -libtorsocks_la_SOURCES = torsocks.c torsocks.h +libtorsocks_la_SOURCES = torsocks.c torsocks.h \ + connect.c gethostbyname.c getaddrinfo.c libtorsocks_la_LIBADD = \ $(top_builddir)/src/common/libcommon.la \ diff --git a/src/lib/connect.c b/src/lib/connect.c new file mode 100644 index 0000000..cee4d76 --- /dev/null +++ b/src/lib/connect.c @@ -0,0 +1,117 @@ +/* + * Copyright (C) 2000-2008 - Shaun Clowes <delius(a)progsoc.org> + * 2008-2011 - Robert Hogan <robert(a)roberthogan.net> + * 2013 - David Goulet <dgoulet(a)ev0ke.net> + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License, version 2 only, as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for + * more details. + * + * You should have received a copy of the GNU General Public License along with + * this program; if not, write to the Free Software Foundation, Inc., 51 + * Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include <assert.h> + +#include <common/connection.h> +#include <common/log.h> + +#include "torsocks.h" + +/* + * Torsocks call for connect(2). + */ +LIBC_CONNECT_RET_TYPE tsocks_connect(LIBC_CONNECT_SIG) +{ + int ret, sock_type; + socklen_t optlen; + struct connection *new_conn; + + DBG("Connect catched on fd %d", __sockfd); + + ret = getsockopt(__sockfd, SOL_SOCKET, SO_TYPE, &sock_type, &optlen); + if (ret < 0) { + /* Use the getsockopt() errno value. */ + goto error; + } + + /* We can't handle a non inet socket. */ + if (__addr->sa_family != AF_INET && + __addr->sa_family != AF_INET6) { + DBG("[conect] Connection is not IPv4/v6. Ignoring."); + goto libc_connect; + } + + /* + * Refuse non stream socket. There is a chance that this might be a DNS + * request that we can't pass through Tor using raw UDP packet. + */ + if (sock_type != SOCK_STREAM) { + ERR("[connect] UDP or ICMP stream can't be handled. Rejecting."); + errno = EBADF; + goto error; + } + + DBG("[connect] Socket family %s and type %d", + __addr->sa_family == AF_INET ? "AF_INET" : "AF_INET6", sock_type); + + /* + * Lock registry to get the connection reference if one. In this code path, + * if a connection object is found, it will not be used since a double + * connect() on the same file descriptor is an error so the registry is + * quickly unlocked and no reference is needed. + */ + connection_registry_lock(); + new_conn = connection_find(__sockfd); + connection_registry_unlock(); + if (new_conn) { + /* Double connect() for the same fd. */ + errno = EISCONN; + goto error; + } + + new_conn = connection_create(__sockfd, __addr); + if (!new_conn) { + errno = ENOMEM; + goto error; + } + + /* Connect the socket to the Tor network. */ + ret = tsocks_connect_to_tor(new_conn); + if (ret < 0) { + errno = -ret; + goto error; + } + + connection_registry_lock(); + /* This can't fail since a lookup was done previously. */ + connection_insert(new_conn); + connection_registry_unlock(); + + /* Flag errno for success */ + ret = errno = 0; + return ret; + +libc_connect: + return tsocks_libc_connect(LIBC_CONNECT_ARGS); +error: + /* At this point, errno MUST be set to a valid connect() error value. */ + return -1; +} + +/* + * Libc hijacked symbol connect(2). + */ +LIBC_CONNECT_DECL +{ + /* Find symbol if not already set. Exit if not found. */ + tsocks_libc_connect = tsocks_find_libc_symbol(LIBC_CONNECT_NAME_STR, + TSOCKS_SYM_EXIT_NOT_FOUND); + return tsocks_connect(LIBC_CONNECT_ARGS); +} diff --git a/src/lib/getaddrinfo.c b/src/lib/getaddrinfo.c new file mode 100644 index 0000000..683bfc7 --- /dev/null +++ b/src/lib/getaddrinfo.c @@ -0,0 +1,101 @@ +/* + * Copyright (C) 2000-2008 - Shaun Clowes <delius(a)progsoc.org> + * 2008-2011 - Robert Hogan <robert(a)roberthogan.net> + * 2013 - David Goulet <dgoulet(a)ev0ke.net> + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License, version 2 only, as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for + * more details. + * + * You should have received a copy of the GNU General Public License along with + * this program; if not, write to the Free Software Foundation, Inc., 51 + * Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include <arpa/inet.h> +#include <assert.h> + +#include <common/log.h> + +#include "torsocks.h" + +/* + * Torsocks call for getaddrinfo(3). + */ +LIBC_GETADDRINFO_RET_TYPE tsocks_getaddrinfo(LIBC_GETADDRINFO_SIG) +{ + int ret, af; + struct in_addr addr4; + struct in6_addr addr6; + void *addr; + char *ip_str, ipv4[INET_ADDRSTRLEN], ipv6[INET6_ADDRSTRLEN]; + socklen_t ip_str_size; + const char *node; + + DBG("[getaddrinfo] Requesting %s hostname", __node); + + if (!__node) { + ret = EAI_NONAME; + goto error; + } + + /* Use right domain for the next step. */ + switch (__hints->ai_family) { + default: + /* Default value is to use IPv4. */ + case AF_INET: + addr = &addr4; + ip_str = ipv4; + ip_str_size = sizeof(ipv4); + af = AF_INET; + break; + case AF_INET6: + addr = &addr6; + ip_str = ipv6; + ip_str_size = sizeof(ipv6); + af = AF_INET6; + break; + } + + ret = inet_pton(af, __node, &addr); + if (ret == 0) { + /* The node most probably is a DNS name. */ + ret = tsocks_tor_resolve(__node, (uint32_t *) addr); + if (ret < 0) { + ret = EAI_FAIL; + goto error; + } + + (void) inet_ntop(af, addr, ip_str, ip_str_size); + node = ip_str; + DBG("[getaddrinfo] Node %s resolved to %s", __node, node); + } else { + node = __node; + DBG("[getaddrinfo] Node %s will be passed to the libc call", node); + } + + ret = tsocks_libc_getaddrinfo(node, __service, __hints, __res); + if (ret) { + goto error; + } + + return 0; + +error: + return ret; +} + +/* + * Libc hijacked symbol getaddrinfo(3). + */ +LIBC_GETADDRINFO_DECL +{ + tsocks_libc_getaddrinfo = tsocks_find_libc_symbol(LIBC_GETADDRINFO_NAME_STR, + TSOCKS_SYM_EXIT_NOT_FOUND); + return tsocks_getaddrinfo(LIBC_GETADDRINFO_ARGS); +} diff --git a/src/lib/gethostbyname.c b/src/lib/gethostbyname.c new file mode 100644 index 0000000..58a7290 --- /dev/null +++ b/src/lib/gethostbyname.c @@ -0,0 +1,86 @@ +/* + * Copyright (C) 2000-2008 - Shaun Clowes <delius(a)progsoc.org> + * 2008-2011 - Robert Hogan <robert(a)roberthogan.net> + * 2013 - David Goulet <dgoulet(a)ev0ke.net> + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License, version 2 only, as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for + * more details. + * + * You should have received a copy of the GNU General Public License along with + * this program; if not, write to the Free Software Foundation, Inc., 51 + * Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include <arpa/inet.h> +#include <assert.h> + +#include <common/log.h> + +#include "torsocks.h" +/* + * Torsocks call for gethostbyname(3). + * + * NOTE: This call is OBSOLETE in the glibc. + */ +LIBC_GETHOSTBYNAME_RET_TYPE tsocks_gethostbyname(LIBC_GETHOSTBYNAME_SIG) +{ + int ret; + uint32_t ip; + const char *ret_str; + + DBG("[gethostbyname] Requesting %s hostname", __name); + + if (!__name) { + h_errno = HOST_NOT_FOUND; + goto error; + } + + /* Resolve the given hostname through Tor. */ + ret = tsocks_tor_resolve(__name, &ip); + if (ret < 0) { + goto error; + } + + /* Reset static host entry of tsocks. */ + memset(&tsocks_he, 0, sizeof(tsocks_he)); + memset(tsocks_he_addr_list, 0, sizeof(tsocks_he_addr_list)); + memset(tsocks_he_addr, 0, sizeof(tsocks_he_addr)); + + ret_str = inet_ntop(AF_INET, &ip, tsocks_he_addr, sizeof(tsocks_he_addr)); + if (!ret_str) { + PERROR("inet_ntop"); + h_errno = NO_ADDRESS; + goto error; + } + + tsocks_he_addr_list[0] = tsocks_he_addr; + tsocks_he_addr_list[1] = NULL; + + tsocks_he.h_name = (char *) __name; + tsocks_he.h_aliases = NULL; + tsocks_he.h_length = sizeof(in_addr_t); + tsocks_he.h_addrtype = AF_INET; + tsocks_he.h_addr_list = tsocks_he_addr_list; + + DBG("Hostname %s resolved to %s", __name, tsocks_he_addr); + + errno = 0; + return &tsocks_he; + +error: + return NULL; +} + +/* + * Libc hijacked symbol gethostbyname(3). + */ +LIBC_GETHOSTBYNAME_DECL +{ + return tsocks_gethostbyname(LIBC_GETHOSTBYNAME_ARGS); +} diff --git a/src/lib/torsocks.c b/src/lib/torsocks.c index 7793e38..28cd183 100644 --- a/src/lib/torsocks.c +++ b/src/lib/torsocks.c @@ -17,7 +17,6 @@ * Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ -#include <arpa/inet.h> #include <assert.h> #include <dlfcn.h> #include <stdlib.h> @@ -54,30 +53,6 @@ static void clean_exit(int status) } /* - * Lookup symbol in the loaded libraries of the binary. - * - * Return the function pointer or NULL on error. - */ -static void *find_libc_symbol(const char *symbol, - enum tsocks_sym_action action) -{ - void *fct_ptr = NULL; - - assert(symbol); - - fct_ptr = dlsym(RTLD_NEXT, symbol); - if (!fct_ptr) { - ERR("Unable to find %s", symbol); - if (action == TSOCKS_SYM_EXIT_NOT_FOUND) { - ERR("This is critical for torsocks. Exiting"); - clean_exit(EXIT_FAILURE); - } - } - - return fct_ptr; -} - -/* * Initialize torsocks configuration from a given conf file or the default one. */ static void init_config(void) @@ -130,7 +105,7 @@ static void init_config(void) */ static void init_libc_symbols(void) { - tsocks_libc_connect = find_libc_symbol(LIBC_CONNECT_NAME_STR, + tsocks_libc_connect = tsocks_find_libc_symbol(LIBC_CONNECT_NAME_STR, TSOCKS_SYM_EXIT_NOT_FOUND); } @@ -255,7 +230,7 @@ error: * Return 0 on success or else a negative value being the errno value that * needs to be sent back. */ -static int connect_to_tor_network(struct connection *conn) +int tsocks_connect_to_tor(struct connection *conn) { int ret; @@ -287,7 +262,7 @@ error: * * Return 0 on success else a negative value and the result addr is untouched. */ -static int tor_resolve(const char *hostname, uint32_t *ip_addr) +int tsocks_tor_resolve(const char *hostname, uint32_t *ip_addr) { int ret; struct connection conn; @@ -329,231 +304,25 @@ error: } /* - * Torsocks call for connect(2). - */ -LIBC_CONNECT_RET_TYPE tsocks_connect(LIBC_CONNECT_SIG) -{ - int ret, sock_type; - socklen_t optlen; - struct connection *new_conn; - - DBG("Connect catched on fd %d", __sockfd); - - ret = getsockopt(__sockfd, SOL_SOCKET, SO_TYPE, &sock_type, &optlen); - if (ret < 0) { - /* Use the getsockopt() errno value. */ - goto error; - } - - /* We can't handle a non inet socket. */ - if (__addr->sa_family != AF_INET && - __addr->sa_family != AF_INET6) { - DBG("[conect] Connection is not IPv4/v6. Ignoring."); - goto libc_connect; - } - - /* - * Refuse non stream socket. There is a chance that this might be a DNS - * request that we can't pass through Tor using raw UDP packet. - */ - if (sock_type != SOCK_STREAM) { - ERR("[connect] UDP or ICMP stream can't be handled. Rejecting."); - errno = EBADF; - goto error; - } - - DBG("[connect] Socket family %s and type %d", - __addr->sa_family == AF_INET ? "AF_INET" : "AF_INET6", sock_type); - - /* - * Lock registry to get the connection reference if one. In this code path, - * if a connection object is found, it will not be used since a double - * connect() on the same file descriptor is an error so the registry is - * quickly unlocked and no reference is needed. - */ - connection_registry_lock(); - new_conn = connection_find(__sockfd); - connection_registry_unlock(); - if (new_conn) { - /* Double connect() for the same fd. */ - errno = EISCONN; - goto error; - } - - new_conn = connection_create(__sockfd, __addr); - if (!new_conn) { - errno = ENOMEM; - goto error; - } - - /* Connect the socket to the Tor network. */ - ret = connect_to_tor_network(new_conn); - if (ret < 0) { - errno = -ret; - goto error; - } - - connection_registry_lock(); - /* This can't fail since a lookup was done previously. */ - connection_insert(new_conn); - connection_registry_unlock(); - - /* Flag errno for success */ - ret = errno = 0; - return ret; - -libc_connect: - return tsocks_libc_connect(LIBC_CONNECT_ARGS); -error: - /* At this point, errno MUST be set to a valid connect() error value. */ - return -1; -} - -/* - * Libc hijacked symbol connect(2). - */ -LIBC_CONNECT_DECL -{ - /* Find symbol if not already set. Exit if not found. */ - tsocks_libc_connect = find_libc_symbol(LIBC_CONNECT_NAME_STR, - TSOCKS_SYM_EXIT_NOT_FOUND); - return tsocks_connect(LIBC_CONNECT_ARGS); -} - -/* - * Torsocks call for gethostbyname(3). + * Lookup symbol in the loaded libraries of the binary. * - * NOTE: This call is OBSOLETE in the glibc. - */ -LIBC_GETHOSTBYNAME_RET_TYPE tsocks_gethostbyname(LIBC_GETHOSTBYNAME_SIG) -{ - int ret; - uint32_t ip; - const char *ret_str; - - DBG("[gethostbyname] Requesting %s hostname", __name); - - if (!__name) { - h_errno = HOST_NOT_FOUND; - goto error; - } - - /* Resolve the given hostname through Tor. */ - ret = tor_resolve(__name, &ip); - if (ret < 0) { - goto error; - } - - /* Reset static host entry of tsocks. */ - memset(&tsocks_he, 0, sizeof(tsocks_he)); - memset(tsocks_he_addr_list, 0, sizeof(tsocks_he_addr_list)); - memset(tsocks_he_addr, 0, sizeof(tsocks_he_addr)); - - ret_str = inet_ntop(AF_INET, &ip, tsocks_he_addr, sizeof(tsocks_he_addr)); - if (!ret_str) { - PERROR("inet_ntop"); - h_errno = NO_ADDRESS; - goto error; - } - - tsocks_he_addr_list[0] = tsocks_he_addr; - tsocks_he_addr_list[1] = NULL; - - tsocks_he.h_name = (char *) __name; - tsocks_he.h_aliases = NULL; - tsocks_he.h_length = sizeof(in_addr_t); - tsocks_he.h_addrtype = AF_INET; - tsocks_he.h_addr_list = tsocks_he_addr_list; - - DBG("Hostname %s resolved to %s", __name, tsocks_he_addr); - - errno = 0; - return &tsocks_he; - -error: - return NULL; -} - -/* - * Libc hijacked symbol gethostbyname(3). - */ -LIBC_GETHOSTBYNAME_DECL -{ - return tsocks_gethostbyname(LIBC_GETHOSTBYNAME_ARGS); -} - -/* - * Torsocks call for getaddrinfo(3). + * Return the function pointer or NULL on error. */ -LIBC_GETADDRINFO_RET_TYPE tsocks_getaddrinfo(LIBC_GETADDRINFO_SIG) +void *tsocks_find_libc_symbol(const char *symbol, + enum tsocks_sym_action action) { - int ret, af; - struct in_addr addr4; - struct in6_addr addr6; - void *addr; - char *ip_str, ipv4[INET_ADDRSTRLEN], ipv6[INET6_ADDRSTRLEN]; - socklen_t ip_str_size; - const char *node; - - DBG("[getaddrinfo] Requesting %s hostname", __node); - - if (!__node) { - ret = EAI_NONAME; - goto error; - } + void *fct_ptr = NULL; - /* Use right domain for the next step. */ - switch (__hints->ai_family) { - default: - /* Default value is to use IPv4. */ - case AF_INET: - addr = &addr4; - ip_str = ipv4; - ip_str_size = sizeof(ipv4); - af = AF_INET; - break; - case AF_INET6: - addr = &addr6; - ip_str = ipv6; - ip_str_size = sizeof(ipv6); - af = AF_INET6; - break; - } + assert(symbol); - ret = inet_pton(af, __node, &addr); - if (ret == 0) { - /* The node most probably is a DNS name. */ - ret = tor_resolve(__node, (uint32_t *) addr); - if (ret < 0) { - ret = EAI_FAIL; - goto error; + fct_ptr = dlsym(RTLD_NEXT, symbol); + if (!fct_ptr) { + ERR("Unable to find %s", symbol); + if (action == TSOCKS_SYM_EXIT_NOT_FOUND) { + ERR("This is critical for torsocks. Exiting"); + clean_exit(EXIT_FAILURE); } - - (void) inet_ntop(af, addr, ip_str, ip_str_size); - node = ip_str; - DBG("[getaddrinfo] Node %s resolved to %s", __node, node); - } else { - node = __node; - DBG("[getaddrinfo] Node %s will be passed to the libc call", node); - } - - ret = tsocks_libc_getaddrinfo(node, __service, __hints, __res); - if (ret) { - goto error; } - return 0; - -error: - return ret; -} - -/* - * Libc hijacked symbol getaddrinfo(3). - */ -LIBC_GETADDRINFO_DECL -{ - tsocks_libc_getaddrinfo = find_libc_symbol(LIBC_GETADDRINFO_NAME_STR, - TSOCKS_SYM_EXIT_NOT_FOUND); - return tsocks_getaddrinfo(LIBC_GETADDRINFO_ARGS); + return fct_ptr; } diff --git a/src/lib/torsocks.h b/src/lib/torsocks.h index adbe67f..de62c33 100644 --- a/src/lib/torsocks.h +++ b/src/lib/torsocks.h @@ -114,4 +114,9 @@ enum tsocks_sym_action { /* Global configuration. Initialized once in the library constructor. */ extern struct configuration tsocks_config; +int tsocks_connect_to_tor(struct connection *conn); +void *tsocks_find_libc_symbol(const char *symbol, + enum tsocks_sym_action action); +int tsocks_tor_resolve(const char *hostname, uint32_t *ip_addr); + #endif /* TORSOCKS_H */

1 0

[torsocks/master] Fix: SOCKS5 connect reply was not receiving the correct len
by dgoulet＠torproject.org 04 Apr '14

04 Apr '14

commit 3a3c756cf8dd590e8fa2d92c8dadf66ba4ff66f7 Author: David Goulet <dgoulet(a)ev0ke.net> Date: Sat Jun 22 20:16:03 2013 -0400 Fix: SOCKS5 connect reply was not receiving the correct len Signed-off-by: David Goulet <dgoulet(a)ev0ke.net> --- src/common/socks5.c | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/src/common/socks5.c b/src/common/socks5.c index 4e218e3..8a16b9a 100644 --- a/src/common/socks5.c +++ b/src/common/socks5.c @@ -303,17 +303,36 @@ int socks5_recv_connect_reply(struct connection *conn) { int ret; ssize_t ret_recv; + char buffer[22]; /* Maximum size possible (with IPv6). */ struct socks5_reply msg; + size_t recv_len; assert(conn); assert(conn >= 0); - ret_recv = recv_data(conn->fd, &msg, sizeof(msg)); + /* Beginning of the payload we are receiving. */ + recv_len = sizeof(msg); + /* Len of BND.PORT */ + recv_len += sizeof(uint16_t); + + switch (tsocks_config.socks5_addr.domain) { + case CONNECTION_DOMAIN_INET: + recv_len+= 4; + break; + case CONNECTION_DOMAIN_INET6: + recv_len += 16; + break; + } + + ret_recv = recv_data(conn->fd, buffer, recv_len); if (ret_recv < 0) { ret = ret_recv; goto error; } + /* Copy the beginning of the reply so we can parse it easily. */ + memcpy(&msg, buffer, sizeof(msg)); + DBG("Socks5 received connect reply - ver: %d, rep: 0x%02x, atype: 0x%02x", msg.ver, msg.rep, msg.atyp);

1 0

[torsocks/master] Rename file so the Makefile does not complain
by dgoulet＠torproject.org 04 Apr '14

04 Apr '14

commit 7b11deab9fc9767a414e8dfba9282900ab5773b3 Author: David Goulet <dgoulet(a)ev0ke.net> Date: Sun Jun 23 11:37:22 2013 -0400 Rename file so the Makefile does not complain Signed-off-by: David Goulet <dgoulet(a)ev0ke.net> --- doc/torsocks.1 | 63 ++++++++++++++ doc/torsocks.1.in | 63 -------------- doc/torsocks.8 | 189 ++++++++++++++++++++++++++++++++++++++++++ doc/torsocks.8.in | 189 ------------------------------------------ doc/torsocks.conf.5 | 214 ++++++++++++++++++++++++++++++++++++++++++++++++ doc/torsocks.conf.5.in | 214 ------------------------------------------------ doc/usewithtor.1 | 57 +++++++++++++ doc/usewithtor.1.in | 57 ------------- 8 files changed, 523 insertions(+), 523 deletions(-) diff --git a/doc/torsocks.1 b/doc/torsocks.1 new file mode 100644 index 0000000..555e661 --- /dev/null +++ b/doc/torsocks.1 @@ -0,0 +1,63 @@ +.TH TORSOCKS 1 "" "TORSOCKS" + +.SH NAME +.BR torsocks +\- Shell wrapper to simplify the use of the torsocks(8) library to +transparently allow an application to use a SOCKS proxy. Basically a renamed, patched tsocks. +.SH SYNOPSIS +.B torsocks +.RB [application\ [application's\ arguments]] +.br +or +.B torsocks +.RB [on|off|--shell] +.br +or +.B torsocks +.SH DESCRIPTION +.B torsocks +is a wrapper between the torsocks library and the application what you +would like to run socksified. +.SH SUMMARY + +By default, torsocks will assume that it should connect to the SOCKS proxy +running at 127.0.0.1 on port 9050. This is the default address and port for +Tor's socks server on most installations. + +In order to use a configuration file, you must set the environment variable +TORSOCKS_CONF_FILE with the location of the file. + +If TORSOCKS_CONF_FILE is not set, torsocks will attempt to read the configuration +file at @CONFDIR@/torsocks.conf. If that file cannot be read, torsocks will +use sensible defaults for most Tor installations, i.e. it will assume that +you want to use a SOCKS proxy running at 127.0.0.1 (localhost) on port 9050. + +For further information on configuration, see +.B torsocks.conf(5). + +.SH OPTIONS +.IP \fB[application\ \fB[application's\ arguments]] +run the application as specified with the environment (LD_PRELOAD) set +such that torsocks(8) will transparently proxy SOCKS connections in +that program +.IP \fB[on|off] +this option adds or removes torsocks(8) from the LD_PRELOAD environment +variable. When torsocks(8) is in this variable all executed +applications are automatically socksified. If you want to +use this function, you HAVE to source the shell script from yours, +like this: "source /usr/bin/torsocks" or ". /usr/bin/torsocks" +.br +Example: +.br +". torsocks on" -- add the torsocks lib to LD_PRELOAD +.br +". torsocks off" -- remove the torsocks lib from LD_PRELOAD +.IP \fB[show|sh] +show the current value of the LD_PRELOAD variable +.IP \fB[--shell] +create a new shell with LD_PRELOAD including torsocks(8). +.PP +.SH AUTHOR +This script was created by Tamas SZERB <toma(a)rulez.org> for the debian +package of tsocks. It (along with this manual page) have since been +adapted into the torsocks project and modified. diff --git a/doc/torsocks.1.in b/doc/torsocks.1.in deleted file mode 100644 index 555e661..0000000 --- a/doc/torsocks.1.in +++ /dev/null @@ -1,63 +0,0 @@ -.TH TORSOCKS 1 "" "TORSOCKS" - -.SH NAME -.BR torsocks -\- Shell wrapper to simplify the use of the torsocks(8) library to -transparently allow an application to use a SOCKS proxy. Basically a renamed, patched tsocks. -.SH SYNOPSIS -.B torsocks -.RB [application\ [application's\ arguments]] -.br -or -.B torsocks -.RB [on|off|--shell] -.br -or -.B torsocks -.SH DESCRIPTION -.B torsocks -is a wrapper between the torsocks library and the application what you -would like to run socksified. -.SH SUMMARY - -By default, torsocks will assume that it should connect to the SOCKS proxy -running at 127.0.0.1 on port 9050. This is the default address and port for -Tor's socks server on most installations. - -In order to use a configuration file, you must set the environment variable -TORSOCKS_CONF_FILE with the location of the file. - -If TORSOCKS_CONF_FILE is not set, torsocks will attempt to read the configuration -file at @CONFDIR@/torsocks.conf. If that file cannot be read, torsocks will -use sensible defaults for most Tor installations, i.e. it will assume that -you want to use a SOCKS proxy running at 127.0.0.1 (localhost) on port 9050. - -For further information on configuration, see -.B torsocks.conf(5). - -.SH OPTIONS -.IP \fB[application\ \fB[application's\ arguments]] -run the application as specified with the environment (LD_PRELOAD) set -such that torsocks(8) will transparently proxy SOCKS connections in -that program -.IP \fB[on|off] -this option adds or removes torsocks(8) from the LD_PRELOAD environment -variable. When torsocks(8) is in this variable all executed -applications are automatically socksified. If you want to -use this function, you HAVE to source the shell script from yours, -like this: "source /usr/bin/torsocks" or ". /usr/bin/torsocks" -.br -Example: -.br -". torsocks on" -- add the torsocks lib to LD_PRELOAD -.br -". torsocks off" -- remove the torsocks lib from LD_PRELOAD -.IP \fB[show|sh] -show the current value of the LD_PRELOAD variable -.IP \fB[--shell] -create a new shell with LD_PRELOAD including torsocks(8). -.PP -.SH AUTHOR -This script was created by Tamas SZERB <toma(a)rulez.org> for the debian -package of tsocks. It (along with this manual page) have since been -adapted into the torsocks project and modified. diff --git a/doc/torsocks.8 b/doc/torsocks.8 new file mode 100644 index 0000000..58672e5 --- /dev/null +++ b/doc/torsocks.8 @@ -0,0 +1,189 @@ +.TH TORSOCKS 8 "" "Shaun Clowes" \" -*- + \" nroff -* + +.SH NAME +.BR torsocks +\- Library for intercepting outgoing network connections and +redirecting them through a SOCKS server. + +.SH SYNOPSIS + +Set LD_PRELOAD to load the library then use applications as normal + +The syntax to force preload of the library for different shells is +specified below: + +Bash, Ksh and Bourne shell - + +export LD_PRELOAD=/lib/libtorsocks.so + +C Shell - + +setenv LD_PRELOAD=/lib/libtorsocks.so + +This process can be automated (for Bash, Bourne and Korn shell +users) for a single command or for all commands in a shell session +by using the torsocks(1) script + +You can also setup torsocks in such a way that all processes +automatically use it, a very useful configuration. For more +information on this configuration see the CAVEATS section of this +manual page. + +.SH DESCRIPTION + +.BR torsocks +is a library to allow transparent SOCKS proxying. It wraps the normal +connect() function. When a connection is attempted, it consults the +configuration file (which is defined at configure time but defaults to +/etc/torsocks.conf) and determines if the IP address specified is local. If +it is not, the library redirects the connection to a SOCKS server +specified in the configuration file. It then negotiates that connection +with the SOCKS server and passes the connection back to the calling +program. + +.BR torsocks +is designed for use in machines which are firewalled from the +Internet. It avoids the need to recompile applications like lynx or +telnet so they can use SOCKS to reach the Internet. It behaves much like +the SOCKSified TCP/IP stacks seen on other platforms. + +.SS ARGUMENTS +Most arguments to +.BR torsocks +are provided in the configuration file (the location of which is defined +at configure time by the \-\-with\-conf=<file> argument but defaults to +/etc/torsocks.conf). The structure of this file is documented in torsocks.conf(8) + +Some configuration options can be specified at run time using environment +variables as follows: + +.TP +.I TORSOCKS_CONFFILE +This environment variable overrides the default location of the torsocks +configuration file. This variable is not honored if the program torsocks +is embedded in is setuid. In addition this environment variable can +be compiled out of torsocks with the \-\-disable\-envconf argument to +configure at build time + +.TP +.I TORSOCKS_DEBUG +This environment variable sets the level of debug output that should be +generated by torsocks (debug output is generated in the form of output to +standard error). If this variable is not present by default the logging +level is set to 0 which indicates that only error messages should be output. +Setting it to higher values will cause torsocks to generate more messages +describing what it is doing. If set to \-1 torsocks will output absolutely no +error or debugging messages. This is only needed if torsocks output interferes +with a program it is embedded in. Message output can be permanently compiled +out of torsocks by specifying the \-\-disable\-debug option to configure at +build time + +.TP +.I TORSOCKS_DEBUG_FILE +This option can be used to redirect the torsocks output (which would normally +be sent to standard error) to a file. This variable is not honored if the +program torsocks is embedded in is setuid. For programs where torsocks output +interferes with normal operation this option is generally better than +disabling messages (with TORSOCKS_DEBUG = \-1) + +.TP +.I TORSOCKS_USERNAME +This environment variable can be used to specify the username to be used when +version 5 SOCKS servers request username/password authentication. This +overrides the default username that can be specified in the configuration +file using 'default_user', see torsocks.conf(8) for more information. This +variable is ignored for version 4 SOCKS servers. + +.TP +.I TORSOCKS_PASSWORD +This environment variable can be used to specify the password to be used when +version 5 SOCKS servers request username/password authentication. This +overrides the default password that can be specified in the configuration +file using 'default_pass', see torsocks.conf(8) for more information. This +variable is ignored for version 4 SOCKS servers. + +.SS DNS ISSUES +.BR torsocks +will normally not be able to send DNS queries through a SOCKS server since +SOCKS V4 works on TCP and DNS normally uses UDP. Version 1.5 and up do +however provide a method to force DNS lookups to use TCP, which then makes +them proxyable. This option can only enabled at compile time, please +consult the INSTALL file for more information. + +.SS ERRORS +.BR torsocks +will generate error messages and print them to stderr when there are +problems with the configuration file or the SOCKS negotiation with the +server if the TORSOCKS_DEBUG environment variable is not set to \-1 or and +\-\-disable\-debug was not specified at compile time. This output may cause +some problems with programs that redirect standard error. + +.SS CAVEATS +.BR torsocks +will not in the above configuration be able to provide SOCKS proxying to +setuid applications or applications that are not run from a shell. You can +force all applications to LD_PRELOAD the library by placing the path to +libtorsocks in /etc/ld.so.preload. Please make sure you correctly enter the +full path to the library in this file if you do this. If you get it wrong, +you will be UNABLE TO DO ANYTHING with the machine and will have to boot +it with a rescue disk and remove the file (or try the saveme program, see +the INSTALL file for more info). THIS IS A ***WARNING***, please be +careful. Also be sure the library is in the root filesystem as all hell +will break loose if the directory it is in is not available at boot time. + +.SH BUGS + +.BR torsocks +can only proxy outgoing TCP connections + +.BR torsocks +does NOT work correctly with asynchronous sockets (though it does work with +non blocking sockets). This bug would be very difficult to fix and there +appears to be no demand for it (I know of no major application that uses +asynchronous sockets) + +.BR torsocks +is NOT fully RFC compliant in its implementation of version 5 of SOCKS, it +only supports the 'username and password' or 'no authentication' +authentication methods. The RFC specifies GSSAPI must be supported by any +compliant implementation. I haven't done this, anyone want to help? + +.BR torsocks +can force the libc resolver to use TCP for name queries, if it does this +it does it regardless of whether or not the DNS to be queried is local or +not. This introduces overhead and should only be used when needed. + +.BR torsocks +uses ELF dynamic loader features to intercept dynamic function calls from +programs in which it is embedded. As a result, it cannot trace the +actions of statically linked executables, non-ELF executables, or +executables that make system calls directly with the system call trap or +through the syscall() routine. + +.SH FILES +@CONFDIR@/torsocks.conf - default torsocks configuration file + +.SH SEE ALSO +torsocks.conf(5) +torsocks(1) +usewithtor(1) + +.SH AUTHOR +Shaun Clowes (delius(a)progsoc.uts.edu.au) + +.SH COPYRIGHT +Copyright 2000 Shaun Clowes + +Renamed for use by torsocks to avoid conflict with tsocks by Robert Hogan. + +torsocks and its documentation may be freely copied under the terms and +conditions of version 2 of the GNU General Public License, as published +by the Free Software Foundation (Cambridge, Massachusetts, United +States of America). + +This documentation is based on the documentation for logwrites, another +shared library interceptor. One line of code from it was used in +torsocks and a lot of the documentation :) logwrites is by +adam(a)yggdrasil.com (Adam J. Richter) and can be had from ftp.yggdrasil.com +pub/dist/pkg diff --git a/doc/torsocks.8.in b/doc/torsocks.8.in deleted file mode 100644 index 58672e5..0000000 --- a/doc/torsocks.8.in +++ /dev/null @@ -1,189 +0,0 @@ -.TH TORSOCKS 8 "" "Shaun Clowes" \" -*- - \" nroff -* - -.SH NAME -.BR torsocks -\- Library for intercepting outgoing network connections and -redirecting them through a SOCKS server. - -.SH SYNOPSIS - -Set LD_PRELOAD to load the library then use applications as normal - -The syntax to force preload of the library for different shells is -specified below: - -Bash, Ksh and Bourne shell - - -export LD_PRELOAD=/lib/libtorsocks.so - -C Shell - - -setenv LD_PRELOAD=/lib/libtorsocks.so - -This process can be automated (for Bash, Bourne and Korn shell -users) for a single command or for all commands in a shell session -by using the torsocks(1) script - -You can also setup torsocks in such a way that all processes -automatically use it, a very useful configuration. For more -information on this configuration see the CAVEATS section of this -manual page. - -.SH DESCRIPTION - -.BR torsocks -is a library to allow transparent SOCKS proxying. It wraps the normal -connect() function. When a connection is attempted, it consults the -configuration file (which is defined at configure time but defaults to -/etc/torsocks.conf) and determines if the IP address specified is local. If -it is not, the library redirects the connection to a SOCKS server -specified in the configuration file. It then negotiates that connection -with the SOCKS server and passes the connection back to the calling -program. - -.BR torsocks -is designed for use in machines which are firewalled from the -Internet. It avoids the need to recompile applications like lynx or -telnet so they can use SOCKS to reach the Internet. It behaves much like -the SOCKSified TCP/IP stacks seen on other platforms. - -.SS ARGUMENTS -Most arguments to -.BR torsocks -are provided in the configuration file (the location of which is defined -at configure time by the \-\-with\-conf=<file> argument but defaults to -/etc/torsocks.conf). The structure of this file is documented in torsocks.conf(8) - -Some configuration options can be specified at run time using environment -variables as follows: - -.TP -.I TORSOCKS_CONFFILE -This environment variable overrides the default location of the torsocks -configuration file. This variable is not honored if the program torsocks -is embedded in is setuid. In addition this environment variable can -be compiled out of torsocks with the \-\-disable\-envconf argument to -configure at build time - -.TP -.I TORSOCKS_DEBUG -This environment variable sets the level of debug output that should be -generated by torsocks (debug output is generated in the form of output to -standard error). If this variable is not present by default the logging -level is set to 0 which indicates that only error messages should be output. -Setting it to higher values will cause torsocks to generate more messages -describing what it is doing. If set to \-1 torsocks will output absolutely no -error or debugging messages. This is only needed if torsocks output interferes -with a program it is embedded in. Message output can be permanently compiled -out of torsocks by specifying the \-\-disable\-debug option to configure at -build time - -.TP -.I TORSOCKS_DEBUG_FILE -This option can be used to redirect the torsocks output (which would normally -be sent to standard error) to a file. This variable is not honored if the -program torsocks is embedded in is setuid. For programs where torsocks output -interferes with normal operation this option is generally better than -disabling messages (with TORSOCKS_DEBUG = \-1) - -.TP -.I TORSOCKS_USERNAME -This environment variable can be used to specify the username to be used when -version 5 SOCKS servers request username/password authentication. This -overrides the default username that can be specified in the configuration -file using 'default_user', see torsocks.conf(8) for more information. This -variable is ignored for version 4 SOCKS servers. - -.TP -.I TORSOCKS_PASSWORD -This environment variable can be used to specify the password to be used when -version 5 SOCKS servers request username/password authentication. This -overrides the default password that can be specified in the configuration -file using 'default_pass', see torsocks.conf(8) for more information. This -variable is ignored for version 4 SOCKS servers. - -.SS DNS ISSUES -.BR torsocks -will normally not be able to send DNS queries through a SOCKS server since -SOCKS V4 works on TCP and DNS normally uses UDP. Version 1.5 and up do -however provide a method to force DNS lookups to use TCP, which then makes -them proxyable. This option can only enabled at compile time, please -consult the INSTALL file for more information. - -.SS ERRORS -.BR torsocks -will generate error messages and print them to stderr when there are -problems with the configuration file or the SOCKS negotiation with the -server if the TORSOCKS_DEBUG environment variable is not set to \-1 or and -\-\-disable\-debug was not specified at compile time. This output may cause -some problems with programs that redirect standard error. - -.SS CAVEATS -.BR torsocks -will not in the above configuration be able to provide SOCKS proxying to -setuid applications or applications that are not run from a shell. You can -force all applications to LD_PRELOAD the library by placing the path to -libtorsocks in /etc/ld.so.preload. Please make sure you correctly enter the -full path to the library in this file if you do this. If you get it wrong, -you will be UNABLE TO DO ANYTHING with the machine and will have to boot -it with a rescue disk and remove the file (or try the saveme program, see -the INSTALL file for more info). THIS IS A ***WARNING***, please be -careful. Also be sure the library is in the root filesystem as all hell -will break loose if the directory it is in is not available at boot time. - -.SH BUGS - -.BR torsocks -can only proxy outgoing TCP connections - -.BR torsocks -does NOT work correctly with asynchronous sockets (though it does work with -non blocking sockets). This bug would be very difficult to fix and there -appears to be no demand for it (I know of no major application that uses -asynchronous sockets) - -.BR torsocks -is NOT fully RFC compliant in its implementation of version 5 of SOCKS, it -only supports the 'username and password' or 'no authentication' -authentication methods. The RFC specifies GSSAPI must be supported by any -compliant implementation. I haven't done this, anyone want to help? - -.BR torsocks -can force the libc resolver to use TCP for name queries, if it does this -it does it regardless of whether or not the DNS to be queried is local or -not. This introduces overhead and should only be used when needed. - -.BR torsocks -uses ELF dynamic loader features to intercept dynamic function calls from -programs in which it is embedded. As a result, it cannot trace the -actions of statically linked executables, non-ELF executables, or -executables that make system calls directly with the system call trap or -through the syscall() routine. - -.SH FILES -@CONFDIR@/torsocks.conf - default torsocks configuration file - -.SH SEE ALSO -torsocks.conf(5) -torsocks(1) -usewithtor(1) - -.SH AUTHOR -Shaun Clowes (delius(a)progsoc.uts.edu.au) - -.SH COPYRIGHT -Copyright 2000 Shaun Clowes - -Renamed for use by torsocks to avoid conflict with tsocks by Robert Hogan. - -torsocks and its documentation may be freely copied under the terms and -conditions of version 2 of the GNU General Public License, as published -by the Free Software Foundation (Cambridge, Massachusetts, United -States of America). - -This documentation is based on the documentation for logwrites, another -shared library interceptor. One line of code from it was used in -torsocks and a lot of the documentation :) logwrites is by -adam(a)yggdrasil.com (Adam J. Richter) and can be had from ftp.yggdrasil.com -pub/dist/pkg diff --git a/doc/torsocks.conf.5 b/doc/torsocks.conf.5 new file mode 100644 index 0000000..7cd22d8 --- /dev/null +++ b/doc/torsocks.conf.5 @@ -0,0 +1,214 @@ +.TH TORSOCKS.CONF 5 "" "Robert Hogan" \" -*- + \" nroff -* + +.SH NAME +.BR torsocks.conf +\- configuration file for torsocks(8) + +.SH SUMMARY + +By default, torsocks will assume that it should connect to the SOCKS proxy +running at 127.0.0.1 on port 9050. This is the default address and port for +Tor's socks server on most installations. If you are running a normal Tor +installation and have no special requirements, then you should not need to +create, edit or invoke a configuration file when using torsocks. + +Your installation of torsocks includes a default configuration file +that contains values sensible for use with most Tor installations. The +installation location for your default configuration file is: + + @CONFDIR@/torsocks.conf + +In order to use a configuration file, you must set the environment variable +TORSOCKS_CONF_FILE with the location of the file. + +If TORSOCKS_CONF_FILE is not set, torsocks will attempt to read the configuration +file at @CONFDIR@/torsocks.conf. If that file cannot be read, torsocks will +use sensible defaults for most Tor installations, i.e. it will assume that +you want to use a SOCKS proxy running at 127.0.0.1 (localhost) on port 9050. + +An example of typical usage is provided under the 'example' heading at the +end of this manual page. The script 'usewithtor' provided with your torsocks +installation will set this environment variable for you, and load the +configuration file provided with your installation. + +If you want to use a custom file in a different location, you should set the +environment variable yourself and then use the torsocks command, rather than +usewithtor. + +.SH OVERVIEW + +The configuration for torsocks can be anything from two lines to hundreds of +lines based on the needs at any particular site. The basic idea is to define +any networks the machine can access directly (i.e without the use of a +SOCKS server) and define one or many SOCKS servers to be used to access +other networks (including a 'default' server). + +Local networks are declared using the 'local' keyword in the configuration +file. When applications attempt to connect to machines in networks marked +as local torsocks will not attempt to use a SOCKS server to negotiate the +connection. + +Obviously if a connection is not to a locally accessible network it will need +to be proxied over a SOCKS server. However, many installations have several +different SOCKS servers to be used to access different internal (and external) +networks. For this reason the configuration file allows the definition of +`paths' as well as a default SOCKS server. + +Paths are declared as blocks in the configuration file. That is, they begin +with a 'path {' line in the configuration file and end with a '}' line. Inside +this block directives should be used to declare a SOCKS server (as documented +later in this manual page) and 'reaches' directives should be used to declare +networks and even destination ports in those networks that this server should +be used to reach. N.B Each path MUST define a SOCKS server and contain one or +more 'reaches' directives. + +SOCKS server declaration directives that are not contained within a 'path' +block define the default SOCKS server. If torsocks needs to connect to a machine +via a SOCKS server (i.e it isn't a network declared as 'local') and no 'path' +has declared it can reach that network via a 'reaches' directive this server +is used to negotiate the connection. + +.SH CONFIGURATION SYNTAX + +The basic structure of all lines in the configuration file is: + +.RS +<directive> = <parameters> +.RE + +The exception to this is 'path' blocks which look like: + +.RS +path { +.RS +<directive> = <parameters> +.RE +} +.RE + +Empty lines are ignored and all input on a line after a '#' character is +ignored. + +.SS DIRECTIVES +The following directives are used in the torsocks configuration file: + +.TP +.I server +The IP address of the SOCKS server (e.g "server = 10.1.4.253"). Only one +server may be specified per path block, or one outside a path +block (to define the default server). Unless \-\-disable-hostnames was +specified to configure at compile time the server can be specified as +a hostname (e.g "server = socks.nec.com") + +.TP +.I server_port +The port on which the SOCKS server receives requests. Only one server_port +may be specified per path block, or one outside a path (for the default +server). This directive is not required if the server is on the +standard port (1080). + +.TP +.I server_type +SOCKS version used by the server. Versions 4 and 5 are supported (but both +for only the connect operation). The default is 4. Only one server_type +may be specified per path block, or one outside a path (for the default +server). + +You can use the inspectorsocks utility to determine the type of server, see +the 'UTILITIES' section later in this manual page. + +.TP +.I default_user +This specifies the default username to be used for username and password +authentication in SOCKS version 5. In order to determine the username to +use (if the socks server requires username and password authentication) +torsocks first looks for the environment variable TSOCKS_USERNAME, then +looks for this configuration option, then tries to get the local username. +This option is not valid for SOCKS version 4 servers. Only one default_user +may be specified per path block, or one outside a path (for the default +server) + +.TP +.I default_pass +This specified the default password to be used for username and password +authentication in SOCKS version 5. In order to determine the password to +use (if the socks server requires username and password authentication) +torsocks first looks for the environment variable TSOCKS_PASSWORD, then +looks for this configuration option. This option is not valid for SOCKS +version 4 servers. Onle one default_pass may be specified per path block, +or one outside a path (for the default server) + +.TP +.I local +An IP/Subnet pair specifying a network which may be accessed directly without +proxying through a SOCKS server (e.g "local = 10.0.0.0/255.0.0.0"). +Obviously all SOCKS server IP addresses must be in networks specified as +local, otherwise torsocks would need a SOCKS server to reach SOCKS servers. + +.TP +.I reaches +This directive is only valid inside a path block. Its parameter is formed +as IP[:startport[\-endport]]/Subnet and it specifies a network (and a range +of ports on that network) that can be accessed by the SOCKS server specified +in this path block. For example, in a path block "reaches = +150.0.0.0:80-1024/255.0.0.0" indicates to torsocks that the SOCKS server +specified in the current path block should be used to access any IPs in the +range 150.0.0.0 to 150.255.255.255 when the connection request is for ports +80-1024. + +.TP +.I tordns_enable +This enables the use of the 'tordns' feature in torsocks, which overrides the +standard C library name resolution calls to use SOCKS. The default value is +`true'. + +.TP +.I tordns_deadpool_range +Tor hidden sites do not have real IP addresses. This specifies what range of +IP addresses will be handed to the application as "cookies" for .onion names. +Of course, you should pick a block of addresses which you aren't going to ever +need to actually connect to. The default value is '127.0.69.0/255.255.255.0'. + +.TP +.I tordns_cache_size +This specifies the number of IP addresses looked up through SOCKS to cache. +The default value is 256. Each entry consumes 260 bytes of memory, so the +default adds 66,560 bytes of overhead to each 'torified' process. NOTE: if +the number of IP addresses in tordns_deadpool_range is less than the value +specified for tordns_cache_size, then the cache will be shrunk to fit the +deadpool range. This is to prevent duplicate deadpool addresses from ever +appearing in the cache. + +.SH UTILITIES +torsocks comes with two utilities that can be useful in creating and verifying +the torsocks configuration file. + +.SH EXAMPLE + + export TORSOCKS_CONF_FILE=$PWD/torsocks.conf + torsocks ssh account(a)sshserver.com + +.SH SEE ALSO +torsocks(8) + +.SH AUTHOR +Robert Hogan (robert(a)roberthogan.net) +Shaun Clowes (delius(a)progsoc.uts.edu.au) + +.SH COPYRIGHT +Copyright 2009 Robert Hogan +Copyright 2000 Shaun Clowes + +Renamed for use by torsocks to avoid conflict with torsocks by Robert Hogan. + +torsocks and its documentation may be freely copied under the terms and +conditions of version 2 of the GNU General Public License, as published +by the Free Software Foundation (Cambridge, Massachusetts, United +States of America). + +This documentation is based on the documentation for logwrites, another +shared library interceptor. One line of code from it was used in +torsocks and a lot of the documentation :) logwrites is by +adam(a)yggdrasil.com (Adam J. Richter) and can be had from ftp.yggdrasil.com +pub/dist/pkg diff --git a/doc/torsocks.conf.5.in b/doc/torsocks.conf.5.in deleted file mode 100644 index 7cd22d8..0000000 --- a/doc/torsocks.conf.5.in +++ /dev/null @@ -1,214 +0,0 @@ -.TH TORSOCKS.CONF 5 "" "Robert Hogan" \" -*- - \" nroff -* - -.SH NAME -.BR torsocks.conf -\- configuration file for torsocks(8) - -.SH SUMMARY - -By default, torsocks will assume that it should connect to the SOCKS proxy -running at 127.0.0.1 on port 9050. This is the default address and port for -Tor's socks server on most installations. If you are running a normal Tor -installation and have no special requirements, then you should not need to -create, edit or invoke a configuration file when using torsocks. - -Your installation of torsocks includes a default configuration file -that contains values sensible for use with most Tor installations. The -installation location for your default configuration file is: - - @CONFDIR@/torsocks.conf - -In order to use a configuration file, you must set the environment variable -TORSOCKS_CONF_FILE with the location of the file. - -If TORSOCKS_CONF_FILE is not set, torsocks will attempt to read the configuration -file at @CONFDIR@/torsocks.conf. If that file cannot be read, torsocks will -use sensible defaults for most Tor installations, i.e. it will assume that -you want to use a SOCKS proxy running at 127.0.0.1 (localhost) on port 9050. - -An example of typical usage is provided under the 'example' heading at the -end of this manual page. The script 'usewithtor' provided with your torsocks -installation will set this environment variable for you, and load the -configuration file provided with your installation. - -If you want to use a custom file in a different location, you should set the -environment variable yourself and then use the torsocks command, rather than -usewithtor. - -.SH OVERVIEW - -The configuration for torsocks can be anything from two lines to hundreds of -lines based on the needs at any particular site. The basic idea is to define -any networks the machine can access directly (i.e without the use of a -SOCKS server) and define one or many SOCKS servers to be used to access -other networks (including a 'default' server). - -Local networks are declared using the 'local' keyword in the configuration -file. When applications attempt to connect to machines in networks marked -as local torsocks will not attempt to use a SOCKS server to negotiate the -connection. - -Obviously if a connection is not to a locally accessible network it will need -to be proxied over a SOCKS server. However, many installations have several -different SOCKS servers to be used to access different internal (and external) -networks. For this reason the configuration file allows the definition of -`paths' as well as a default SOCKS server. - -Paths are declared as blocks in the configuration file. That is, they begin -with a 'path {' line in the configuration file and end with a '}' line. Inside -this block directives should be used to declare a SOCKS server (as documented -later in this manual page) and 'reaches' directives should be used to declare -networks and even destination ports in those networks that this server should -be used to reach. N.B Each path MUST define a SOCKS server and contain one or -more 'reaches' directives. - -SOCKS server declaration directives that are not contained within a 'path' -block define the default SOCKS server. If torsocks needs to connect to a machine -via a SOCKS server (i.e it isn't a network declared as 'local') and no 'path' -has declared it can reach that network via a 'reaches' directive this server -is used to negotiate the connection. - -.SH CONFIGURATION SYNTAX - -The basic structure of all lines in the configuration file is: - -.RS -<directive> = <parameters> -.RE - -The exception to this is 'path' blocks which look like: - -.RS -path { -.RS -<directive> = <parameters> -.RE -} -.RE - -Empty lines are ignored and all input on a line after a '#' character is -ignored. - -.SS DIRECTIVES -The following directives are used in the torsocks configuration file: - -.TP -.I server -The IP address of the SOCKS server (e.g "server = 10.1.4.253"). Only one -server may be specified per path block, or one outside a path -block (to define the default server). Unless \-\-disable-hostnames was -specified to configure at compile time the server can be specified as -a hostname (e.g "server = socks.nec.com") - -.TP -.I server_port -The port on which the SOCKS server receives requests. Only one server_port -may be specified per path block, or one outside a path (for the default -server). This directive is not required if the server is on the -standard port (1080). - -.TP -.I server_type -SOCKS version used by the server. Versions 4 and 5 are supported (but both -for only the connect operation). The default is 4. Only one server_type -may be specified per path block, or one outside a path (for the default -server). - -You can use the inspectorsocks utility to determine the type of server, see -the 'UTILITIES' section later in this manual page. - -.TP -.I default_user -This specifies the default username to be used for username and password -authentication in SOCKS version 5. In order to determine the username to -use (if the socks server requires username and password authentication) -torsocks first looks for the environment variable TSOCKS_USERNAME, then -looks for this configuration option, then tries to get the local username. -This option is not valid for SOCKS version 4 servers. Only one default_user -may be specified per path block, or one outside a path (for the default -server) - -.TP -.I default_pass -This specified the default password to be used for username and password -authentication in SOCKS version 5. In order to determine the password to -use (if the socks server requires username and password authentication) -torsocks first looks for the environment variable TSOCKS_PASSWORD, then -looks for this configuration option. This option is not valid for SOCKS -version 4 servers. Onle one default_pass may be specified per path block, -or one outside a path (for the default server) - -.TP -.I local -An IP/Subnet pair specifying a network which may be accessed directly without -proxying through a SOCKS server (e.g "local = 10.0.0.0/255.0.0.0"). -Obviously all SOCKS server IP addresses must be in networks specified as -local, otherwise torsocks would need a SOCKS server to reach SOCKS servers. - -.TP -.I reaches -This directive is only valid inside a path block. Its parameter is formed -as IP[:startport[\-endport]]/Subnet and it specifies a network (and a range -of ports on that network) that can be accessed by the SOCKS server specified -in this path block. For example, in a path block "reaches = -150.0.0.0:80-1024/255.0.0.0" indicates to torsocks that the SOCKS server -specified in the current path block should be used to access any IPs in the -range 150.0.0.0 to 150.255.255.255 when the connection request is for ports -80-1024. - -.TP -.I tordns_enable -This enables the use of the 'tordns' feature in torsocks, which overrides the -standard C library name resolution calls to use SOCKS. The default value is -`true'. - -.TP -.I tordns_deadpool_range -Tor hidden sites do not have real IP addresses. This specifies what range of -IP addresses will be handed to the application as "cookies" for .onion names. -Of course, you should pick a block of addresses which you aren't going to ever -need to actually connect to. The default value is '127.0.69.0/255.255.255.0'. - -.TP -.I tordns_cache_size -This specifies the number of IP addresses looked up through SOCKS to cache. -The default value is 256. Each entry consumes 260 bytes of memory, so the -default adds 66,560 bytes of overhead to each 'torified' process. NOTE: if -the number of IP addresses in tordns_deadpool_range is less than the value -specified for tordns_cache_size, then the cache will be shrunk to fit the -deadpool range. This is to prevent duplicate deadpool addresses from ever -appearing in the cache. - -.SH UTILITIES -torsocks comes with two utilities that can be useful in creating and verifying -the torsocks configuration file. - -.SH EXAMPLE - - export TORSOCKS_CONF_FILE=$PWD/torsocks.conf - torsocks ssh account(a)sshserver.com - -.SH SEE ALSO -torsocks(8) - -.SH AUTHOR -Robert Hogan (robert(a)roberthogan.net) -Shaun Clowes (delius(a)progsoc.uts.edu.au) - -.SH COPYRIGHT -Copyright 2009 Robert Hogan -Copyright 2000 Shaun Clowes - -Renamed for use by torsocks to avoid conflict with torsocks by Robert Hogan. - -torsocks and its documentation may be freely copied under the terms and -conditions of version 2 of the GNU General Public License, as published -by the Free Software Foundation (Cambridge, Massachusetts, United -States of America). - -This documentation is based on the documentation for logwrites, another -shared library interceptor. One line of code from it was used in -torsocks and a lot of the documentation :) logwrites is by -adam(a)yggdrasil.com (Adam J. Richter) and can be had from ftp.yggdrasil.com -pub/dist/pkg diff --git a/doc/usewithtor.1 b/doc/usewithtor.1 new file mode 100644 index 0000000..c7500cb --- /dev/null +++ b/doc/usewithtor.1 @@ -0,0 +1,57 @@ +.TH USEWITHTOR 1 "" "USEWITHTOR" + +.SH NAME +.BR usewithtor +\- Shell wrapper to simplify the use of the torsocks(8) library to +transparently allow an application to use a SOCKS proxy. + +.SH SYNOPSIS +.B usewithtor +.RB [application\ [application's\ arguments]] +.br +.SH DESCRIPTION +.B usewithtor +is a wrapper between the torsocks library and the application what you +would like to run socksified. + +.SH OPTIONS +.IP \fB[application\ \fB[application's\ arguments]] +run the application as specified with the environment (LD_PRELOAD) set +such that torsocks(8) will transparently proxy SOCKS connections in +that program. + +.SH USEWITHTOR VERSUS TORSOCKS +.B usewithtor +runs +.B torsocks(1) +with the default configuration file, +located at +.B @CONFDIR@/torsocks.conf. +Running torsocks(1) directly means +that no configuration file will be used (unless you manually set the +TORSOCKS_CONF_FILE or TSOCKS_CONF_FILE environment variable), instead +.B torsocks(8) +will +use defaults that are sensible for most Tor installations. + +.SH USEWITHTOR VERSUS TORIFY +.B usewithtor(1) +and +.B torify(1) +intend to achieve the same ends for most +practical purposes. However +.B torify(1) +will use a default tsocks installation if one exists. +.B Usewithtor(1) +will only ever use a +.B torsocks(8) +installation. + +.SH SEE ALSO +torsocks.conf(5) +torsocks(1) +usewithtor(1) + +.SH AUTHOR +Robert Hogan (robert(a)roberthogan.net).This script is very similar to torify(1), +provided by the Tor project. \ No newline at end of file diff --git a/doc/usewithtor.1.in b/doc/usewithtor.1.in deleted file mode 100644 index c7500cb..0000000 --- a/doc/usewithtor.1.in +++ /dev/null @@ -1,57 +0,0 @@ -.TH USEWITHTOR 1 "" "USEWITHTOR" - -.SH NAME -.BR usewithtor -\- Shell wrapper to simplify the use of the torsocks(8) library to -transparently allow an application to use a SOCKS proxy. - -.SH SYNOPSIS -.B usewithtor -.RB [application\ [application's\ arguments]] -.br -.SH DESCRIPTION -.B usewithtor -is a wrapper between the torsocks library and the application what you -would like to run socksified. - -.SH OPTIONS -.IP \fB[application\ \fB[application's\ arguments]] -run the application as specified with the environment (LD_PRELOAD) set -such that torsocks(8) will transparently proxy SOCKS connections in -that program. - -.SH USEWITHTOR VERSUS TORSOCKS -.B usewithtor -runs -.B torsocks(1) -with the default configuration file, -located at -.B @CONFDIR@/torsocks.conf. -Running torsocks(1) directly means -that no configuration file will be used (unless you manually set the -TORSOCKS_CONF_FILE or TSOCKS_CONF_FILE environment variable), instead -.B torsocks(8) -will -use defaults that are sensible for most Tor installations. - -.SH USEWITHTOR VERSUS TORIFY -.B usewithtor(1) -and -.B torify(1) -intend to achieve the same ends for most -practical purposes. However -.B torify(1) -will use a default tsocks installation if one exists. -.B Usewithtor(1) -will only ever use a -.B torsocks(8) -installation. - -.SH SEE ALSO -torsocks.conf(5) -torsocks(1) -usewithtor(1) - -.SH AUTHOR -Robert Hogan (robert(a)roberthogan.net).This script is very similar to torify(1), -provided by the Tor project. \ No newline at end of file

1 0

[torsocks/master] Implement gethostbyaddr libc call
by dgoulet＠torproject.org 04 Apr '14

04 Apr '14

commit 4c90e9e112cd1f72bc7f90af9f3d59dc37c832dc Author: David Goulet <dgoulet(a)ev0ke.net> Date: Sun Jun 23 22:38:40 2013 -0400 Implement gethostbyaddr libc call Also add the tor resolve ptr function call in torsocks used by gethostbyaddr(). Signed-off-by: David Goulet <dgoulet(a)ev0ke.net> --- src/lib/gethostbyname.c | 66 +++++++++++++++++++++++++++++++++++++++++++++++ src/lib/torsocks.c | 48 ++++++++++++++++++++++++++++++++++ src/lib/torsocks.h | 19 +++++++++++++- 3 files changed, 132 insertions(+), 1 deletion(-) diff --git a/src/lib/gethostbyname.c b/src/lib/gethostbyname.c index d9afec9..3e89e9b 100644 --- a/src/lib/gethostbyname.c +++ b/src/lib/gethostbyname.c @@ -24,6 +24,7 @@ #include <common/log.h> #include "torsocks.h" + /* * Torsocks call for gethostbyname(3). * @@ -113,3 +114,68 @@ LIBC_GETHOSTBYNAME2_DECL { return tsocks_gethostbyname2(LIBC_GETHOSTBYNAME2_ARGS); } + +/* + * Torsocks call for gethostbyaddr(3). + * + * NOTE: This call is OBSOLETE in the glibc. Also, this call returns a pointer + * to a static pointer. + */ +LIBC_GETHOSTBYADDR_RET_TYPE tsocks_gethostbyaddr(LIBC_GETHOSTBYADDR_SIG) +{ + int ret; + char *hostname; + + /* + * Tor does not allow to resolve to an IPv6 pointer so only accept inet + * return address. + */ + if (!__addr || __type != AF_INET) { + h_errno = HOST_NOT_FOUND; + goto error; + } + + DBG("[gethostbyaddr] Requesting address %s of len %d and type %d", + inet_ntoa(*((struct in_addr *) __addr)), __len, __type); + + /* Reset static host entry of tsocks. */ + memset(&tsocks_he, 0, sizeof(tsocks_he)); + memset(tsocks_he_addr_list, 0, sizeof(tsocks_he_addr_list)); + memset(tsocks_he_name, 0, sizeof(tsocks_he_name)); + + ret = tsocks_tor_resolve_ptr(__addr, &hostname, __type); + if (ret < 0) { + const char *ret_str; + + ret_str = inet_ntop(__type, __addr, tsocks_he_name, + sizeof(tsocks_he_name)); + if (!ret_str) { + h_errno = HOST_NOT_FOUND; + goto error; + } + } else { + memcpy(tsocks_he_name, hostname, sizeof(tsocks_he_name)); + free(hostname); + tsocks_he_addr_list[0] = (char *) __addr; + } + + tsocks_he.h_name = tsocks_he_name; + tsocks_he.h_aliases = NULL; + tsocks_he.h_length = strlen(tsocks_he_name); + tsocks_he.h_addrtype = __type; + tsocks_he.h_addr_list = tsocks_he_addr_list; + + errno = 0; + return &tsocks_he; + +error: + return NULL; +} + +/* + * Libc hijacked symbol gethostbyaddr(3). + */ +LIBC_GETHOSTBYADDR_DECL +{ + return tsocks_gethostbyaddr(LIBC_GETHOSTBYADDR_ARGS); +} diff --git a/src/lib/torsocks.c b/src/lib/torsocks.c index 6b657ef..bc5959a 100644 --- a/src/lib/torsocks.c +++ b/src/lib/torsocks.c @@ -19,6 +19,7 @@ #include <assert.h> #include <dlfcn.h> +#include <inttypes.h> #include <stdlib.h> #include <common/config-file.h> @@ -305,6 +306,53 @@ error: } /* + * Resolve a hostname through Tor and set the ip address in the given pointer. + * + * Return 0 on success else a negative value and the result addr is untouched. + */ +int tsocks_tor_resolve_ptr(const char *addr, char **ip, int af) +{ + int ret; + struct connection conn; + + assert(addr); + assert(ip); + + DBG("Resolving %" PRIu32 " on the Tor network", addr); + + conn.fd = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP); + if (conn.fd < 0) { + PERROR("socket"); + ret = -errno; + goto error; + } + + ret = setup_tor_connection(&conn); + if (ret < 0) { + goto error; + } + + ret = socks5_send_resolve_ptr_request(addr, &conn); + if (ret < 0) { + goto error; + } + + /* Force IPv4 resolution for now. */ + ret = socks5_recv_resolve_ptr_reply(&conn, ip); + if (ret < 0) { + goto error; + } + + ret = close(conn.fd); + if (ret < 0) { + PERROR("close"); + } + +error: + return ret; +} + +/* * Lookup symbol in the loaded libraries of the binary. * * Return the function pointer or NULL on error. diff --git a/src/lib/torsocks.h b/src/lib/torsocks.h index 0121716..2e6fd50 100644 --- a/src/lib/torsocks.h +++ b/src/lib/torsocks.h @@ -45,7 +45,7 @@ #define LIBC_CONNECT_ARGS \ __sockfd, __addr, __addrlen -/* gethostbyname(3) */ +/* gethostbyname(3) - DEPRECATED in glibc. */ #include <netdb.h> /* @@ -57,6 +57,7 @@ struct hostent tsocks_he; char *tsocks_he_addr_list[2]; char tsocks_he_addr[INET_ADDRSTRLEN]; +char tsocks_he_name[255]; #define LIBC_GETHOSTBYNAME_NAME gethostbyname #define LIBC_GETHOSTBYNAME_NAME_STR XSTR(LIBC_GETHOSTBYNAME_NAME) @@ -71,6 +72,15 @@ char tsocks_he_addr[INET_ADDRSTRLEN]; #define LIBC_GETHOSTBYNAME2_SIG const char *__name, int __af #define LIBC_GETHOSTBYNAME2_ARGS __name, __af +/* gethostbyaddr(3) - DEPRECATED in glibc. */ +#include <sys/socket.h> + +#define LIBC_GETHOSTBYADDR_NAME gethostbyaddr +#define LIBC_GETHOSTBYADDR_NAME_STR XSTR(LIBC_GETHOSTBYADDR_NAME) +#define LIBC_GETHOSTBYADDR_RET_TYPE struct hostent * +#define LIBC_GETHOSTBYADDR_SIG const void *__addr, socklen_t __len, int __type +#define LIBC_GETHOSTBYADDR_ARGS __addr, __len, __type + /* getaddrinfo(3) */ #include <netdb.h> @@ -108,6 +118,12 @@ TSOCKS_LIBC_DECL(gethostbyname2, LIBC_GETHOSTBYNAME2_RET_TYPE, #define LIBC_GETHOSTBYNAME2_DECL LIBC_GETHOSTBYNAME2_RET_TYPE \ LIBC_GETHOSTBYNAME2_NAME(LIBC_GETHOSTBYNAME2_SIG) +/* gethostbyaddr(3) */ +TSOCKS_LIBC_DECL(gethostbyaddr, LIBC_GETHOSTBYADDR_RET_TYPE, + LIBC_GETHOSTBYADDR_SIG) +#define LIBC_GETHOSTBYADDR_DECL LIBC_GETHOSTBYADDR_RET_TYPE \ + LIBC_GETHOSTBYADDR_NAME(LIBC_GETHOSTBYADDR_SIG) + /* getaddrinfo(3) */ TSOCKS_LIBC_DECL(getaddrinfo, LIBC_GETADDRINFO_RET_TYPE, LIBC_GETADDRINFO_SIG) @@ -131,5 +147,6 @@ int tsocks_connect_to_tor(struct connection *conn); void *tsocks_find_libc_symbol(const char *symbol, enum tsocks_sym_action action); int tsocks_tor_resolve(const char *hostname, uint32_t *ip_addr); +int tsocks_tor_resolve_ptr(const char *addr, char **ip, int af); #endif /* TORSOCKS_H */

1 0

[torsocks/master] Add domain name SOCKS5 connect support
by dgoulet＠torproject.org 04 Apr '14

04 Apr '14

commit b8cc3b6a5d0996c1589d18604b31b6c5655c391a Author: David Goulet <dgoulet(a)ev0ke.net> Date: Mon Jun 24 12:48:54 2013 -0400 Add domain name SOCKS5 connect support Signed-off-by: David Goulet <dgoulet(a)ev0ke.net> --- src/common/connection.c | 1 + src/common/connection.h | 7 +++++++ src/common/socks5.c | 37 +++++++++++++++++++++++++++++++++---- 3 files changed, 41 insertions(+), 4 deletions(-) diff --git a/src/common/connection.c b/src/common/connection.c index b926f15..8fcbcf3 100644 --- a/src/common/connection.c +++ b/src/common/connection.c @@ -251,6 +251,7 @@ void connection_destroy(struct connection *conn) return; } + free(conn->dest_addr.hostname.addr); free(conn); } diff --git a/src/common/connection.h b/src/common/connection.h index 17f940c..379f158 100644 --- a/src/common/connection.h +++ b/src/common/connection.h @@ -30,6 +30,7 @@ enum connection_domain { CONNECTION_DOMAIN_INET = 1, CONNECTION_DOMAIN_INET6 = 2, + CONNECTION_DOMAIN_NAME = 3, }; /* @@ -37,6 +38,12 @@ enum connection_domain { */ struct connection_addr { enum connection_domain domain; + + struct { + char *addr; + uint16_t port; + } hostname; + union { struct sockaddr_in sin; struct sockaddr_in6 sin6; diff --git a/src/common/socks5.c b/src/common/socks5.c index e06528a..91beb05 100644 --- a/src/common/socks5.c +++ b/src/common/socks5.c @@ -244,8 +244,9 @@ int socks5_send_connect_request(struct connection *conn) /* Always zeroed. */ msg.rsv = 0; - /* Select connection socket domain. */ - if (conn->dest_addr.domain == CONNECTION_DOMAIN_INET) { + switch (conn->dest_addr.domain) { + case CONNECTION_DOMAIN_INET: + { struct socks5_request_ipv4 req_ipv4; msg.atyp = SOCKS5_ATYP_IPV4; @@ -260,7 +261,10 @@ int socks5_send_connect_request(struct connection *conn) /* Copy ipv4 request portion in the buffer. */ memcpy(buffer + buf_len, &req_ipv4, sizeof(req_ipv4)); buf_len += sizeof(req_ipv4); - } else if (conn->dest_addr.domain == CONNECTION_DOMAIN_INET6) { + break; + } + case CONNECTION_DOMAIN_INET6: + { struct socks5_request_ipv6 req_ipv6; msg.atyp = SOCKS5_ATYP_IPV6; @@ -275,7 +279,28 @@ int socks5_send_connect_request(struct connection *conn) /* Copy ipv6 request portion in the buffer. */ memcpy(buffer + buf_len, &req_ipv6, sizeof(req_ipv6)); buf_len += sizeof(req_ipv6); - } else { + break; + } + case CONNECTION_DOMAIN_NAME: + { + struct socks5_request_domain req_name; + + msg.atyp = SOCKS5_ATYP_DOMAIN; + /* Copy the first part of the request. */ + memcpy(buffer, &msg, buf_len); + + /* Setup domain name request buffer. */ + memcpy(req_name.name, conn->dest_addr.hostname.addr, + sizeof(req_name.name)); + req_name.port = conn->dest_addr.hostname.port; + req_name.len = strlen(conn->dest_addr.hostname.addr); + + /* Copy ipv6 request portion in the buffer. */ + memcpy(buffer + buf_len, &req_name, sizeof(req_name)); + buf_len += sizeof(req_name); + break; + } + default: ERR("Socks5 connection domain unknown %d", conn->dest_addr.domain); ret = -EINVAL; goto error; @@ -318,6 +343,10 @@ int socks5_recv_connect_reply(struct connection *conn) recv_len += sizeof(uint16_t); switch (tsocks_config.socks5_addr.domain) { + case CONNECTION_DOMAIN_NAME: + /* + * Tor returns and IPv4 upon resolution. Same for .onion address. + */ case CONNECTION_DOMAIN_INET: recv_len+= 4; break;

1 0

[torsocks/master] Add IPv6 support to Tor resolve command
by dgoulet＠torproject.org 04 Apr '14

04 Apr '14

commit 6a0bc8b32f884a4ab12a4b5bf356c418c3072d95 Author: David Goulet <dgoulet(a)ev0ke.net> Date: Sun Jun 23 14:56:36 2013 -0400 Add IPv6 support to Tor resolve command Signed-off-by: David Goulet <dgoulet(a)ev0ke.net> --- src/common/socks5.c | 35 +++++++++++++++++++++++++++++------ src/common/socks5.h | 3 ++- src/lib/torsocks.c | 3 ++- 3 files changed, 33 insertions(+), 8 deletions(-) diff --git a/src/common/socks5.c b/src/common/socks5.c index d007599..fcb30d7 100644 --- a/src/common/socks5.c +++ b/src/common/socks5.c @@ -449,20 +449,25 @@ error: * * Return 0 on success else a negative value. */ -int socks5_recv_resolve_reply(struct connection *conn, uint32_t *ip_addr) +int socks5_recv_resolve_reply(struct connection *conn, void *addr, + size_t addrlen) { int ret; + size_t recv_len; ssize_t ret_recv; struct { struct socks5_reply msg; - uint32_t addr; + union { + uint8_t ipv4[4]; + uint8_t ipv6[16]; + } addr; } buffer; assert(conn); assert(conn >= 0); - assert(ip_addr); + assert(addr); - ret_recv = recv_data(conn->fd, &buffer, sizeof(buffer)); + ret_recv = recv_data(conn->fd, &buffer, sizeof(buffer.msg)); if (ret_recv < 0) { ret = ret_recv; goto error; @@ -481,16 +486,34 @@ int socks5_recv_resolve_reply(struct connection *conn, uint32_t *ip_addr) } if (buffer.msg.atyp == SOCKS5_ATYP_IPV4) { - *ip_addr = buffer.addr; + /* Size of a binary IPv4 in bytes. */ + recv_len = sizeof(buffer.addr.ipv4); + } else if (buffer.msg.atyp == SOCKS5_ATYP_IPV6) { + /* Size of a binary IPv6 in bytes. */ + recv_len = sizeof(buffer.addr.ipv6); } else { ERR("Bad SOCKS5 atyp reply %d", buffer.msg.atyp); ret = -EINVAL; goto error; } + ret_recv = recv_data(conn->fd, &buffer.addr, recv_len); + if (ret_recv < 0) { + ret = ret_recv; + goto error; + } + + if (addrlen < recv_len) { + ERR("[socks5] Resolve destination buffer too small"); + ret = -EINVAL; + goto error; + } + + memcpy(addr, &buffer.addr, recv_len); + /* Everything went well and ip_addr has been populated. */ ret = 0; - DBG("[socks5] Resolve reply received: %" PRIu32, *ip_addr); + DBG("[socks5] Resolve reply received successfully"); error: return ret; diff --git a/src/common/socks5.h b/src/common/socks5.h index 9b47aa1..2699357 100644 --- a/src/common/socks5.h +++ b/src/common/socks5.h @@ -130,7 +130,8 @@ int socks5_recv_connect_reply(struct connection *conn); /* Tor DNS resolve. */ int socks5_send_resolve_request(const char *hostname, struct connection *conn); -int socks5_recv_resolve_reply(struct connection *conn, uint32_t *ip_addr); +int socks5_recv_resolve_reply(struct connection *conn, void *addr, + size_t addrlent); int socks5_recv_resolve_ptr_reply(struct connection *conn, char **_hostname); int socks5_send_resolve_ptr_request(const void *ip, struct connection *conn); diff --git a/src/lib/torsocks.c b/src/lib/torsocks.c index 28cd183..6b657ef 100644 --- a/src/lib/torsocks.c +++ b/src/lib/torsocks.c @@ -289,7 +289,8 @@ int tsocks_tor_resolve(const char *hostname, uint32_t *ip_addr) goto error; } - ret = socks5_recv_resolve_reply(&conn, ip_addr); + /* Force IPv4 resolution for now. */ + ret = socks5_recv_resolve_reply(&conn, ip_addr, sizeof(uint32_t)); if (ret < 0) { goto error; }

1 0

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

tor-commits April 2014