tor-commits
Threads by month
- ----- 2026 -----
- January
- ----- 2025 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
July 2018
- 17 participants
- 1738 discussions
16 Jul '18
commit adbe6a25215b5f2c626a0801a49d596c0e478b5c
Author: rl1987 <rl1987(a)sdf.lonestar.org>
Date: Sun May 13 14:06:43 2018 +0200
Copy socks5.trunnel from trunnel examples dir
---
src/trunnel/socks5.trunnel | 115 +++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 115 insertions(+)
diff --git a/src/trunnel/socks5.trunnel b/src/trunnel/socks5.trunnel
new file mode 100644
index 000000000..ab53a4315
--- /dev/null
+++ b/src/trunnel/socks5.trunnel
@@ -0,0 +1,115 @@
+// Example: here's a quickie implementation of the messages in the
+// socks5 protocol.
+
+struct socks5_client_version {
+ u8 version IN [5];
+ u8 n_methods;
+ u8 methods[n_methods];
+}
+
+struct socks5_server_method {
+ u8 version IN [5];
+ u8 method;
+}
+
+const CMD_CONNECT = 1;
+const CMD_BIND = 2;
+const CMD_UDP_ASSOCIATE = 3;
+// This is a tor extension
+const CMD_RESOLVE_PTR = 0xF1;
+
+const ATYPE_IPV4 = 1;
+const ATYPE_IPV6 = 4;
+const ATYPE_DOMAINNAME = 3;
+
+struct domainname {
+ u8 len;
+ char name[len];
+}
+
+struct socks5_client_request {
+ u8 version IN [5];
+ u8 command IN [CMD_CONNECT, CMD_BIND, CMD_UDP_ASSOCIATE, CMD_RESOLVE_PTR];
+ u8 reserved IN [0];
+ u8 atype;
+ union dest_addr[atype] {
+ ATYPE_IPV4: u32 ipv4;
+ ATYPE_IPV6: u8 ipv6[16];
+ ATYPE_DOMAINNAME: struct domainname domainname;
+ default: fail;
+ };
+ u16 dest_port;
+}
+
+struct socks5_server_reply {
+ u8 version IN [5];
+ u8 reply;
+ u8 reserved IN [0];
+ u8 atype;
+ union bind_addr[atype] {
+ ATYPE_IPV4: u32 ipv4;
+ ATYPE_IPV6: u8 ipv6[16];
+ ATYPE_DOMAINNAME: struct domainname domainname;
+ default: fail;
+ };
+ u16 bind_port;
+}
+
+struct socks5_client_userpass_auth {
+ u8 version IN [1];
+ u8 username_len;
+ char username[username_len];
+ u8 passwd_len;
+ char passwd[passwd_len];
+}
+
+struct socks5_server_userpath_auth {
+ u8 version IN [1];
+ u8 status;
+}
+
+// Oh why not. Here's socks4 and socks4a.
+
+struct socks4_client_request {
+ u8 version IN [4];
+ u8 command IN [CMD_CONNECT,CMD_BIND,CMD_RESOLVE_PTR];
+ u16 port;
+ u32 addr;
+ nulterm username;
+ union socks4a_addr[addr] {
+ 1..255:
+ nulterm hostname;
+ default:
+ ;
+ };
+}
+
+struct socks4_server_reply {
+ u8 version IN [4];
+ u8 status;
+ u16 port;
+ u32 addr;
+}
+
+// And here's the extended stuff from proposal 229
+
+struct tor_socksauth_keyval {
+ u16 keylen;
+ char key[keylen];
+ u16 vallen;
+ char val[vallen];
+}
+
+struct tor_extended_socks_auth_request {
+ u8 version IN [1];
+ u16 npairs;
+ struct tor_socksauth_keyval pairs[npairs];
+}
+
+struct tor_extended_socks_auth_response {
+ u8 version IN [1];
+ u8 status;
+ u16 npairs;
+ struct tor_socksauth_keyval pairs[npairs];
+}
+
1
0
16 Jul '18
commit b160929c2274a6a0b6b53a25f3a384369da60865
Author: rl1987 <rl1987(a)sdf.lonestar.org>
Date: Tue May 15 11:49:07 2018 +0200
Add RESOLVE (0xF0) command to socks4_client_request
---
src/trunnel/socks5.c | 12 ++++++------
src/trunnel/socks5.h | 1 +
src/trunnel/socks5.trunnel | 3 ++-
3 files changed, 9 insertions(+), 7 deletions(-)
diff --git a/src/trunnel/socks5.c b/src/trunnel/socks5.c
index 7bc6e5fe7..1d6f56dfa 100644
--- a/src/trunnel/socks5.c
+++ b/src/trunnel/socks5.c
@@ -345,7 +345,7 @@ socks4_client_request_get_command(const socks4_client_request_t *inp)
int
socks4_client_request_set_command(socks4_client_request_t *inp, uint8_t val)
{
- if (! ((val == CMD_BIND || val == CMD_CONNECT || val == CMD_RESOLVE_PTR))) {
+ if (! ((val == CMD_BIND || val == CMD_CONNECT || val == CMD_RESOLVE || val == CMD_RESOLVE_PTR))) {
TRUNNEL_SET_ERROR_CODE(inp);
return -1;
}
@@ -413,7 +413,7 @@ socks4_client_request_check(const socks4_client_request_t *obj)
return "A set function failed on this object";
if (! (obj->version == 4))
return "Integer out of bounds";
- if (! (obj->command == CMD_BIND || obj->command == CMD_CONNECT || obj->command == CMD_RESOLVE_PTR))
+ if (! (obj->command == CMD_BIND || obj->command == CMD_CONNECT || obj->command == CMD_RESOLVE || obj->command == CMD_RESOLVE_PTR))
return "Integer out of bounds";
if (NULL == obj->username)
return "Missing username";
@@ -696,7 +696,7 @@ socks4_client_request_encoded_len(const socks4_client_request_t *obj)
/* Length of u8 version IN [4] */
result += 1;
- /* Length of u8 command IN [CMD_BIND, CMD_CONNECT, CMD_RESOLVE_PTR] */
+ /* Length of u8 command IN [CMD_BIND, CMD_CONNECT, CMD_RESOLVE, CMD_RESOLVE_PTR] */
result += 1;
/* Length of u16 port */
@@ -1006,7 +1006,7 @@ socks4_client_request_encode(uint8_t *output, const size_t avail, const socks4_c
trunnel_set_uint8(ptr, (obj->version));
written += 1; ptr += 1;
- /* Encode u8 command IN [CMD_BIND, CMD_CONNECT, CMD_RESOLVE_PTR] */
+ /* Encode u8 command IN [CMD_BIND, CMD_CONNECT, CMD_RESOLVE, CMD_RESOLVE_PTR] */
trunnel_assert(written <= avail);
if (avail - written < 1)
goto truncated;
@@ -1354,11 +1354,11 @@ socks4_client_request_parse_into(socks4_client_request_t *obj, const uint8_t *in
if (! (obj->version == 4))
goto fail;
- /* Parse u8 command IN [CMD_BIND, CMD_CONNECT, CMD_RESOLVE_PTR] */
+ /* Parse u8 command IN [CMD_BIND, CMD_CONNECT, CMD_RESOLVE, CMD_RESOLVE_PTR] */
CHECK_REMAINING(1, truncated);
obj->command = (trunnel_get_uint8(ptr));
remaining -= 1; ptr += 1;
- if (! (obj->command == CMD_BIND || obj->command == CMD_CONNECT || obj->command == CMD_RESOLVE_PTR))
+ if (! (obj->command == CMD_BIND || obj->command == CMD_CONNECT || obj->command == CMD_RESOLVE || obj->command == CMD_RESOLVE_PTR))
goto fail;
/* Parse u16 port */
diff --git a/src/trunnel/socks5.h b/src/trunnel/socks5.h
index fb3c03160..8bc5af109 100644
--- a/src/trunnel/socks5.h
+++ b/src/trunnel/socks5.h
@@ -11,6 +11,7 @@
#define CMD_CONNECT 1
#define CMD_BIND 2
#define CMD_UDP_ASSOCIATE 3
+#define CMD_RESOLVE 240
#define CMD_RESOLVE_PTR 241
#define ATYPE_IPV4 1
#define ATYPE_IPV6 4
diff --git a/src/trunnel/socks5.trunnel b/src/trunnel/socks5.trunnel
index ab53a4315..4818d1408 100644
--- a/src/trunnel/socks5.trunnel
+++ b/src/trunnel/socks5.trunnel
@@ -16,6 +16,7 @@ const CMD_CONNECT = 1;
const CMD_BIND = 2;
const CMD_UDP_ASSOCIATE = 3;
// This is a tor extension
+const CMD_RESOLVE = 0xF0;
const CMD_RESOLVE_PTR = 0xF1;
const ATYPE_IPV4 = 1;
@@ -72,7 +73,7 @@ struct socks5_server_userpath_auth {
struct socks4_client_request {
u8 version IN [4];
- u8 command IN [CMD_CONNECT,CMD_BIND,CMD_RESOLVE_PTR];
+ u8 command IN [CMD_CONNECT,CMD_BIND,CMD_RESOLVE,CMD_RESOLVE_PTR];
u16 port;
u32 addr;
nulterm username;
1
0
commit c6a0b04d33f5d2cdb8207672c18b06d689ecd1df
Author: rl1987 <rl1987(a)sdf.lonestar.org>
Date: Tue May 15 12:24:21 2018 +0200
Remove legacy SOCKS4 code
---
src/or/proto_socks.c | 120 ---------------------------------------------------
1 file changed, 120 deletions(-)
diff --git a/src/or/proto_socks.c b/src/or/proto_socks.c
index 36364e961..4fdc33d1d 100644
--- a/src/or/proto_socks.c
+++ b/src/or/proto_socks.c
@@ -385,11 +385,8 @@ parse_socks(const char *data, size_t datalen, socks_request_t *req,
unsigned int len;
char tmpbuf[TOR_ADDR_BUF_LEN+1];
tor_addr_t destaddr;
- uint32_t destip;
uint8_t socksver;
- char *next, *startaddr;
unsigned char usernamelen, passlen;
- struct in_addr in;
if (datalen < 2) {
/* We always need at least 2 bytes. */
@@ -606,123 +603,6 @@ parse_socks(const char *data, size_t datalen, socks_request_t *req,
}
tor_assert(0);
break;
- case 4: { /* socks4 */
- enum {socks4, socks4a} socks4_prot = socks4a;
- const char *authstart, *authend;
- /* http://ss5.sourceforge.net/socks4.protocol.txt */
- /* http://ss5.sourceforge.net/socks4A.protocol.txt */
-
- req->socks_version = 4;
- if (datalen < SOCKS4_NETWORK_LEN) {/* basic info available? */
- *want_length_out = SOCKS4_NETWORK_LEN;
- return 0; /* not yet */
- }
- // buf_pullup(buf, 1280);
- req->command = (unsigned char) *(data+1);
- if (req->command != SOCKS_COMMAND_CONNECT &&
- req->command != SOCKS_COMMAND_RESOLVE) {
- /* not a connect or resolve? we don't support it. (No resolve_ptr with
- * socks4.) */
- log_warn(LD_APP,"socks4: command %d not recognized. Rejecting.",
- req->command);
- return -1;
- }
-
- req->port = ntohs(get_uint16(data+2));
- destip = ntohl(get_uint32(data+4));
- if ((!req->port && req->command!=SOCKS_COMMAND_RESOLVE) || !destip) {
- log_warn(LD_APP,"socks4: Port or DestIP is zero. Rejecting.");
- return -1;
- }
- if (destip >> 8) {
- log_debug(LD_APP,"socks4: destip not in form 0.0.0.x.");
- in.s_addr = htonl(destip);
- tor_inet_ntoa(&in,tmpbuf,sizeof(tmpbuf));
- if (BUG(strlen(tmpbuf)+1 > MAX_SOCKS_ADDR_LEN)) {
- /* LCOV_EXCL_START -- This branch is unreachable, given the
- * size of tmpbuf and the actual value of MAX_SOCKS_ADDR_LEN */
- log_debug(LD_APP,"socks4 addr (%d bytes) too long. Rejecting.",
- (int)strlen(tmpbuf));
- return -1;
- /* LCOV_EXCL_STOP */
- }
- log_debug(LD_APP,
- "socks4: successfully read destip (%s)",
- safe_str_client(tmpbuf));
- socks4_prot = socks4;
- }
-
- authstart = data + SOCKS4_NETWORK_LEN;
- next = memchr(authstart, 0,
- datalen-SOCKS4_NETWORK_LEN);
- if (!next) {
- if (datalen >= 1024) {
- log_debug(LD_APP, "Socks4 user name too long; rejecting.");
- return -1;
- }
- log_debug(LD_APP,"socks4: Username not here yet.");
- *want_length_out = datalen+1024; /* More than we need, but safe */
- return 0;
- }
- authend = next;
- tor_assert(next < data+datalen);
-
- startaddr = NULL;
- if (socks4_prot != socks4a &&
- !addressmap_have_mapping(tmpbuf,0)) {
- log_unsafe_socks_warning(4, tmpbuf, req->port, safe_socks);
-
- if (safe_socks)
- return -1;
- }
- if (socks4_prot == socks4a) {
- if (next+1 == data+datalen) {
- log_debug(LD_APP,"socks4: No part of destaddr here yet.");
- *want_length_out = datalen + 1024; /* More than we need, but safe */
- return 0;
- }
- startaddr = next+1;
- next = memchr(startaddr, 0, data + datalen - startaddr);
- if (!next) {
- if (datalen >= 1024) {
- log_debug(LD_APP,"socks4: Destaddr too long.");
- return -1;
- }
- log_debug(LD_APP,"socks4: Destaddr not all here yet.");
- *want_length_out = datalen + 1024; /* More than we need, but safe */
- return 0;
- }
- if (MAX_SOCKS_ADDR_LEN <= next-startaddr) {
- log_warn(LD_APP,"socks4: Destaddr too long. Rejecting.");
- return -1;
- }
- // tor_assert(next < buf->cur+buf_datalen(buf));
-
- if (log_sockstype)
- log_notice(LD_APP,
- "Your application (using socks4a to port %d) instructed "
- "Tor to take care of the DNS resolution itself if "
- "necessary. This is good.", req->port);
- }
- log_debug(LD_APP,"socks4: Everything is here. Success.");
- strlcpy(req->address, startaddr ? startaddr : tmpbuf,
- sizeof(req->address));
- if (!string_is_valid_dest(req->address)) {
- log_warn(LD_PROTOCOL,
- "Your application (using socks4 to port %d) gave Tor "
- "a malformed hostname: %s. Rejecting the connection.",
- req->port, escaped_safe_str_client(req->address));
- return -1;
- }
- if (authend != authstart) {
- req->got_auth = 1;
- req->usernamelen = authend - authstart;
- req->username = tor_memdup(authstart, authend - authstart);
- }
- /* next points to the final \0 on inbuf */
- *drain_out = next - data + 1;
- return 1;
- }
case 'G': /* get */
case 'H': /* head */
case 'P': /* put/post */
1
0
16 Jul '18
commit 9155e08450fe7a609f8223202e8aa7dfbca20a6d
Author: rl1987 <rl1987(a)sdf.lonestar.org>
Date: Sun May 13 17:39:48 2018 +0200
Parsing SOCKS4/4a request using trunnel impl
---
src/or/proto_socks.c | 195 ++++++++++++++++++++++++++++++++++++++++++++++++--
src/test/test_socks.c | 8 +--
2 files changed, 194 insertions(+), 9 deletions(-)
diff --git a/src/or/proto_socks.c b/src/or/proto_socks.c
index 46439d66b..36364e961 100644
--- a/src/or/proto_socks.c
+++ b/src/or/proto_socks.c
@@ -14,6 +14,7 @@
#include "or/proto_socks.h"
#include "or/reasons.h"
+#include "trunnel/socks5.h"
#include "or/socks_request_st.h"
static void socks_request_set_socks5_error(socks_request_t *req,
@@ -85,6 +86,147 @@ socks_request_free_(socks_request_t *req)
tor_free(req);
}
+static int
+parse_socks4_request(const uint8_t *raw_data, socks_request_t *req,
+ size_t datalen, int *is_socks4a)
+{
+ // http://ss5.sourceforge.net/socks4.protocol.txt
+ // http://ss5.sourceforge.net/socks4A.protocol.txt
+ int res = 1;
+ tor_addr_t destaddr;
+
+ req->socks_version = 4;
+
+ socks4_client_request_t *trunnel_req;
+
+ ssize_t parsed =
+ socks4_client_request_parse(&trunnel_req, raw_data, datalen);
+
+ if (parsed == -1) {
+ log_warn(LD_APP, "socks4: parsing failed - invalid request.");
+ res = -1;
+ goto end;
+ } else if (parsed == -2) {
+ res = 0;
+ if (datalen > 1024) { // XXX
+ log_warn(LD_APP, "socks4: parsing failed - invalid request.");
+ res = -1;
+ }
+ goto end;
+ }
+
+ uint8_t command = socks4_client_request_get_command(trunnel_req);
+ req->command = command;
+
+ req->port = socks4_client_request_get_port(trunnel_req);
+ uint32_t dest_ip = socks4_client_request_get_addr(trunnel_req);
+
+ if ((!req->port && req->command != SOCKS_COMMAND_RESOLVE) ||
+ dest_ip == 0) {
+ log_warn(LD_APP, "socks4: Port or DestIP is zero. Rejecting.");
+ res = -1;
+ goto end;
+ }
+
+ *is_socks4a = (dest_ip >> 8) == 0;
+
+ const char *username = socks4_client_request_get_username(trunnel_req);
+ size_t usernamelen = username ? strlen(username) : 0;
+ if (username && usernamelen) {
+ if (usernamelen > MAX_SOCKS_MESSAGE_LEN) {
+ log_warn(LD_APP, "Socks4 user name too long; rejecting.");
+ res = -1;
+ goto end;
+ }
+
+ req->got_auth = 1;
+ req->username = tor_strdup(username);
+ req->usernamelen = usernamelen;
+ }
+
+ if (*is_socks4a) {
+ // We cannot rely on trunnel here, as we want to detect if
+ // we have abnormally long hostname field.
+ const char *hostname = (char *)raw_data + SOCKS4_NETWORK_LEN +
+ strlen(username) + 1;
+ size_t hostname_len = (char *)raw_data + datalen - hostname;
+
+ if (hostname_len <= sizeof(req->address)) {
+ const char *trunnel_hostname =
+ socks4_client_request_get_socks4a_addr_hostname(trunnel_req);
+
+ if (trunnel_hostname)
+ strlcpy(req->address, trunnel_hostname, sizeof(req->address));
+ } else {
+ log_warn(LD_APP, "socks4: Destaddr too long. Rejecting.");
+ res = -1;
+ goto end;
+ }
+ } else {
+ tor_addr_from_ipv4h(&destaddr, dest_ip);
+
+ if (!tor_addr_to_str(req->address, &destaddr,
+ MAX_SOCKS_ADDR_LEN, 0)) {
+ res = -1;
+ goto end;
+ }
+ }
+
+ end:
+ socks4_client_request_free(trunnel_req);
+
+ return res;
+}
+
+/**
+ * Validate SOCKS4/4a related fields in <b>req</b>. Expect SOCKS4a
+ * if <b>is_socks4a</b> is true. If <b>log_sockstype</b> is true,
+ * log a notice about possible DNS leaks on local system. If
+ * <b>safe_socks</b> is true, reject insecure usage of SOCKS
+ * protocol.
+ *
+ * Return SOCKS_RESULT_DONE if validation passed or
+ * SOCKS_RESULT_INVALID if it failed.
+ */
+static socks_result_t
+process_socks4_request(const socks_request_t *req, int is_socks4a,
+ int log_sockstype, int safe_socks)
+{
+ if (is_socks4a && !addressmap_have_mapping(req->address, 0)) {
+ log_unsafe_socks_warning(4, req->address, req->port, safe_socks);
+
+ if (safe_socks)
+ return -1;
+ }
+
+ if (req->command != SOCKS_COMMAND_CONNECT &&
+ req->command != SOCKS_COMMAND_RESOLVE) {
+ /* not a connect or resolve? we don't support it. (No resolve_ptr with
+ * socks4.) */
+ log_warn(LD_APP, "socks4: command %d not recognized. Rejecting.",
+ req->command);
+ return -1;
+ }
+
+ if (is_socks4a) {
+ if (log_sockstype)
+ log_notice(LD_APP,
+ "Your application (using socks4a to port %d) instructed "
+ "Tor to take care of the DNS resolution itself if "
+ "necessary. This is good.", req->port);
+ }
+
+ if (!string_is_valid_dest(req->address)) {
+ log_warn(LD_PROTOCOL,
+ "Your application (using socks4 to port %d) gave Tor "
+ "a malformed hostname: %s. Rejecting the connection.",
+ req->port, escaped_safe_str_client(req->address));
+ return -1;
+ }
+
+ return 1;
+}
+
/** There is a (possibly incomplete) socks handshake on <b>buf</b>, of one
* of the forms
* - socks4: "socksheader username\\0"
@@ -114,14 +256,56 @@ int
fetch_from_buf_socks(buf_t *buf, socks_request_t *req,
int log_sockstype, int safe_socks)
{
- int res;
+ int res = 0;
+ size_t datalen = buf_datalen(buf);
+ uint8_t *raw_data;
+ uint8_t socks_version;
+
+ raw_data = tor_malloc(datalen);
+ memset(raw_data, 0, datalen);
+
+ buf_peek(buf, (char *)raw_data, datalen);
+
+ socks_version = (uint8_t)raw_data[0];
+
+ if (socks_version == 4) {
+ if (datalen < SOCKS4_NETWORK_LEN) {
+ res = 0;
+ goto end;
+ }
+
+ int is_socks4a = 0;
+ int parse_status =
+ parse_socks4_request((const uint8_t *)raw_data, req, datalen,
+ &is_socks4a);
+
+ if (parse_status != 1) {
+ res = parse_status;
+ goto end;
+ }
+
+ int process_status = process_socks4_request(req, is_socks4a,
+ log_sockstype,
+ safe_socks);
+
+ if (process_status != 1) {
+ res = process_status;
+ goto end;
+ }
+
+ buf_clear(buf);
+ res = 1;
+ goto end;
+ }
+
ssize_t n_drain;
size_t want_length = 128;
const char *head = NULL;
- size_t datalen = 0;
- if (buf_datalen(buf) < 2) /* version and another byte */
- return 0;
+ if (buf_datalen(buf) < 2) { /* version and another byte */
+ res = 0;
+ goto end;
+ }
do {
n_drain = 0;
@@ -140,6 +324,8 @@ fetch_from_buf_socks(buf_t *buf, socks_request_t *req,
} while (res == 0 && head && want_length < buf_datalen(buf) &&
buf_datalen(buf) >= 2);
+ end:
+ tor_free(raw_data);
return res;
}
@@ -710,4 +896,3 @@ parse_socks_client(const uint8_t *data, size_t datalen,
return -1;
/* LCOV_EXCL_STOP */
}
-
diff --git a/src/test/test_socks.c b/src/test/test_socks.c
index 04c028058..cf34e9d43 100644
--- a/src/test/test_socks.c
+++ b/src/test/test_socks.c
@@ -82,7 +82,7 @@ test_socks_4_supported_commands(void *ptr)
tt_int_op(0,OP_EQ, buf_datalen(buf));
- /* SOCKS 4 Send CONNECT [01] to IP address 2.2.2.2:4370 */
+ /* SOCKS 4 Send CONNECT [01] to IP address 2.2.2.3:4370 */
ADD_DATA(buf, "\x04\x01\x11\x12\x02\x02\x02\x03\x00");
tt_int_op(fetch_from_buf_socks(buf, socks, get_options()->TestSocks,
get_options()->SafeSocks),
@@ -98,7 +98,7 @@ test_socks_4_supported_commands(void *ptr)
tt_int_op(0,OP_EQ, buf_datalen(buf));
socks_request_clear(socks);
- /* SOCKS 4 Send CONNECT [01] to IP address 2.2.2.2:4369 with userid*/
+ /* SOCKS 4 Send CONNECT [01] to IP address 2.2.2.4:4369 with userid*/
ADD_DATA(buf, "\x04\x01\x11\x12\x02\x02\x02\x04me\x00");
tt_int_op(fetch_from_buf_socks(buf, socks, 1, 0),
OP_EQ, 1);
@@ -142,7 +142,7 @@ test_socks_4_bad_arguments(void *ptr)
get_options()->SafeSocks),
OP_EQ, -1);
buf_clear(buf);
- expect_log_msg_containing("Port or DestIP is zero.");
+ expect_log_msg_containing("Port or DestIP is zero."); // !!!
mock_clean_saved_logs();
/* Try with 0 port */
@@ -192,7 +192,7 @@ test_socks_4_bad_arguments(void *ptr)
tt_int_op(fetch_from_buf_socks(buf, socks, 1, 0),
OP_EQ, -1);
buf_clear(buf);
- expect_log_msg_containing("Destaddr too long.");
+ expect_log_msg_containing("parsing failed - invalid request.");
mock_clean_saved_logs();
/* Socks4, bogus hostname */
1
0
16 Jul '18
commit 240f33e3274fd0e9c2f97f6d3cb1e0f99263e9c7
Author: rl1987 <rl1987(a)sdf.lonestar.org>
Date: Sun May 13 14:13:15 2018 +0200
Generate trunnel impls and include into build
---
src/trunnel/include.am | 9 +-
src/trunnel/socks5.c | 5054 ++++++++++++++++++++++++++++++++++++++++++++++++
src/trunnel/socks5.h | 1370 +++++++++++++
3 files changed, 6430 insertions(+), 3 deletions(-)
diff --git a/src/trunnel/include.am b/src/trunnel/include.am
index 5a0a79c3a..03c1753e9 100644
--- a/src/trunnel/include.am
+++ b/src/trunnel/include.am
@@ -10,7 +10,8 @@ TRUNNELINPUTS = \
src/trunnel/ed25519_cert.trunnel \
src/trunnel/link_handshake.trunnel \
src/trunnel/pwbox.trunnel \
- src/trunnel/channelpadding_negotiation.trunnel
+ src/trunnel/channelpadding_negotiation.trunnel \
+ src/trunner/socks5.trunnel
TRUNNELSOURCES = \
src/ext/trunnel/trunnel.c \
@@ -21,7 +22,8 @@ TRUNNELSOURCES = \
src/trunnel/hs/cell_establish_intro.c \
src/trunnel/hs/cell_introduce1.c \
src/trunnel/hs/cell_rendezvous.c \
- src/trunnel/channelpadding_negotiation.c
+ src/trunnel/channelpadding_negotiation.c \
+ src/trunnel/socks5.c
TRUNNELHEADERS = \
src/ext/trunnel/trunnel.h \
@@ -34,7 +36,8 @@ TRUNNELHEADERS = \
src/trunnel/hs/cell_establish_intro.h \
src/trunnel/hs/cell_introduce1.h \
src/trunnel/hs/cell_rendezvous.h \
- src/trunnel/channelpadding_negotiation.h
+ src/trunnel/channelpadding_negotiation.h \
+ src/trunnel/socks5.h
src_trunnel_libor_trunnel_a_SOURCES = $(TRUNNELSOURCES)
src_trunnel_libor_trunnel_a_CPPFLAGS = \
diff --git a/src/trunnel/socks5.c b/src/trunnel/socks5.c
new file mode 100644
index 000000000..7bc6e5fe7
--- /dev/null
+++ b/src/trunnel/socks5.c
@@ -0,0 +1,5054 @@
+/* socks5.c -- generated by Trunnel v1.5.2.
+ * https://gitweb.torproject.org/trunnel.git
+ * You probably shouldn't edit this file.
+ */
+#include <stdlib.h>
+#include "trunnel-impl.h"
+
+#include "socks5.h"
+
+#define TRUNNEL_SET_ERROR_CODE(obj) \
+ do { \
+ (obj)->trunnel_error_code_ = 1; \
+ } while (0)
+
+#if defined(__COVERITY__) || defined(__clang_analyzer__)
+/* If we're running a static analysis tool, we don't want it to complain
+ * that some of our remaining-bytes checks are dead-code. */
+int socks_deadcode_dummy__ = 0;
+#define OR_DEADCODE_DUMMY || socks_deadcode_dummy__
+#else
+#define OR_DEADCODE_DUMMY
+#endif
+
+#define CHECK_REMAINING(nbytes, label) \
+ do { \
+ if (remaining < (nbytes) OR_DEADCODE_DUMMY) { \
+ goto label; \
+ } \
+ } while (0)
+
+domainname_t *
+domainname_new(void)
+{
+ domainname_t *val = trunnel_calloc(1, sizeof(domainname_t));
+ if (NULL == val)
+ return NULL;
+ return val;
+}
+
+/** Release all storage held inside 'obj', but do not free 'obj'.
+ */
+static void
+domainname_clear(domainname_t *obj)
+{
+ (void) obj;
+ TRUNNEL_DYNARRAY_WIPE(&obj->name);
+ TRUNNEL_DYNARRAY_CLEAR(&obj->name);
+}
+
+void
+domainname_free(domainname_t *obj)
+{
+ if (obj == NULL)
+ return;
+ domainname_clear(obj);
+ trunnel_memwipe(obj, sizeof(domainname_t));
+ trunnel_free_(obj);
+}
+
+uint8_t
+domainname_get_len(const domainname_t *inp)
+{
+ return inp->len;
+}
+int
+domainname_set_len(domainname_t *inp, uint8_t val)
+{
+ inp->len = val;
+ return 0;
+}
+size_t
+domainname_getlen_name(const domainname_t *inp)
+{
+ return TRUNNEL_DYNARRAY_LEN(&inp->name);
+}
+
+char
+domainname_get_name(domainname_t *inp, size_t idx)
+{
+ return TRUNNEL_DYNARRAY_GET(&inp->name, idx);
+}
+
+char
+domainname_getconst_name(const domainname_t *inp, size_t idx)
+{
+ return domainname_get_name((domainname_t*)inp, idx);
+}
+int
+domainname_set_name(domainname_t *inp, size_t idx, char elt)
+{
+ TRUNNEL_DYNARRAY_SET(&inp->name, idx, elt);
+ return 0;
+}
+int
+domainname_add_name(domainname_t *inp, char elt)
+{
+#if SIZE_MAX >= UINT8_MAX
+ if (inp->name.n_ == UINT8_MAX)
+ goto trunnel_alloc_failed;
+#endif
+ TRUNNEL_DYNARRAY_ADD(char, &inp->name, elt, {});
+ return 0;
+ trunnel_alloc_failed:
+ TRUNNEL_SET_ERROR_CODE(inp);
+ return -1;
+}
+
+char *
+domainname_getarray_name(domainname_t *inp)
+{
+ return inp->name.elts_;
+}
+const char *
+domainname_getconstarray_name(const domainname_t *inp)
+{
+ return (const char *)domainname_getarray_name((domainname_t*)inp);
+}
+int
+domainname_setlen_name(domainname_t *inp, size_t newlen)
+{
+#if UINT8_MAX < SIZE_MAX
+ if (newlen > UINT8_MAX)
+ goto trunnel_alloc_failed;
+#endif
+ return trunnel_string_setlen(&inp->name, newlen,
+ &inp->trunnel_error_code_);
+ trunnel_alloc_failed:
+ TRUNNEL_SET_ERROR_CODE(inp);
+ return -1;
+}
+const char *
+domainname_getstr_name(domainname_t *inp)
+{
+ return trunnel_string_getstr(&inp->name);
+}
+int
+domainname_setstr0_name(domainname_t *inp, const char *val, size_t len)
+{
+#if UINT8_MAX < SIZE_MAX
+ if (len > UINT8_MAX) {
+ TRUNNEL_SET_ERROR_CODE(inp);
+ return -1;
+ }
+#endif
+ return trunnel_string_setstr0(&inp->name, val, len, &inp->trunnel_error_code_);
+}
+int
+domainname_setstr_name(domainname_t *inp, const char *val)
+{
+ return domainname_setstr0_name(inp, val, strlen(val));
+}
+const char *
+domainname_check(const domainname_t *obj)
+{
+ if (obj == NULL)
+ return "Object was NULL";
+ if (obj->trunnel_error_code_)
+ return "A set function failed on this object";
+ if (TRUNNEL_DYNARRAY_LEN(&obj->name) != obj->len)
+ return "Length mismatch for name";
+ return NULL;
+}
+
+ssize_t
+domainname_encoded_len(const domainname_t *obj)
+{
+ ssize_t result = 0;
+
+ if (NULL != domainname_check(obj))
+ return -1;
+
+
+ /* Length of u8 len */
+ result += 1;
+
+ /* Length of char name[len] */
+ result += TRUNNEL_DYNARRAY_LEN(&obj->name);
+ return result;
+}
+int
+domainname_clear_errors(domainname_t *obj)
+{
+ int r = obj->trunnel_error_code_;
+ obj->trunnel_error_code_ = 0;
+ return r;
+}
+ssize_t
+domainname_encode(uint8_t *output, const size_t avail, const domainname_t *obj)
+{
+ ssize_t result = 0;
+ size_t written = 0;
+ uint8_t *ptr = output;
+ const char *msg;
+#ifdef TRUNNEL_CHECK_ENCODED_LEN
+ const ssize_t encoded_len = domainname_encoded_len(obj);
+#endif
+
+ if (NULL != (msg = domainname_check(obj)))
+ goto check_failed;
+
+#ifdef TRUNNEL_CHECK_ENCODED_LEN
+ trunnel_assert(encoded_len >= 0);
+#endif
+
+ /* Encode u8 len */
+ trunnel_assert(written <= avail);
+ if (avail - written < 1)
+ goto truncated;
+ trunnel_set_uint8(ptr, (obj->len));
+ written += 1; ptr += 1;
+
+ /* Encode char name[len] */
+ {
+ size_t elt_len = TRUNNEL_DYNARRAY_LEN(&obj->name);
+ trunnel_assert(obj->len == elt_len);
+ trunnel_assert(written <= avail);
+ if (avail - written < elt_len)
+ goto truncated;
+ if (elt_len)
+ memcpy(ptr, obj->name.elts_, elt_len);
+ written += elt_len; ptr += elt_len;
+ }
+
+
+ trunnel_assert(ptr == output + written);
+#ifdef TRUNNEL_CHECK_ENCODED_LEN
+ {
+ trunnel_assert(encoded_len >= 0);
+ trunnel_assert((size_t)encoded_len == written);
+ }
+
+#endif
+
+ return written;
+
+ truncated:
+ result = -2;
+ goto fail;
+ check_failed:
+ (void)msg;
+ result = -1;
+ goto fail;
+ fail:
+ trunnel_assert(result < 0);
+ return result;
+}
+
+/** As domainname_parse(), but do not allocate the output object.
+ */
+static ssize_t
+domainname_parse_into(domainname_t *obj, const uint8_t *input, const size_t len_in)
+{
+ const uint8_t *ptr = input;
+ size_t remaining = len_in;
+ ssize_t result = 0;
+ (void)result;
+
+ /* Parse u8 len */
+ CHECK_REMAINING(1, truncated);
+ obj->len = (trunnel_get_uint8(ptr));
+ remaining -= 1; ptr += 1;
+
+ /* Parse char name[len] */
+ CHECK_REMAINING(obj->len, truncated);
+ if (domainname_setstr0_name(obj, (const char*)ptr, obj->len))
+ goto fail;
+ ptr += obj->len; remaining -= obj->len;
+ trunnel_assert(ptr + remaining == input + len_in);
+ return len_in - remaining;
+
+ truncated:
+ return -2;
+ fail:
+ result = -1;
+ return result;
+}
+
+ssize_t
+domainname_parse(domainname_t **output, const uint8_t *input, const size_t len_in)
+{
+ ssize_t result;
+ *output = domainname_new();
+ if (NULL == *output)
+ return -1;
+ result = domainname_parse_into(*output, input, len_in);
+ if (result < 0) {
+ domainname_free(*output);
+ *output = NULL;
+ }
+ return result;
+}
+socks4_client_request_t *
+socks4_client_request_new(void)
+{
+ socks4_client_request_t *val = trunnel_calloc(1, sizeof(socks4_client_request_t));
+ if (NULL == val)
+ return NULL;
+ val->version = 4;
+ val->command = CMD_BIND;
+ return val;
+}
+
+/** Release all storage held inside 'obj', but do not free 'obj'.
+ */
+static void
+socks4_client_request_clear(socks4_client_request_t *obj)
+{
+ (void) obj;
+ trunnel_wipestr(obj->username);
+ trunnel_free(obj->username);
+ trunnel_wipestr(obj->socks4a_addr_hostname);
+ trunnel_free(obj->socks4a_addr_hostname);
+}
+
+void
+socks4_client_request_free(socks4_client_request_t *obj)
+{
+ if (obj == NULL)
+ return;
+ socks4_client_request_clear(obj);
+ trunnel_memwipe(obj, sizeof(socks4_client_request_t));
+ trunnel_free_(obj);
+}
+
+uint8_t
+socks4_client_request_get_version(const socks4_client_request_t *inp)
+{
+ return inp->version;
+}
+int
+socks4_client_request_set_version(socks4_client_request_t *inp, uint8_t val)
+{
+ if (! ((val == 4))) {
+ TRUNNEL_SET_ERROR_CODE(inp);
+ return -1;
+ }
+ inp->version = val;
+ return 0;
+}
+uint8_t
+socks4_client_request_get_command(const socks4_client_request_t *inp)
+{
+ return inp->command;
+}
+int
+socks4_client_request_set_command(socks4_client_request_t *inp, uint8_t val)
+{
+ if (! ((val == CMD_BIND || val == CMD_CONNECT || val == CMD_RESOLVE_PTR))) {
+ TRUNNEL_SET_ERROR_CODE(inp);
+ return -1;
+ }
+ inp->command = val;
+ return 0;
+}
+uint16_t
+socks4_client_request_get_port(const socks4_client_request_t *inp)
+{
+ return inp->port;
+}
+int
+socks4_client_request_set_port(socks4_client_request_t *inp, uint16_t val)
+{
+ inp->port = val;
+ return 0;
+}
+uint32_t
+socks4_client_request_get_addr(const socks4_client_request_t *inp)
+{
+ return inp->addr;
+}
+int
+socks4_client_request_set_addr(socks4_client_request_t *inp, uint32_t val)
+{
+ inp->addr = val;
+ return 0;
+}
+const char *
+socks4_client_request_get_username(const socks4_client_request_t *inp)
+{
+ return inp->username;
+}
+int
+socks4_client_request_set_username(socks4_client_request_t *inp, const char *val)
+{
+ trunnel_free(inp->username);
+ if (NULL == (inp->username = trunnel_strdup(val))) {
+ TRUNNEL_SET_ERROR_CODE(inp);
+ return -1;
+ }
+ return 0;
+}
+const char *
+socks4_client_request_get_socks4a_addr_hostname(const socks4_client_request_t *inp)
+{
+ return inp->socks4a_addr_hostname;
+}
+int
+socks4_client_request_set_socks4a_addr_hostname(socks4_client_request_t *inp, const char *val)
+{
+ trunnel_free(inp->socks4a_addr_hostname);
+ if (NULL == (inp->socks4a_addr_hostname = trunnel_strdup(val))) {
+ TRUNNEL_SET_ERROR_CODE(inp);
+ return -1;
+ }
+ return 0;
+}
+const char *
+socks4_client_request_check(const socks4_client_request_t *obj)
+{
+ if (obj == NULL)
+ return "Object was NULL";
+ if (obj->trunnel_error_code_)
+ return "A set function failed on this object";
+ if (! (obj->version == 4))
+ return "Integer out of bounds";
+ if (! (obj->command == CMD_BIND || obj->command == CMD_CONNECT || obj->command == CMD_RESOLVE_PTR))
+ return "Integer out of bounds";
+ if (NULL == obj->username)
+ return "Missing username";
+ switch (obj->addr) {
+
+ case 1:
+ case 2:
+ case 3:
+ case 4:
+ case 5:
+ case 6:
+ case 7:
+ case 8:
+ case 9:
+ case 10:
+ case 11:
+ case 12:
+ case 13:
+ case 14:
+ case 15:
+ case 16:
+ case 17:
+ case 18:
+ case 19:
+ case 20:
+ case 21:
+ case 22:
+ case 23:
+ case 24:
+ case 25:
+ case 26:
+ case 27:
+ case 28:
+ case 29:
+ case 30:
+ case 31:
+ case 32:
+ case 33:
+ case 34:
+ case 35:
+ case 36:
+ case 37:
+ case 38:
+ case 39:
+ case 40:
+ case 41:
+ case 42:
+ case 43:
+ case 44:
+ case 45:
+ case 46:
+ case 47:
+ case 48:
+ case 49:
+ case 50:
+ case 51:
+ case 52:
+ case 53:
+ case 54:
+ case 55:
+ case 56:
+ case 57:
+ case 58:
+ case 59:
+ case 60:
+ case 61:
+ case 62:
+ case 63:
+ case 64:
+ case 65:
+ case 66:
+ case 67:
+ case 68:
+ case 69:
+ case 70:
+ case 71:
+ case 72:
+ case 73:
+ case 74:
+ case 75:
+ case 76:
+ case 77:
+ case 78:
+ case 79:
+ case 80:
+ case 81:
+ case 82:
+ case 83:
+ case 84:
+ case 85:
+ case 86:
+ case 87:
+ case 88:
+ case 89:
+ case 90:
+ case 91:
+ case 92:
+ case 93:
+ case 94:
+ case 95:
+ case 96:
+ case 97:
+ case 98:
+ case 99:
+ case 100:
+ case 101:
+ case 102:
+ case 103:
+ case 104:
+ case 105:
+ case 106:
+ case 107:
+ case 108:
+ case 109:
+ case 110:
+ case 111:
+ case 112:
+ case 113:
+ case 114:
+ case 115:
+ case 116:
+ case 117:
+ case 118:
+ case 119:
+ case 120:
+ case 121:
+ case 122:
+ case 123:
+ case 124:
+ case 125:
+ case 126:
+ case 127:
+ case 128:
+ case 129:
+ case 130:
+ case 131:
+ case 132:
+ case 133:
+ case 134:
+ case 135:
+ case 136:
+ case 137:
+ case 138:
+ case 139:
+ case 140:
+ case 141:
+ case 142:
+ case 143:
+ case 144:
+ case 145:
+ case 146:
+ case 147:
+ case 148:
+ case 149:
+ case 150:
+ case 151:
+ case 152:
+ case 153:
+ case 154:
+ case 155:
+ case 156:
+ case 157:
+ case 158:
+ case 159:
+ case 160:
+ case 161:
+ case 162:
+ case 163:
+ case 164:
+ case 165:
+ case 166:
+ case 167:
+ case 168:
+ case 169:
+ case 170:
+ case 171:
+ case 172:
+ case 173:
+ case 174:
+ case 175:
+ case 176:
+ case 177:
+ case 178:
+ case 179:
+ case 180:
+ case 181:
+ case 182:
+ case 183:
+ case 184:
+ case 185:
+ case 186:
+ case 187:
+ case 188:
+ case 189:
+ case 190:
+ case 191:
+ case 192:
+ case 193:
+ case 194:
+ case 195:
+ case 196:
+ case 197:
+ case 198:
+ case 199:
+ case 200:
+ case 201:
+ case 202:
+ case 203:
+ case 204:
+ case 205:
+ case 206:
+ case 207:
+ case 208:
+ case 209:
+ case 210:
+ case 211:
+ case 212:
+ case 213:
+ case 214:
+ case 215:
+ case 216:
+ case 217:
+ case 218:
+ case 219:
+ case 220:
+ case 221:
+ case 222:
+ case 223:
+ case 224:
+ case 225:
+ case 226:
+ case 227:
+ case 228:
+ case 229:
+ case 230:
+ case 231:
+ case 232:
+ case 233:
+ case 234:
+ case 235:
+ case 236:
+ case 237:
+ case 238:
+ case 239:
+ case 240:
+ case 241:
+ case 242:
+ case 243:
+ case 244:
+ case 245:
+ case 246:
+ case 247:
+ case 248:
+ case 249:
+ case 250:
+ case 251:
+ case 252:
+ case 253:
+ case 254:
+ case 255:
+ if (NULL == obj->socks4a_addr_hostname)
+ return "Missing socks4a_addr_hostname";
+ break;
+
+ default:
+ break;
+ }
+ return NULL;
+}
+
+ssize_t
+socks4_client_request_encoded_len(const socks4_client_request_t *obj)
+{
+ ssize_t result = 0;
+
+ if (NULL != socks4_client_request_check(obj))
+ return -1;
+
+
+ /* Length of u8 version IN [4] */
+ result += 1;
+
+ /* Length of u8 command IN [CMD_BIND, CMD_CONNECT, CMD_RESOLVE_PTR] */
+ result += 1;
+
+ /* Length of u16 port */
+ result += 2;
+
+ /* Length of u32 addr */
+ result += 4;
+
+ /* Length of nulterm username */
+ result += strlen(obj->username) + 1;
+ switch (obj->addr) {
+
+ case 1:
+ case 2:
+ case 3:
+ case 4:
+ case 5:
+ case 6:
+ case 7:
+ case 8:
+ case 9:
+ case 10:
+ case 11:
+ case 12:
+ case 13:
+ case 14:
+ case 15:
+ case 16:
+ case 17:
+ case 18:
+ case 19:
+ case 20:
+ case 21:
+ case 22:
+ case 23:
+ case 24:
+ case 25:
+ case 26:
+ case 27:
+ case 28:
+ case 29:
+ case 30:
+ case 31:
+ case 32:
+ case 33:
+ case 34:
+ case 35:
+ case 36:
+ case 37:
+ case 38:
+ case 39:
+ case 40:
+ case 41:
+ case 42:
+ case 43:
+ case 44:
+ case 45:
+ case 46:
+ case 47:
+ case 48:
+ case 49:
+ case 50:
+ case 51:
+ case 52:
+ case 53:
+ case 54:
+ case 55:
+ case 56:
+ case 57:
+ case 58:
+ case 59:
+ case 60:
+ case 61:
+ case 62:
+ case 63:
+ case 64:
+ case 65:
+ case 66:
+ case 67:
+ case 68:
+ case 69:
+ case 70:
+ case 71:
+ case 72:
+ case 73:
+ case 74:
+ case 75:
+ case 76:
+ case 77:
+ case 78:
+ case 79:
+ case 80:
+ case 81:
+ case 82:
+ case 83:
+ case 84:
+ case 85:
+ case 86:
+ case 87:
+ case 88:
+ case 89:
+ case 90:
+ case 91:
+ case 92:
+ case 93:
+ case 94:
+ case 95:
+ case 96:
+ case 97:
+ case 98:
+ case 99:
+ case 100:
+ case 101:
+ case 102:
+ case 103:
+ case 104:
+ case 105:
+ case 106:
+ case 107:
+ case 108:
+ case 109:
+ case 110:
+ case 111:
+ case 112:
+ case 113:
+ case 114:
+ case 115:
+ case 116:
+ case 117:
+ case 118:
+ case 119:
+ case 120:
+ case 121:
+ case 122:
+ case 123:
+ case 124:
+ case 125:
+ case 126:
+ case 127:
+ case 128:
+ case 129:
+ case 130:
+ case 131:
+ case 132:
+ case 133:
+ case 134:
+ case 135:
+ case 136:
+ case 137:
+ case 138:
+ case 139:
+ case 140:
+ case 141:
+ case 142:
+ case 143:
+ case 144:
+ case 145:
+ case 146:
+ case 147:
+ case 148:
+ case 149:
+ case 150:
+ case 151:
+ case 152:
+ case 153:
+ case 154:
+ case 155:
+ case 156:
+ case 157:
+ case 158:
+ case 159:
+ case 160:
+ case 161:
+ case 162:
+ case 163:
+ case 164:
+ case 165:
+ case 166:
+ case 167:
+ case 168:
+ case 169:
+ case 170:
+ case 171:
+ case 172:
+ case 173:
+ case 174:
+ case 175:
+ case 176:
+ case 177:
+ case 178:
+ case 179:
+ case 180:
+ case 181:
+ case 182:
+ case 183:
+ case 184:
+ case 185:
+ case 186:
+ case 187:
+ case 188:
+ case 189:
+ case 190:
+ case 191:
+ case 192:
+ case 193:
+ case 194:
+ case 195:
+ case 196:
+ case 197:
+ case 198:
+ case 199:
+ case 200:
+ case 201:
+ case 202:
+ case 203:
+ case 204:
+ case 205:
+ case 206:
+ case 207:
+ case 208:
+ case 209:
+ case 210:
+ case 211:
+ case 212:
+ case 213:
+ case 214:
+ case 215:
+ case 216:
+ case 217:
+ case 218:
+ case 219:
+ case 220:
+ case 221:
+ case 222:
+ case 223:
+ case 224:
+ case 225:
+ case 226:
+ case 227:
+ case 228:
+ case 229:
+ case 230:
+ case 231:
+ case 232:
+ case 233:
+ case 234:
+ case 235:
+ case 236:
+ case 237:
+ case 238:
+ case 239:
+ case 240:
+ case 241:
+ case 242:
+ case 243:
+ case 244:
+ case 245:
+ case 246:
+ case 247:
+ case 248:
+ case 249:
+ case 250:
+ case 251:
+ case 252:
+ case 253:
+ case 254:
+ case 255:
+
+ /* Length of nulterm socks4a_addr_hostname */
+ result += strlen(obj->socks4a_addr_hostname) + 1;
+ break;
+
+ default:
+ break;
+ }
+ return result;
+}
+int
+socks4_client_request_clear_errors(socks4_client_request_t *obj)
+{
+ int r = obj->trunnel_error_code_;
+ obj->trunnel_error_code_ = 0;
+ return r;
+}
+ssize_t
+socks4_client_request_encode(uint8_t *output, const size_t avail, const socks4_client_request_t *obj)
+{
+ ssize_t result = 0;
+ size_t written = 0;
+ uint8_t *ptr = output;
+ const char *msg;
+#ifdef TRUNNEL_CHECK_ENCODED_LEN
+ const ssize_t encoded_len = socks4_client_request_encoded_len(obj);
+#endif
+
+ if (NULL != (msg = socks4_client_request_check(obj)))
+ goto check_failed;
+
+#ifdef TRUNNEL_CHECK_ENCODED_LEN
+ trunnel_assert(encoded_len >= 0);
+#endif
+
+ /* Encode u8 version IN [4] */
+ trunnel_assert(written <= avail);
+ if (avail - written < 1)
+ goto truncated;
+ trunnel_set_uint8(ptr, (obj->version));
+ written += 1; ptr += 1;
+
+ /* Encode u8 command IN [CMD_BIND, CMD_CONNECT, CMD_RESOLVE_PTR] */
+ trunnel_assert(written <= avail);
+ if (avail - written < 1)
+ goto truncated;
+ trunnel_set_uint8(ptr, (obj->command));
+ written += 1; ptr += 1;
+
+ /* Encode u16 port */
+ trunnel_assert(written <= avail);
+ if (avail - written < 2)
+ goto truncated;
+ trunnel_set_uint16(ptr, trunnel_htons(obj->port));
+ written += 2; ptr += 2;
+
+ /* Encode u32 addr */
+ trunnel_assert(written <= avail);
+ if (avail - written < 4)
+ goto truncated;
+ trunnel_set_uint32(ptr, trunnel_htonl(obj->addr));
+ written += 4; ptr += 4;
+
+ /* Encode nulterm username */
+ {
+ size_t len = strlen(obj->username);
+ trunnel_assert(written <= avail);
+ if (avail - written < len + 1)
+ goto truncated;
+ memcpy(ptr, obj->username, len + 1);
+ ptr += len + 1; written += len + 1;
+ }
+
+ /* Encode union socks4a_addr[addr] */
+ trunnel_assert(written <= avail);
+ switch (obj->addr) {
+
+ case 1:
+ case 2:
+ case 3:
+ case 4:
+ case 5:
+ case 6:
+ case 7:
+ case 8:
+ case 9:
+ case 10:
+ case 11:
+ case 12:
+ case 13:
+ case 14:
+ case 15:
+ case 16:
+ case 17:
+ case 18:
+ case 19:
+ case 20:
+ case 21:
+ case 22:
+ case 23:
+ case 24:
+ case 25:
+ case 26:
+ case 27:
+ case 28:
+ case 29:
+ case 30:
+ case 31:
+ case 32:
+ case 33:
+ case 34:
+ case 35:
+ case 36:
+ case 37:
+ case 38:
+ case 39:
+ case 40:
+ case 41:
+ case 42:
+ case 43:
+ case 44:
+ case 45:
+ case 46:
+ case 47:
+ case 48:
+ case 49:
+ case 50:
+ case 51:
+ case 52:
+ case 53:
+ case 54:
+ case 55:
+ case 56:
+ case 57:
+ case 58:
+ case 59:
+ case 60:
+ case 61:
+ case 62:
+ case 63:
+ case 64:
+ case 65:
+ case 66:
+ case 67:
+ case 68:
+ case 69:
+ case 70:
+ case 71:
+ case 72:
+ case 73:
+ case 74:
+ case 75:
+ case 76:
+ case 77:
+ case 78:
+ case 79:
+ case 80:
+ case 81:
+ case 82:
+ case 83:
+ case 84:
+ case 85:
+ case 86:
+ case 87:
+ case 88:
+ case 89:
+ case 90:
+ case 91:
+ case 92:
+ case 93:
+ case 94:
+ case 95:
+ case 96:
+ case 97:
+ case 98:
+ case 99:
+ case 100:
+ case 101:
+ case 102:
+ case 103:
+ case 104:
+ case 105:
+ case 106:
+ case 107:
+ case 108:
+ case 109:
+ case 110:
+ case 111:
+ case 112:
+ case 113:
+ case 114:
+ case 115:
+ case 116:
+ case 117:
+ case 118:
+ case 119:
+ case 120:
+ case 121:
+ case 122:
+ case 123:
+ case 124:
+ case 125:
+ case 126:
+ case 127:
+ case 128:
+ case 129:
+ case 130:
+ case 131:
+ case 132:
+ case 133:
+ case 134:
+ case 135:
+ case 136:
+ case 137:
+ case 138:
+ case 139:
+ case 140:
+ case 141:
+ case 142:
+ case 143:
+ case 144:
+ case 145:
+ case 146:
+ case 147:
+ case 148:
+ case 149:
+ case 150:
+ case 151:
+ case 152:
+ case 153:
+ case 154:
+ case 155:
+ case 156:
+ case 157:
+ case 158:
+ case 159:
+ case 160:
+ case 161:
+ case 162:
+ case 163:
+ case 164:
+ case 165:
+ case 166:
+ case 167:
+ case 168:
+ case 169:
+ case 170:
+ case 171:
+ case 172:
+ case 173:
+ case 174:
+ case 175:
+ case 176:
+ case 177:
+ case 178:
+ case 179:
+ case 180:
+ case 181:
+ case 182:
+ case 183:
+ case 184:
+ case 185:
+ case 186:
+ case 187:
+ case 188:
+ case 189:
+ case 190:
+ case 191:
+ case 192:
+ case 193:
+ case 194:
+ case 195:
+ case 196:
+ case 197:
+ case 198:
+ case 199:
+ case 200:
+ case 201:
+ case 202:
+ case 203:
+ case 204:
+ case 205:
+ case 206:
+ case 207:
+ case 208:
+ case 209:
+ case 210:
+ case 211:
+ case 212:
+ case 213:
+ case 214:
+ case 215:
+ case 216:
+ case 217:
+ case 218:
+ case 219:
+ case 220:
+ case 221:
+ case 222:
+ case 223:
+ case 224:
+ case 225:
+ case 226:
+ case 227:
+ case 228:
+ case 229:
+ case 230:
+ case 231:
+ case 232:
+ case 233:
+ case 234:
+ case 235:
+ case 236:
+ case 237:
+ case 238:
+ case 239:
+ case 240:
+ case 241:
+ case 242:
+ case 243:
+ case 244:
+ case 245:
+ case 246:
+ case 247:
+ case 248:
+ case 249:
+ case 250:
+ case 251:
+ case 252:
+ case 253:
+ case 254:
+ case 255:
+
+ /* Encode nulterm socks4a_addr_hostname */
+ {
+ size_t len = strlen(obj->socks4a_addr_hostname);
+ trunnel_assert(written <= avail);
+ if (avail - written < len + 1)
+ goto truncated;
+ memcpy(ptr, obj->socks4a_addr_hostname, len + 1);
+ ptr += len + 1; written += len + 1;
+ }
+ break;
+
+ default:
+ break;
+ }
+
+
+ trunnel_assert(ptr == output + written);
+#ifdef TRUNNEL_CHECK_ENCODED_LEN
+ {
+ trunnel_assert(encoded_len >= 0);
+ trunnel_assert((size_t)encoded_len == written);
+ }
+
+#endif
+
+ return written;
+
+ truncated:
+ result = -2;
+ goto fail;
+ check_failed:
+ (void)msg;
+ result = -1;
+ goto fail;
+ fail:
+ trunnel_assert(result < 0);
+ return result;
+}
+
+/** As socks4_client_request_parse(), but do not allocate the output
+ * object.
+ */
+static ssize_t
+socks4_client_request_parse_into(socks4_client_request_t *obj, const uint8_t *input, const size_t len_in)
+{
+ const uint8_t *ptr = input;
+ size_t remaining = len_in;
+ ssize_t result = 0;
+ (void)result;
+
+ /* Parse u8 version IN [4] */
+ CHECK_REMAINING(1, truncated);
+ obj->version = (trunnel_get_uint8(ptr));
+ remaining -= 1; ptr += 1;
+ if (! (obj->version == 4))
+ goto fail;
+
+ /* Parse u8 command IN [CMD_BIND, CMD_CONNECT, CMD_RESOLVE_PTR] */
+ CHECK_REMAINING(1, truncated);
+ obj->command = (trunnel_get_uint8(ptr));
+ remaining -= 1; ptr += 1;
+ if (! (obj->command == CMD_BIND || obj->command == CMD_CONNECT || obj->command == CMD_RESOLVE_PTR))
+ goto fail;
+
+ /* Parse u16 port */
+ CHECK_REMAINING(2, truncated);
+ obj->port = trunnel_ntohs(trunnel_get_uint16(ptr));
+ remaining -= 2; ptr += 2;
+
+ /* Parse u32 addr */
+ CHECK_REMAINING(4, truncated);
+ obj->addr = trunnel_ntohl(trunnel_get_uint32(ptr));
+ remaining -= 4; ptr += 4;
+
+ /* Parse nulterm username */
+ {
+ uint8_t *eos = (uint8_t*)memchr(ptr, 0, remaining);
+ size_t memlen;
+ if (eos == NULL)
+ goto truncated;
+ trunnel_assert(eos >= ptr);
+ trunnel_assert((size_t)(eos - ptr) < SIZE_MAX - 1);
+ memlen = ((size_t)(eos - ptr)) + 1;
+ if (!(obj->username = trunnel_malloc(memlen)))
+ goto fail;
+ memcpy(obj->username, ptr, memlen);
+ remaining -= memlen; ptr += memlen;
+ }
+
+ /* Parse union socks4a_addr[addr] */
+ switch (obj->addr) {
+
+ case 1:
+ case 2:
+ case 3:
+ case 4:
+ case 5:
+ case 6:
+ case 7:
+ case 8:
+ case 9:
+ case 10:
+ case 11:
+ case 12:
+ case 13:
+ case 14:
+ case 15:
+ case 16:
+ case 17:
+ case 18:
+ case 19:
+ case 20:
+ case 21:
+ case 22:
+ case 23:
+ case 24:
+ case 25:
+ case 26:
+ case 27:
+ case 28:
+ case 29:
+ case 30:
+ case 31:
+ case 32:
+ case 33:
+ case 34:
+ case 35:
+ case 36:
+ case 37:
+ case 38:
+ case 39:
+ case 40:
+ case 41:
+ case 42:
+ case 43:
+ case 44:
+ case 45:
+ case 46:
+ case 47:
+ case 48:
+ case 49:
+ case 50:
+ case 51:
+ case 52:
+ case 53:
+ case 54:
+ case 55:
+ case 56:
+ case 57:
+ case 58:
+ case 59:
+ case 60:
+ case 61:
+ case 62:
+ case 63:
+ case 64:
+ case 65:
+ case 66:
+ case 67:
+ case 68:
+ case 69:
+ case 70:
+ case 71:
+ case 72:
+ case 73:
+ case 74:
+ case 75:
+ case 76:
+ case 77:
+ case 78:
+ case 79:
+ case 80:
+ case 81:
+ case 82:
+ case 83:
+ case 84:
+ case 85:
+ case 86:
+ case 87:
+ case 88:
+ case 89:
+ case 90:
+ case 91:
+ case 92:
+ case 93:
+ case 94:
+ case 95:
+ case 96:
+ case 97:
+ case 98:
+ case 99:
+ case 100:
+ case 101:
+ case 102:
+ case 103:
+ case 104:
+ case 105:
+ case 106:
+ case 107:
+ case 108:
+ case 109:
+ case 110:
+ case 111:
+ case 112:
+ case 113:
+ case 114:
+ case 115:
+ case 116:
+ case 117:
+ case 118:
+ case 119:
+ case 120:
+ case 121:
+ case 122:
+ case 123:
+ case 124:
+ case 125:
+ case 126:
+ case 127:
+ case 128:
+ case 129:
+ case 130:
+ case 131:
+ case 132:
+ case 133:
+ case 134:
+ case 135:
+ case 136:
+ case 137:
+ case 138:
+ case 139:
+ case 140:
+ case 141:
+ case 142:
+ case 143:
+ case 144:
+ case 145:
+ case 146:
+ case 147:
+ case 148:
+ case 149:
+ case 150:
+ case 151:
+ case 152:
+ case 153:
+ case 154:
+ case 155:
+ case 156:
+ case 157:
+ case 158:
+ case 159:
+ case 160:
+ case 161:
+ case 162:
+ case 163:
+ case 164:
+ case 165:
+ case 166:
+ case 167:
+ case 168:
+ case 169:
+ case 170:
+ case 171:
+ case 172:
+ case 173:
+ case 174:
+ case 175:
+ case 176:
+ case 177:
+ case 178:
+ case 179:
+ case 180:
+ case 181:
+ case 182:
+ case 183:
+ case 184:
+ case 185:
+ case 186:
+ case 187:
+ case 188:
+ case 189:
+ case 190:
+ case 191:
+ case 192:
+ case 193:
+ case 194:
+ case 195:
+ case 196:
+ case 197:
+ case 198:
+ case 199:
+ case 200:
+ case 201:
+ case 202:
+ case 203:
+ case 204:
+ case 205:
+ case 206:
+ case 207:
+ case 208:
+ case 209:
+ case 210:
+ case 211:
+ case 212:
+ case 213:
+ case 214:
+ case 215:
+ case 216:
+ case 217:
+ case 218:
+ case 219:
+ case 220:
+ case 221:
+ case 222:
+ case 223:
+ case 224:
+ case 225:
+ case 226:
+ case 227:
+ case 228:
+ case 229:
+ case 230:
+ case 231:
+ case 232:
+ case 233:
+ case 234:
+ case 235:
+ case 236:
+ case 237:
+ case 238:
+ case 239:
+ case 240:
+ case 241:
+ case 242:
+ case 243:
+ case 244:
+ case 245:
+ case 246:
+ case 247:
+ case 248:
+ case 249:
+ case 250:
+ case 251:
+ case 252:
+ case 253:
+ case 254:
+ case 255:
+
+ /* Parse nulterm socks4a_addr_hostname */
+ {
+ uint8_t *eos = (uint8_t*)memchr(ptr, 0, remaining);
+ size_t memlen;
+ if (eos == NULL)
+ goto truncated;
+ trunnel_assert(eos >= ptr);
+ trunnel_assert((size_t)(eos - ptr) < SIZE_MAX - 1);
+ memlen = ((size_t)(eos - ptr)) + 1;
+ if (!(obj->socks4a_addr_hostname = trunnel_malloc(memlen)))
+ goto fail;
+ memcpy(obj->socks4a_addr_hostname, ptr, memlen);
+ remaining -= memlen; ptr += memlen;
+ }
+ break;
+
+ default:
+ break;
+ }
+ trunnel_assert(ptr + remaining == input + len_in);
+ return len_in - remaining;
+
+ truncated:
+ return -2;
+ fail:
+ result = -1;
+ return result;
+}
+
+ssize_t
+socks4_client_request_parse(socks4_client_request_t **output, const uint8_t *input, const size_t len_in)
+{
+ ssize_t result;
+ *output = socks4_client_request_new();
+ if (NULL == *output)
+ return -1;
+ result = socks4_client_request_parse_into(*output, input, len_in);
+ if (result < 0) {
+ socks4_client_request_free(*output);
+ *output = NULL;
+ }
+ return result;
+}
+socks4_server_reply_t *
+socks4_server_reply_new(void)
+{
+ socks4_server_reply_t *val = trunnel_calloc(1, sizeof(socks4_server_reply_t));
+ if (NULL == val)
+ return NULL;
+ val->version = 4;
+ return val;
+}
+
+/** Release all storage held inside 'obj', but do not free 'obj'.
+ */
+static void
+socks4_server_reply_clear(socks4_server_reply_t *obj)
+{
+ (void) obj;
+}
+
+void
+socks4_server_reply_free(socks4_server_reply_t *obj)
+{
+ if (obj == NULL)
+ return;
+ socks4_server_reply_clear(obj);
+ trunnel_memwipe(obj, sizeof(socks4_server_reply_t));
+ trunnel_free_(obj);
+}
+
+uint8_t
+socks4_server_reply_get_version(const socks4_server_reply_t *inp)
+{
+ return inp->version;
+}
+int
+socks4_server_reply_set_version(socks4_server_reply_t *inp, uint8_t val)
+{
+ if (! ((val == 4))) {
+ TRUNNEL_SET_ERROR_CODE(inp);
+ return -1;
+ }
+ inp->version = val;
+ return 0;
+}
+uint8_t
+socks4_server_reply_get_status(const socks4_server_reply_t *inp)
+{
+ return inp->status;
+}
+int
+socks4_server_reply_set_status(socks4_server_reply_t *inp, uint8_t val)
+{
+ inp->status = val;
+ return 0;
+}
+uint16_t
+socks4_server_reply_get_port(const socks4_server_reply_t *inp)
+{
+ return inp->port;
+}
+int
+socks4_server_reply_set_port(socks4_server_reply_t *inp, uint16_t val)
+{
+ inp->port = val;
+ return 0;
+}
+uint32_t
+socks4_server_reply_get_addr(const socks4_server_reply_t *inp)
+{
+ return inp->addr;
+}
+int
+socks4_server_reply_set_addr(socks4_server_reply_t *inp, uint32_t val)
+{
+ inp->addr = val;
+ return 0;
+}
+const char *
+socks4_server_reply_check(const socks4_server_reply_t *obj)
+{
+ if (obj == NULL)
+ return "Object was NULL";
+ if (obj->trunnel_error_code_)
+ return "A set function failed on this object";
+ if (! (obj->version == 4))
+ return "Integer out of bounds";
+ return NULL;
+}
+
+ssize_t
+socks4_server_reply_encoded_len(const socks4_server_reply_t *obj)
+{
+ ssize_t result = 0;
+
+ if (NULL != socks4_server_reply_check(obj))
+ return -1;
+
+
+ /* Length of u8 version IN [4] */
+ result += 1;
+
+ /* Length of u8 status */
+ result += 1;
+
+ /* Length of u16 port */
+ result += 2;
+
+ /* Length of u32 addr */
+ result += 4;
+ return result;
+}
+int
+socks4_server_reply_clear_errors(socks4_server_reply_t *obj)
+{
+ int r = obj->trunnel_error_code_;
+ obj->trunnel_error_code_ = 0;
+ return r;
+}
+ssize_t
+socks4_server_reply_encode(uint8_t *output, const size_t avail, const socks4_server_reply_t *obj)
+{
+ ssize_t result = 0;
+ size_t written = 0;
+ uint8_t *ptr = output;
+ const char *msg;
+#ifdef TRUNNEL_CHECK_ENCODED_LEN
+ const ssize_t encoded_len = socks4_server_reply_encoded_len(obj);
+#endif
+
+ if (NULL != (msg = socks4_server_reply_check(obj)))
+ goto check_failed;
+
+#ifdef TRUNNEL_CHECK_ENCODED_LEN
+ trunnel_assert(encoded_len >= 0);
+#endif
+
+ /* Encode u8 version IN [4] */
+ trunnel_assert(written <= avail);
+ if (avail - written < 1)
+ goto truncated;
+ trunnel_set_uint8(ptr, (obj->version));
+ written += 1; ptr += 1;
+
+ /* Encode u8 status */
+ trunnel_assert(written <= avail);
+ if (avail - written < 1)
+ goto truncated;
+ trunnel_set_uint8(ptr, (obj->status));
+ written += 1; ptr += 1;
+
+ /* Encode u16 port */
+ trunnel_assert(written <= avail);
+ if (avail - written < 2)
+ goto truncated;
+ trunnel_set_uint16(ptr, trunnel_htons(obj->port));
+ written += 2; ptr += 2;
+
+ /* Encode u32 addr */
+ trunnel_assert(written <= avail);
+ if (avail - written < 4)
+ goto truncated;
+ trunnel_set_uint32(ptr, trunnel_htonl(obj->addr));
+ written += 4; ptr += 4;
+
+
+ trunnel_assert(ptr == output + written);
+#ifdef TRUNNEL_CHECK_ENCODED_LEN
+ {
+ trunnel_assert(encoded_len >= 0);
+ trunnel_assert((size_t)encoded_len == written);
+ }
+
+#endif
+
+ return written;
+
+ truncated:
+ result = -2;
+ goto fail;
+ check_failed:
+ (void)msg;
+ result = -1;
+ goto fail;
+ fail:
+ trunnel_assert(result < 0);
+ return result;
+}
+
+/** As socks4_server_reply_parse(), but do not allocate the output
+ * object.
+ */
+static ssize_t
+socks4_server_reply_parse_into(socks4_server_reply_t *obj, const uint8_t *input, const size_t len_in)
+{
+ const uint8_t *ptr = input;
+ size_t remaining = len_in;
+ ssize_t result = 0;
+ (void)result;
+
+ /* Parse u8 version IN [4] */
+ CHECK_REMAINING(1, truncated);
+ obj->version = (trunnel_get_uint8(ptr));
+ remaining -= 1; ptr += 1;
+ if (! (obj->version == 4))
+ goto fail;
+
+ /* Parse u8 status */
+ CHECK_REMAINING(1, truncated);
+ obj->status = (trunnel_get_uint8(ptr));
+ remaining -= 1; ptr += 1;
+
+ /* Parse u16 port */
+ CHECK_REMAINING(2, truncated);
+ obj->port = trunnel_ntohs(trunnel_get_uint16(ptr));
+ remaining -= 2; ptr += 2;
+
+ /* Parse u32 addr */
+ CHECK_REMAINING(4, truncated);
+ obj->addr = trunnel_ntohl(trunnel_get_uint32(ptr));
+ remaining -= 4; ptr += 4;
+ trunnel_assert(ptr + remaining == input + len_in);
+ return len_in - remaining;
+
+ truncated:
+ return -2;
+ fail:
+ result = -1;
+ return result;
+}
+
+ssize_t
+socks4_server_reply_parse(socks4_server_reply_t **output, const uint8_t *input, const size_t len_in)
+{
+ ssize_t result;
+ *output = socks4_server_reply_new();
+ if (NULL == *output)
+ return -1;
+ result = socks4_server_reply_parse_into(*output, input, len_in);
+ if (result < 0) {
+ socks4_server_reply_free(*output);
+ *output = NULL;
+ }
+ return result;
+}
+socks5_client_userpass_auth_t *
+socks5_client_userpass_auth_new(void)
+{
+ socks5_client_userpass_auth_t *val = trunnel_calloc(1, sizeof(socks5_client_userpass_auth_t));
+ if (NULL == val)
+ return NULL;
+ val->version = 1;
+ return val;
+}
+
+/** Release all storage held inside 'obj', but do not free 'obj'.
+ */
+static void
+socks5_client_userpass_auth_clear(socks5_client_userpass_auth_t *obj)
+{
+ (void) obj;
+ TRUNNEL_DYNARRAY_WIPE(&obj->username);
+ TRUNNEL_DYNARRAY_CLEAR(&obj->username);
+ TRUNNEL_DYNARRAY_WIPE(&obj->passwd);
+ TRUNNEL_DYNARRAY_CLEAR(&obj->passwd);
+}
+
+void
+socks5_client_userpass_auth_free(socks5_client_userpass_auth_t *obj)
+{
+ if (obj == NULL)
+ return;
+ socks5_client_userpass_auth_clear(obj);
+ trunnel_memwipe(obj, sizeof(socks5_client_userpass_auth_t));
+ trunnel_free_(obj);
+}
+
+uint8_t
+socks5_client_userpass_auth_get_version(const socks5_client_userpass_auth_t *inp)
+{
+ return inp->version;
+}
+int
+socks5_client_userpass_auth_set_version(socks5_client_userpass_auth_t *inp, uint8_t val)
+{
+ if (! ((val == 1))) {
+ TRUNNEL_SET_ERROR_CODE(inp);
+ return -1;
+ }
+ inp->version = val;
+ return 0;
+}
+uint8_t
+socks5_client_userpass_auth_get_username_len(const socks5_client_userpass_auth_t *inp)
+{
+ return inp->username_len;
+}
+int
+socks5_client_userpass_auth_set_username_len(socks5_client_userpass_auth_t *inp, uint8_t val)
+{
+ inp->username_len = val;
+ return 0;
+}
+size_t
+socks5_client_userpass_auth_getlen_username(const socks5_client_userpass_auth_t *inp)
+{
+ return TRUNNEL_DYNARRAY_LEN(&inp->username);
+}
+
+char
+socks5_client_userpass_auth_get_username(socks5_client_userpass_auth_t *inp, size_t idx)
+{
+ return TRUNNEL_DYNARRAY_GET(&inp->username, idx);
+}
+
+char
+socks5_client_userpass_auth_getconst_username(const socks5_client_userpass_auth_t *inp, size_t idx)
+{
+ return socks5_client_userpass_auth_get_username((socks5_client_userpass_auth_t*)inp, idx);
+}
+int
+socks5_client_userpass_auth_set_username(socks5_client_userpass_auth_t *inp, size_t idx, char elt)
+{
+ TRUNNEL_DYNARRAY_SET(&inp->username, idx, elt);
+ return 0;
+}
+int
+socks5_client_userpass_auth_add_username(socks5_client_userpass_auth_t *inp, char elt)
+{
+#if SIZE_MAX >= UINT8_MAX
+ if (inp->username.n_ == UINT8_MAX)
+ goto trunnel_alloc_failed;
+#endif
+ TRUNNEL_DYNARRAY_ADD(char, &inp->username, elt, {});
+ return 0;
+ trunnel_alloc_failed:
+ TRUNNEL_SET_ERROR_CODE(inp);
+ return -1;
+}
+
+char *
+socks5_client_userpass_auth_getarray_username(socks5_client_userpass_auth_t *inp)
+{
+ return inp->username.elts_;
+}
+const char *
+socks5_client_userpass_auth_getconstarray_username(const socks5_client_userpass_auth_t *inp)
+{
+ return (const char *)socks5_client_userpass_auth_getarray_username((socks5_client_userpass_auth_t*)inp);
+}
+int
+socks5_client_userpass_auth_setlen_username(socks5_client_userpass_auth_t *inp, size_t newlen)
+{
+#if UINT8_MAX < SIZE_MAX
+ if (newlen > UINT8_MAX)
+ goto trunnel_alloc_failed;
+#endif
+ return trunnel_string_setlen(&inp->username, newlen,
+ &inp->trunnel_error_code_);
+ trunnel_alloc_failed:
+ TRUNNEL_SET_ERROR_CODE(inp);
+ return -1;
+}
+const char *
+socks5_client_userpass_auth_getstr_username(socks5_client_userpass_auth_t *inp)
+{
+ return trunnel_string_getstr(&inp->username);
+}
+int
+socks5_client_userpass_auth_setstr0_username(socks5_client_userpass_auth_t *inp, const char *val, size_t len)
+{
+#if UINT8_MAX < SIZE_MAX
+ if (len > UINT8_MAX) {
+ TRUNNEL_SET_ERROR_CODE(inp);
+ return -1;
+ }
+#endif
+ return trunnel_string_setstr0(&inp->username, val, len, &inp->trunnel_error_code_);
+}
+int
+socks5_client_userpass_auth_setstr_username(socks5_client_userpass_auth_t *inp, const char *val)
+{
+ return socks5_client_userpass_auth_setstr0_username(inp, val, strlen(val));
+}
+uint8_t
+socks5_client_userpass_auth_get_passwd_len(const socks5_client_userpass_auth_t *inp)
+{
+ return inp->passwd_len;
+}
+int
+socks5_client_userpass_auth_set_passwd_len(socks5_client_userpass_auth_t *inp, uint8_t val)
+{
+ inp->passwd_len = val;
+ return 0;
+}
+size_t
+socks5_client_userpass_auth_getlen_passwd(const socks5_client_userpass_auth_t *inp)
+{
+ return TRUNNEL_DYNARRAY_LEN(&inp->passwd);
+}
+
+char
+socks5_client_userpass_auth_get_passwd(socks5_client_userpass_auth_t *inp, size_t idx)
+{
+ return TRUNNEL_DYNARRAY_GET(&inp->passwd, idx);
+}
+
+char
+socks5_client_userpass_auth_getconst_passwd(const socks5_client_userpass_auth_t *inp, size_t idx)
+{
+ return socks5_client_userpass_auth_get_passwd((socks5_client_userpass_auth_t*)inp, idx);
+}
+int
+socks5_client_userpass_auth_set_passwd(socks5_client_userpass_auth_t *inp, size_t idx, char elt)
+{
+ TRUNNEL_DYNARRAY_SET(&inp->passwd, idx, elt);
+ return 0;
+}
+int
+socks5_client_userpass_auth_add_passwd(socks5_client_userpass_auth_t *inp, char elt)
+{
+#if SIZE_MAX >= UINT8_MAX
+ if (inp->passwd.n_ == UINT8_MAX)
+ goto trunnel_alloc_failed;
+#endif
+ TRUNNEL_DYNARRAY_ADD(char, &inp->passwd, elt, {});
+ return 0;
+ trunnel_alloc_failed:
+ TRUNNEL_SET_ERROR_CODE(inp);
+ return -1;
+}
+
+char *
+socks5_client_userpass_auth_getarray_passwd(socks5_client_userpass_auth_t *inp)
+{
+ return inp->passwd.elts_;
+}
+const char *
+socks5_client_userpass_auth_getconstarray_passwd(const socks5_client_userpass_auth_t *inp)
+{
+ return (const char *)socks5_client_userpass_auth_getarray_passwd((socks5_client_userpass_auth_t*)inp);
+}
+int
+socks5_client_userpass_auth_setlen_passwd(socks5_client_userpass_auth_t *inp, size_t newlen)
+{
+#if UINT8_MAX < SIZE_MAX
+ if (newlen > UINT8_MAX)
+ goto trunnel_alloc_failed;
+#endif
+ return trunnel_string_setlen(&inp->passwd, newlen,
+ &inp->trunnel_error_code_);
+ trunnel_alloc_failed:
+ TRUNNEL_SET_ERROR_CODE(inp);
+ return -1;
+}
+const char *
+socks5_client_userpass_auth_getstr_passwd(socks5_client_userpass_auth_t *inp)
+{
+ return trunnel_string_getstr(&inp->passwd);
+}
+int
+socks5_client_userpass_auth_setstr0_passwd(socks5_client_userpass_auth_t *inp, const char *val, size_t len)
+{
+#if UINT8_MAX < SIZE_MAX
+ if (len > UINT8_MAX) {
+ TRUNNEL_SET_ERROR_CODE(inp);
+ return -1;
+ }
+#endif
+ return trunnel_string_setstr0(&inp->passwd, val, len, &inp->trunnel_error_code_);
+}
+int
+socks5_client_userpass_auth_setstr_passwd(socks5_client_userpass_auth_t *inp, const char *val)
+{
+ return socks5_client_userpass_auth_setstr0_passwd(inp, val, strlen(val));
+}
+const char *
+socks5_client_userpass_auth_check(const socks5_client_userpass_auth_t *obj)
+{
+ if (obj == NULL)
+ return "Object was NULL";
+ if (obj->trunnel_error_code_)
+ return "A set function failed on this object";
+ if (! (obj->version == 1))
+ return "Integer out of bounds";
+ if (TRUNNEL_DYNARRAY_LEN(&obj->username) != obj->username_len)
+ return "Length mismatch for username";
+ if (TRUNNEL_DYNARRAY_LEN(&obj->passwd) != obj->passwd_len)
+ return "Length mismatch for passwd";
+ return NULL;
+}
+
+ssize_t
+socks5_client_userpass_auth_encoded_len(const socks5_client_userpass_auth_t *obj)
+{
+ ssize_t result = 0;
+
+ if (NULL != socks5_client_userpass_auth_check(obj))
+ return -1;
+
+
+ /* Length of u8 version IN [1] */
+ result += 1;
+
+ /* Length of u8 username_len */
+ result += 1;
+
+ /* Length of char username[username_len] */
+ result += TRUNNEL_DYNARRAY_LEN(&obj->username);
+
+ /* Length of u8 passwd_len */
+ result += 1;
+
+ /* Length of char passwd[passwd_len] */
+ result += TRUNNEL_DYNARRAY_LEN(&obj->passwd);
+ return result;
+}
+int
+socks5_client_userpass_auth_clear_errors(socks5_client_userpass_auth_t *obj)
+{
+ int r = obj->trunnel_error_code_;
+ obj->trunnel_error_code_ = 0;
+ return r;
+}
+ssize_t
+socks5_client_userpass_auth_encode(uint8_t *output, const size_t avail, const socks5_client_userpass_auth_t *obj)
+{
+ ssize_t result = 0;
+ size_t written = 0;
+ uint8_t *ptr = output;
+ const char *msg;
+#ifdef TRUNNEL_CHECK_ENCODED_LEN
+ const ssize_t encoded_len = socks5_client_userpass_auth_encoded_len(obj);
+#endif
+
+ if (NULL != (msg = socks5_client_userpass_auth_check(obj)))
+ goto check_failed;
+
+#ifdef TRUNNEL_CHECK_ENCODED_LEN
+ trunnel_assert(encoded_len >= 0);
+#endif
+
+ /* Encode u8 version IN [1] */
+ trunnel_assert(written <= avail);
+ if (avail - written < 1)
+ goto truncated;
+ trunnel_set_uint8(ptr, (obj->version));
+ written += 1; ptr += 1;
+
+ /* Encode u8 username_len */
+ trunnel_assert(written <= avail);
+ if (avail - written < 1)
+ goto truncated;
+ trunnel_set_uint8(ptr, (obj->username_len));
+ written += 1; ptr += 1;
+
+ /* Encode char username[username_len] */
+ {
+ size_t elt_len = TRUNNEL_DYNARRAY_LEN(&obj->username);
+ trunnel_assert(obj->username_len == elt_len);
+ trunnel_assert(written <= avail);
+ if (avail - written < elt_len)
+ goto truncated;
+ if (elt_len)
+ memcpy(ptr, obj->username.elts_, elt_len);
+ written += elt_len; ptr += elt_len;
+ }
+
+ /* Encode u8 passwd_len */
+ trunnel_assert(written <= avail);
+ if (avail - written < 1)
+ goto truncated;
+ trunnel_set_uint8(ptr, (obj->passwd_len));
+ written += 1; ptr += 1;
+
+ /* Encode char passwd[passwd_len] */
+ {
+ size_t elt_len = TRUNNEL_DYNARRAY_LEN(&obj->passwd);
+ trunnel_assert(obj->passwd_len == elt_len);
+ trunnel_assert(written <= avail);
+ if (avail - written < elt_len)
+ goto truncated;
+ if (elt_len)
+ memcpy(ptr, obj->passwd.elts_, elt_len);
+ written += elt_len; ptr += elt_len;
+ }
+
+
+ trunnel_assert(ptr == output + written);
+#ifdef TRUNNEL_CHECK_ENCODED_LEN
+ {
+ trunnel_assert(encoded_len >= 0);
+ trunnel_assert((size_t)encoded_len == written);
+ }
+
+#endif
+
+ return written;
+
+ truncated:
+ result = -2;
+ goto fail;
+ check_failed:
+ (void)msg;
+ result = -1;
+ goto fail;
+ fail:
+ trunnel_assert(result < 0);
+ return result;
+}
+
+/** As socks5_client_userpass_auth_parse(), but do not allocate the
+ * output object.
+ */
+static ssize_t
+socks5_client_userpass_auth_parse_into(socks5_client_userpass_auth_t *obj, const uint8_t *input, const size_t len_in)
+{
+ const uint8_t *ptr = input;
+ size_t remaining = len_in;
+ ssize_t result = 0;
+ (void)result;
+
+ /* Parse u8 version IN [1] */
+ CHECK_REMAINING(1, truncated);
+ obj->version = (trunnel_get_uint8(ptr));
+ remaining -= 1; ptr += 1;
+ if (! (obj->version == 1))
+ goto fail;
+
+ /* Parse u8 username_len */
+ CHECK_REMAINING(1, truncated);
+ obj->username_len = (trunnel_get_uint8(ptr));
+ remaining -= 1; ptr += 1;
+
+ /* Parse char username[username_len] */
+ CHECK_REMAINING(obj->username_len, truncated);
+ if (socks5_client_userpass_auth_setstr0_username(obj, (const char*)ptr, obj->username_len))
+ goto fail;
+ ptr += obj->username_len; remaining -= obj->username_len;
+
+ /* Parse u8 passwd_len */
+ CHECK_REMAINING(1, truncated);
+ obj->passwd_len = (trunnel_get_uint8(ptr));
+ remaining -= 1; ptr += 1;
+
+ /* Parse char passwd[passwd_len] */
+ CHECK_REMAINING(obj->passwd_len, truncated);
+ if (socks5_client_userpass_auth_setstr0_passwd(obj, (const char*)ptr, obj->passwd_len))
+ goto fail;
+ ptr += obj->passwd_len; remaining -= obj->passwd_len;
+ trunnel_assert(ptr + remaining == input + len_in);
+ return len_in - remaining;
+
+ truncated:
+ return -2;
+ fail:
+ result = -1;
+ return result;
+}
+
+ssize_t
+socks5_client_userpass_auth_parse(socks5_client_userpass_auth_t **output, const uint8_t *input, const size_t len_in)
+{
+ ssize_t result;
+ *output = socks5_client_userpass_auth_new();
+ if (NULL == *output)
+ return -1;
+ result = socks5_client_userpass_auth_parse_into(*output, input, len_in);
+ if (result < 0) {
+ socks5_client_userpass_auth_free(*output);
+ *output = NULL;
+ }
+ return result;
+}
+socks5_client_version_t *
+socks5_client_version_new(void)
+{
+ socks5_client_version_t *val = trunnel_calloc(1, sizeof(socks5_client_version_t));
+ if (NULL == val)
+ return NULL;
+ val->version = 5;
+ return val;
+}
+
+/** Release all storage held inside 'obj', but do not free 'obj'.
+ */
+static void
+socks5_client_version_clear(socks5_client_version_t *obj)
+{
+ (void) obj;
+ TRUNNEL_DYNARRAY_WIPE(&obj->methods);
+ TRUNNEL_DYNARRAY_CLEAR(&obj->methods);
+}
+
+void
+socks5_client_version_free(socks5_client_version_t *obj)
+{
+ if (obj == NULL)
+ return;
+ socks5_client_version_clear(obj);
+ trunnel_memwipe(obj, sizeof(socks5_client_version_t));
+ trunnel_free_(obj);
+}
+
+uint8_t
+socks5_client_version_get_version(const socks5_client_version_t *inp)
+{
+ return inp->version;
+}
+int
+socks5_client_version_set_version(socks5_client_version_t *inp, uint8_t val)
+{
+ if (! ((val == 5))) {
+ TRUNNEL_SET_ERROR_CODE(inp);
+ return -1;
+ }
+ inp->version = val;
+ return 0;
+}
+uint8_t
+socks5_client_version_get_n_methods(const socks5_client_version_t *inp)
+{
+ return inp->n_methods;
+}
+int
+socks5_client_version_set_n_methods(socks5_client_version_t *inp, uint8_t val)
+{
+ inp->n_methods = val;
+ return 0;
+}
+size_t
+socks5_client_version_getlen_methods(const socks5_client_version_t *inp)
+{
+ return TRUNNEL_DYNARRAY_LEN(&inp->methods);
+}
+
+uint8_t
+socks5_client_version_get_methods(socks5_client_version_t *inp, size_t idx)
+{
+ return TRUNNEL_DYNARRAY_GET(&inp->methods, idx);
+}
+
+uint8_t
+socks5_client_version_getconst_methods(const socks5_client_version_t *inp, size_t idx)
+{
+ return socks5_client_version_get_methods((socks5_client_version_t*)inp, idx);
+}
+int
+socks5_client_version_set_methods(socks5_client_version_t *inp, size_t idx, uint8_t elt)
+{
+ TRUNNEL_DYNARRAY_SET(&inp->methods, idx, elt);
+ return 0;
+}
+int
+socks5_client_version_add_methods(socks5_client_version_t *inp, uint8_t elt)
+{
+#if SIZE_MAX >= UINT8_MAX
+ if (inp->methods.n_ == UINT8_MAX)
+ goto trunnel_alloc_failed;
+#endif
+ TRUNNEL_DYNARRAY_ADD(uint8_t, &inp->methods, elt, {});
+ return 0;
+ trunnel_alloc_failed:
+ TRUNNEL_SET_ERROR_CODE(inp);
+ return -1;
+}
+
+uint8_t *
+socks5_client_version_getarray_methods(socks5_client_version_t *inp)
+{
+ return inp->methods.elts_;
+}
+const uint8_t *
+socks5_client_version_getconstarray_methods(const socks5_client_version_t *inp)
+{
+ return (const uint8_t *)socks5_client_version_getarray_methods((socks5_client_version_t*)inp);
+}
+int
+socks5_client_version_setlen_methods(socks5_client_version_t *inp, size_t newlen)
+{
+ uint8_t *newptr;
+#if UINT8_MAX < SIZE_MAX
+ if (newlen > UINT8_MAX)
+ goto trunnel_alloc_failed;
+#endif
+ newptr = trunnel_dynarray_setlen(&inp->methods.allocated_,
+ &inp->methods.n_, inp->methods.elts_, newlen,
+ sizeof(inp->methods.elts_[0]), (trunnel_free_fn_t) NULL,
+ &inp->trunnel_error_code_);
+ if (newlen != 0 && newptr == NULL)
+ goto trunnel_alloc_failed;
+ inp->methods.elts_ = newptr;
+ return 0;
+ trunnel_alloc_failed:
+ TRUNNEL_SET_ERROR_CODE(inp);
+ return -1;
+}
+const char *
+socks5_client_version_check(const socks5_client_version_t *obj)
+{
+ if (obj == NULL)
+ return "Object was NULL";
+ if (obj->trunnel_error_code_)
+ return "A set function failed on this object";
+ if (! (obj->version == 5))
+ return "Integer out of bounds";
+ if (TRUNNEL_DYNARRAY_LEN(&obj->methods) != obj->n_methods)
+ return "Length mismatch for methods";
+ return NULL;
+}
+
+ssize_t
+socks5_client_version_encoded_len(const socks5_client_version_t *obj)
+{
+ ssize_t result = 0;
+
+ if (NULL != socks5_client_version_check(obj))
+ return -1;
+
+
+ /* Length of u8 version IN [5] */
+ result += 1;
+
+ /* Length of u8 n_methods */
+ result += 1;
+
+ /* Length of u8 methods[n_methods] */
+ result += TRUNNEL_DYNARRAY_LEN(&obj->methods);
+ return result;
+}
+int
+socks5_client_version_clear_errors(socks5_client_version_t *obj)
+{
+ int r = obj->trunnel_error_code_;
+ obj->trunnel_error_code_ = 0;
+ return r;
+}
+ssize_t
+socks5_client_version_encode(uint8_t *output, const size_t avail, const socks5_client_version_t *obj)
+{
+ ssize_t result = 0;
+ size_t written = 0;
+ uint8_t *ptr = output;
+ const char *msg;
+#ifdef TRUNNEL_CHECK_ENCODED_LEN
+ const ssize_t encoded_len = socks5_client_version_encoded_len(obj);
+#endif
+
+ if (NULL != (msg = socks5_client_version_check(obj)))
+ goto check_failed;
+
+#ifdef TRUNNEL_CHECK_ENCODED_LEN
+ trunnel_assert(encoded_len >= 0);
+#endif
+
+ /* Encode u8 version IN [5] */
+ trunnel_assert(written <= avail);
+ if (avail - written < 1)
+ goto truncated;
+ trunnel_set_uint8(ptr, (obj->version));
+ written += 1; ptr += 1;
+
+ /* Encode u8 n_methods */
+ trunnel_assert(written <= avail);
+ if (avail - written < 1)
+ goto truncated;
+ trunnel_set_uint8(ptr, (obj->n_methods));
+ written += 1; ptr += 1;
+
+ /* Encode u8 methods[n_methods] */
+ {
+ size_t elt_len = TRUNNEL_DYNARRAY_LEN(&obj->methods);
+ trunnel_assert(obj->n_methods == elt_len);
+ trunnel_assert(written <= avail);
+ if (avail - written < elt_len)
+ goto truncated;
+ if (elt_len)
+ memcpy(ptr, obj->methods.elts_, elt_len);
+ written += elt_len; ptr += elt_len;
+ }
+
+
+ trunnel_assert(ptr == output + written);
+#ifdef TRUNNEL_CHECK_ENCODED_LEN
+ {
+ trunnel_assert(encoded_len >= 0);
+ trunnel_assert((size_t)encoded_len == written);
+ }
+
+#endif
+
+ return written;
+
+ truncated:
+ result = -2;
+ goto fail;
+ check_failed:
+ (void)msg;
+ result = -1;
+ goto fail;
+ fail:
+ trunnel_assert(result < 0);
+ return result;
+}
+
+/** As socks5_client_version_parse(), but do not allocate the output
+ * object.
+ */
+static ssize_t
+socks5_client_version_parse_into(socks5_client_version_t *obj, const uint8_t *input, const size_t len_in)
+{
+ const uint8_t *ptr = input;
+ size_t remaining = len_in;
+ ssize_t result = 0;
+ (void)result;
+
+ /* Parse u8 version IN [5] */
+ CHECK_REMAINING(1, truncated);
+ obj->version = (trunnel_get_uint8(ptr));
+ remaining -= 1; ptr += 1;
+ if (! (obj->version == 5))
+ goto fail;
+
+ /* Parse u8 n_methods */
+ CHECK_REMAINING(1, truncated);
+ obj->n_methods = (trunnel_get_uint8(ptr));
+ remaining -= 1; ptr += 1;
+
+ /* Parse u8 methods[n_methods] */
+ CHECK_REMAINING(obj->n_methods, truncated);
+ TRUNNEL_DYNARRAY_EXPAND(uint8_t, &obj->methods, obj->n_methods, {});
+ obj->methods.n_ = obj->n_methods;
+ if (obj->n_methods)
+ memcpy(obj->methods.elts_, ptr, obj->n_methods);
+ ptr += obj->n_methods; remaining -= obj->n_methods;
+ trunnel_assert(ptr + remaining == input + len_in);
+ return len_in - remaining;
+
+ truncated:
+ return -2;
+ trunnel_alloc_failed:
+ return -1;
+ fail:
+ result = -1;
+ return result;
+}
+
+ssize_t
+socks5_client_version_parse(socks5_client_version_t **output, const uint8_t *input, const size_t len_in)
+{
+ ssize_t result;
+ *output = socks5_client_version_new();
+ if (NULL == *output)
+ return -1;
+ result = socks5_client_version_parse_into(*output, input, len_in);
+ if (result < 0) {
+ socks5_client_version_free(*output);
+ *output = NULL;
+ }
+ return result;
+}
+socks5_server_method_t *
+socks5_server_method_new(void)
+{
+ socks5_server_method_t *val = trunnel_calloc(1, sizeof(socks5_server_method_t));
+ if (NULL == val)
+ return NULL;
+ val->version = 5;
+ return val;
+}
+
+/** Release all storage held inside 'obj', but do not free 'obj'.
+ */
+static void
+socks5_server_method_clear(socks5_server_method_t *obj)
+{
+ (void) obj;
+}
+
+void
+socks5_server_method_free(socks5_server_method_t *obj)
+{
+ if (obj == NULL)
+ return;
+ socks5_server_method_clear(obj);
+ trunnel_memwipe(obj, sizeof(socks5_server_method_t));
+ trunnel_free_(obj);
+}
+
+uint8_t
+socks5_server_method_get_version(const socks5_server_method_t *inp)
+{
+ return inp->version;
+}
+int
+socks5_server_method_set_version(socks5_server_method_t *inp, uint8_t val)
+{
+ if (! ((val == 5))) {
+ TRUNNEL_SET_ERROR_CODE(inp);
+ return -1;
+ }
+ inp->version = val;
+ return 0;
+}
+uint8_t
+socks5_server_method_get_method(const socks5_server_method_t *inp)
+{
+ return inp->method;
+}
+int
+socks5_server_method_set_method(socks5_server_method_t *inp, uint8_t val)
+{
+ inp->method = val;
+ return 0;
+}
+const char *
+socks5_server_method_check(const socks5_server_method_t *obj)
+{
+ if (obj == NULL)
+ return "Object was NULL";
+ if (obj->trunnel_error_code_)
+ return "A set function failed on this object";
+ if (! (obj->version == 5))
+ return "Integer out of bounds";
+ return NULL;
+}
+
+ssize_t
+socks5_server_method_encoded_len(const socks5_server_method_t *obj)
+{
+ ssize_t result = 0;
+
+ if (NULL != socks5_server_method_check(obj))
+ return -1;
+
+
+ /* Length of u8 version IN [5] */
+ result += 1;
+
+ /* Length of u8 method */
+ result += 1;
+ return result;
+}
+int
+socks5_server_method_clear_errors(socks5_server_method_t *obj)
+{
+ int r = obj->trunnel_error_code_;
+ obj->trunnel_error_code_ = 0;
+ return r;
+}
+ssize_t
+socks5_server_method_encode(uint8_t *output, const size_t avail, const socks5_server_method_t *obj)
+{
+ ssize_t result = 0;
+ size_t written = 0;
+ uint8_t *ptr = output;
+ const char *msg;
+#ifdef TRUNNEL_CHECK_ENCODED_LEN
+ const ssize_t encoded_len = socks5_server_method_encoded_len(obj);
+#endif
+
+ if (NULL != (msg = socks5_server_method_check(obj)))
+ goto check_failed;
+
+#ifdef TRUNNEL_CHECK_ENCODED_LEN
+ trunnel_assert(encoded_len >= 0);
+#endif
+
+ /* Encode u8 version IN [5] */
+ trunnel_assert(written <= avail);
+ if (avail - written < 1)
+ goto truncated;
+ trunnel_set_uint8(ptr, (obj->version));
+ written += 1; ptr += 1;
+
+ /* Encode u8 method */
+ trunnel_assert(written <= avail);
+ if (avail - written < 1)
+ goto truncated;
+ trunnel_set_uint8(ptr, (obj->method));
+ written += 1; ptr += 1;
+
+
+ trunnel_assert(ptr == output + written);
+#ifdef TRUNNEL_CHECK_ENCODED_LEN
+ {
+ trunnel_assert(encoded_len >= 0);
+ trunnel_assert((size_t)encoded_len == written);
+ }
+
+#endif
+
+ return written;
+
+ truncated:
+ result = -2;
+ goto fail;
+ check_failed:
+ (void)msg;
+ result = -1;
+ goto fail;
+ fail:
+ trunnel_assert(result < 0);
+ return result;
+}
+
+/** As socks5_server_method_parse(), but do not allocate the output
+ * object.
+ */
+static ssize_t
+socks5_server_method_parse_into(socks5_server_method_t *obj, const uint8_t *input, const size_t len_in)
+{
+ const uint8_t *ptr = input;
+ size_t remaining = len_in;
+ ssize_t result = 0;
+ (void)result;
+
+ /* Parse u8 version IN [5] */
+ CHECK_REMAINING(1, truncated);
+ obj->version = (trunnel_get_uint8(ptr));
+ remaining -= 1; ptr += 1;
+ if (! (obj->version == 5))
+ goto fail;
+
+ /* Parse u8 method */
+ CHECK_REMAINING(1, truncated);
+ obj->method = (trunnel_get_uint8(ptr));
+ remaining -= 1; ptr += 1;
+ trunnel_assert(ptr + remaining == input + len_in);
+ return len_in - remaining;
+
+ truncated:
+ return -2;
+ fail:
+ result = -1;
+ return result;
+}
+
+ssize_t
+socks5_server_method_parse(socks5_server_method_t **output, const uint8_t *input, const size_t len_in)
+{
+ ssize_t result;
+ *output = socks5_server_method_new();
+ if (NULL == *output)
+ return -1;
+ result = socks5_server_method_parse_into(*output, input, len_in);
+ if (result < 0) {
+ socks5_server_method_free(*output);
+ *output = NULL;
+ }
+ return result;
+}
+socks5_server_userpath_auth_t *
+socks5_server_userpath_auth_new(void)
+{
+ socks5_server_userpath_auth_t *val = trunnel_calloc(1, sizeof(socks5_server_userpath_auth_t));
+ if (NULL == val)
+ return NULL;
+ val->version = 1;
+ return val;
+}
+
+/** Release all storage held inside 'obj', but do not free 'obj'.
+ */
+static void
+socks5_server_userpath_auth_clear(socks5_server_userpath_auth_t *obj)
+{
+ (void) obj;
+}
+
+void
+socks5_server_userpath_auth_free(socks5_server_userpath_auth_t *obj)
+{
+ if (obj == NULL)
+ return;
+ socks5_server_userpath_auth_clear(obj);
+ trunnel_memwipe(obj, sizeof(socks5_server_userpath_auth_t));
+ trunnel_free_(obj);
+}
+
+uint8_t
+socks5_server_userpath_auth_get_version(const socks5_server_userpath_auth_t *inp)
+{
+ return inp->version;
+}
+int
+socks5_server_userpath_auth_set_version(socks5_server_userpath_auth_t *inp, uint8_t val)
+{
+ if (! ((val == 1))) {
+ TRUNNEL_SET_ERROR_CODE(inp);
+ return -1;
+ }
+ inp->version = val;
+ return 0;
+}
+uint8_t
+socks5_server_userpath_auth_get_status(const socks5_server_userpath_auth_t *inp)
+{
+ return inp->status;
+}
+int
+socks5_server_userpath_auth_set_status(socks5_server_userpath_auth_t *inp, uint8_t val)
+{
+ inp->status = val;
+ return 0;
+}
+const char *
+socks5_server_userpath_auth_check(const socks5_server_userpath_auth_t *obj)
+{
+ if (obj == NULL)
+ return "Object was NULL";
+ if (obj->trunnel_error_code_)
+ return "A set function failed on this object";
+ if (! (obj->version == 1))
+ return "Integer out of bounds";
+ return NULL;
+}
+
+ssize_t
+socks5_server_userpath_auth_encoded_len(const socks5_server_userpath_auth_t *obj)
+{
+ ssize_t result = 0;
+
+ if (NULL != socks5_server_userpath_auth_check(obj))
+ return -1;
+
+
+ /* Length of u8 version IN [1] */
+ result += 1;
+
+ /* Length of u8 status */
+ result += 1;
+ return result;
+}
+int
+socks5_server_userpath_auth_clear_errors(socks5_server_userpath_auth_t *obj)
+{
+ int r = obj->trunnel_error_code_;
+ obj->trunnel_error_code_ = 0;
+ return r;
+}
+ssize_t
+socks5_server_userpath_auth_encode(uint8_t *output, const size_t avail, const socks5_server_userpath_auth_t *obj)
+{
+ ssize_t result = 0;
+ size_t written = 0;
+ uint8_t *ptr = output;
+ const char *msg;
+#ifdef TRUNNEL_CHECK_ENCODED_LEN
+ const ssize_t encoded_len = socks5_server_userpath_auth_encoded_len(obj);
+#endif
+
+ if (NULL != (msg = socks5_server_userpath_auth_check(obj)))
+ goto check_failed;
+
+#ifdef TRUNNEL_CHECK_ENCODED_LEN
+ trunnel_assert(encoded_len >= 0);
+#endif
+
+ /* Encode u8 version IN [1] */
+ trunnel_assert(written <= avail);
+ if (avail - written < 1)
+ goto truncated;
+ trunnel_set_uint8(ptr, (obj->version));
+ written += 1; ptr += 1;
+
+ /* Encode u8 status */
+ trunnel_assert(written <= avail);
+ if (avail - written < 1)
+ goto truncated;
+ trunnel_set_uint8(ptr, (obj->status));
+ written += 1; ptr += 1;
+
+
+ trunnel_assert(ptr == output + written);
+#ifdef TRUNNEL_CHECK_ENCODED_LEN
+ {
+ trunnel_assert(encoded_len >= 0);
+ trunnel_assert((size_t)encoded_len == written);
+ }
+
+#endif
+
+ return written;
+
+ truncated:
+ result = -2;
+ goto fail;
+ check_failed:
+ (void)msg;
+ result = -1;
+ goto fail;
+ fail:
+ trunnel_assert(result < 0);
+ return result;
+}
+
+/** As socks5_server_userpath_auth_parse(), but do not allocate the
+ * output object.
+ */
+static ssize_t
+socks5_server_userpath_auth_parse_into(socks5_server_userpath_auth_t *obj, const uint8_t *input, const size_t len_in)
+{
+ const uint8_t *ptr = input;
+ size_t remaining = len_in;
+ ssize_t result = 0;
+ (void)result;
+
+ /* Parse u8 version IN [1] */
+ CHECK_REMAINING(1, truncated);
+ obj->version = (trunnel_get_uint8(ptr));
+ remaining -= 1; ptr += 1;
+ if (! (obj->version == 1))
+ goto fail;
+
+ /* Parse u8 status */
+ CHECK_REMAINING(1, truncated);
+ obj->status = (trunnel_get_uint8(ptr));
+ remaining -= 1; ptr += 1;
+ trunnel_assert(ptr + remaining == input + len_in);
+ return len_in - remaining;
+
+ truncated:
+ return -2;
+ fail:
+ result = -1;
+ return result;
+}
+
+ssize_t
+socks5_server_userpath_auth_parse(socks5_server_userpath_auth_t **output, const uint8_t *input, const size_t len_in)
+{
+ ssize_t result;
+ *output = socks5_server_userpath_auth_new();
+ if (NULL == *output)
+ return -1;
+ result = socks5_server_userpath_auth_parse_into(*output, input, len_in);
+ if (result < 0) {
+ socks5_server_userpath_auth_free(*output);
+ *output = NULL;
+ }
+ return result;
+}
+tor_socksauth_keyval_t *
+tor_socksauth_keyval_new(void)
+{
+ tor_socksauth_keyval_t *val = trunnel_calloc(1, sizeof(tor_socksauth_keyval_t));
+ if (NULL == val)
+ return NULL;
+ return val;
+}
+
+/** Release all storage held inside 'obj', but do not free 'obj'.
+ */
+static void
+tor_socksauth_keyval_clear(tor_socksauth_keyval_t *obj)
+{
+ (void) obj;
+ TRUNNEL_DYNARRAY_WIPE(&obj->key);
+ TRUNNEL_DYNARRAY_CLEAR(&obj->key);
+ TRUNNEL_DYNARRAY_WIPE(&obj->val);
+ TRUNNEL_DYNARRAY_CLEAR(&obj->val);
+}
+
+void
+tor_socksauth_keyval_free(tor_socksauth_keyval_t *obj)
+{
+ if (obj == NULL)
+ return;
+ tor_socksauth_keyval_clear(obj);
+ trunnel_memwipe(obj, sizeof(tor_socksauth_keyval_t));
+ trunnel_free_(obj);
+}
+
+uint16_t
+tor_socksauth_keyval_get_keylen(const tor_socksauth_keyval_t *inp)
+{
+ return inp->keylen;
+}
+int
+tor_socksauth_keyval_set_keylen(tor_socksauth_keyval_t *inp, uint16_t val)
+{
+ inp->keylen = val;
+ return 0;
+}
+size_t
+tor_socksauth_keyval_getlen_key(const tor_socksauth_keyval_t *inp)
+{
+ return TRUNNEL_DYNARRAY_LEN(&inp->key);
+}
+
+char
+tor_socksauth_keyval_get_key(tor_socksauth_keyval_t *inp, size_t idx)
+{
+ return TRUNNEL_DYNARRAY_GET(&inp->key, idx);
+}
+
+char
+tor_socksauth_keyval_getconst_key(const tor_socksauth_keyval_t *inp, size_t idx)
+{
+ return tor_socksauth_keyval_get_key((tor_socksauth_keyval_t*)inp, idx);
+}
+int
+tor_socksauth_keyval_set_key(tor_socksauth_keyval_t *inp, size_t idx, char elt)
+{
+ TRUNNEL_DYNARRAY_SET(&inp->key, idx, elt);
+ return 0;
+}
+int
+tor_socksauth_keyval_add_key(tor_socksauth_keyval_t *inp, char elt)
+{
+#if SIZE_MAX >= UINT16_MAX
+ if (inp->key.n_ == UINT16_MAX)
+ goto trunnel_alloc_failed;
+#endif
+ TRUNNEL_DYNARRAY_ADD(char, &inp->key, elt, {});
+ return 0;
+ trunnel_alloc_failed:
+ TRUNNEL_SET_ERROR_CODE(inp);
+ return -1;
+}
+
+char *
+tor_socksauth_keyval_getarray_key(tor_socksauth_keyval_t *inp)
+{
+ return inp->key.elts_;
+}
+const char *
+tor_socksauth_keyval_getconstarray_key(const tor_socksauth_keyval_t *inp)
+{
+ return (const char *)tor_socksauth_keyval_getarray_key((tor_socksauth_keyval_t*)inp);
+}
+int
+tor_socksauth_keyval_setlen_key(tor_socksauth_keyval_t *inp, size_t newlen)
+{
+#if UINT16_MAX < SIZE_MAX
+ if (newlen > UINT16_MAX)
+ goto trunnel_alloc_failed;
+#endif
+ return trunnel_string_setlen(&inp->key, newlen,
+ &inp->trunnel_error_code_);
+ trunnel_alloc_failed:
+ TRUNNEL_SET_ERROR_CODE(inp);
+ return -1;
+}
+const char *
+tor_socksauth_keyval_getstr_key(tor_socksauth_keyval_t *inp)
+{
+ return trunnel_string_getstr(&inp->key);
+}
+int
+tor_socksauth_keyval_setstr0_key(tor_socksauth_keyval_t *inp, const char *val, size_t len)
+{
+#if UINT16_MAX < SIZE_MAX
+ if (len > UINT16_MAX) {
+ TRUNNEL_SET_ERROR_CODE(inp);
+ return -1;
+ }
+#endif
+ return trunnel_string_setstr0(&inp->key, val, len, &inp->trunnel_error_code_);
+}
+int
+tor_socksauth_keyval_setstr_key(tor_socksauth_keyval_t *inp, const char *val)
+{
+ return tor_socksauth_keyval_setstr0_key(inp, val, strlen(val));
+}
+uint16_t
+tor_socksauth_keyval_get_vallen(const tor_socksauth_keyval_t *inp)
+{
+ return inp->vallen;
+}
+int
+tor_socksauth_keyval_set_vallen(tor_socksauth_keyval_t *inp, uint16_t val)
+{
+ inp->vallen = val;
+ return 0;
+}
+size_t
+tor_socksauth_keyval_getlen_val(const tor_socksauth_keyval_t *inp)
+{
+ return TRUNNEL_DYNARRAY_LEN(&inp->val);
+}
+
+char
+tor_socksauth_keyval_get_val(tor_socksauth_keyval_t *inp, size_t idx)
+{
+ return TRUNNEL_DYNARRAY_GET(&inp->val, idx);
+}
+
+char
+tor_socksauth_keyval_getconst_val(const tor_socksauth_keyval_t *inp, size_t idx)
+{
+ return tor_socksauth_keyval_get_val((tor_socksauth_keyval_t*)inp, idx);
+}
+int
+tor_socksauth_keyval_set_val(tor_socksauth_keyval_t *inp, size_t idx, char elt)
+{
+ TRUNNEL_DYNARRAY_SET(&inp->val, idx, elt);
+ return 0;
+}
+int
+tor_socksauth_keyval_add_val(tor_socksauth_keyval_t *inp, char elt)
+{
+#if SIZE_MAX >= UINT16_MAX
+ if (inp->val.n_ == UINT16_MAX)
+ goto trunnel_alloc_failed;
+#endif
+ TRUNNEL_DYNARRAY_ADD(char, &inp->val, elt, {});
+ return 0;
+ trunnel_alloc_failed:
+ TRUNNEL_SET_ERROR_CODE(inp);
+ return -1;
+}
+
+char *
+tor_socksauth_keyval_getarray_val(tor_socksauth_keyval_t *inp)
+{
+ return inp->val.elts_;
+}
+const char *
+tor_socksauth_keyval_getconstarray_val(const tor_socksauth_keyval_t *inp)
+{
+ return (const char *)tor_socksauth_keyval_getarray_val((tor_socksauth_keyval_t*)inp);
+}
+int
+tor_socksauth_keyval_setlen_val(tor_socksauth_keyval_t *inp, size_t newlen)
+{
+#if UINT16_MAX < SIZE_MAX
+ if (newlen > UINT16_MAX)
+ goto trunnel_alloc_failed;
+#endif
+ return trunnel_string_setlen(&inp->val, newlen,
+ &inp->trunnel_error_code_);
+ trunnel_alloc_failed:
+ TRUNNEL_SET_ERROR_CODE(inp);
+ return -1;
+}
+const char *
+tor_socksauth_keyval_getstr_val(tor_socksauth_keyval_t *inp)
+{
+ return trunnel_string_getstr(&inp->val);
+}
+int
+tor_socksauth_keyval_setstr0_val(tor_socksauth_keyval_t *inp, const char *val, size_t len)
+{
+#if UINT16_MAX < SIZE_MAX
+ if (len > UINT16_MAX) {
+ TRUNNEL_SET_ERROR_CODE(inp);
+ return -1;
+ }
+#endif
+ return trunnel_string_setstr0(&inp->val, val, len, &inp->trunnel_error_code_);
+}
+int
+tor_socksauth_keyval_setstr_val(tor_socksauth_keyval_t *inp, const char *val)
+{
+ return tor_socksauth_keyval_setstr0_val(inp, val, strlen(val));
+}
+const char *
+tor_socksauth_keyval_check(const tor_socksauth_keyval_t *obj)
+{
+ if (obj == NULL)
+ return "Object was NULL";
+ if (obj->trunnel_error_code_)
+ return "A set function failed on this object";
+ if (TRUNNEL_DYNARRAY_LEN(&obj->key) != obj->keylen)
+ return "Length mismatch for key";
+ if (TRUNNEL_DYNARRAY_LEN(&obj->val) != obj->vallen)
+ return "Length mismatch for val";
+ return NULL;
+}
+
+ssize_t
+tor_socksauth_keyval_encoded_len(const tor_socksauth_keyval_t *obj)
+{
+ ssize_t result = 0;
+
+ if (NULL != tor_socksauth_keyval_check(obj))
+ return -1;
+
+
+ /* Length of u16 keylen */
+ result += 2;
+
+ /* Length of char key[keylen] */
+ result += TRUNNEL_DYNARRAY_LEN(&obj->key);
+
+ /* Length of u16 vallen */
+ result += 2;
+
+ /* Length of char val[vallen] */
+ result += TRUNNEL_DYNARRAY_LEN(&obj->val);
+ return result;
+}
+int
+tor_socksauth_keyval_clear_errors(tor_socksauth_keyval_t *obj)
+{
+ int r = obj->trunnel_error_code_;
+ obj->trunnel_error_code_ = 0;
+ return r;
+}
+ssize_t
+tor_socksauth_keyval_encode(uint8_t *output, const size_t avail, const tor_socksauth_keyval_t *obj)
+{
+ ssize_t result = 0;
+ size_t written = 0;
+ uint8_t *ptr = output;
+ const char *msg;
+#ifdef TRUNNEL_CHECK_ENCODED_LEN
+ const ssize_t encoded_len = tor_socksauth_keyval_encoded_len(obj);
+#endif
+
+ if (NULL != (msg = tor_socksauth_keyval_check(obj)))
+ goto check_failed;
+
+#ifdef TRUNNEL_CHECK_ENCODED_LEN
+ trunnel_assert(encoded_len >= 0);
+#endif
+
+ /* Encode u16 keylen */
+ trunnel_assert(written <= avail);
+ if (avail - written < 2)
+ goto truncated;
+ trunnel_set_uint16(ptr, trunnel_htons(obj->keylen));
+ written += 2; ptr += 2;
+
+ /* Encode char key[keylen] */
+ {
+ size_t elt_len = TRUNNEL_DYNARRAY_LEN(&obj->key);
+ trunnel_assert(obj->keylen == elt_len);
+ trunnel_assert(written <= avail);
+ if (avail - written < elt_len)
+ goto truncated;
+ if (elt_len)
+ memcpy(ptr, obj->key.elts_, elt_len);
+ written += elt_len; ptr += elt_len;
+ }
+
+ /* Encode u16 vallen */
+ trunnel_assert(written <= avail);
+ if (avail - written < 2)
+ goto truncated;
+ trunnel_set_uint16(ptr, trunnel_htons(obj->vallen));
+ written += 2; ptr += 2;
+
+ /* Encode char val[vallen] */
+ {
+ size_t elt_len = TRUNNEL_DYNARRAY_LEN(&obj->val);
+ trunnel_assert(obj->vallen == elt_len);
+ trunnel_assert(written <= avail);
+ if (avail - written < elt_len)
+ goto truncated;
+ if (elt_len)
+ memcpy(ptr, obj->val.elts_, elt_len);
+ written += elt_len; ptr += elt_len;
+ }
+
+
+ trunnel_assert(ptr == output + written);
+#ifdef TRUNNEL_CHECK_ENCODED_LEN
+ {
+ trunnel_assert(encoded_len >= 0);
+ trunnel_assert((size_t)encoded_len == written);
+ }
+
+#endif
+
+ return written;
+
+ truncated:
+ result = -2;
+ goto fail;
+ check_failed:
+ (void)msg;
+ result = -1;
+ goto fail;
+ fail:
+ trunnel_assert(result < 0);
+ return result;
+}
+
+/** As tor_socksauth_keyval_parse(), but do not allocate the output
+ * object.
+ */
+static ssize_t
+tor_socksauth_keyval_parse_into(tor_socksauth_keyval_t *obj, const uint8_t *input, const size_t len_in)
+{
+ const uint8_t *ptr = input;
+ size_t remaining = len_in;
+ ssize_t result = 0;
+ (void)result;
+
+ /* Parse u16 keylen */
+ CHECK_REMAINING(2, truncated);
+ obj->keylen = trunnel_ntohs(trunnel_get_uint16(ptr));
+ remaining -= 2; ptr += 2;
+
+ /* Parse char key[keylen] */
+ CHECK_REMAINING(obj->keylen, truncated);
+ if (tor_socksauth_keyval_setstr0_key(obj, (const char*)ptr, obj->keylen))
+ goto fail;
+ ptr += obj->keylen; remaining -= obj->keylen;
+
+ /* Parse u16 vallen */
+ CHECK_REMAINING(2, truncated);
+ obj->vallen = trunnel_ntohs(trunnel_get_uint16(ptr));
+ remaining -= 2; ptr += 2;
+
+ /* Parse char val[vallen] */
+ CHECK_REMAINING(obj->vallen, truncated);
+ if (tor_socksauth_keyval_setstr0_val(obj, (const char*)ptr, obj->vallen))
+ goto fail;
+ ptr += obj->vallen; remaining -= obj->vallen;
+ trunnel_assert(ptr + remaining == input + len_in);
+ return len_in - remaining;
+
+ truncated:
+ return -2;
+ fail:
+ result = -1;
+ return result;
+}
+
+ssize_t
+tor_socksauth_keyval_parse(tor_socksauth_keyval_t **output, const uint8_t *input, const size_t len_in)
+{
+ ssize_t result;
+ *output = tor_socksauth_keyval_new();
+ if (NULL == *output)
+ return -1;
+ result = tor_socksauth_keyval_parse_into(*output, input, len_in);
+ if (result < 0) {
+ tor_socksauth_keyval_free(*output);
+ *output = NULL;
+ }
+ return result;
+}
+socks5_client_request_t *
+socks5_client_request_new(void)
+{
+ socks5_client_request_t *val = trunnel_calloc(1, sizeof(socks5_client_request_t));
+ if (NULL == val)
+ return NULL;
+ val->version = 5;
+ val->command = CMD_BIND;
+ return val;
+}
+
+/** Release all storage held inside 'obj', but do not free 'obj'.
+ */
+static void
+socks5_client_request_clear(socks5_client_request_t *obj)
+{
+ (void) obj;
+ domainname_free(obj->dest_addr_domainname);
+ obj->dest_addr_domainname = NULL;
+}
+
+void
+socks5_client_request_free(socks5_client_request_t *obj)
+{
+ if (obj == NULL)
+ return;
+ socks5_client_request_clear(obj);
+ trunnel_memwipe(obj, sizeof(socks5_client_request_t));
+ trunnel_free_(obj);
+}
+
+uint8_t
+socks5_client_request_get_version(const socks5_client_request_t *inp)
+{
+ return inp->version;
+}
+int
+socks5_client_request_set_version(socks5_client_request_t *inp, uint8_t val)
+{
+ if (! ((val == 5))) {
+ TRUNNEL_SET_ERROR_CODE(inp);
+ return -1;
+ }
+ inp->version = val;
+ return 0;
+}
+uint8_t
+socks5_client_request_get_command(const socks5_client_request_t *inp)
+{
+ return inp->command;
+}
+int
+socks5_client_request_set_command(socks5_client_request_t *inp, uint8_t val)
+{
+ if (! ((val == CMD_BIND || val == CMD_CONNECT || val == CMD_RESOLVE_PTR || val == CMD_UDP_ASSOCIATE))) {
+ TRUNNEL_SET_ERROR_CODE(inp);
+ return -1;
+ }
+ inp->command = val;
+ return 0;
+}
+uint8_t
+socks5_client_request_get_reserved(const socks5_client_request_t *inp)
+{
+ return inp->reserved;
+}
+int
+socks5_client_request_set_reserved(socks5_client_request_t *inp, uint8_t val)
+{
+ if (! ((val == 0))) {
+ TRUNNEL_SET_ERROR_CODE(inp);
+ return -1;
+ }
+ inp->reserved = val;
+ return 0;
+}
+uint8_t
+socks5_client_request_get_atype(const socks5_client_request_t *inp)
+{
+ return inp->atype;
+}
+int
+socks5_client_request_set_atype(socks5_client_request_t *inp, uint8_t val)
+{
+ inp->atype = val;
+ return 0;
+}
+uint32_t
+socks5_client_request_get_dest_addr_ipv4(const socks5_client_request_t *inp)
+{
+ return inp->dest_addr_ipv4;
+}
+int
+socks5_client_request_set_dest_addr_ipv4(socks5_client_request_t *inp, uint32_t val)
+{
+ inp->dest_addr_ipv4 = val;
+ return 0;
+}
+size_t
+socks5_client_request_getlen_dest_addr_ipv6(const socks5_client_request_t *inp)
+{
+ (void)inp; return 16;
+}
+
+uint8_t
+socks5_client_request_get_dest_addr_ipv6(socks5_client_request_t *inp, size_t idx)
+{
+ trunnel_assert(idx < 16);
+ return inp->dest_addr_ipv6[idx];
+}
+
+uint8_t
+socks5_client_request_getconst_dest_addr_ipv6(const socks5_client_request_t *inp, size_t idx)
+{
+ return socks5_client_request_get_dest_addr_ipv6((socks5_client_request_t*)inp, idx);
+}
+int
+socks5_client_request_set_dest_addr_ipv6(socks5_client_request_t *inp, size_t idx, uint8_t elt)
+{
+ trunnel_assert(idx < 16);
+ inp->dest_addr_ipv6[idx] = elt;
+ return 0;
+}
+
+uint8_t *
+socks5_client_request_getarray_dest_addr_ipv6(socks5_client_request_t *inp)
+{
+ return inp->dest_addr_ipv6;
+}
+const uint8_t *
+socks5_client_request_getconstarray_dest_addr_ipv6(const socks5_client_request_t *inp)
+{
+ return (const uint8_t *)socks5_client_request_getarray_dest_addr_ipv6((socks5_client_request_t*)inp);
+}
+struct domainname_st *
+socks5_client_request_get_dest_addr_domainname(socks5_client_request_t *inp)
+{
+ return inp->dest_addr_domainname;
+}
+const struct domainname_st *
+socks5_client_request_getconst_dest_addr_domainname(const socks5_client_request_t *inp)
+{
+ return socks5_client_request_get_dest_addr_domainname((socks5_client_request_t*) inp);
+}
+int
+socks5_client_request_set_dest_addr_domainname(socks5_client_request_t *inp, struct domainname_st *val)
+{
+ if (inp->dest_addr_domainname && inp->dest_addr_domainname != val)
+ domainname_free(inp->dest_addr_domainname);
+ return socks5_client_request_set0_dest_addr_domainname(inp, val);
+}
+int
+socks5_client_request_set0_dest_addr_domainname(socks5_client_request_t *inp, struct domainname_st *val)
+{
+ inp->dest_addr_domainname = val;
+ return 0;
+}
+uint16_t
+socks5_client_request_get_dest_port(const socks5_client_request_t *inp)
+{
+ return inp->dest_port;
+}
+int
+socks5_client_request_set_dest_port(socks5_client_request_t *inp, uint16_t val)
+{
+ inp->dest_port = val;
+ return 0;
+}
+const char *
+socks5_client_request_check(const socks5_client_request_t *obj)
+{
+ if (obj == NULL)
+ return "Object was NULL";
+ if (obj->trunnel_error_code_)
+ return "A set function failed on this object";
+ if (! (obj->version == 5))
+ return "Integer out of bounds";
+ if (! (obj->command == CMD_BIND || obj->command == CMD_CONNECT || obj->command == CMD_RESOLVE_PTR || obj->command == CMD_UDP_ASSOCIATE))
+ return "Integer out of bounds";
+ if (! (obj->reserved == 0))
+ return "Integer out of bounds";
+ switch (obj->atype) {
+
+ case ATYPE_IPV4:
+ break;
+
+ case ATYPE_IPV6:
+ break;
+
+ case ATYPE_DOMAINNAME:
+ {
+ const char *msg;
+ if (NULL != (msg = domainname_check(obj->dest_addr_domainname)))
+ return msg;
+ }
+ break;
+
+ default:
+ return "Bad tag for union";
+ break;
+ }
+ return NULL;
+}
+
+ssize_t
+socks5_client_request_encoded_len(const socks5_client_request_t *obj)
+{
+ ssize_t result = 0;
+
+ if (NULL != socks5_client_request_check(obj))
+ return -1;
+
+
+ /* Length of u8 version IN [5] */
+ result += 1;
+
+ /* Length of u8 command IN [CMD_BIND, CMD_CONNECT, CMD_RESOLVE_PTR, CMD_UDP_ASSOCIATE] */
+ result += 1;
+
+ /* Length of u8 reserved IN [0] */
+ result += 1;
+
+ /* Length of u8 atype */
+ result += 1;
+ switch (obj->atype) {
+
+ case ATYPE_IPV4:
+
+ /* Length of u32 dest_addr_ipv4 */
+ result += 4;
+ break;
+
+ case ATYPE_IPV6:
+
+ /* Length of u8 dest_addr_ipv6[16] */
+ result += 16;
+ break;
+
+ case ATYPE_DOMAINNAME:
+
+ /* Length of struct domainname dest_addr_domainname */
+ result += domainname_encoded_len(obj->dest_addr_domainname);
+ break;
+
+ default:
+ trunnel_assert(0);
+ break;
+ }
+
+ /* Length of u16 dest_port */
+ result += 2;
+ return result;
+}
+int
+socks5_client_request_clear_errors(socks5_client_request_t *obj)
+{
+ int r = obj->trunnel_error_code_;
+ obj->trunnel_error_code_ = 0;
+ return r;
+}
+ssize_t
+socks5_client_request_encode(uint8_t *output, const size_t avail, const socks5_client_request_t *obj)
+{
+ ssize_t result = 0;
+ size_t written = 0;
+ uint8_t *ptr = output;
+ const char *msg;
+#ifdef TRUNNEL_CHECK_ENCODED_LEN
+ const ssize_t encoded_len = socks5_client_request_encoded_len(obj);
+#endif
+
+ if (NULL != (msg = socks5_client_request_check(obj)))
+ goto check_failed;
+
+#ifdef TRUNNEL_CHECK_ENCODED_LEN
+ trunnel_assert(encoded_len >= 0);
+#endif
+
+ /* Encode u8 version IN [5] */
+ trunnel_assert(written <= avail);
+ if (avail - written < 1)
+ goto truncated;
+ trunnel_set_uint8(ptr, (obj->version));
+ written += 1; ptr += 1;
+
+ /* Encode u8 command IN [CMD_BIND, CMD_CONNECT, CMD_RESOLVE_PTR, CMD_UDP_ASSOCIATE] */
+ trunnel_assert(written <= avail);
+ if (avail - written < 1)
+ goto truncated;
+ trunnel_set_uint8(ptr, (obj->command));
+ written += 1; ptr += 1;
+
+ /* Encode u8 reserved IN [0] */
+ trunnel_assert(written <= avail);
+ if (avail - written < 1)
+ goto truncated;
+ trunnel_set_uint8(ptr, (obj->reserved));
+ written += 1; ptr += 1;
+
+ /* Encode u8 atype */
+ trunnel_assert(written <= avail);
+ if (avail - written < 1)
+ goto truncated;
+ trunnel_set_uint8(ptr, (obj->atype));
+ written += 1; ptr += 1;
+
+ /* Encode union dest_addr[atype] */
+ trunnel_assert(written <= avail);
+ switch (obj->atype) {
+
+ case ATYPE_IPV4:
+
+ /* Encode u32 dest_addr_ipv4 */
+ trunnel_assert(written <= avail);
+ if (avail - written < 4)
+ goto truncated;
+ trunnel_set_uint32(ptr, trunnel_htonl(obj->dest_addr_ipv4));
+ written += 4; ptr += 4;
+ break;
+
+ case ATYPE_IPV6:
+
+ /* Encode u8 dest_addr_ipv6[16] */
+ trunnel_assert(written <= avail);
+ if (avail - written < 16)
+ goto truncated;
+ memcpy(ptr, obj->dest_addr_ipv6, 16);
+ written += 16; ptr += 16;
+ break;
+
+ case ATYPE_DOMAINNAME:
+
+ /* Encode struct domainname dest_addr_domainname */
+ trunnel_assert(written <= avail);
+ result = domainname_encode(ptr, avail - written, obj->dest_addr_domainname);
+ if (result < 0)
+ goto fail; /* XXXXXXX !*/
+ written += result; ptr += result;
+ break;
+
+ default:
+ trunnel_assert(0);
+ break;
+ }
+
+ /* Encode u16 dest_port */
+ trunnel_assert(written <= avail);
+ if (avail - written < 2)
+ goto truncated;
+ trunnel_set_uint16(ptr, trunnel_htons(obj->dest_port));
+ written += 2; ptr += 2;
+
+
+ trunnel_assert(ptr == output + written);
+#ifdef TRUNNEL_CHECK_ENCODED_LEN
+ {
+ trunnel_assert(encoded_len >= 0);
+ trunnel_assert((size_t)encoded_len == written);
+ }
+
+#endif
+
+ return written;
+
+ truncated:
+ result = -2;
+ goto fail;
+ check_failed:
+ (void)msg;
+ result = -1;
+ goto fail;
+ fail:
+ trunnel_assert(result < 0);
+ return result;
+}
+
+/** As socks5_client_request_parse(), but do not allocate the output
+ * object.
+ */
+static ssize_t
+socks5_client_request_parse_into(socks5_client_request_t *obj, const uint8_t *input, const size_t len_in)
+{
+ const uint8_t *ptr = input;
+ size_t remaining = len_in;
+ ssize_t result = 0;
+ (void)result;
+
+ /* Parse u8 version IN [5] */
+ CHECK_REMAINING(1, truncated);
+ obj->version = (trunnel_get_uint8(ptr));
+ remaining -= 1; ptr += 1;
+ if (! (obj->version == 5))
+ goto fail;
+
+ /* Parse u8 command IN [CMD_BIND, CMD_CONNECT, CMD_RESOLVE_PTR, CMD_UDP_ASSOCIATE] */
+ CHECK_REMAINING(1, truncated);
+ obj->command = (trunnel_get_uint8(ptr));
+ remaining -= 1; ptr += 1;
+ if (! (obj->command == CMD_BIND || obj->command == CMD_CONNECT || obj->command == CMD_RESOLVE_PTR || obj->command == CMD_UDP_ASSOCIATE))
+ goto fail;
+
+ /* Parse u8 reserved IN [0] */
+ CHECK_REMAINING(1, truncated);
+ obj->reserved = (trunnel_get_uint8(ptr));
+ remaining -= 1; ptr += 1;
+ if (! (obj->reserved == 0))
+ goto fail;
+
+ /* Parse u8 atype */
+ CHECK_REMAINING(1, truncated);
+ obj->atype = (trunnel_get_uint8(ptr));
+ remaining -= 1; ptr += 1;
+
+ /* Parse union dest_addr[atype] */
+ switch (obj->atype) {
+
+ case ATYPE_IPV4:
+
+ /* Parse u32 dest_addr_ipv4 */
+ CHECK_REMAINING(4, truncated);
+ obj->dest_addr_ipv4 = trunnel_ntohl(trunnel_get_uint32(ptr));
+ remaining -= 4; ptr += 4;
+ break;
+
+ case ATYPE_IPV6:
+
+ /* Parse u8 dest_addr_ipv6[16] */
+ CHECK_REMAINING(16, truncated);
+ memcpy(obj->dest_addr_ipv6, ptr, 16);
+ remaining -= 16; ptr += 16;
+ break;
+
+ case ATYPE_DOMAINNAME:
+
+ /* Parse struct domainname dest_addr_domainname */
+ result = domainname_parse(&obj->dest_addr_domainname, ptr, remaining);
+ if (result < 0)
+ goto relay_fail;
+ trunnel_assert((size_t)result <= remaining);
+ remaining -= result; ptr += result;
+ break;
+
+ default:
+ goto fail;
+ break;
+ }
+
+ /* Parse u16 dest_port */
+ CHECK_REMAINING(2, truncated);
+ obj->dest_port = trunnel_ntohs(trunnel_get_uint16(ptr));
+ remaining -= 2; ptr += 2;
+ trunnel_assert(ptr + remaining == input + len_in);
+ return len_in - remaining;
+
+ truncated:
+ return -2;
+ relay_fail:
+ trunnel_assert(result < 0);
+ return result;
+ fail:
+ result = -1;
+ return result;
+}
+
+ssize_t
+socks5_client_request_parse(socks5_client_request_t **output, const uint8_t *input, const size_t len_in)
+{
+ ssize_t result;
+ *output = socks5_client_request_new();
+ if (NULL == *output)
+ return -1;
+ result = socks5_client_request_parse_into(*output, input, len_in);
+ if (result < 0) {
+ socks5_client_request_free(*output);
+ *output = NULL;
+ }
+ return result;
+}
+socks5_server_reply_t *
+socks5_server_reply_new(void)
+{
+ socks5_server_reply_t *val = trunnel_calloc(1, sizeof(socks5_server_reply_t));
+ if (NULL == val)
+ return NULL;
+ val->version = 5;
+ return val;
+}
+
+/** Release all storage held inside 'obj', but do not free 'obj'.
+ */
+static void
+socks5_server_reply_clear(socks5_server_reply_t *obj)
+{
+ (void) obj;
+ domainname_free(obj->bind_addr_domainname);
+ obj->bind_addr_domainname = NULL;
+}
+
+void
+socks5_server_reply_free(socks5_server_reply_t *obj)
+{
+ if (obj == NULL)
+ return;
+ socks5_server_reply_clear(obj);
+ trunnel_memwipe(obj, sizeof(socks5_server_reply_t));
+ trunnel_free_(obj);
+}
+
+uint8_t
+socks5_server_reply_get_version(const socks5_server_reply_t *inp)
+{
+ return inp->version;
+}
+int
+socks5_server_reply_set_version(socks5_server_reply_t *inp, uint8_t val)
+{
+ if (! ((val == 5))) {
+ TRUNNEL_SET_ERROR_CODE(inp);
+ return -1;
+ }
+ inp->version = val;
+ return 0;
+}
+uint8_t
+socks5_server_reply_get_reply(const socks5_server_reply_t *inp)
+{
+ return inp->reply;
+}
+int
+socks5_server_reply_set_reply(socks5_server_reply_t *inp, uint8_t val)
+{
+ inp->reply = val;
+ return 0;
+}
+uint8_t
+socks5_server_reply_get_reserved(const socks5_server_reply_t *inp)
+{
+ return inp->reserved;
+}
+int
+socks5_server_reply_set_reserved(socks5_server_reply_t *inp, uint8_t val)
+{
+ if (! ((val == 0))) {
+ TRUNNEL_SET_ERROR_CODE(inp);
+ return -1;
+ }
+ inp->reserved = val;
+ return 0;
+}
+uint8_t
+socks5_server_reply_get_atype(const socks5_server_reply_t *inp)
+{
+ return inp->atype;
+}
+int
+socks5_server_reply_set_atype(socks5_server_reply_t *inp, uint8_t val)
+{
+ inp->atype = val;
+ return 0;
+}
+uint32_t
+socks5_server_reply_get_bind_addr_ipv4(const socks5_server_reply_t *inp)
+{
+ return inp->bind_addr_ipv4;
+}
+int
+socks5_server_reply_set_bind_addr_ipv4(socks5_server_reply_t *inp, uint32_t val)
+{
+ inp->bind_addr_ipv4 = val;
+ return 0;
+}
+size_t
+socks5_server_reply_getlen_bind_addr_ipv6(const socks5_server_reply_t *inp)
+{
+ (void)inp; return 16;
+}
+
+uint8_t
+socks5_server_reply_get_bind_addr_ipv6(socks5_server_reply_t *inp, size_t idx)
+{
+ trunnel_assert(idx < 16);
+ return inp->bind_addr_ipv6[idx];
+}
+
+uint8_t
+socks5_server_reply_getconst_bind_addr_ipv6(const socks5_server_reply_t *inp, size_t idx)
+{
+ return socks5_server_reply_get_bind_addr_ipv6((socks5_server_reply_t*)inp, idx);
+}
+int
+socks5_server_reply_set_bind_addr_ipv6(socks5_server_reply_t *inp, size_t idx, uint8_t elt)
+{
+ trunnel_assert(idx < 16);
+ inp->bind_addr_ipv6[idx] = elt;
+ return 0;
+}
+
+uint8_t *
+socks5_server_reply_getarray_bind_addr_ipv6(socks5_server_reply_t *inp)
+{
+ return inp->bind_addr_ipv6;
+}
+const uint8_t *
+socks5_server_reply_getconstarray_bind_addr_ipv6(const socks5_server_reply_t *inp)
+{
+ return (const uint8_t *)socks5_server_reply_getarray_bind_addr_ipv6((socks5_server_reply_t*)inp);
+}
+struct domainname_st *
+socks5_server_reply_get_bind_addr_domainname(socks5_server_reply_t *inp)
+{
+ return inp->bind_addr_domainname;
+}
+const struct domainname_st *
+socks5_server_reply_getconst_bind_addr_domainname(const socks5_server_reply_t *inp)
+{
+ return socks5_server_reply_get_bind_addr_domainname((socks5_server_reply_t*) inp);
+}
+int
+socks5_server_reply_set_bind_addr_domainname(socks5_server_reply_t *inp, struct domainname_st *val)
+{
+ if (inp->bind_addr_domainname && inp->bind_addr_domainname != val)
+ domainname_free(inp->bind_addr_domainname);
+ return socks5_server_reply_set0_bind_addr_domainname(inp, val);
+}
+int
+socks5_server_reply_set0_bind_addr_domainname(socks5_server_reply_t *inp, struct domainname_st *val)
+{
+ inp->bind_addr_domainname = val;
+ return 0;
+}
+uint16_t
+socks5_server_reply_get_bind_port(const socks5_server_reply_t *inp)
+{
+ return inp->bind_port;
+}
+int
+socks5_server_reply_set_bind_port(socks5_server_reply_t *inp, uint16_t val)
+{
+ inp->bind_port = val;
+ return 0;
+}
+const char *
+socks5_server_reply_check(const socks5_server_reply_t *obj)
+{
+ if (obj == NULL)
+ return "Object was NULL";
+ if (obj->trunnel_error_code_)
+ return "A set function failed on this object";
+ if (! (obj->version == 5))
+ return "Integer out of bounds";
+ if (! (obj->reserved == 0))
+ return "Integer out of bounds";
+ switch (obj->atype) {
+
+ case ATYPE_IPV4:
+ break;
+
+ case ATYPE_IPV6:
+ break;
+
+ case ATYPE_DOMAINNAME:
+ {
+ const char *msg;
+ if (NULL != (msg = domainname_check(obj->bind_addr_domainname)))
+ return msg;
+ }
+ break;
+
+ default:
+ return "Bad tag for union";
+ break;
+ }
+ return NULL;
+}
+
+ssize_t
+socks5_server_reply_encoded_len(const socks5_server_reply_t *obj)
+{
+ ssize_t result = 0;
+
+ if (NULL != socks5_server_reply_check(obj))
+ return -1;
+
+
+ /* Length of u8 version IN [5] */
+ result += 1;
+
+ /* Length of u8 reply */
+ result += 1;
+
+ /* Length of u8 reserved IN [0] */
+ result += 1;
+
+ /* Length of u8 atype */
+ result += 1;
+ switch (obj->atype) {
+
+ case ATYPE_IPV4:
+
+ /* Length of u32 bind_addr_ipv4 */
+ result += 4;
+ break;
+
+ case ATYPE_IPV6:
+
+ /* Length of u8 bind_addr_ipv6[16] */
+ result += 16;
+ break;
+
+ case ATYPE_DOMAINNAME:
+
+ /* Length of struct domainname bind_addr_domainname */
+ result += domainname_encoded_len(obj->bind_addr_domainname);
+ break;
+
+ default:
+ trunnel_assert(0);
+ break;
+ }
+
+ /* Length of u16 bind_port */
+ result += 2;
+ return result;
+}
+int
+socks5_server_reply_clear_errors(socks5_server_reply_t *obj)
+{
+ int r = obj->trunnel_error_code_;
+ obj->trunnel_error_code_ = 0;
+ return r;
+}
+ssize_t
+socks5_server_reply_encode(uint8_t *output, const size_t avail, const socks5_server_reply_t *obj)
+{
+ ssize_t result = 0;
+ size_t written = 0;
+ uint8_t *ptr = output;
+ const char *msg;
+#ifdef TRUNNEL_CHECK_ENCODED_LEN
+ const ssize_t encoded_len = socks5_server_reply_encoded_len(obj);
+#endif
+
+ if (NULL != (msg = socks5_server_reply_check(obj)))
+ goto check_failed;
+
+#ifdef TRUNNEL_CHECK_ENCODED_LEN
+ trunnel_assert(encoded_len >= 0);
+#endif
+
+ /* Encode u8 version IN [5] */
+ trunnel_assert(written <= avail);
+ if (avail - written < 1)
+ goto truncated;
+ trunnel_set_uint8(ptr, (obj->version));
+ written += 1; ptr += 1;
+
+ /* Encode u8 reply */
+ trunnel_assert(written <= avail);
+ if (avail - written < 1)
+ goto truncated;
+ trunnel_set_uint8(ptr, (obj->reply));
+ written += 1; ptr += 1;
+
+ /* Encode u8 reserved IN [0] */
+ trunnel_assert(written <= avail);
+ if (avail - written < 1)
+ goto truncated;
+ trunnel_set_uint8(ptr, (obj->reserved));
+ written += 1; ptr += 1;
+
+ /* Encode u8 atype */
+ trunnel_assert(written <= avail);
+ if (avail - written < 1)
+ goto truncated;
+ trunnel_set_uint8(ptr, (obj->atype));
+ written += 1; ptr += 1;
+
+ /* Encode union bind_addr[atype] */
+ trunnel_assert(written <= avail);
+ switch (obj->atype) {
+
+ case ATYPE_IPV4:
+
+ /* Encode u32 bind_addr_ipv4 */
+ trunnel_assert(written <= avail);
+ if (avail - written < 4)
+ goto truncated;
+ trunnel_set_uint32(ptr, trunnel_htonl(obj->bind_addr_ipv4));
+ written += 4; ptr += 4;
+ break;
+
+ case ATYPE_IPV6:
+
+ /* Encode u8 bind_addr_ipv6[16] */
+ trunnel_assert(written <= avail);
+ if (avail - written < 16)
+ goto truncated;
+ memcpy(ptr, obj->bind_addr_ipv6, 16);
+ written += 16; ptr += 16;
+ break;
+
+ case ATYPE_DOMAINNAME:
+
+ /* Encode struct domainname bind_addr_domainname */
+ trunnel_assert(written <= avail);
+ result = domainname_encode(ptr, avail - written, obj->bind_addr_domainname);
+ if (result < 0)
+ goto fail; /* XXXXXXX !*/
+ written += result; ptr += result;
+ break;
+
+ default:
+ trunnel_assert(0);
+ break;
+ }
+
+ /* Encode u16 bind_port */
+ trunnel_assert(written <= avail);
+ if (avail - written < 2)
+ goto truncated;
+ trunnel_set_uint16(ptr, trunnel_htons(obj->bind_port));
+ written += 2; ptr += 2;
+
+
+ trunnel_assert(ptr == output + written);
+#ifdef TRUNNEL_CHECK_ENCODED_LEN
+ {
+ trunnel_assert(encoded_len >= 0);
+ trunnel_assert((size_t)encoded_len == written);
+ }
+
+#endif
+
+ return written;
+
+ truncated:
+ result = -2;
+ goto fail;
+ check_failed:
+ (void)msg;
+ result = -1;
+ goto fail;
+ fail:
+ trunnel_assert(result < 0);
+ return result;
+}
+
+/** As socks5_server_reply_parse(), but do not allocate the output
+ * object.
+ */
+static ssize_t
+socks5_server_reply_parse_into(socks5_server_reply_t *obj, const uint8_t *input, const size_t len_in)
+{
+ const uint8_t *ptr = input;
+ size_t remaining = len_in;
+ ssize_t result = 0;
+ (void)result;
+
+ /* Parse u8 version IN [5] */
+ CHECK_REMAINING(1, truncated);
+ obj->version = (trunnel_get_uint8(ptr));
+ remaining -= 1; ptr += 1;
+ if (! (obj->version == 5))
+ goto fail;
+
+ /* Parse u8 reply */
+ CHECK_REMAINING(1, truncated);
+ obj->reply = (trunnel_get_uint8(ptr));
+ remaining -= 1; ptr += 1;
+
+ /* Parse u8 reserved IN [0] */
+ CHECK_REMAINING(1, truncated);
+ obj->reserved = (trunnel_get_uint8(ptr));
+ remaining -= 1; ptr += 1;
+ if (! (obj->reserved == 0))
+ goto fail;
+
+ /* Parse u8 atype */
+ CHECK_REMAINING(1, truncated);
+ obj->atype = (trunnel_get_uint8(ptr));
+ remaining -= 1; ptr += 1;
+
+ /* Parse union bind_addr[atype] */
+ switch (obj->atype) {
+
+ case ATYPE_IPV4:
+
+ /* Parse u32 bind_addr_ipv4 */
+ CHECK_REMAINING(4, truncated);
+ obj->bind_addr_ipv4 = trunnel_ntohl(trunnel_get_uint32(ptr));
+ remaining -= 4; ptr += 4;
+ break;
+
+ case ATYPE_IPV6:
+
+ /* Parse u8 bind_addr_ipv6[16] */
+ CHECK_REMAINING(16, truncated);
+ memcpy(obj->bind_addr_ipv6, ptr, 16);
+ remaining -= 16; ptr += 16;
+ break;
+
+ case ATYPE_DOMAINNAME:
+
+ /* Parse struct domainname bind_addr_domainname */
+ result = domainname_parse(&obj->bind_addr_domainname, ptr, remaining);
+ if (result < 0)
+ goto relay_fail;
+ trunnel_assert((size_t)result <= remaining);
+ remaining -= result; ptr += result;
+ break;
+
+ default:
+ goto fail;
+ break;
+ }
+
+ /* Parse u16 bind_port */
+ CHECK_REMAINING(2, truncated);
+ obj->bind_port = trunnel_ntohs(trunnel_get_uint16(ptr));
+ remaining -= 2; ptr += 2;
+ trunnel_assert(ptr + remaining == input + len_in);
+ return len_in - remaining;
+
+ truncated:
+ return -2;
+ relay_fail:
+ trunnel_assert(result < 0);
+ return result;
+ fail:
+ result = -1;
+ return result;
+}
+
+ssize_t
+socks5_server_reply_parse(socks5_server_reply_t **output, const uint8_t *input, const size_t len_in)
+{
+ ssize_t result;
+ *output = socks5_server_reply_new();
+ if (NULL == *output)
+ return -1;
+ result = socks5_server_reply_parse_into(*output, input, len_in);
+ if (result < 0) {
+ socks5_server_reply_free(*output);
+ *output = NULL;
+ }
+ return result;
+}
+tor_extended_socks_auth_request_t *
+tor_extended_socks_auth_request_new(void)
+{
+ tor_extended_socks_auth_request_t *val = trunnel_calloc(1, sizeof(tor_extended_socks_auth_request_t));
+ if (NULL == val)
+ return NULL;
+ val->version = 1;
+ return val;
+}
+
+/** Release all storage held inside 'obj', but do not free 'obj'.
+ */
+static void
+tor_extended_socks_auth_request_clear(tor_extended_socks_auth_request_t *obj)
+{
+ (void) obj;
+ {
+
+ unsigned idx;
+ for (idx = 0; idx < TRUNNEL_DYNARRAY_LEN(&obj->pairs); ++idx) {
+ tor_socksauth_keyval_free(TRUNNEL_DYNARRAY_GET(&obj->pairs, idx));
+ }
+ }
+ TRUNNEL_DYNARRAY_WIPE(&obj->pairs);
+ TRUNNEL_DYNARRAY_CLEAR(&obj->pairs);
+}
+
+void
+tor_extended_socks_auth_request_free(tor_extended_socks_auth_request_t *obj)
+{
+ if (obj == NULL)
+ return;
+ tor_extended_socks_auth_request_clear(obj);
+ trunnel_memwipe(obj, sizeof(tor_extended_socks_auth_request_t));
+ trunnel_free_(obj);
+}
+
+uint8_t
+tor_extended_socks_auth_request_get_version(const tor_extended_socks_auth_request_t *inp)
+{
+ return inp->version;
+}
+int
+tor_extended_socks_auth_request_set_version(tor_extended_socks_auth_request_t *inp, uint8_t val)
+{
+ if (! ((val == 1))) {
+ TRUNNEL_SET_ERROR_CODE(inp);
+ return -1;
+ }
+ inp->version = val;
+ return 0;
+}
+uint16_t
+tor_extended_socks_auth_request_get_npairs(const tor_extended_socks_auth_request_t *inp)
+{
+ return inp->npairs;
+}
+int
+tor_extended_socks_auth_request_set_npairs(tor_extended_socks_auth_request_t *inp, uint16_t val)
+{
+ inp->npairs = val;
+ return 0;
+}
+size_t
+tor_extended_socks_auth_request_getlen_pairs(const tor_extended_socks_auth_request_t *inp)
+{
+ return TRUNNEL_DYNARRAY_LEN(&inp->pairs);
+}
+
+struct tor_socksauth_keyval_st *
+tor_extended_socks_auth_request_get_pairs(tor_extended_socks_auth_request_t *inp, size_t idx)
+{
+ return TRUNNEL_DYNARRAY_GET(&inp->pairs, idx);
+}
+
+ const struct tor_socksauth_keyval_st *
+tor_extended_socks_auth_request_getconst_pairs(const tor_extended_socks_auth_request_t *inp, size_t idx)
+{
+ return tor_extended_socks_auth_request_get_pairs((tor_extended_socks_auth_request_t*)inp, idx);
+}
+int
+tor_extended_socks_auth_request_set_pairs(tor_extended_socks_auth_request_t *inp, size_t idx, struct tor_socksauth_keyval_st * elt)
+{
+ tor_socksauth_keyval_t *oldval = TRUNNEL_DYNARRAY_GET(&inp->pairs, idx);
+ if (oldval && oldval != elt)
+ tor_socksauth_keyval_free(oldval);
+ return tor_extended_socks_auth_request_set0_pairs(inp, idx, elt);
+}
+int
+tor_extended_socks_auth_request_set0_pairs(tor_extended_socks_auth_request_t *inp, size_t idx, struct tor_socksauth_keyval_st * elt)
+{
+ TRUNNEL_DYNARRAY_SET(&inp->pairs, idx, elt);
+ return 0;
+}
+int
+tor_extended_socks_auth_request_add_pairs(tor_extended_socks_auth_request_t *inp, struct tor_socksauth_keyval_st * elt)
+{
+#if SIZE_MAX >= UINT16_MAX
+ if (inp->pairs.n_ == UINT16_MAX)
+ goto trunnel_alloc_failed;
+#endif
+ TRUNNEL_DYNARRAY_ADD(struct tor_socksauth_keyval_st *, &inp->pairs, elt, {});
+ return 0;
+ trunnel_alloc_failed:
+ TRUNNEL_SET_ERROR_CODE(inp);
+ return -1;
+}
+
+struct tor_socksauth_keyval_st * *
+tor_extended_socks_auth_request_getarray_pairs(tor_extended_socks_auth_request_t *inp)
+{
+ return inp->pairs.elts_;
+}
+const struct tor_socksauth_keyval_st * const *
+tor_extended_socks_auth_request_getconstarray_pairs(const tor_extended_socks_auth_request_t *inp)
+{
+ return (const struct tor_socksauth_keyval_st * const *)tor_extended_socks_auth_request_getarray_pairs((tor_extended_socks_auth_request_t*)inp);
+}
+int
+tor_extended_socks_auth_request_setlen_pairs(tor_extended_socks_auth_request_t *inp, size_t newlen)
+{
+ struct tor_socksauth_keyval_st * *newptr;
+#if UINT16_MAX < SIZE_MAX
+ if (newlen > UINT16_MAX)
+ goto trunnel_alloc_failed;
+#endif
+ newptr = trunnel_dynarray_setlen(&inp->pairs.allocated_,
+ &inp->pairs.n_, inp->pairs.elts_, newlen,
+ sizeof(inp->pairs.elts_[0]), (trunnel_free_fn_t) tor_socksauth_keyval_free,
+ &inp->trunnel_error_code_);
+ if (newlen != 0 && newptr == NULL)
+ goto trunnel_alloc_failed;
+ inp->pairs.elts_ = newptr;
+ return 0;
+ trunnel_alloc_failed:
+ TRUNNEL_SET_ERROR_CODE(inp);
+ return -1;
+}
+const char *
+tor_extended_socks_auth_request_check(const tor_extended_socks_auth_request_t *obj)
+{
+ if (obj == NULL)
+ return "Object was NULL";
+ if (obj->trunnel_error_code_)
+ return "A set function failed on this object";
+ if (! (obj->version == 1))
+ return "Integer out of bounds";
+ {
+ const char *msg;
+
+ unsigned idx;
+ for (idx = 0; idx < TRUNNEL_DYNARRAY_LEN(&obj->pairs); ++idx) {
+ if (NULL != (msg = tor_socksauth_keyval_check(TRUNNEL_DYNARRAY_GET(&obj->pairs, idx))))
+ return msg;
+ }
+ }
+ if (TRUNNEL_DYNARRAY_LEN(&obj->pairs) != obj->npairs)
+ return "Length mismatch for pairs";
+ return NULL;
+}
+
+ssize_t
+tor_extended_socks_auth_request_encoded_len(const tor_extended_socks_auth_request_t *obj)
+{
+ ssize_t result = 0;
+
+ if (NULL != tor_extended_socks_auth_request_check(obj))
+ return -1;
+
+
+ /* Length of u8 version IN [1] */
+ result += 1;
+
+ /* Length of u16 npairs */
+ result += 2;
+
+ /* Length of struct tor_socksauth_keyval pairs[npairs] */
+ {
+
+ unsigned idx;
+ for (idx = 0; idx < TRUNNEL_DYNARRAY_LEN(&obj->pairs); ++idx) {
+ result += tor_socksauth_keyval_encoded_len(TRUNNEL_DYNARRAY_GET(&obj->pairs, idx));
+ }
+ }
+ return result;
+}
+int
+tor_extended_socks_auth_request_clear_errors(tor_extended_socks_auth_request_t *obj)
+{
+ int r = obj->trunnel_error_code_;
+ obj->trunnel_error_code_ = 0;
+ return r;
+}
+ssize_t
+tor_extended_socks_auth_request_encode(uint8_t *output, const size_t avail, const tor_extended_socks_auth_request_t *obj)
+{
+ ssize_t result = 0;
+ size_t written = 0;
+ uint8_t *ptr = output;
+ const char *msg;
+#ifdef TRUNNEL_CHECK_ENCODED_LEN
+ const ssize_t encoded_len = tor_extended_socks_auth_request_encoded_len(obj);
+#endif
+
+ if (NULL != (msg = tor_extended_socks_auth_request_check(obj)))
+ goto check_failed;
+
+#ifdef TRUNNEL_CHECK_ENCODED_LEN
+ trunnel_assert(encoded_len >= 0);
+#endif
+
+ /* Encode u8 version IN [1] */
+ trunnel_assert(written <= avail);
+ if (avail - written < 1)
+ goto truncated;
+ trunnel_set_uint8(ptr, (obj->version));
+ written += 1; ptr += 1;
+
+ /* Encode u16 npairs */
+ trunnel_assert(written <= avail);
+ if (avail - written < 2)
+ goto truncated;
+ trunnel_set_uint16(ptr, trunnel_htons(obj->npairs));
+ written += 2; ptr += 2;
+
+ /* Encode struct tor_socksauth_keyval pairs[npairs] */
+ {
+
+ unsigned idx;
+ for (idx = 0; idx < TRUNNEL_DYNARRAY_LEN(&obj->pairs); ++idx) {
+ trunnel_assert(written <= avail);
+ result = tor_socksauth_keyval_encode(ptr, avail - written, TRUNNEL_DYNARRAY_GET(&obj->pairs, idx));
+ if (result < 0)
+ goto fail; /* XXXXXXX !*/
+ written += result; ptr += result;
+ }
+ }
+
+
+ trunnel_assert(ptr == output + written);
+#ifdef TRUNNEL_CHECK_ENCODED_LEN
+ {
+ trunnel_assert(encoded_len >= 0);
+ trunnel_assert((size_t)encoded_len == written);
+ }
+
+#endif
+
+ return written;
+
+ truncated:
+ result = -2;
+ goto fail;
+ check_failed:
+ (void)msg;
+ result = -1;
+ goto fail;
+ fail:
+ trunnel_assert(result < 0);
+ return result;
+}
+
+/** As tor_extended_socks_auth_request_parse(), but do not allocate
+ * the output object.
+ */
+static ssize_t
+tor_extended_socks_auth_request_parse_into(tor_extended_socks_auth_request_t *obj, const uint8_t *input, const size_t len_in)
+{
+ const uint8_t *ptr = input;
+ size_t remaining = len_in;
+ ssize_t result = 0;
+ (void)result;
+
+ /* Parse u8 version IN [1] */
+ CHECK_REMAINING(1, truncated);
+ obj->version = (trunnel_get_uint8(ptr));
+ remaining -= 1; ptr += 1;
+ if (! (obj->version == 1))
+ goto fail;
+
+ /* Parse u16 npairs */
+ CHECK_REMAINING(2, truncated);
+ obj->npairs = trunnel_ntohs(trunnel_get_uint16(ptr));
+ remaining -= 2; ptr += 2;
+
+ /* Parse struct tor_socksauth_keyval pairs[npairs] */
+ TRUNNEL_DYNARRAY_EXPAND(tor_socksauth_keyval_t *, &obj->pairs, obj->npairs, {});
+ {
+ tor_socksauth_keyval_t * elt;
+ unsigned idx;
+ for (idx = 0; idx < obj->npairs; ++idx) {
+ result = tor_socksauth_keyval_parse(&elt, ptr, remaining);
+ if (result < 0)
+ goto relay_fail;
+ trunnel_assert((size_t)result <= remaining);
+ remaining -= result; ptr += result;
+ TRUNNEL_DYNARRAY_ADD(tor_socksauth_keyval_t *, &obj->pairs, elt, {tor_socksauth_keyval_free(elt);});
+ }
+ }
+ trunnel_assert(ptr + remaining == input + len_in);
+ return len_in - remaining;
+
+ truncated:
+ return -2;
+ relay_fail:
+ trunnel_assert(result < 0);
+ return result;
+ trunnel_alloc_failed:
+ return -1;
+ fail:
+ result = -1;
+ return result;
+}
+
+ssize_t
+tor_extended_socks_auth_request_parse(tor_extended_socks_auth_request_t **output, const uint8_t *input, const size_t len_in)
+{
+ ssize_t result;
+ *output = tor_extended_socks_auth_request_new();
+ if (NULL == *output)
+ return -1;
+ result = tor_extended_socks_auth_request_parse_into(*output, input, len_in);
+ if (result < 0) {
+ tor_extended_socks_auth_request_free(*output);
+ *output = NULL;
+ }
+ return result;
+}
+tor_extended_socks_auth_response_t *
+tor_extended_socks_auth_response_new(void)
+{
+ tor_extended_socks_auth_response_t *val = trunnel_calloc(1, sizeof(tor_extended_socks_auth_response_t));
+ if (NULL == val)
+ return NULL;
+ val->version = 1;
+ return val;
+}
+
+/** Release all storage held inside 'obj', but do not free 'obj'.
+ */
+static void
+tor_extended_socks_auth_response_clear(tor_extended_socks_auth_response_t *obj)
+{
+ (void) obj;
+ {
+
+ unsigned idx;
+ for (idx = 0; idx < TRUNNEL_DYNARRAY_LEN(&obj->pairs); ++idx) {
+ tor_socksauth_keyval_free(TRUNNEL_DYNARRAY_GET(&obj->pairs, idx));
+ }
+ }
+ TRUNNEL_DYNARRAY_WIPE(&obj->pairs);
+ TRUNNEL_DYNARRAY_CLEAR(&obj->pairs);
+}
+
+void
+tor_extended_socks_auth_response_free(tor_extended_socks_auth_response_t *obj)
+{
+ if (obj == NULL)
+ return;
+ tor_extended_socks_auth_response_clear(obj);
+ trunnel_memwipe(obj, sizeof(tor_extended_socks_auth_response_t));
+ trunnel_free_(obj);
+}
+
+uint8_t
+tor_extended_socks_auth_response_get_version(const tor_extended_socks_auth_response_t *inp)
+{
+ return inp->version;
+}
+int
+tor_extended_socks_auth_response_set_version(tor_extended_socks_auth_response_t *inp, uint8_t val)
+{
+ if (! ((val == 1))) {
+ TRUNNEL_SET_ERROR_CODE(inp);
+ return -1;
+ }
+ inp->version = val;
+ return 0;
+}
+uint8_t
+tor_extended_socks_auth_response_get_status(const tor_extended_socks_auth_response_t *inp)
+{
+ return inp->status;
+}
+int
+tor_extended_socks_auth_response_set_status(tor_extended_socks_auth_response_t *inp, uint8_t val)
+{
+ inp->status = val;
+ return 0;
+}
+uint16_t
+tor_extended_socks_auth_response_get_npairs(const tor_extended_socks_auth_response_t *inp)
+{
+ return inp->npairs;
+}
+int
+tor_extended_socks_auth_response_set_npairs(tor_extended_socks_auth_response_t *inp, uint16_t val)
+{
+ inp->npairs = val;
+ return 0;
+}
+size_t
+tor_extended_socks_auth_response_getlen_pairs(const tor_extended_socks_auth_response_t *inp)
+{
+ return TRUNNEL_DYNARRAY_LEN(&inp->pairs);
+}
+
+struct tor_socksauth_keyval_st *
+tor_extended_socks_auth_response_get_pairs(tor_extended_socks_auth_response_t *inp, size_t idx)
+{
+ return TRUNNEL_DYNARRAY_GET(&inp->pairs, idx);
+}
+
+ const struct tor_socksauth_keyval_st *
+tor_extended_socks_auth_response_getconst_pairs(const tor_extended_socks_auth_response_t *inp, size_t idx)
+{
+ return tor_extended_socks_auth_response_get_pairs((tor_extended_socks_auth_response_t*)inp, idx);
+}
+int
+tor_extended_socks_auth_response_set_pairs(tor_extended_socks_auth_response_t *inp, size_t idx, struct tor_socksauth_keyval_st * elt)
+{
+ tor_socksauth_keyval_t *oldval = TRUNNEL_DYNARRAY_GET(&inp->pairs, idx);
+ if (oldval && oldval != elt)
+ tor_socksauth_keyval_free(oldval);
+ return tor_extended_socks_auth_response_set0_pairs(inp, idx, elt);
+}
+int
+tor_extended_socks_auth_response_set0_pairs(tor_extended_socks_auth_response_t *inp, size_t idx, struct tor_socksauth_keyval_st * elt)
+{
+ TRUNNEL_DYNARRAY_SET(&inp->pairs, idx, elt);
+ return 0;
+}
+int
+tor_extended_socks_auth_response_add_pairs(tor_extended_socks_auth_response_t *inp, struct tor_socksauth_keyval_st * elt)
+{
+#if SIZE_MAX >= UINT16_MAX
+ if (inp->pairs.n_ == UINT16_MAX)
+ goto trunnel_alloc_failed;
+#endif
+ TRUNNEL_DYNARRAY_ADD(struct tor_socksauth_keyval_st *, &inp->pairs, elt, {});
+ return 0;
+ trunnel_alloc_failed:
+ TRUNNEL_SET_ERROR_CODE(inp);
+ return -1;
+}
+
+struct tor_socksauth_keyval_st * *
+tor_extended_socks_auth_response_getarray_pairs(tor_extended_socks_auth_response_t *inp)
+{
+ return inp->pairs.elts_;
+}
+const struct tor_socksauth_keyval_st * const *
+tor_extended_socks_auth_response_getconstarray_pairs(const tor_extended_socks_auth_response_t *inp)
+{
+ return (const struct tor_socksauth_keyval_st * const *)tor_extended_socks_auth_response_getarray_pairs((tor_extended_socks_auth_response_t*)inp);
+}
+int
+tor_extended_socks_auth_response_setlen_pairs(tor_extended_socks_auth_response_t *inp, size_t newlen)
+{
+ struct tor_socksauth_keyval_st * *newptr;
+#if UINT16_MAX < SIZE_MAX
+ if (newlen > UINT16_MAX)
+ goto trunnel_alloc_failed;
+#endif
+ newptr = trunnel_dynarray_setlen(&inp->pairs.allocated_,
+ &inp->pairs.n_, inp->pairs.elts_, newlen,
+ sizeof(inp->pairs.elts_[0]), (trunnel_free_fn_t) tor_socksauth_keyval_free,
+ &inp->trunnel_error_code_);
+ if (newlen != 0 && newptr == NULL)
+ goto trunnel_alloc_failed;
+ inp->pairs.elts_ = newptr;
+ return 0;
+ trunnel_alloc_failed:
+ TRUNNEL_SET_ERROR_CODE(inp);
+ return -1;
+}
+const char *
+tor_extended_socks_auth_response_check(const tor_extended_socks_auth_response_t *obj)
+{
+ if (obj == NULL)
+ return "Object was NULL";
+ if (obj->trunnel_error_code_)
+ return "A set function failed on this object";
+ if (! (obj->version == 1))
+ return "Integer out of bounds";
+ {
+ const char *msg;
+
+ unsigned idx;
+ for (idx = 0; idx < TRUNNEL_DYNARRAY_LEN(&obj->pairs); ++idx) {
+ if (NULL != (msg = tor_socksauth_keyval_check(TRUNNEL_DYNARRAY_GET(&obj->pairs, idx))))
+ return msg;
+ }
+ }
+ if (TRUNNEL_DYNARRAY_LEN(&obj->pairs) != obj->npairs)
+ return "Length mismatch for pairs";
+ return NULL;
+}
+
+ssize_t
+tor_extended_socks_auth_response_encoded_len(const tor_extended_socks_auth_response_t *obj)
+{
+ ssize_t result = 0;
+
+ if (NULL != tor_extended_socks_auth_response_check(obj))
+ return -1;
+
+
+ /* Length of u8 version IN [1] */
+ result += 1;
+
+ /* Length of u8 status */
+ result += 1;
+
+ /* Length of u16 npairs */
+ result += 2;
+
+ /* Length of struct tor_socksauth_keyval pairs[npairs] */
+ {
+
+ unsigned idx;
+ for (idx = 0; idx < TRUNNEL_DYNARRAY_LEN(&obj->pairs); ++idx) {
+ result += tor_socksauth_keyval_encoded_len(TRUNNEL_DYNARRAY_GET(&obj->pairs, idx));
+ }
+ }
+ return result;
+}
+int
+tor_extended_socks_auth_response_clear_errors(tor_extended_socks_auth_response_t *obj)
+{
+ int r = obj->trunnel_error_code_;
+ obj->trunnel_error_code_ = 0;
+ return r;
+}
+ssize_t
+tor_extended_socks_auth_response_encode(uint8_t *output, const size_t avail, const tor_extended_socks_auth_response_t *obj)
+{
+ ssize_t result = 0;
+ size_t written = 0;
+ uint8_t *ptr = output;
+ const char *msg;
+#ifdef TRUNNEL_CHECK_ENCODED_LEN
+ const ssize_t encoded_len = tor_extended_socks_auth_response_encoded_len(obj);
+#endif
+
+ if (NULL != (msg = tor_extended_socks_auth_response_check(obj)))
+ goto check_failed;
+
+#ifdef TRUNNEL_CHECK_ENCODED_LEN
+ trunnel_assert(encoded_len >= 0);
+#endif
+
+ /* Encode u8 version IN [1] */
+ trunnel_assert(written <= avail);
+ if (avail - written < 1)
+ goto truncated;
+ trunnel_set_uint8(ptr, (obj->version));
+ written += 1; ptr += 1;
+
+ /* Encode u8 status */
+ trunnel_assert(written <= avail);
+ if (avail - written < 1)
+ goto truncated;
+ trunnel_set_uint8(ptr, (obj->status));
+ written += 1; ptr += 1;
+
+ /* Encode u16 npairs */
+ trunnel_assert(written <= avail);
+ if (avail - written < 2)
+ goto truncated;
+ trunnel_set_uint16(ptr, trunnel_htons(obj->npairs));
+ written += 2; ptr += 2;
+
+ /* Encode struct tor_socksauth_keyval pairs[npairs] */
+ {
+
+ unsigned idx;
+ for (idx = 0; idx < TRUNNEL_DYNARRAY_LEN(&obj->pairs); ++idx) {
+ trunnel_assert(written <= avail);
+ result = tor_socksauth_keyval_encode(ptr, avail - written, TRUNNEL_DYNARRAY_GET(&obj->pairs, idx));
+ if (result < 0)
+ goto fail; /* XXXXXXX !*/
+ written += result; ptr += result;
+ }
+ }
+
+
+ trunnel_assert(ptr == output + written);
+#ifdef TRUNNEL_CHECK_ENCODED_LEN
+ {
+ trunnel_assert(encoded_len >= 0);
+ trunnel_assert((size_t)encoded_len == written);
+ }
+
+#endif
+
+ return written;
+
+ truncated:
+ result = -2;
+ goto fail;
+ check_failed:
+ (void)msg;
+ result = -1;
+ goto fail;
+ fail:
+ trunnel_assert(result < 0);
+ return result;
+}
+
+/** As tor_extended_socks_auth_response_parse(), but do not allocate
+ * the output object.
+ */
+static ssize_t
+tor_extended_socks_auth_response_parse_into(tor_extended_socks_auth_response_t *obj, const uint8_t *input, const size_t len_in)
+{
+ const uint8_t *ptr = input;
+ size_t remaining = len_in;
+ ssize_t result = 0;
+ (void)result;
+
+ /* Parse u8 version IN [1] */
+ CHECK_REMAINING(1, truncated);
+ obj->version = (trunnel_get_uint8(ptr));
+ remaining -= 1; ptr += 1;
+ if (! (obj->version == 1))
+ goto fail;
+
+ /* Parse u8 status */
+ CHECK_REMAINING(1, truncated);
+ obj->status = (trunnel_get_uint8(ptr));
+ remaining -= 1; ptr += 1;
+
+ /* Parse u16 npairs */
+ CHECK_REMAINING(2, truncated);
+ obj->npairs = trunnel_ntohs(trunnel_get_uint16(ptr));
+ remaining -= 2; ptr += 2;
+
+ /* Parse struct tor_socksauth_keyval pairs[npairs] */
+ TRUNNEL_DYNARRAY_EXPAND(tor_socksauth_keyval_t *, &obj->pairs, obj->npairs, {});
+ {
+ tor_socksauth_keyval_t * elt;
+ unsigned idx;
+ for (idx = 0; idx < obj->npairs; ++idx) {
+ result = tor_socksauth_keyval_parse(&elt, ptr, remaining);
+ if (result < 0)
+ goto relay_fail;
+ trunnel_assert((size_t)result <= remaining);
+ remaining -= result; ptr += result;
+ TRUNNEL_DYNARRAY_ADD(tor_socksauth_keyval_t *, &obj->pairs, elt, {tor_socksauth_keyval_free(elt);});
+ }
+ }
+ trunnel_assert(ptr + remaining == input + len_in);
+ return len_in - remaining;
+
+ truncated:
+ return -2;
+ relay_fail:
+ trunnel_assert(result < 0);
+ return result;
+ trunnel_alloc_failed:
+ return -1;
+ fail:
+ result = -1;
+ return result;
+}
+
+ssize_t
+tor_extended_socks_auth_response_parse(tor_extended_socks_auth_response_t **output, const uint8_t *input, const size_t len_in)
+{
+ ssize_t result;
+ *output = tor_extended_socks_auth_response_new();
+ if (NULL == *output)
+ return -1;
+ result = tor_extended_socks_auth_response_parse_into(*output, input, len_in);
+ if (result < 0) {
+ tor_extended_socks_auth_response_free(*output);
+ *output = NULL;
+ }
+ return result;
+}
diff --git a/src/trunnel/socks5.h b/src/trunnel/socks5.h
new file mode 100644
index 000000000..fb3c03160
--- /dev/null
+++ b/src/trunnel/socks5.h
@@ -0,0 +1,1370 @@
+/* socks5.h -- generated by Trunnel v1.5.2.
+ * https://gitweb.torproject.org/trunnel.git
+ * You probably shouldn't edit this file.
+ */
+#ifndef TRUNNEL_SOCKS5_H
+#define TRUNNEL_SOCKS5_H
+
+#include <stdint.h>
+#include "trunnel.h"
+
+#define CMD_CONNECT 1
+#define CMD_BIND 2
+#define CMD_UDP_ASSOCIATE 3
+#define CMD_RESOLVE_PTR 241
+#define ATYPE_IPV4 1
+#define ATYPE_IPV6 4
+#define ATYPE_DOMAINNAME 3
+#if !defined(TRUNNEL_OPAQUE) && !defined(TRUNNEL_OPAQUE_DOMAINNAME)
+struct domainname_st {
+ uint8_t len;
+ trunnel_string_t name;
+ uint8_t trunnel_error_code_;
+};
+#endif
+typedef struct domainname_st domainname_t;
+#if !defined(TRUNNEL_OPAQUE) && !defined(TRUNNEL_OPAQUE_SOCKS4_CLIENT_REQUEST)
+struct socks4_client_request_st {
+ uint8_t version;
+ uint8_t command;
+ uint16_t port;
+ uint32_t addr;
+ char *username;
+ char *socks4a_addr_hostname;
+ uint8_t trunnel_error_code_;
+};
+#endif
+typedef struct socks4_client_request_st socks4_client_request_t;
+#if !defined(TRUNNEL_OPAQUE) && !defined(TRUNNEL_OPAQUE_SOCKS4_SERVER_REPLY)
+struct socks4_server_reply_st {
+ uint8_t version;
+ uint8_t status;
+ uint16_t port;
+ uint32_t addr;
+ uint8_t trunnel_error_code_;
+};
+#endif
+typedef struct socks4_server_reply_st socks4_server_reply_t;
+#if !defined(TRUNNEL_OPAQUE) && !defined(TRUNNEL_OPAQUE_SOCKS5_CLIENT_USERPASS_AUTH)
+struct socks5_client_userpass_auth_st {
+ uint8_t version;
+ uint8_t username_len;
+ trunnel_string_t username;
+ uint8_t passwd_len;
+ trunnel_string_t passwd;
+ uint8_t trunnel_error_code_;
+};
+#endif
+typedef struct socks5_client_userpass_auth_st socks5_client_userpass_auth_t;
+#if !defined(TRUNNEL_OPAQUE) && !defined(TRUNNEL_OPAQUE_SOCKS5_CLIENT_VERSION)
+struct socks5_client_version_st {
+ uint8_t version;
+ uint8_t n_methods;
+ TRUNNEL_DYNARRAY_HEAD(, uint8_t) methods;
+ uint8_t trunnel_error_code_;
+};
+#endif
+typedef struct socks5_client_version_st socks5_client_version_t;
+#if !defined(TRUNNEL_OPAQUE) && !defined(TRUNNEL_OPAQUE_SOCKS5_SERVER_METHOD)
+struct socks5_server_method_st {
+ uint8_t version;
+ uint8_t method;
+ uint8_t trunnel_error_code_;
+};
+#endif
+typedef struct socks5_server_method_st socks5_server_method_t;
+#if !defined(TRUNNEL_OPAQUE) && !defined(TRUNNEL_OPAQUE_SOCKS5_SERVER_USERPATH_AUTH)
+struct socks5_server_userpath_auth_st {
+ uint8_t version;
+ uint8_t status;
+ uint8_t trunnel_error_code_;
+};
+#endif
+typedef struct socks5_server_userpath_auth_st socks5_server_userpath_auth_t;
+#if !defined(TRUNNEL_OPAQUE) && !defined(TRUNNEL_OPAQUE_TOR_SOCKSAUTH_KEYVAL)
+struct tor_socksauth_keyval_st {
+ uint16_t keylen;
+ trunnel_string_t key;
+ uint16_t vallen;
+ trunnel_string_t val;
+ uint8_t trunnel_error_code_;
+};
+#endif
+typedef struct tor_socksauth_keyval_st tor_socksauth_keyval_t;
+#if !defined(TRUNNEL_OPAQUE) && !defined(TRUNNEL_OPAQUE_SOCKS5_CLIENT_REQUEST)
+struct socks5_client_request_st {
+ uint8_t version;
+ uint8_t command;
+ uint8_t reserved;
+ uint8_t atype;
+ uint32_t dest_addr_ipv4;
+ uint8_t dest_addr_ipv6[16];
+ struct domainname_st *dest_addr_domainname;
+ uint16_t dest_port;
+ uint8_t trunnel_error_code_;
+};
+#endif
+typedef struct socks5_client_request_st socks5_client_request_t;
+#if !defined(TRUNNEL_OPAQUE) && !defined(TRUNNEL_OPAQUE_SOCKS5_SERVER_REPLY)
+struct socks5_server_reply_st {
+ uint8_t version;
+ uint8_t reply;
+ uint8_t reserved;
+ uint8_t atype;
+ uint32_t bind_addr_ipv4;
+ uint8_t bind_addr_ipv6[16];
+ struct domainname_st *bind_addr_domainname;
+ uint16_t bind_port;
+ uint8_t trunnel_error_code_;
+};
+#endif
+typedef struct socks5_server_reply_st socks5_server_reply_t;
+#if !defined(TRUNNEL_OPAQUE) && !defined(TRUNNEL_OPAQUE_TOR_EXTENDED_SOCKS_AUTH_REQUEST)
+struct tor_extended_socks_auth_request_st {
+ uint8_t version;
+ uint16_t npairs;
+ TRUNNEL_DYNARRAY_HEAD(, struct tor_socksauth_keyval_st *) pairs;
+ uint8_t trunnel_error_code_;
+};
+#endif
+typedef struct tor_extended_socks_auth_request_st tor_extended_socks_auth_request_t;
+#if !defined(TRUNNEL_OPAQUE) && !defined(TRUNNEL_OPAQUE_TOR_EXTENDED_SOCKS_AUTH_RESPONSE)
+struct tor_extended_socks_auth_response_st {
+ uint8_t version;
+ uint8_t status;
+ uint16_t npairs;
+ TRUNNEL_DYNARRAY_HEAD(, struct tor_socksauth_keyval_st *) pairs;
+ uint8_t trunnel_error_code_;
+};
+#endif
+typedef struct tor_extended_socks_auth_response_st tor_extended_socks_auth_response_t;
+/** Return a newly allocated domainname with all elements set to zero.
+ */
+domainname_t *domainname_new(void);
+/** Release all storage held by the domainname in 'victim'. (Do
+ * nothing if 'victim' is NULL.)
+ */
+void domainname_free(domainname_t *victim);
+/** Try to parse a domainname from the buffer in 'input', using up to
+ * 'len_in' bytes from the input buffer. On success, return the number
+ * of bytes consumed and set *output to the newly allocated
+ * domainname_t. On failure, return -2 if the input appears truncated,
+ * and -1 if the input is otherwise invalid.
+ */
+ssize_t domainname_parse(domainname_t **output, const uint8_t *input, const size_t len_in);
+/** Return the number of bytes we expect to need to encode the
+ * domainname in 'obj'. On failure, return a negative value. Note that
+ * this value may be an overestimate, and can even be an underestimate
+ * for certain unencodeable objects.
+ */
+ssize_t domainname_encoded_len(const domainname_t *obj);
+/** Try to encode the domainname from 'input' into the buffer at
+ * 'output', using up to 'avail' bytes of the output buffer. On
+ * success, return the number of bytes used. On failure, return -2 if
+ * the buffer was not long enough, and -1 if the input was invalid.
+ */
+ssize_t domainname_encode(uint8_t *output, size_t avail, const domainname_t *input);
+/** Check whether the internal state of the domainname in 'obj' is
+ * consistent. Return NULL if it is, and a short message if it is not.
+ */
+const char *domainname_check(const domainname_t *obj);
+/** Clear any errors that were set on the object 'obj' by its setter
+ * functions. Return true iff errors were cleared.
+ */
+int domainname_clear_errors(domainname_t *obj);
+/** Return the value of the len field of the domainname_t in 'inp'
+ */
+uint8_t domainname_get_len(const domainname_t *inp);
+/** Set the value of the len field of the domainname_t in 'inp' to
+ * 'val'. Return 0 on success; return -1 and set the error code on
+ * 'inp' on failure.
+ */
+int domainname_set_len(domainname_t *inp, uint8_t val);
+/** Return the length of the dynamic array holding the name field of
+ * the domainname_t in 'inp'.
+ */
+size_t domainname_getlen_name(const domainname_t *inp);
+/** Return the element at position 'idx' of the dynamic array field
+ * name of the domainname_t in 'inp'.
+ */
+char domainname_get_name(domainname_t *inp, size_t idx);
+/** As domainname_get_name, but take and return a const pointer
+ */
+char domainname_getconst_name(const domainname_t *inp, size_t idx);
+/** Change the element at position 'idx' of the dynamic array field
+ * name of the domainname_t in 'inp', so that it will hold the value
+ * 'elt'.
+ */
+int domainname_set_name(domainname_t *inp, size_t idx, char elt);
+/** Append a new element 'elt' to the dynamic array field name of the
+ * domainname_t in 'inp'.
+ */
+int domainname_add_name(domainname_t *inp, char elt);
+/** Return a pointer to the variable-length array field name of 'inp'.
+ */
+char * domainname_getarray_name(domainname_t *inp);
+/** As domainname_get_name, but take and return a const pointer
+ */
+const char * domainname_getconstarray_name(const domainname_t *inp);
+/** Change the length of the variable-length array field name of 'inp'
+ * to 'newlen'.Fill extra elements with 0. Return 0 on success; return
+ * -1 and set the error code on 'inp' on failure.
+ */
+int domainname_setlen_name(domainname_t *inp, size_t newlen);
+/** Return the value of the name field of a domainname_t as a NUL-
+ * terminated string.
+ */
+const char * domainname_getstr_name(domainname_t *inp);
+/** Set the value of the name field of a domainname_t to a given
+ * string of length 'len'. Return 0 on success; return -1 and set the
+ * error code on 'inp' on failure.
+ */
+int domainname_setstr0_name(domainname_t *inp, const char *val, size_t len);
+/** Set the value of the name field of a domainname_t to a given NUL-
+ * terminated string. Return 0 on success; return -1 and set the error
+ * code on 'inp' on failure.
+ */
+int domainname_setstr_name(domainname_t *inp, const char *val);
+/** Return a newly allocated socks4_client_request with all elements
+ * set to zero.
+ */
+socks4_client_request_t *socks4_client_request_new(void);
+/** Release all storage held by the socks4_client_request in 'victim'.
+ * (Do nothing if 'victim' is NULL.)
+ */
+void socks4_client_request_free(socks4_client_request_t *victim);
+/** Try to parse a socks4_client_request from the buffer in 'input',
+ * using up to 'len_in' bytes from the input buffer. On success,
+ * return the number of bytes consumed and set *output to the newly
+ * allocated socks4_client_request_t. On failure, return -2 if the
+ * input appears truncated, and -1 if the input is otherwise invalid.
+ */
+ssize_t socks4_client_request_parse(socks4_client_request_t **output, const uint8_t *input, const size_t len_in);
+/** Return the number of bytes we expect to need to encode the
+ * socks4_client_request in 'obj'. On failure, return a negative
+ * value. Note that this value may be an overestimate, and can even be
+ * an underestimate for certain unencodeable objects.
+ */
+ssize_t socks4_client_request_encoded_len(const socks4_client_request_t *obj);
+/** Try to encode the socks4_client_request from 'input' into the
+ * buffer at 'output', using up to 'avail' bytes of the output buffer.
+ * On success, return the number of bytes used. On failure, return -2
+ * if the buffer was not long enough, and -1 if the input was invalid.
+ */
+ssize_t socks4_client_request_encode(uint8_t *output, size_t avail, const socks4_client_request_t *input);
+/** Check whether the internal state of the socks4_client_request in
+ * 'obj' is consistent. Return NULL if it is, and a short message if
+ * it is not.
+ */
+const char *socks4_client_request_check(const socks4_client_request_t *obj);
+/** Clear any errors that were set on the object 'obj' by its setter
+ * functions. Return true iff errors were cleared.
+ */
+int socks4_client_request_clear_errors(socks4_client_request_t *obj);
+/** Return the value of the version field of the
+ * socks4_client_request_t in 'inp'
+ */
+uint8_t socks4_client_request_get_version(const socks4_client_request_t *inp);
+/** Set the value of the version field of the socks4_client_request_t
+ * in 'inp' to 'val'. Return 0 on success; return -1 and set the error
+ * code on 'inp' on failure.
+ */
+int socks4_client_request_set_version(socks4_client_request_t *inp, uint8_t val);
+/** Return the value of the command field of the
+ * socks4_client_request_t in 'inp'
+ */
+uint8_t socks4_client_request_get_command(const socks4_client_request_t *inp);
+/** Set the value of the command field of the socks4_client_request_t
+ * in 'inp' to 'val'. Return 0 on success; return -1 and set the error
+ * code on 'inp' on failure.
+ */
+int socks4_client_request_set_command(socks4_client_request_t *inp, uint8_t val);
+/** Return the value of the port field of the socks4_client_request_t
+ * in 'inp'
+ */
+uint16_t socks4_client_request_get_port(const socks4_client_request_t *inp);
+/** Set the value of the port field of the socks4_client_request_t in
+ * 'inp' to 'val'. Return 0 on success; return -1 and set the error
+ * code on 'inp' on failure.
+ */
+int socks4_client_request_set_port(socks4_client_request_t *inp, uint16_t val);
+/** Return the value of the addr field of the socks4_client_request_t
+ * in 'inp'
+ */
+uint32_t socks4_client_request_get_addr(const socks4_client_request_t *inp);
+/** Set the value of the addr field of the socks4_client_request_t in
+ * 'inp' to 'val'. Return 0 on success; return -1 and set the error
+ * code on 'inp' on failure.
+ */
+int socks4_client_request_set_addr(socks4_client_request_t *inp, uint32_t val);
+/** Return the value of the username field of the
+ * socks4_client_request_t in 'inp'
+ */
+const char * socks4_client_request_get_username(const socks4_client_request_t *inp);
+/** Set the value of the username field of the socks4_client_request_t
+ * in 'inp' to 'val'. Free the old value if any. Does not steal the
+ * reference to 'val'.Return 0 on success; return -1 and set the error
+ * code on 'inp' on failure.
+ */
+int socks4_client_request_set_username(socks4_client_request_t *inp, const char *val);
+/** Return the value of the socks4a_addr_hostname field of the
+ * socks4_client_request_t in 'inp'
+ */
+const char * socks4_client_request_get_socks4a_addr_hostname(const socks4_client_request_t *inp);
+/** Set the value of the socks4a_addr_hostname field of the
+ * socks4_client_request_t in 'inp' to 'val'. Free the old value if
+ * any. Does not steal the reference to 'val'.Return 0 on success;
+ * return -1 and set the error code on 'inp' on failure.
+ */
+int socks4_client_request_set_socks4a_addr_hostname(socks4_client_request_t *inp, const char *val);
+/** Return a newly allocated socks4_server_reply with all elements set
+ * to zero.
+ */
+socks4_server_reply_t *socks4_server_reply_new(void);
+/** Release all storage held by the socks4_server_reply in 'victim'.
+ * (Do nothing if 'victim' is NULL.)
+ */
+void socks4_server_reply_free(socks4_server_reply_t *victim);
+/** Try to parse a socks4_server_reply from the buffer in 'input',
+ * using up to 'len_in' bytes from the input buffer. On success,
+ * return the number of bytes consumed and set *output to the newly
+ * allocated socks4_server_reply_t. On failure, return -2 if the input
+ * appears truncated, and -1 if the input is otherwise invalid.
+ */
+ssize_t socks4_server_reply_parse(socks4_server_reply_t **output, const uint8_t *input, const size_t len_in);
+/** Return the number of bytes we expect to need to encode the
+ * socks4_server_reply in 'obj'. On failure, return a negative value.
+ * Note that this value may be an overestimate, and can even be an
+ * underestimate for certain unencodeable objects.
+ */
+ssize_t socks4_server_reply_encoded_len(const socks4_server_reply_t *obj);
+/** Try to encode the socks4_server_reply from 'input' into the buffer
+ * at 'output', using up to 'avail' bytes of the output buffer. On
+ * success, return the number of bytes used. On failure, return -2 if
+ * the buffer was not long enough, and -1 if the input was invalid.
+ */
+ssize_t socks4_server_reply_encode(uint8_t *output, size_t avail, const socks4_server_reply_t *input);
+/** Check whether the internal state of the socks4_server_reply in
+ * 'obj' is consistent. Return NULL if it is, and a short message if
+ * it is not.
+ */
+const char *socks4_server_reply_check(const socks4_server_reply_t *obj);
+/** Clear any errors that were set on the object 'obj' by its setter
+ * functions. Return true iff errors were cleared.
+ */
+int socks4_server_reply_clear_errors(socks4_server_reply_t *obj);
+/** Return the value of the version field of the socks4_server_reply_t
+ * in 'inp'
+ */
+uint8_t socks4_server_reply_get_version(const socks4_server_reply_t *inp);
+/** Set the value of the version field of the socks4_server_reply_t in
+ * 'inp' to 'val'. Return 0 on success; return -1 and set the error
+ * code on 'inp' on failure.
+ */
+int socks4_server_reply_set_version(socks4_server_reply_t *inp, uint8_t val);
+/** Return the value of the status field of the socks4_server_reply_t
+ * in 'inp'
+ */
+uint8_t socks4_server_reply_get_status(const socks4_server_reply_t *inp);
+/** Set the value of the status field of the socks4_server_reply_t in
+ * 'inp' to 'val'. Return 0 on success; return -1 and set the error
+ * code on 'inp' on failure.
+ */
+int socks4_server_reply_set_status(socks4_server_reply_t *inp, uint8_t val);
+/** Return the value of the port field of the socks4_server_reply_t in
+ * 'inp'
+ */
+uint16_t socks4_server_reply_get_port(const socks4_server_reply_t *inp);
+/** Set the value of the port field of the socks4_server_reply_t in
+ * 'inp' to 'val'. Return 0 on success; return -1 and set the error
+ * code on 'inp' on failure.
+ */
+int socks4_server_reply_set_port(socks4_server_reply_t *inp, uint16_t val);
+/** Return the value of the addr field of the socks4_server_reply_t in
+ * 'inp'
+ */
+uint32_t socks4_server_reply_get_addr(const socks4_server_reply_t *inp);
+/** Set the value of the addr field of the socks4_server_reply_t in
+ * 'inp' to 'val'. Return 0 on success; return -1 and set the error
+ * code on 'inp' on failure.
+ */
+int socks4_server_reply_set_addr(socks4_server_reply_t *inp, uint32_t val);
+/** Return a newly allocated socks5_client_userpass_auth with all
+ * elements set to zero.
+ */
+socks5_client_userpass_auth_t *socks5_client_userpass_auth_new(void);
+/** Release all storage held by the socks5_client_userpass_auth in
+ * 'victim'. (Do nothing if 'victim' is NULL.)
+ */
+void socks5_client_userpass_auth_free(socks5_client_userpass_auth_t *victim);
+/** Try to parse a socks5_client_userpass_auth from the buffer in
+ * 'input', using up to 'len_in' bytes from the input buffer. On
+ * success, return the number of bytes consumed and set *output to the
+ * newly allocated socks5_client_userpass_auth_t. On failure, return
+ * -2 if the input appears truncated, and -1 if the input is otherwise
+ * invalid.
+ */
+ssize_t socks5_client_userpass_auth_parse(socks5_client_userpass_auth_t **output, const uint8_t *input, const size_t len_in);
+/** Return the number of bytes we expect to need to encode the
+ * socks5_client_userpass_auth in 'obj'. On failure, return a negative
+ * value. Note that this value may be an overestimate, and can even be
+ * an underestimate for certain unencodeable objects.
+ */
+ssize_t socks5_client_userpass_auth_encoded_len(const socks5_client_userpass_auth_t *obj);
+/** Try to encode the socks5_client_userpass_auth from 'input' into
+ * the buffer at 'output', using up to 'avail' bytes of the output
+ * buffer. On success, return the number of bytes used. On failure,
+ * return -2 if the buffer was not long enough, and -1 if the input
+ * was invalid.
+ */
+ssize_t socks5_client_userpass_auth_encode(uint8_t *output, size_t avail, const socks5_client_userpass_auth_t *input);
+/** Check whether the internal state of the
+ * socks5_client_userpass_auth in 'obj' is consistent. Return NULL if
+ * it is, and a short message if it is not.
+ */
+const char *socks5_client_userpass_auth_check(const socks5_client_userpass_auth_t *obj);
+/** Clear any errors that were set on the object 'obj' by its setter
+ * functions. Return true iff errors were cleared.
+ */
+int socks5_client_userpass_auth_clear_errors(socks5_client_userpass_auth_t *obj);
+/** Return the value of the version field of the
+ * socks5_client_userpass_auth_t in 'inp'
+ */
+uint8_t socks5_client_userpass_auth_get_version(const socks5_client_userpass_auth_t *inp);
+/** Set the value of the version field of the
+ * socks5_client_userpass_auth_t in 'inp' to 'val'. Return 0 on
+ * success; return -1 and set the error code on 'inp' on failure.
+ */
+int socks5_client_userpass_auth_set_version(socks5_client_userpass_auth_t *inp, uint8_t val);
+/** Return the value of the username_len field of the
+ * socks5_client_userpass_auth_t in 'inp'
+ */
+uint8_t socks5_client_userpass_auth_get_username_len(const socks5_client_userpass_auth_t *inp);
+/** Set the value of the username_len field of the
+ * socks5_client_userpass_auth_t in 'inp' to 'val'. Return 0 on
+ * success; return -1 and set the error code on 'inp' on failure.
+ */
+int socks5_client_userpass_auth_set_username_len(socks5_client_userpass_auth_t *inp, uint8_t val);
+/** Return the length of the dynamic array holding the username field
+ * of the socks5_client_userpass_auth_t in 'inp'.
+ */
+size_t socks5_client_userpass_auth_getlen_username(const socks5_client_userpass_auth_t *inp);
+/** Return the element at position 'idx' of the dynamic array field
+ * username of the socks5_client_userpass_auth_t in 'inp'.
+ */
+char socks5_client_userpass_auth_get_username(socks5_client_userpass_auth_t *inp, size_t idx);
+/** As socks5_client_userpass_auth_get_username, but take and return a
+ * const pointer
+ */
+char socks5_client_userpass_auth_getconst_username(const socks5_client_userpass_auth_t *inp, size_t idx);
+/** Change the element at position 'idx' of the dynamic array field
+ * username of the socks5_client_userpass_auth_t in 'inp', so that it
+ * will hold the value 'elt'.
+ */
+int socks5_client_userpass_auth_set_username(socks5_client_userpass_auth_t *inp, size_t idx, char elt);
+/** Append a new element 'elt' to the dynamic array field username of
+ * the socks5_client_userpass_auth_t in 'inp'.
+ */
+int socks5_client_userpass_auth_add_username(socks5_client_userpass_auth_t *inp, char elt);
+/** Return a pointer to the variable-length array field username of
+ * 'inp'.
+ */
+char * socks5_client_userpass_auth_getarray_username(socks5_client_userpass_auth_t *inp);
+/** As socks5_client_userpass_auth_get_username, but take and return a
+ * const pointer
+ */
+const char * socks5_client_userpass_auth_getconstarray_username(const socks5_client_userpass_auth_t *inp);
+/** Change the length of the variable-length array field username of
+ * 'inp' to 'newlen'.Fill extra elements with 0. Return 0 on success;
+ * return -1 and set the error code on 'inp' on failure.
+ */
+int socks5_client_userpass_auth_setlen_username(socks5_client_userpass_auth_t *inp, size_t newlen);
+/** Return the value of the username field of a
+ * socks5_client_userpass_auth_t as a NUL-terminated string.
+ */
+const char * socks5_client_userpass_auth_getstr_username(socks5_client_userpass_auth_t *inp);
+/** Set the value of the username field of a
+ * socks5_client_userpass_auth_t to a given string of length 'len'.
+ * Return 0 on success; return -1 and set the error code on 'inp' on
+ * failure.
+ */
+int socks5_client_userpass_auth_setstr0_username(socks5_client_userpass_auth_t *inp, const char *val, size_t len);
+/** Set the value of the username field of a
+ * socks5_client_userpass_auth_t to a given NUL-terminated string.
+ * Return 0 on success; return -1 and set the error code on 'inp' on
+ * failure.
+ */
+int socks5_client_userpass_auth_setstr_username(socks5_client_userpass_auth_t *inp, const char *val);
+/** Return the value of the passwd_len field of the
+ * socks5_client_userpass_auth_t in 'inp'
+ */
+uint8_t socks5_client_userpass_auth_get_passwd_len(const socks5_client_userpass_auth_t *inp);
+/** Set the value of the passwd_len field of the
+ * socks5_client_userpass_auth_t in 'inp' to 'val'. Return 0 on
+ * success; return -1 and set the error code on 'inp' on failure.
+ */
+int socks5_client_userpass_auth_set_passwd_len(socks5_client_userpass_auth_t *inp, uint8_t val);
+/** Return the length of the dynamic array holding the passwd field of
+ * the socks5_client_userpass_auth_t in 'inp'.
+ */
+size_t socks5_client_userpass_auth_getlen_passwd(const socks5_client_userpass_auth_t *inp);
+/** Return the element at position 'idx' of the dynamic array field
+ * passwd of the socks5_client_userpass_auth_t in 'inp'.
+ */
+char socks5_client_userpass_auth_get_passwd(socks5_client_userpass_auth_t *inp, size_t idx);
+/** As socks5_client_userpass_auth_get_passwd, but take and return a
+ * const pointer
+ */
+char socks5_client_userpass_auth_getconst_passwd(const socks5_client_userpass_auth_t *inp, size_t idx);
+/** Change the element at position 'idx' of the dynamic array field
+ * passwd of the socks5_client_userpass_auth_t in 'inp', so that it
+ * will hold the value 'elt'.
+ */
+int socks5_client_userpass_auth_set_passwd(socks5_client_userpass_auth_t *inp, size_t idx, char elt);
+/** Append a new element 'elt' to the dynamic array field passwd of
+ * the socks5_client_userpass_auth_t in 'inp'.
+ */
+int socks5_client_userpass_auth_add_passwd(socks5_client_userpass_auth_t *inp, char elt);
+/** Return a pointer to the variable-length array field passwd of
+ * 'inp'.
+ */
+char * socks5_client_userpass_auth_getarray_passwd(socks5_client_userpass_auth_t *inp);
+/** As socks5_client_userpass_auth_get_passwd, but take and return a
+ * const pointer
+ */
+const char * socks5_client_userpass_auth_getconstarray_passwd(const socks5_client_userpass_auth_t *inp);
+/** Change the length of the variable-length array field passwd of
+ * 'inp' to 'newlen'.Fill extra elements with 0. Return 0 on success;
+ * return -1 and set the error code on 'inp' on failure.
+ */
+int socks5_client_userpass_auth_setlen_passwd(socks5_client_userpass_auth_t *inp, size_t newlen);
+/** Return the value of the passwd field of a
+ * socks5_client_userpass_auth_t as a NUL-terminated string.
+ */
+const char * socks5_client_userpass_auth_getstr_passwd(socks5_client_userpass_auth_t *inp);
+/** Set the value of the passwd field of a
+ * socks5_client_userpass_auth_t to a given string of length 'len'.
+ * Return 0 on success; return -1 and set the error code on 'inp' on
+ * failure.
+ */
+int socks5_client_userpass_auth_setstr0_passwd(socks5_client_userpass_auth_t *inp, const char *val, size_t len);
+/** Set the value of the passwd field of a
+ * socks5_client_userpass_auth_t to a given NUL-terminated string.
+ * Return 0 on success; return -1 and set the error code on 'inp' on
+ * failure.
+ */
+int socks5_client_userpass_auth_setstr_passwd(socks5_client_userpass_auth_t *inp, const char *val);
+/** Return a newly allocated socks5_client_version with all elements
+ * set to zero.
+ */
+socks5_client_version_t *socks5_client_version_new(void);
+/** Release all storage held by the socks5_client_version in 'victim'.
+ * (Do nothing if 'victim' is NULL.)
+ */
+void socks5_client_version_free(socks5_client_version_t *victim);
+/** Try to parse a socks5_client_version from the buffer in 'input',
+ * using up to 'len_in' bytes from the input buffer. On success,
+ * return the number of bytes consumed and set *output to the newly
+ * allocated socks5_client_version_t. On failure, return -2 if the
+ * input appears truncated, and -1 if the input is otherwise invalid.
+ */
+ssize_t socks5_client_version_parse(socks5_client_version_t **output, const uint8_t *input, const size_t len_in);
+/** Return the number of bytes we expect to need to encode the
+ * socks5_client_version in 'obj'. On failure, return a negative
+ * value. Note that this value may be an overestimate, and can even be
+ * an underestimate for certain unencodeable objects.
+ */
+ssize_t socks5_client_version_encoded_len(const socks5_client_version_t *obj);
+/** Try to encode the socks5_client_version from 'input' into the
+ * buffer at 'output', using up to 'avail' bytes of the output buffer.
+ * On success, return the number of bytes used. On failure, return -2
+ * if the buffer was not long enough, and -1 if the input was invalid.
+ */
+ssize_t socks5_client_version_encode(uint8_t *output, size_t avail, const socks5_client_version_t *input);
+/** Check whether the internal state of the socks5_client_version in
+ * 'obj' is consistent. Return NULL if it is, and a short message if
+ * it is not.
+ */
+const char *socks5_client_version_check(const socks5_client_version_t *obj);
+/** Clear any errors that were set on the object 'obj' by its setter
+ * functions. Return true iff errors were cleared.
+ */
+int socks5_client_version_clear_errors(socks5_client_version_t *obj);
+/** Return the value of the version field of the
+ * socks5_client_version_t in 'inp'
+ */
+uint8_t socks5_client_version_get_version(const socks5_client_version_t *inp);
+/** Set the value of the version field of the socks5_client_version_t
+ * in 'inp' to 'val'. Return 0 on success; return -1 and set the error
+ * code on 'inp' on failure.
+ */
+int socks5_client_version_set_version(socks5_client_version_t *inp, uint8_t val);
+/** Return the value of the n_methods field of the
+ * socks5_client_version_t in 'inp'
+ */
+uint8_t socks5_client_version_get_n_methods(const socks5_client_version_t *inp);
+/** Set the value of the n_methods field of the
+ * socks5_client_version_t in 'inp' to 'val'. Return 0 on success;
+ * return -1 and set the error code on 'inp' on failure.
+ */
+int socks5_client_version_set_n_methods(socks5_client_version_t *inp, uint8_t val);
+/** Return the length of the dynamic array holding the methods field
+ * of the socks5_client_version_t in 'inp'.
+ */
+size_t socks5_client_version_getlen_methods(const socks5_client_version_t *inp);
+/** Return the element at position 'idx' of the dynamic array field
+ * methods of the socks5_client_version_t in 'inp'.
+ */
+uint8_t socks5_client_version_get_methods(socks5_client_version_t *inp, size_t idx);
+/** As socks5_client_version_get_methods, but take and return a const
+ * pointer
+ */
+uint8_t socks5_client_version_getconst_methods(const socks5_client_version_t *inp, size_t idx);
+/** Change the element at position 'idx' of the dynamic array field
+ * methods of the socks5_client_version_t in 'inp', so that it will
+ * hold the value 'elt'.
+ */
+int socks5_client_version_set_methods(socks5_client_version_t *inp, size_t idx, uint8_t elt);
+/** Append a new element 'elt' to the dynamic array field methods of
+ * the socks5_client_version_t in 'inp'.
+ */
+int socks5_client_version_add_methods(socks5_client_version_t *inp, uint8_t elt);
+/** Return a pointer to the variable-length array field methods of
+ * 'inp'.
+ */
+uint8_t * socks5_client_version_getarray_methods(socks5_client_version_t *inp);
+/** As socks5_client_version_get_methods, but take and return a const
+ * pointer
+ */
+const uint8_t * socks5_client_version_getconstarray_methods(const socks5_client_version_t *inp);
+/** Change the length of the variable-length array field methods of
+ * 'inp' to 'newlen'.Fill extra elements with 0. Return 0 on success;
+ * return -1 and set the error code on 'inp' on failure.
+ */
+int socks5_client_version_setlen_methods(socks5_client_version_t *inp, size_t newlen);
+/** Return a newly allocated socks5_server_method with all elements
+ * set to zero.
+ */
+socks5_server_method_t *socks5_server_method_new(void);
+/** Release all storage held by the socks5_server_method in 'victim'.
+ * (Do nothing if 'victim' is NULL.)
+ */
+void socks5_server_method_free(socks5_server_method_t *victim);
+/** Try to parse a socks5_server_method from the buffer in 'input',
+ * using up to 'len_in' bytes from the input buffer. On success,
+ * return the number of bytes consumed and set *output to the newly
+ * allocated socks5_server_method_t. On failure, return -2 if the
+ * input appears truncated, and -1 if the input is otherwise invalid.
+ */
+ssize_t socks5_server_method_parse(socks5_server_method_t **output, const uint8_t *input, const size_t len_in);
+/** Return the number of bytes we expect to need to encode the
+ * socks5_server_method in 'obj'. On failure, return a negative value.
+ * Note that this value may be an overestimate, and can even be an
+ * underestimate for certain unencodeable objects.
+ */
+ssize_t socks5_server_method_encoded_len(const socks5_server_method_t *obj);
+/** Try to encode the socks5_server_method from 'input' into the
+ * buffer at 'output', using up to 'avail' bytes of the output buffer.
+ * On success, return the number of bytes used. On failure, return -2
+ * if the buffer was not long enough, and -1 if the input was invalid.
+ */
+ssize_t socks5_server_method_encode(uint8_t *output, size_t avail, const socks5_server_method_t *input);
+/** Check whether the internal state of the socks5_server_method in
+ * 'obj' is consistent. Return NULL if it is, and a short message if
+ * it is not.
+ */
+const char *socks5_server_method_check(const socks5_server_method_t *obj);
+/** Clear any errors that were set on the object 'obj' by its setter
+ * functions. Return true iff errors were cleared.
+ */
+int socks5_server_method_clear_errors(socks5_server_method_t *obj);
+/** Return the value of the version field of the
+ * socks5_server_method_t in 'inp'
+ */
+uint8_t socks5_server_method_get_version(const socks5_server_method_t *inp);
+/** Set the value of the version field of the socks5_server_method_t
+ * in 'inp' to 'val'. Return 0 on success; return -1 and set the error
+ * code on 'inp' on failure.
+ */
+int socks5_server_method_set_version(socks5_server_method_t *inp, uint8_t val);
+/** Return the value of the method field of the socks5_server_method_t
+ * in 'inp'
+ */
+uint8_t socks5_server_method_get_method(const socks5_server_method_t *inp);
+/** Set the value of the method field of the socks5_server_method_t in
+ * 'inp' to 'val'. Return 0 on success; return -1 and set the error
+ * code on 'inp' on failure.
+ */
+int socks5_server_method_set_method(socks5_server_method_t *inp, uint8_t val);
+/** Return a newly allocated socks5_server_userpath_auth with all
+ * elements set to zero.
+ */
+socks5_server_userpath_auth_t *socks5_server_userpath_auth_new(void);
+/** Release all storage held by the socks5_server_userpath_auth in
+ * 'victim'. (Do nothing if 'victim' is NULL.)
+ */
+void socks5_server_userpath_auth_free(socks5_server_userpath_auth_t *victim);
+/** Try to parse a socks5_server_userpath_auth from the buffer in
+ * 'input', using up to 'len_in' bytes from the input buffer. On
+ * success, return the number of bytes consumed and set *output to the
+ * newly allocated socks5_server_userpath_auth_t. On failure, return
+ * -2 if the input appears truncated, and -1 if the input is otherwise
+ * invalid.
+ */
+ssize_t socks5_server_userpath_auth_parse(socks5_server_userpath_auth_t **output, const uint8_t *input, const size_t len_in);
+/** Return the number of bytes we expect to need to encode the
+ * socks5_server_userpath_auth in 'obj'. On failure, return a negative
+ * value. Note that this value may be an overestimate, and can even be
+ * an underestimate for certain unencodeable objects.
+ */
+ssize_t socks5_server_userpath_auth_encoded_len(const socks5_server_userpath_auth_t *obj);
+/** Try to encode the socks5_server_userpath_auth from 'input' into
+ * the buffer at 'output', using up to 'avail' bytes of the output
+ * buffer. On success, return the number of bytes used. On failure,
+ * return -2 if the buffer was not long enough, and -1 if the input
+ * was invalid.
+ */
+ssize_t socks5_server_userpath_auth_encode(uint8_t *output, size_t avail, const socks5_server_userpath_auth_t *input);
+/** Check whether the internal state of the
+ * socks5_server_userpath_auth in 'obj' is consistent. Return NULL if
+ * it is, and a short message if it is not.
+ */
+const char *socks5_server_userpath_auth_check(const socks5_server_userpath_auth_t *obj);
+/** Clear any errors that were set on the object 'obj' by its setter
+ * functions. Return true iff errors were cleared.
+ */
+int socks5_server_userpath_auth_clear_errors(socks5_server_userpath_auth_t *obj);
+/** Return the value of the version field of the
+ * socks5_server_userpath_auth_t in 'inp'
+ */
+uint8_t socks5_server_userpath_auth_get_version(const socks5_server_userpath_auth_t *inp);
+/** Set the value of the version field of the
+ * socks5_server_userpath_auth_t in 'inp' to 'val'. Return 0 on
+ * success; return -1 and set the error code on 'inp' on failure.
+ */
+int socks5_server_userpath_auth_set_version(socks5_server_userpath_auth_t *inp, uint8_t val);
+/** Return the value of the status field of the
+ * socks5_server_userpath_auth_t in 'inp'
+ */
+uint8_t socks5_server_userpath_auth_get_status(const socks5_server_userpath_auth_t *inp);
+/** Set the value of the status field of the
+ * socks5_server_userpath_auth_t in 'inp' to 'val'. Return 0 on
+ * success; return -1 and set the error code on 'inp' on failure.
+ */
+int socks5_server_userpath_auth_set_status(socks5_server_userpath_auth_t *inp, uint8_t val);
+/** Return a newly allocated tor_socksauth_keyval with all elements
+ * set to zero.
+ */
+tor_socksauth_keyval_t *tor_socksauth_keyval_new(void);
+/** Release all storage held by the tor_socksauth_keyval in 'victim'.
+ * (Do nothing if 'victim' is NULL.)
+ */
+void tor_socksauth_keyval_free(tor_socksauth_keyval_t *victim);
+/** Try to parse a tor_socksauth_keyval from the buffer in 'input',
+ * using up to 'len_in' bytes from the input buffer. On success,
+ * return the number of bytes consumed and set *output to the newly
+ * allocated tor_socksauth_keyval_t. On failure, return -2 if the
+ * input appears truncated, and -1 if the input is otherwise invalid.
+ */
+ssize_t tor_socksauth_keyval_parse(tor_socksauth_keyval_t **output, const uint8_t *input, const size_t len_in);
+/** Return the number of bytes we expect to need to encode the
+ * tor_socksauth_keyval in 'obj'. On failure, return a negative value.
+ * Note that this value may be an overestimate, and can even be an
+ * underestimate for certain unencodeable objects.
+ */
+ssize_t tor_socksauth_keyval_encoded_len(const tor_socksauth_keyval_t *obj);
+/** Try to encode the tor_socksauth_keyval from 'input' into the
+ * buffer at 'output', using up to 'avail' bytes of the output buffer.
+ * On success, return the number of bytes used. On failure, return -2
+ * if the buffer was not long enough, and -1 if the input was invalid.
+ */
+ssize_t tor_socksauth_keyval_encode(uint8_t *output, size_t avail, const tor_socksauth_keyval_t *input);
+/** Check whether the internal state of the tor_socksauth_keyval in
+ * 'obj' is consistent. Return NULL if it is, and a short message if
+ * it is not.
+ */
+const char *tor_socksauth_keyval_check(const tor_socksauth_keyval_t *obj);
+/** Clear any errors that were set on the object 'obj' by its setter
+ * functions. Return true iff errors were cleared.
+ */
+int tor_socksauth_keyval_clear_errors(tor_socksauth_keyval_t *obj);
+/** Return the value of the keylen field of the tor_socksauth_keyval_t
+ * in 'inp'
+ */
+uint16_t tor_socksauth_keyval_get_keylen(const tor_socksauth_keyval_t *inp);
+/** Set the value of the keylen field of the tor_socksauth_keyval_t in
+ * 'inp' to 'val'. Return 0 on success; return -1 and set the error
+ * code on 'inp' on failure.
+ */
+int tor_socksauth_keyval_set_keylen(tor_socksauth_keyval_t *inp, uint16_t val);
+/** Return the length of the dynamic array holding the key field of
+ * the tor_socksauth_keyval_t in 'inp'.
+ */
+size_t tor_socksauth_keyval_getlen_key(const tor_socksauth_keyval_t *inp);
+/** Return the element at position 'idx' of the dynamic array field
+ * key of the tor_socksauth_keyval_t in 'inp'.
+ */
+char tor_socksauth_keyval_get_key(tor_socksauth_keyval_t *inp, size_t idx);
+/** As tor_socksauth_keyval_get_key, but take and return a const
+ * pointer
+ */
+char tor_socksauth_keyval_getconst_key(const tor_socksauth_keyval_t *inp, size_t idx);
+/** Change the element at position 'idx' of the dynamic array field
+ * key of the tor_socksauth_keyval_t in 'inp', so that it will hold
+ * the value 'elt'.
+ */
+int tor_socksauth_keyval_set_key(tor_socksauth_keyval_t *inp, size_t idx, char elt);
+/** Append a new element 'elt' to the dynamic array field key of the
+ * tor_socksauth_keyval_t in 'inp'.
+ */
+int tor_socksauth_keyval_add_key(tor_socksauth_keyval_t *inp, char elt);
+/** Return a pointer to the variable-length array field key of 'inp'.
+ */
+char * tor_socksauth_keyval_getarray_key(tor_socksauth_keyval_t *inp);
+/** As tor_socksauth_keyval_get_key, but take and return a const
+ * pointer
+ */
+const char * tor_socksauth_keyval_getconstarray_key(const tor_socksauth_keyval_t *inp);
+/** Change the length of the variable-length array field key of 'inp'
+ * to 'newlen'.Fill extra elements with 0. Return 0 on success; return
+ * -1 and set the error code on 'inp' on failure.
+ */
+int tor_socksauth_keyval_setlen_key(tor_socksauth_keyval_t *inp, size_t newlen);
+/** Return the value of the key field of a tor_socksauth_keyval_t as a
+ * NUL-terminated string.
+ */
+const char * tor_socksauth_keyval_getstr_key(tor_socksauth_keyval_t *inp);
+/** Set the value of the key field of a tor_socksauth_keyval_t to a
+ * given string of length 'len'. Return 0 on success; return -1 and
+ * set the error code on 'inp' on failure.
+ */
+int tor_socksauth_keyval_setstr0_key(tor_socksauth_keyval_t *inp, const char *val, size_t len);
+/** Set the value of the key field of a tor_socksauth_keyval_t to a
+ * given NUL-terminated string. Return 0 on success; return -1 and set
+ * the error code on 'inp' on failure.
+ */
+int tor_socksauth_keyval_setstr_key(tor_socksauth_keyval_t *inp, const char *val);
+/** Return the value of the vallen field of the tor_socksauth_keyval_t
+ * in 'inp'
+ */
+uint16_t tor_socksauth_keyval_get_vallen(const tor_socksauth_keyval_t *inp);
+/** Set the value of the vallen field of the tor_socksauth_keyval_t in
+ * 'inp' to 'val'. Return 0 on success; return -1 and set the error
+ * code on 'inp' on failure.
+ */
+int tor_socksauth_keyval_set_vallen(tor_socksauth_keyval_t *inp, uint16_t val);
+/** Return the length of the dynamic array holding the val field of
+ * the tor_socksauth_keyval_t in 'inp'.
+ */
+size_t tor_socksauth_keyval_getlen_val(const tor_socksauth_keyval_t *inp);
+/** Return the element at position 'idx' of the dynamic array field
+ * val of the tor_socksauth_keyval_t in 'inp'.
+ */
+char tor_socksauth_keyval_get_val(tor_socksauth_keyval_t *inp, size_t idx);
+/** As tor_socksauth_keyval_get_val, but take and return a const
+ * pointer
+ */
+char tor_socksauth_keyval_getconst_val(const tor_socksauth_keyval_t *inp, size_t idx);
+/** Change the element at position 'idx' of the dynamic array field
+ * val of the tor_socksauth_keyval_t in 'inp', so that it will hold
+ * the value 'elt'.
+ */
+int tor_socksauth_keyval_set_val(tor_socksauth_keyval_t *inp, size_t idx, char elt);
+/** Append a new element 'elt' to the dynamic array field val of the
+ * tor_socksauth_keyval_t in 'inp'.
+ */
+int tor_socksauth_keyval_add_val(tor_socksauth_keyval_t *inp, char elt);
+/** Return a pointer to the variable-length array field val of 'inp'.
+ */
+char * tor_socksauth_keyval_getarray_val(tor_socksauth_keyval_t *inp);
+/** As tor_socksauth_keyval_get_val, but take and return a const
+ * pointer
+ */
+const char * tor_socksauth_keyval_getconstarray_val(const tor_socksauth_keyval_t *inp);
+/** Change the length of the variable-length array field val of 'inp'
+ * to 'newlen'.Fill extra elements with 0. Return 0 on success; return
+ * -1 and set the error code on 'inp' on failure.
+ */
+int tor_socksauth_keyval_setlen_val(tor_socksauth_keyval_t *inp, size_t newlen);
+/** Return the value of the val field of a tor_socksauth_keyval_t as a
+ * NUL-terminated string.
+ */
+const char * tor_socksauth_keyval_getstr_val(tor_socksauth_keyval_t *inp);
+/** Set the value of the val field of a tor_socksauth_keyval_t to a
+ * given string of length 'len'. Return 0 on success; return -1 and
+ * set the error code on 'inp' on failure.
+ */
+int tor_socksauth_keyval_setstr0_val(tor_socksauth_keyval_t *inp, const char *val, size_t len);
+/** Set the value of the val field of a tor_socksauth_keyval_t to a
+ * given NUL-terminated string. Return 0 on success; return -1 and set
+ * the error code on 'inp' on failure.
+ */
+int tor_socksauth_keyval_setstr_val(tor_socksauth_keyval_t *inp, const char *val);
+/** Return a newly allocated socks5_client_request with all elements
+ * set to zero.
+ */
+socks5_client_request_t *socks5_client_request_new(void);
+/** Release all storage held by the socks5_client_request in 'victim'.
+ * (Do nothing if 'victim' is NULL.)
+ */
+void socks5_client_request_free(socks5_client_request_t *victim);
+/** Try to parse a socks5_client_request from the buffer in 'input',
+ * using up to 'len_in' bytes from the input buffer. On success,
+ * return the number of bytes consumed and set *output to the newly
+ * allocated socks5_client_request_t. On failure, return -2 if the
+ * input appears truncated, and -1 if the input is otherwise invalid.
+ */
+ssize_t socks5_client_request_parse(socks5_client_request_t **output, const uint8_t *input, const size_t len_in);
+/** Return the number of bytes we expect to need to encode the
+ * socks5_client_request in 'obj'. On failure, return a negative
+ * value. Note that this value may be an overestimate, and can even be
+ * an underestimate for certain unencodeable objects.
+ */
+ssize_t socks5_client_request_encoded_len(const socks5_client_request_t *obj);
+/** Try to encode the socks5_client_request from 'input' into the
+ * buffer at 'output', using up to 'avail' bytes of the output buffer.
+ * On success, return the number of bytes used. On failure, return -2
+ * if the buffer was not long enough, and -1 if the input was invalid.
+ */
+ssize_t socks5_client_request_encode(uint8_t *output, size_t avail, const socks5_client_request_t *input);
+/** Check whether the internal state of the socks5_client_request in
+ * 'obj' is consistent. Return NULL if it is, and a short message if
+ * it is not.
+ */
+const char *socks5_client_request_check(const socks5_client_request_t *obj);
+/** Clear any errors that were set on the object 'obj' by its setter
+ * functions. Return true iff errors were cleared.
+ */
+int socks5_client_request_clear_errors(socks5_client_request_t *obj);
+/** Return the value of the version field of the
+ * socks5_client_request_t in 'inp'
+ */
+uint8_t socks5_client_request_get_version(const socks5_client_request_t *inp);
+/** Set the value of the version field of the socks5_client_request_t
+ * in 'inp' to 'val'. Return 0 on success; return -1 and set the error
+ * code on 'inp' on failure.
+ */
+int socks5_client_request_set_version(socks5_client_request_t *inp, uint8_t val);
+/** Return the value of the command field of the
+ * socks5_client_request_t in 'inp'
+ */
+uint8_t socks5_client_request_get_command(const socks5_client_request_t *inp);
+/** Set the value of the command field of the socks5_client_request_t
+ * in 'inp' to 'val'. Return 0 on success; return -1 and set the error
+ * code on 'inp' on failure.
+ */
+int socks5_client_request_set_command(socks5_client_request_t *inp, uint8_t val);
+/** Return the value of the reserved field of the
+ * socks5_client_request_t in 'inp'
+ */
+uint8_t socks5_client_request_get_reserved(const socks5_client_request_t *inp);
+/** Set the value of the reserved field of the socks5_client_request_t
+ * in 'inp' to 'val'. Return 0 on success; return -1 and set the error
+ * code on 'inp' on failure.
+ */
+int socks5_client_request_set_reserved(socks5_client_request_t *inp, uint8_t val);
+/** Return the value of the atype field of the socks5_client_request_t
+ * in 'inp'
+ */
+uint8_t socks5_client_request_get_atype(const socks5_client_request_t *inp);
+/** Set the value of the atype field of the socks5_client_request_t in
+ * 'inp' to 'val'. Return 0 on success; return -1 and set the error
+ * code on 'inp' on failure.
+ */
+int socks5_client_request_set_atype(socks5_client_request_t *inp, uint8_t val);
+/** Return the value of the dest_addr_ipv4 field of the
+ * socks5_client_request_t in 'inp'
+ */
+uint32_t socks5_client_request_get_dest_addr_ipv4(const socks5_client_request_t *inp);
+/** Set the value of the dest_addr_ipv4 field of the
+ * socks5_client_request_t in 'inp' to 'val'. Return 0 on success;
+ * return -1 and set the error code on 'inp' on failure.
+ */
+int socks5_client_request_set_dest_addr_ipv4(socks5_client_request_t *inp, uint32_t val);
+/** Return the (constant) length of the array holding the
+ * dest_addr_ipv6 field of the socks5_client_request_t in 'inp'.
+ */
+size_t socks5_client_request_getlen_dest_addr_ipv6(const socks5_client_request_t *inp);
+/** Return the element at position 'idx' of the fixed array field
+ * dest_addr_ipv6 of the socks5_client_request_t in 'inp'.
+ */
+uint8_t socks5_client_request_get_dest_addr_ipv6(socks5_client_request_t *inp, size_t idx);
+/** As socks5_client_request_get_dest_addr_ipv6, but take and return a
+ * const pointer
+ */
+uint8_t socks5_client_request_getconst_dest_addr_ipv6(const socks5_client_request_t *inp, size_t idx);
+/** Change the element at position 'idx' of the fixed array field
+ * dest_addr_ipv6 of the socks5_client_request_t in 'inp', so that it
+ * will hold the value 'elt'.
+ */
+int socks5_client_request_set_dest_addr_ipv6(socks5_client_request_t *inp, size_t idx, uint8_t elt);
+/** Return a pointer to the 16-element array field dest_addr_ipv6 of
+ * 'inp'.
+ */
+uint8_t * socks5_client_request_getarray_dest_addr_ipv6(socks5_client_request_t *inp);
+/** As socks5_client_request_get_dest_addr_ipv6, but take and return a
+ * const pointer
+ */
+const uint8_t * socks5_client_request_getconstarray_dest_addr_ipv6(const socks5_client_request_t *inp);
+/** Return the value of the dest_addr_domainname field of the
+ * socks5_client_request_t in 'inp'
+ */
+struct domainname_st * socks5_client_request_get_dest_addr_domainname(socks5_client_request_t *inp);
+/** As socks5_client_request_get_dest_addr_domainname, but take and
+ * return a const pointer
+ */
+const struct domainname_st * socks5_client_request_getconst_dest_addr_domainname(const socks5_client_request_t *inp);
+/** Set the value of the dest_addr_domainname field of the
+ * socks5_client_request_t in 'inp' to 'val'. Free the old value if
+ * any. Steals the referenceto 'val'.Return 0 on success; return -1
+ * and set the error code on 'inp' on failure.
+ */
+int socks5_client_request_set_dest_addr_domainname(socks5_client_request_t *inp, struct domainname_st *val);
+/** As socks5_client_request_set_dest_addr_domainname, but does not
+ * free the previous value.
+ */
+int socks5_client_request_set0_dest_addr_domainname(socks5_client_request_t *inp, struct domainname_st *val);
+/** Return the value of the dest_port field of the
+ * socks5_client_request_t in 'inp'
+ */
+uint16_t socks5_client_request_get_dest_port(const socks5_client_request_t *inp);
+/** Set the value of the dest_port field of the
+ * socks5_client_request_t in 'inp' to 'val'. Return 0 on success;
+ * return -1 and set the error code on 'inp' on failure.
+ */
+int socks5_client_request_set_dest_port(socks5_client_request_t *inp, uint16_t val);
+/** Return a newly allocated socks5_server_reply with all elements set
+ * to zero.
+ */
+socks5_server_reply_t *socks5_server_reply_new(void);
+/** Release all storage held by the socks5_server_reply in 'victim'.
+ * (Do nothing if 'victim' is NULL.)
+ */
+void socks5_server_reply_free(socks5_server_reply_t *victim);
+/** Try to parse a socks5_server_reply from the buffer in 'input',
+ * using up to 'len_in' bytes from the input buffer. On success,
+ * return the number of bytes consumed and set *output to the newly
+ * allocated socks5_server_reply_t. On failure, return -2 if the input
+ * appears truncated, and -1 if the input is otherwise invalid.
+ */
+ssize_t socks5_server_reply_parse(socks5_server_reply_t **output, const uint8_t *input, const size_t len_in);
+/** Return the number of bytes we expect to need to encode the
+ * socks5_server_reply in 'obj'. On failure, return a negative value.
+ * Note that this value may be an overestimate, and can even be an
+ * underestimate for certain unencodeable objects.
+ */
+ssize_t socks5_server_reply_encoded_len(const socks5_server_reply_t *obj);
+/** Try to encode the socks5_server_reply from 'input' into the buffer
+ * at 'output', using up to 'avail' bytes of the output buffer. On
+ * success, return the number of bytes used. On failure, return -2 if
+ * the buffer was not long enough, and -1 if the input was invalid.
+ */
+ssize_t socks5_server_reply_encode(uint8_t *output, size_t avail, const socks5_server_reply_t *input);
+/** Check whether the internal state of the socks5_server_reply in
+ * 'obj' is consistent. Return NULL if it is, and a short message if
+ * it is not.
+ */
+const char *socks5_server_reply_check(const socks5_server_reply_t *obj);
+/** Clear any errors that were set on the object 'obj' by its setter
+ * functions. Return true iff errors were cleared.
+ */
+int socks5_server_reply_clear_errors(socks5_server_reply_t *obj);
+/** Return the value of the version field of the socks5_server_reply_t
+ * in 'inp'
+ */
+uint8_t socks5_server_reply_get_version(const socks5_server_reply_t *inp);
+/** Set the value of the version field of the socks5_server_reply_t in
+ * 'inp' to 'val'. Return 0 on success; return -1 and set the error
+ * code on 'inp' on failure.
+ */
+int socks5_server_reply_set_version(socks5_server_reply_t *inp, uint8_t val);
+/** Return the value of the reply field of the socks5_server_reply_t
+ * in 'inp'
+ */
+uint8_t socks5_server_reply_get_reply(const socks5_server_reply_t *inp);
+/** Set the value of the reply field of the socks5_server_reply_t in
+ * 'inp' to 'val'. Return 0 on success; return -1 and set the error
+ * code on 'inp' on failure.
+ */
+int socks5_server_reply_set_reply(socks5_server_reply_t *inp, uint8_t val);
+/** Return the value of the reserved field of the
+ * socks5_server_reply_t in 'inp'
+ */
+uint8_t socks5_server_reply_get_reserved(const socks5_server_reply_t *inp);
+/** Set the value of the reserved field of the socks5_server_reply_t
+ * in 'inp' to 'val'. Return 0 on success; return -1 and set the error
+ * code on 'inp' on failure.
+ */
+int socks5_server_reply_set_reserved(socks5_server_reply_t *inp, uint8_t val);
+/** Return the value of the atype field of the socks5_server_reply_t
+ * in 'inp'
+ */
+uint8_t socks5_server_reply_get_atype(const socks5_server_reply_t *inp);
+/** Set the value of the atype field of the socks5_server_reply_t in
+ * 'inp' to 'val'. Return 0 on success; return -1 and set the error
+ * code on 'inp' on failure.
+ */
+int socks5_server_reply_set_atype(socks5_server_reply_t *inp, uint8_t val);
+/** Return the value of the bind_addr_ipv4 field of the
+ * socks5_server_reply_t in 'inp'
+ */
+uint32_t socks5_server_reply_get_bind_addr_ipv4(const socks5_server_reply_t *inp);
+/** Set the value of the bind_addr_ipv4 field of the
+ * socks5_server_reply_t in 'inp' to 'val'. Return 0 on success;
+ * return -1 and set the error code on 'inp' on failure.
+ */
+int socks5_server_reply_set_bind_addr_ipv4(socks5_server_reply_t *inp, uint32_t val);
+/** Return the (constant) length of the array holding the
+ * bind_addr_ipv6 field of the socks5_server_reply_t in 'inp'.
+ */
+size_t socks5_server_reply_getlen_bind_addr_ipv6(const socks5_server_reply_t *inp);
+/** Return the element at position 'idx' of the fixed array field
+ * bind_addr_ipv6 of the socks5_server_reply_t in 'inp'.
+ */
+uint8_t socks5_server_reply_get_bind_addr_ipv6(socks5_server_reply_t *inp, size_t idx);
+/** As socks5_server_reply_get_bind_addr_ipv6, but take and return a
+ * const pointer
+ */
+uint8_t socks5_server_reply_getconst_bind_addr_ipv6(const socks5_server_reply_t *inp, size_t idx);
+/** Change the element at position 'idx' of the fixed array field
+ * bind_addr_ipv6 of the socks5_server_reply_t in 'inp', so that it
+ * will hold the value 'elt'.
+ */
+int socks5_server_reply_set_bind_addr_ipv6(socks5_server_reply_t *inp, size_t idx, uint8_t elt);
+/** Return a pointer to the 16-element array field bind_addr_ipv6 of
+ * 'inp'.
+ */
+uint8_t * socks5_server_reply_getarray_bind_addr_ipv6(socks5_server_reply_t *inp);
+/** As socks5_server_reply_get_bind_addr_ipv6, but take and return a
+ * const pointer
+ */
+const uint8_t * socks5_server_reply_getconstarray_bind_addr_ipv6(const socks5_server_reply_t *inp);
+/** Return the value of the bind_addr_domainname field of the
+ * socks5_server_reply_t in 'inp'
+ */
+struct domainname_st * socks5_server_reply_get_bind_addr_domainname(socks5_server_reply_t *inp);
+/** As socks5_server_reply_get_bind_addr_domainname, but take and
+ * return a const pointer
+ */
+const struct domainname_st * socks5_server_reply_getconst_bind_addr_domainname(const socks5_server_reply_t *inp);
+/** Set the value of the bind_addr_domainname field of the
+ * socks5_server_reply_t in 'inp' to 'val'. Free the old value if any.
+ * Steals the referenceto 'val'.Return 0 on success; return -1 and set
+ * the error code on 'inp' on failure.
+ */
+int socks5_server_reply_set_bind_addr_domainname(socks5_server_reply_t *inp, struct domainname_st *val);
+/** As socks5_server_reply_set_bind_addr_domainname, but does not free
+ * the previous value.
+ */
+int socks5_server_reply_set0_bind_addr_domainname(socks5_server_reply_t *inp, struct domainname_st *val);
+/** Return the value of the bind_port field of the
+ * socks5_server_reply_t in 'inp'
+ */
+uint16_t socks5_server_reply_get_bind_port(const socks5_server_reply_t *inp);
+/** Set the value of the bind_port field of the socks5_server_reply_t
+ * in 'inp' to 'val'. Return 0 on success; return -1 and set the error
+ * code on 'inp' on failure.
+ */
+int socks5_server_reply_set_bind_port(socks5_server_reply_t *inp, uint16_t val);
+/** Return a newly allocated tor_extended_socks_auth_request with all
+ * elements set to zero.
+ */
+tor_extended_socks_auth_request_t *tor_extended_socks_auth_request_new(void);
+/** Release all storage held by the tor_extended_socks_auth_request in
+ * 'victim'. (Do nothing if 'victim' is NULL.)
+ */
+void tor_extended_socks_auth_request_free(tor_extended_socks_auth_request_t *victim);
+/** Try to parse a tor_extended_socks_auth_request from the buffer in
+ * 'input', using up to 'len_in' bytes from the input buffer. On
+ * success, return the number of bytes consumed and set *output to the
+ * newly allocated tor_extended_socks_auth_request_t. On failure,
+ * return -2 if the input appears truncated, and -1 if the input is
+ * otherwise invalid.
+ */
+ssize_t tor_extended_socks_auth_request_parse(tor_extended_socks_auth_request_t **output, const uint8_t *input, const size_t len_in);
+/** Return the number of bytes we expect to need to encode the
+ * tor_extended_socks_auth_request in 'obj'. On failure, return a
+ * negative value. Note that this value may be an overestimate, and
+ * can even be an underestimate for certain unencodeable objects.
+ */
+ssize_t tor_extended_socks_auth_request_encoded_len(const tor_extended_socks_auth_request_t *obj);
+/** Try to encode the tor_extended_socks_auth_request from 'input'
+ * into the buffer at 'output', using up to 'avail' bytes of the
+ * output buffer. On success, return the number of bytes used. On
+ * failure, return -2 if the buffer was not long enough, and -1 if the
+ * input was invalid.
+ */
+ssize_t tor_extended_socks_auth_request_encode(uint8_t *output, size_t avail, const tor_extended_socks_auth_request_t *input);
+/** Check whether the internal state of the
+ * tor_extended_socks_auth_request in 'obj' is consistent. Return NULL
+ * if it is, and a short message if it is not.
+ */
+const char *tor_extended_socks_auth_request_check(const tor_extended_socks_auth_request_t *obj);
+/** Clear any errors that were set on the object 'obj' by its setter
+ * functions. Return true iff errors were cleared.
+ */
+int tor_extended_socks_auth_request_clear_errors(tor_extended_socks_auth_request_t *obj);
+/** Return the value of the version field of the
+ * tor_extended_socks_auth_request_t in 'inp'
+ */
+uint8_t tor_extended_socks_auth_request_get_version(const tor_extended_socks_auth_request_t *inp);
+/** Set the value of the version field of the
+ * tor_extended_socks_auth_request_t in 'inp' to 'val'. Return 0 on
+ * success; return -1 and set the error code on 'inp' on failure.
+ */
+int tor_extended_socks_auth_request_set_version(tor_extended_socks_auth_request_t *inp, uint8_t val);
+/** Return the value of the npairs field of the
+ * tor_extended_socks_auth_request_t in 'inp'
+ */
+uint16_t tor_extended_socks_auth_request_get_npairs(const tor_extended_socks_auth_request_t *inp);
+/** Set the value of the npairs field of the
+ * tor_extended_socks_auth_request_t in 'inp' to 'val'. Return 0 on
+ * success; return -1 and set the error code on 'inp' on failure.
+ */
+int tor_extended_socks_auth_request_set_npairs(tor_extended_socks_auth_request_t *inp, uint16_t val);
+/** Return the length of the dynamic array holding the pairs field of
+ * the tor_extended_socks_auth_request_t in 'inp'.
+ */
+size_t tor_extended_socks_auth_request_getlen_pairs(const tor_extended_socks_auth_request_t *inp);
+/** Return the element at position 'idx' of the dynamic array field
+ * pairs of the tor_extended_socks_auth_request_t in 'inp'.
+ */
+struct tor_socksauth_keyval_st * tor_extended_socks_auth_request_get_pairs(tor_extended_socks_auth_request_t *inp, size_t idx);
+/** As tor_extended_socks_auth_request_get_pairs, but take and return
+ * a const pointer
+ */
+ const struct tor_socksauth_keyval_st * tor_extended_socks_auth_request_getconst_pairs(const tor_extended_socks_auth_request_t *inp, size_t idx);
+/** Change the element at position 'idx' of the dynamic array field
+ * pairs of the tor_extended_socks_auth_request_t in 'inp', so that it
+ * will hold the value 'elt'. Free the previous value, if any.
+ */
+int tor_extended_socks_auth_request_set_pairs(tor_extended_socks_auth_request_t *inp, size_t idx, struct tor_socksauth_keyval_st * elt);
+/** As tor_extended_socks_auth_request_set_pairs, but does not free
+ * the previous value.
+ */
+int tor_extended_socks_auth_request_set0_pairs(tor_extended_socks_auth_request_t *inp, size_t idx, struct tor_socksauth_keyval_st * elt);
+/** Append a new element 'elt' to the dynamic array field pairs of the
+ * tor_extended_socks_auth_request_t in 'inp'.
+ */
+int tor_extended_socks_auth_request_add_pairs(tor_extended_socks_auth_request_t *inp, struct tor_socksauth_keyval_st * elt);
+/** Return a pointer to the variable-length array field pairs of
+ * 'inp'.
+ */
+struct tor_socksauth_keyval_st * * tor_extended_socks_auth_request_getarray_pairs(tor_extended_socks_auth_request_t *inp);
+/** As tor_extended_socks_auth_request_get_pairs, but take and return
+ * a const pointer
+ */
+const struct tor_socksauth_keyval_st * const * tor_extended_socks_auth_request_getconstarray_pairs(const tor_extended_socks_auth_request_t *inp);
+/** Change the length of the variable-length array field pairs of
+ * 'inp' to 'newlen'.Fill extra elements with NULL; free removed
+ * elements. Return 0 on success; return -1 and set the error code on
+ * 'inp' on failure.
+ */
+int tor_extended_socks_auth_request_setlen_pairs(tor_extended_socks_auth_request_t *inp, size_t newlen);
+/** Return a newly allocated tor_extended_socks_auth_response with all
+ * elements set to zero.
+ */
+tor_extended_socks_auth_response_t *tor_extended_socks_auth_response_new(void);
+/** Release all storage held by the tor_extended_socks_auth_response
+ * in 'victim'. (Do nothing if 'victim' is NULL.)
+ */
+void tor_extended_socks_auth_response_free(tor_extended_socks_auth_response_t *victim);
+/** Try to parse a tor_extended_socks_auth_response from the buffer in
+ * 'input', using up to 'len_in' bytes from the input buffer. On
+ * success, return the number of bytes consumed and set *output to the
+ * newly allocated tor_extended_socks_auth_response_t. On failure,
+ * return -2 if the input appears truncated, and -1 if the input is
+ * otherwise invalid.
+ */
+ssize_t tor_extended_socks_auth_response_parse(tor_extended_socks_auth_response_t **output, const uint8_t *input, const size_t len_in);
+/** Return the number of bytes we expect to need to encode the
+ * tor_extended_socks_auth_response in 'obj'. On failure, return a
+ * negative value. Note that this value may be an overestimate, and
+ * can even be an underestimate for certain unencodeable objects.
+ */
+ssize_t tor_extended_socks_auth_response_encoded_len(const tor_extended_socks_auth_response_t *obj);
+/** Try to encode the tor_extended_socks_auth_response from 'input'
+ * into the buffer at 'output', using up to 'avail' bytes of the
+ * output buffer. On success, return the number of bytes used. On
+ * failure, return -2 if the buffer was not long enough, and -1 if the
+ * input was invalid.
+ */
+ssize_t tor_extended_socks_auth_response_encode(uint8_t *output, size_t avail, const tor_extended_socks_auth_response_t *input);
+/** Check whether the internal state of the
+ * tor_extended_socks_auth_response in 'obj' is consistent. Return
+ * NULL if it is, and a short message if it is not.
+ */
+const char *tor_extended_socks_auth_response_check(const tor_extended_socks_auth_response_t *obj);
+/** Clear any errors that were set on the object 'obj' by its setter
+ * functions. Return true iff errors were cleared.
+ */
+int tor_extended_socks_auth_response_clear_errors(tor_extended_socks_auth_response_t *obj);
+/** Return the value of the version field of the
+ * tor_extended_socks_auth_response_t in 'inp'
+ */
+uint8_t tor_extended_socks_auth_response_get_version(const tor_extended_socks_auth_response_t *inp);
+/** Set the value of the version field of the
+ * tor_extended_socks_auth_response_t in 'inp' to 'val'. Return 0 on
+ * success; return -1 and set the error code on 'inp' on failure.
+ */
+int tor_extended_socks_auth_response_set_version(tor_extended_socks_auth_response_t *inp, uint8_t val);
+/** Return the value of the status field of the
+ * tor_extended_socks_auth_response_t in 'inp'
+ */
+uint8_t tor_extended_socks_auth_response_get_status(const tor_extended_socks_auth_response_t *inp);
+/** Set the value of the status field of the
+ * tor_extended_socks_auth_response_t in 'inp' to 'val'. Return 0 on
+ * success; return -1 and set the error code on 'inp' on failure.
+ */
+int tor_extended_socks_auth_response_set_status(tor_extended_socks_auth_response_t *inp, uint8_t val);
+/** Return the value of the npairs field of the
+ * tor_extended_socks_auth_response_t in 'inp'
+ */
+uint16_t tor_extended_socks_auth_response_get_npairs(const tor_extended_socks_auth_response_t *inp);
+/** Set the value of the npairs field of the
+ * tor_extended_socks_auth_response_t in 'inp' to 'val'. Return 0 on
+ * success; return -1 and set the error code on 'inp' on failure.
+ */
+int tor_extended_socks_auth_response_set_npairs(tor_extended_socks_auth_response_t *inp, uint16_t val);
+/** Return the length of the dynamic array holding the pairs field of
+ * the tor_extended_socks_auth_response_t in 'inp'.
+ */
+size_t tor_extended_socks_auth_response_getlen_pairs(const tor_extended_socks_auth_response_t *inp);
+/** Return the element at position 'idx' of the dynamic array field
+ * pairs of the tor_extended_socks_auth_response_t in 'inp'.
+ */
+struct tor_socksauth_keyval_st * tor_extended_socks_auth_response_get_pairs(tor_extended_socks_auth_response_t *inp, size_t idx);
+/** As tor_extended_socks_auth_response_get_pairs, but take and return
+ * a const pointer
+ */
+ const struct tor_socksauth_keyval_st * tor_extended_socks_auth_response_getconst_pairs(const tor_extended_socks_auth_response_t *inp, size_t idx);
+/** Change the element at position 'idx' of the dynamic array field
+ * pairs of the tor_extended_socks_auth_response_t in 'inp', so that
+ * it will hold the value 'elt'. Free the previous value, if any.
+ */
+int tor_extended_socks_auth_response_set_pairs(tor_extended_socks_auth_response_t *inp, size_t idx, struct tor_socksauth_keyval_st * elt);
+/** As tor_extended_socks_auth_response_set_pairs, but does not free
+ * the previous value.
+ */
+int tor_extended_socks_auth_response_set0_pairs(tor_extended_socks_auth_response_t *inp, size_t idx, struct tor_socksauth_keyval_st * elt);
+/** Append a new element 'elt' to the dynamic array field pairs of the
+ * tor_extended_socks_auth_response_t in 'inp'.
+ */
+int tor_extended_socks_auth_response_add_pairs(tor_extended_socks_auth_response_t *inp, struct tor_socksauth_keyval_st * elt);
+/** Return a pointer to the variable-length array field pairs of
+ * 'inp'.
+ */
+struct tor_socksauth_keyval_st * * tor_extended_socks_auth_response_getarray_pairs(tor_extended_socks_auth_response_t *inp);
+/** As tor_extended_socks_auth_response_get_pairs, but take and return
+ * a const pointer
+ */
+const struct tor_socksauth_keyval_st * const * tor_extended_socks_auth_response_getconstarray_pairs(const tor_extended_socks_auth_response_t *inp);
+/** Change the length of the variable-length array field pairs of
+ * 'inp' to 'newlen'.Fill extra elements with NULL; free removed
+ * elements. Return 0 on success; return -1 and set the error code on
+ * 'inp' on failure.
+ */
+int tor_extended_socks_auth_response_setlen_pairs(tor_extended_socks_auth_response_t *inp, size_t newlen);
+
+
+#endif
1
0
[tor/master] Call new SOCKS code from parse_socks, to parse multiple packets in row
by nickm@torproject.org 16 Jul '18
by nickm@torproject.org 16 Jul '18
16 Jul '18
commit 63c478c1c4f3e22ed90de08f9c8e30181f73efa3
Author: rl1987 <rl1987(a)sdf.lonestar.org>
Date: Wed May 16 12:06:10 2018 +0200
Call new SOCKS code from parse_socks, to parse multiple packets in row
---
src/or/proto_socks.c | 129 +++++++++++++++++++++++++++++----------------------
1 file changed, 74 insertions(+), 55 deletions(-)
diff --git a/src/or/proto_socks.c b/src/or/proto_socks.c
index e9ea453fa..97297428e 100644
--- a/src/or/proto_socks.c
+++ b/src/or/proto_socks.c
@@ -21,7 +21,7 @@ static void socks_request_set_socks5_error(socks_request_t *req,
socks5_reply_status_t reason);
static int parse_socks(const char *data, size_t datalen, socks_request_t *req,
- int log_sockstype, int safe_socks, ssize_t *drain_out,
+ int log_sockstype, int safe_socks, size_t *drain_out,
size_t *want_length_out);
static int parse_socks_client(const uint8_t *data, size_t datalen,
int state, char **reason,
@@ -88,13 +88,19 @@ socks_request_free_(socks_request_t *req)
static int
parse_socks4_request(const uint8_t *raw_data, socks_request_t *req,
- size_t datalen, int *is_socks4a)
+ size_t datalen, int *is_socks4a, size_t *drain_out)
{
// http://ss5.sourceforge.net/socks4.protocol.txt
// http://ss5.sourceforge.net/socks4A.protocol.txt
int res = 1;
tor_addr_t destaddr;
+ tor_assert(is_socks4a);
+ tor_assert(drain_out);
+
+ *is_socks4a = 0;
+ *drain_out = 0;
+
req->socks_version = 4;
socks4_client_request_t *trunnel_req;
@@ -115,6 +121,9 @@ parse_socks4_request(const uint8_t *raw_data, socks_request_t *req,
goto end;
}
+ tor_assert(parsed >= 0);
+ *drain_out = (size_t)parsed;
+
uint8_t command = socks4_client_request_get_command(trunnel_req);
req->command = command;
@@ -172,6 +181,7 @@ parse_socks4_request(const uint8_t *raw_data, socks_request_t *req,
}
}
+
end:
socks4_client_request_free(trunnel_req);
@@ -261,6 +271,9 @@ parse_socks5_methods_request(const uint8_t *raw_data, socks_request_t *req,
goto end;
}
+ tor_assert(parsed >= 0);
+ *drain_out = (size_t)parsed;
+
size_t n_methods = (size_t)socks5_client_version_get_n_methods(trunnel_req);
if (n_methods == 0) {
res = -1;
@@ -282,7 +295,6 @@ parse_socks5_methods_request(const uint8_t *raw_data, socks_request_t *req,
}
end:
- *drain_out = (size_t)parsed;
socks5_client_version_free(trunnel_req);
return res;
@@ -342,49 +354,13 @@ process_socks5_methods_request(socks_request_t *req, int have_user_pass,
return res;
}
-/** There is a (possibly incomplete) socks handshake on <b>buf</b>, of one
- * of the forms
- * - socks4: "socksheader username\\0"
- * - socks4a: "socksheader username\\0 destaddr\\0"
- * - socks5 phase one: "version #methods methods"
- * - socks5 phase two: "version command 0 addresstype..."
- * If it's a complete and valid handshake, and destaddr fits in
- * MAX_SOCKS_ADDR_LEN bytes, then pull the handshake off the buf,
- * assign to <b>req</b>, and return 1.
- *
- * If it's invalid or too big, return -1.
- *
- * Else it's not all there yet, leave buf alone and return 0.
- *
- * If you want to specify the socks reply, write it into <b>req->reply</b>
- * and set <b>req->replylen</b>, else leave <b>req->replylen</b> alone.
- *
- * If <b>log_sockstype</b> is non-zero, then do a notice-level log of whether
- * the connection is possibly leaking DNS requests locally or not.
- *
- * If <b>safe_socks</b> is true, then reject unsafe socks protocols.
- *
- * If returning 0 or -1, <b>req->address</b> and <b>req->port</b> are
- * undefined.
- */
-int
-fetch_from_buf_socks(buf_t *buf, socks_request_t *req,
- int log_sockstype, int safe_socks)
+static int
+handle_socks_message(const uint8_t *raw_data, size_t datalen, socks_request_t *req,
+ int log_sockstype, int safe_socks, size_t *drain_out)
{
int res = 0;
- size_t datalen = buf_datalen(buf);
- uint8_t *raw_data;
- uint8_t *raw_ptr;
- uint8_t socks_version;
-
- raw_data = tor_malloc(datalen);
- memset(raw_data, 0, datalen);
-
- buf_peek(buf, (char *)raw_data, datalen);
-
- raw_ptr = raw_data;
- socks_version = (uint8_t)raw_data[0];
+ uint8_t socks_version = raw_data[0];
if (socks_version == 4) {
if (datalen < SOCKS4_NETWORK_LEN) {
@@ -395,7 +371,7 @@ fetch_from_buf_socks(buf_t *buf, socks_request_t *req,
int is_socks4a = 0;
int parse_status =
parse_socks4_request((const uint8_t *)raw_data, req, datalen,
- &is_socks4a);
+ &is_socks4a, drain_out);
if (parse_status != 1) {
res = parse_status;
@@ -411,7 +387,6 @@ fetch_from_buf_socks(buf_t *buf, socks_request_t *req,
goto end;
}
- buf_clear(buf);
res = 1;
goto end;
} else if (socks_version == 5) {
@@ -447,15 +422,47 @@ fetch_from_buf_socks(buf_t *buf, socks_request_t *req,
goto end;
}
- buf_drain(buf, n_drain); // TODO: do it like this for SOCKS4/4a as well
- raw_ptr += n_drain;
- datalen -= n_drain;
res = 0;
goto end;
}
}
- ssize_t n_drain;
+ end:
+ return res;
+}
+
+/** There is a (possibly incomplete) socks handshake on <b>buf</b>, of one
+ * of the forms
+ * - socks4: "socksheader username\\0"
+ * - socks4a: "socksheader username\\0 destaddr\\0"
+ * - socks5 phase one: "version #methods methods"
+ * - socks5 phase two: "version command 0 addresstype..."
+ * If it's a complete and valid handshake, and destaddr fits in
+ * MAX_SOCKS_ADDR_LEN bytes, then pull the handshake off the buf,
+ * assign to <b>req</b>, and return 1.
+ *
+ * If it's invalid or too big, return -1.
+ *
+ * Else it's not all there yet, leave buf alone and return 0.
+ *
+ * If you want to specify the socks reply, write it into <b>req->reply</b>
+ * and set <b>req->replylen</b>, else leave <b>req->replylen</b> alone.
+ *
+ * If <b>log_sockstype</b> is non-zero, then do a notice-level log of whether
+ * the connection is possibly leaking DNS requests locally or not.
+ *
+ * If <b>safe_socks</b> is true, then reject unsafe socks protocols.
+ *
+ * If returning 0 or -1, <b>req->address</b> and <b>req->port</b> are
+ * undefined.
+ */
+int
+fetch_from_buf_socks(buf_t *buf, socks_request_t *req,
+ int log_sockstype, int safe_socks)
+{
+ int res = 0;
+ size_t datalen = buf_datalen(buf);
+ size_t n_drain;
size_t want_length = 128;
const char *head = NULL;
@@ -464,25 +471,27 @@ fetch_from_buf_socks(buf_t *buf, socks_request_t *req,
goto end;
}
+ buf_pullup(buf, datalen, &head, &datalen); // XXX
+
do {
n_drain = 0;
- buf_pullup(buf, want_length, &head, &datalen);
+ //buf_pullup(buf, want_length, &head, &datalen);
tor_assert(head && datalen >= 2);
want_length = 0;
res = parse_socks(head, datalen, req, log_sockstype,
safe_socks, &n_drain, &want_length);
- if (n_drain < 0)
+ if (res == -1)
buf_clear(buf);
else if (n_drain > 0)
buf_drain(buf, n_drain);
+ datalen = buf_datalen(buf);
} while (res == 0 && head && want_length < buf_datalen(buf) &&
buf_datalen(buf) >= 2);
end:
- tor_free(raw_data);
return res;
}
@@ -536,7 +545,7 @@ static const char SOCKS_PROXY_IS_NOT_AN_HTTP_PROXY_MSG[] =
* we'd like to see in the input buffer, if they're available. */
static int
parse_socks(const char *data, size_t datalen, socks_request_t *req,
- int log_sockstype, int safe_socks, ssize_t *drain_out,
+ int log_sockstype, int safe_socks, size_t *drain_out,
size_t *want_length_out)
{
unsigned int len;
@@ -551,6 +560,15 @@ parse_socks(const char *data, size_t datalen, socks_request_t *req,
return 0;
}
+ socksver = get_uint8(data);
+
+ if ((socksver == 5 && req->socks_version != 5) ||
+ socksver == 4) {
+ *want_length_out = 128; // TODO remove this arg later
+ return handle_socks_message((const uint8_t *)data, datalen, req,
+ log_sockstype, safe_socks, drain_out);
+ }
+
if (req->socks_version == 5 && !req->got_auth) {
/* See if we have received authentication. Strictly speaking, we should
also check whether we actually negotiated username/password
@@ -597,8 +615,6 @@ parse_socks(const char *data, size_t datalen, socks_request_t *req,
}
}
- socksver = *data;
-
switch (socksver) { /* which version of socks? */
case 5: /* socks5 */
@@ -783,6 +799,9 @@ parse_socks(const char *data, size_t datalen, socks_request_t *req,
}
return -1;
}
+
+ tor_assert_unreached();
+ return -1;
}
/** Inspect a reply from SOCKS server stored in <b>buf</b> according
1
0
commit 75106a26b4ef8167406cd4d457c24e4aa6618118
Author: rl1987 <rl1987(a)sdf.lonestar.org>
Date: Wed May 16 14:47:46 2018 +0200
Fix type in socks5.trunnel
---
src/trunnel/socks5.c | 48 ++++++++++++++++++++++----------------------
src/trunnel/socks5.h | 50 +++++++++++++++++++++++-----------------------
src/trunnel/socks5.trunnel | 2 +-
3 files changed, 50 insertions(+), 50 deletions(-)
diff --git a/src/trunnel/socks5.c b/src/trunnel/socks5.c
index 1d6f56dfa..5b8d49d80 100644
--- a/src/trunnel/socks5.c
+++ b/src/trunnel/socks5.c
@@ -2838,10 +2838,10 @@ socks5_server_method_parse(socks5_server_method_t **output, const uint8_t *input
}
return result;
}
-socks5_server_userpath_auth_t *
-socks5_server_userpath_auth_new(void)
+socks5_server_userpass_auth_t *
+socks5_server_userpass_auth_new(void)
{
- socks5_server_userpath_auth_t *val = trunnel_calloc(1, sizeof(socks5_server_userpath_auth_t));
+ socks5_server_userpass_auth_t *val = trunnel_calloc(1, sizeof(socks5_server_userpass_auth_t));
if (NULL == val)
return NULL;
val->version = 1;
@@ -2851,28 +2851,28 @@ socks5_server_userpath_auth_new(void)
/** Release all storage held inside 'obj', but do not free 'obj'.
*/
static void
-socks5_server_userpath_auth_clear(socks5_server_userpath_auth_t *obj)
+socks5_server_userpass_auth_clear(socks5_server_userpass_auth_t *obj)
{
(void) obj;
}
void
-socks5_server_userpath_auth_free(socks5_server_userpath_auth_t *obj)
+socks5_server_userpass_auth_free(socks5_server_userpass_auth_t *obj)
{
if (obj == NULL)
return;
- socks5_server_userpath_auth_clear(obj);
- trunnel_memwipe(obj, sizeof(socks5_server_userpath_auth_t));
+ socks5_server_userpass_auth_clear(obj);
+ trunnel_memwipe(obj, sizeof(socks5_server_userpass_auth_t));
trunnel_free_(obj);
}
uint8_t
-socks5_server_userpath_auth_get_version(const socks5_server_userpath_auth_t *inp)
+socks5_server_userpass_auth_get_version(const socks5_server_userpass_auth_t *inp)
{
return inp->version;
}
int
-socks5_server_userpath_auth_set_version(socks5_server_userpath_auth_t *inp, uint8_t val)
+socks5_server_userpass_auth_set_version(socks5_server_userpass_auth_t *inp, uint8_t val)
{
if (! ((val == 1))) {
TRUNNEL_SET_ERROR_CODE(inp);
@@ -2882,18 +2882,18 @@ socks5_server_userpath_auth_set_version(socks5_server_userpath_auth_t *inp, uint
return 0;
}
uint8_t
-socks5_server_userpath_auth_get_status(const socks5_server_userpath_auth_t *inp)
+socks5_server_userpass_auth_get_status(const socks5_server_userpass_auth_t *inp)
{
return inp->status;
}
int
-socks5_server_userpath_auth_set_status(socks5_server_userpath_auth_t *inp, uint8_t val)
+socks5_server_userpass_auth_set_status(socks5_server_userpass_auth_t *inp, uint8_t val)
{
inp->status = val;
return 0;
}
const char *
-socks5_server_userpath_auth_check(const socks5_server_userpath_auth_t *obj)
+socks5_server_userpass_auth_check(const socks5_server_userpass_auth_t *obj)
{
if (obj == NULL)
return "Object was NULL";
@@ -2905,11 +2905,11 @@ socks5_server_userpath_auth_check(const socks5_server_userpath_auth_t *obj)
}
ssize_t
-socks5_server_userpath_auth_encoded_len(const socks5_server_userpath_auth_t *obj)
+socks5_server_userpass_auth_encoded_len(const socks5_server_userpass_auth_t *obj)
{
ssize_t result = 0;
- if (NULL != socks5_server_userpath_auth_check(obj))
+ if (NULL != socks5_server_userpass_auth_check(obj))
return -1;
@@ -2921,24 +2921,24 @@ socks5_server_userpath_auth_encoded_len(const socks5_server_userpath_auth_t *obj
return result;
}
int
-socks5_server_userpath_auth_clear_errors(socks5_server_userpath_auth_t *obj)
+socks5_server_userpass_auth_clear_errors(socks5_server_userpass_auth_t *obj)
{
int r = obj->trunnel_error_code_;
obj->trunnel_error_code_ = 0;
return r;
}
ssize_t
-socks5_server_userpath_auth_encode(uint8_t *output, const size_t avail, const socks5_server_userpath_auth_t *obj)
+socks5_server_userpass_auth_encode(uint8_t *output, const size_t avail, const socks5_server_userpass_auth_t *obj)
{
ssize_t result = 0;
size_t written = 0;
uint8_t *ptr = output;
const char *msg;
#ifdef TRUNNEL_CHECK_ENCODED_LEN
- const ssize_t encoded_len = socks5_server_userpath_auth_encoded_len(obj);
+ const ssize_t encoded_len = socks5_server_userpass_auth_encoded_len(obj);
#endif
- if (NULL != (msg = socks5_server_userpath_auth_check(obj)))
+ if (NULL != (msg = socks5_server_userpass_auth_check(obj)))
goto check_failed;
#ifdef TRUNNEL_CHECK_ENCODED_LEN
@@ -2983,11 +2983,11 @@ socks5_server_userpath_auth_encode(uint8_t *output, const size_t avail, const so
return result;
}
-/** As socks5_server_userpath_auth_parse(), but do not allocate the
+/** As socks5_server_userpass_auth_parse(), but do not allocate the
* output object.
*/
static ssize_t
-socks5_server_userpath_auth_parse_into(socks5_server_userpath_auth_t *obj, const uint8_t *input, const size_t len_in)
+socks5_server_userpass_auth_parse_into(socks5_server_userpass_auth_t *obj, const uint8_t *input, const size_t len_in)
{
const uint8_t *ptr = input;
size_t remaining = len_in;
@@ -3016,15 +3016,15 @@ socks5_server_userpath_auth_parse_into(socks5_server_userpath_auth_t *obj, const
}
ssize_t
-socks5_server_userpath_auth_parse(socks5_server_userpath_auth_t **output, const uint8_t *input, const size_t len_in)
+socks5_server_userpass_auth_parse(socks5_server_userpass_auth_t **output, const uint8_t *input, const size_t len_in)
{
ssize_t result;
- *output = socks5_server_userpath_auth_new();
+ *output = socks5_server_userpass_auth_new();
if (NULL == *output)
return -1;
- result = socks5_server_userpath_auth_parse_into(*output, input, len_in);
+ result = socks5_server_userpass_auth_parse_into(*output, input, len_in);
if (result < 0) {
- socks5_server_userpath_auth_free(*output);
+ socks5_server_userpass_auth_free(*output);
*output = NULL;
}
return result;
diff --git a/src/trunnel/socks5.h b/src/trunnel/socks5.h
index 8bc5af109..d8f13c2ab 100644
--- a/src/trunnel/socks5.h
+++ b/src/trunnel/socks5.h
@@ -74,14 +74,14 @@ struct socks5_server_method_st {
};
#endif
typedef struct socks5_server_method_st socks5_server_method_t;
-#if !defined(TRUNNEL_OPAQUE) && !defined(TRUNNEL_OPAQUE_SOCKS5_SERVER_USERPATH_AUTH)
-struct socks5_server_userpath_auth_st {
+#if !defined(TRUNNEL_OPAQUE) && !defined(TRUNNEL_OPAQUE_SOCKS5_SERVER_USERPASS_AUTH)
+struct socks5_server_userpass_auth_st {
uint8_t version;
uint8_t status;
uint8_t trunnel_error_code_;
};
#endif
-typedef struct socks5_server_userpath_auth_st socks5_server_userpath_auth_t;
+typedef struct socks5_server_userpass_auth_st socks5_server_userpass_auth_t;
#if !defined(TRUNNEL_OPAQUE) && !defined(TRUNNEL_OPAQUE_TOR_SOCKSAUTH_KEYVAL)
struct tor_socksauth_keyval_st {
uint16_t keylen;
@@ -697,62 +697,62 @@ uint8_t socks5_server_method_get_method(const socks5_server_method_t *inp);
* code on 'inp' on failure.
*/
int socks5_server_method_set_method(socks5_server_method_t *inp, uint8_t val);
-/** Return a newly allocated socks5_server_userpath_auth with all
+/** Return a newly allocated socks5_server_userpass_auth with all
* elements set to zero.
*/
-socks5_server_userpath_auth_t *socks5_server_userpath_auth_new(void);
-/** Release all storage held by the socks5_server_userpath_auth in
+socks5_server_userpass_auth_t *socks5_server_userpass_auth_new(void);
+/** Release all storage held by the socks5_server_userpass_auth in
* 'victim'. (Do nothing if 'victim' is NULL.)
*/
-void socks5_server_userpath_auth_free(socks5_server_userpath_auth_t *victim);
-/** Try to parse a socks5_server_userpath_auth from the buffer in
+void socks5_server_userpass_auth_free(socks5_server_userpass_auth_t *victim);
+/** Try to parse a socks5_server_userpass_auth from the buffer in
* 'input', using up to 'len_in' bytes from the input buffer. On
* success, return the number of bytes consumed and set *output to the
- * newly allocated socks5_server_userpath_auth_t. On failure, return
+ * newly allocated socks5_server_userpass_auth_t. On failure, return
* -2 if the input appears truncated, and -1 if the input is otherwise
* invalid.
*/
-ssize_t socks5_server_userpath_auth_parse(socks5_server_userpath_auth_t **output, const uint8_t *input, const size_t len_in);
+ssize_t socks5_server_userpass_auth_parse(socks5_server_userpass_auth_t **output, const uint8_t *input, const size_t len_in);
/** Return the number of bytes we expect to need to encode the
- * socks5_server_userpath_auth in 'obj'. On failure, return a negative
+ * socks5_server_userpass_auth in 'obj'. On failure, return a negative
* value. Note that this value may be an overestimate, and can even be
* an underestimate for certain unencodeable objects.
*/
-ssize_t socks5_server_userpath_auth_encoded_len(const socks5_server_userpath_auth_t *obj);
-/** Try to encode the socks5_server_userpath_auth from 'input' into
+ssize_t socks5_server_userpass_auth_encoded_len(const socks5_server_userpass_auth_t *obj);
+/** Try to encode the socks5_server_userpass_auth from 'input' into
* the buffer at 'output', using up to 'avail' bytes of the output
* buffer. On success, return the number of bytes used. On failure,
* return -2 if the buffer was not long enough, and -1 if the input
* was invalid.
*/
-ssize_t socks5_server_userpath_auth_encode(uint8_t *output, size_t avail, const socks5_server_userpath_auth_t *input);
+ssize_t socks5_server_userpass_auth_encode(uint8_t *output, size_t avail, const socks5_server_userpass_auth_t *input);
/** Check whether the internal state of the
- * socks5_server_userpath_auth in 'obj' is consistent. Return NULL if
+ * socks5_server_userpass_auth in 'obj' is consistent. Return NULL if
* it is, and a short message if it is not.
*/
-const char *socks5_server_userpath_auth_check(const socks5_server_userpath_auth_t *obj);
+const char *socks5_server_userpass_auth_check(const socks5_server_userpass_auth_t *obj);
/** Clear any errors that were set on the object 'obj' by its setter
* functions. Return true iff errors were cleared.
*/
-int socks5_server_userpath_auth_clear_errors(socks5_server_userpath_auth_t *obj);
+int socks5_server_userpass_auth_clear_errors(socks5_server_userpass_auth_t *obj);
/** Return the value of the version field of the
- * socks5_server_userpath_auth_t in 'inp'
+ * socks5_server_userpass_auth_t in 'inp'
*/
-uint8_t socks5_server_userpath_auth_get_version(const socks5_server_userpath_auth_t *inp);
+uint8_t socks5_server_userpass_auth_get_version(const socks5_server_userpass_auth_t *inp);
/** Set the value of the version field of the
- * socks5_server_userpath_auth_t in 'inp' to 'val'. Return 0 on
+ * socks5_server_userpass_auth_t in 'inp' to 'val'. Return 0 on
* success; return -1 and set the error code on 'inp' on failure.
*/
-int socks5_server_userpath_auth_set_version(socks5_server_userpath_auth_t *inp, uint8_t val);
+int socks5_server_userpass_auth_set_version(socks5_server_userpass_auth_t *inp, uint8_t val);
/** Return the value of the status field of the
- * socks5_server_userpath_auth_t in 'inp'
+ * socks5_server_userpass_auth_t in 'inp'
*/
-uint8_t socks5_server_userpath_auth_get_status(const socks5_server_userpath_auth_t *inp);
+uint8_t socks5_server_userpass_auth_get_status(const socks5_server_userpass_auth_t *inp);
/** Set the value of the status field of the
- * socks5_server_userpath_auth_t in 'inp' to 'val'. Return 0 on
+ * socks5_server_userpass_auth_t in 'inp' to 'val'. Return 0 on
* success; return -1 and set the error code on 'inp' on failure.
*/
-int socks5_server_userpath_auth_set_status(socks5_server_userpath_auth_t *inp, uint8_t val);
+int socks5_server_userpass_auth_set_status(socks5_server_userpass_auth_t *inp, uint8_t val);
/** Return a newly allocated tor_socksauth_keyval with all elements
* set to zero.
*/
diff --git a/src/trunnel/socks5.trunnel b/src/trunnel/socks5.trunnel
index 4818d1408..b6b8a34f2 100644
--- a/src/trunnel/socks5.trunnel
+++ b/src/trunnel/socks5.trunnel
@@ -64,7 +64,7 @@ struct socks5_client_userpass_auth {
char passwd[passwd_len];
}
-struct socks5_server_userpath_auth {
+struct socks5_server_userpass_auth {
u8 version IN [1];
u8 status;
}
1
0
16 Jul '18
commit 27333b2298a17fc85b4d2a6c07c9c889d6bdabed
Author: rl1987 <rl1987(a)sdf.lonestar.org>
Date: Tue May 15 15:13:13 2018 +0200
Reimplement phase 1 of SOCKS5 using trunnel
squash! Reimplement phase 1 of SOCKS5 using trunnel
---
src/or/proto_socks.c | 157 +++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 157 insertions(+)
diff --git a/src/or/proto_socks.c b/src/or/proto_socks.c
index 4fdc33d1d..e9ea453fa 100644
--- a/src/or/proto_socks.c
+++ b/src/or/proto_socks.c
@@ -227,6 +227,121 @@ process_socks4_request(const socks_request_t *req, int is_socks4a,
return 1;
}
+static int
+parse_socks5_methods_request(const uint8_t *raw_data, socks_request_t *req,
+ size_t datalen, int *have_user_pass,
+ int *have_no_auth, size_t *drain_out)
+{
+ int res = 1;
+ socks5_client_version_t *trunnel_req;
+
+ ssize_t parsed = socks5_client_version_parse(&trunnel_req, raw_data,
+ datalen);
+
+ (void)req;
+
+ tor_assert(have_no_auth);
+ tor_assert(have_user_pass);
+ tor_assert(drain_out);
+
+ *drain_out = 0;
+
+ if (parsed == -1) {
+ log_warn(LD_APP, "socks5: parsing failed - invalid version "
+ "id/method selection message.");
+ res = -1;
+ goto end;
+ } else if (parsed == -2) {
+ res = 0;
+ if (datalen > 1024) { // XXX
+ log_warn(LD_APP, "socks5: parsing failed - invalid version "
+ "id/method selection message.");
+ res = -1;
+ }
+ goto end;
+ }
+
+ size_t n_methods = (size_t)socks5_client_version_get_n_methods(trunnel_req);
+ if (n_methods == 0) {
+ res = -1;
+ goto end;
+ }
+
+ *have_no_auth = 0;
+ *have_user_pass = 0;
+
+ for (size_t i = 0; i < n_methods; i++) {
+ uint8_t method = socks5_client_version_get_methods(trunnel_req,
+ i);
+
+ if (method == SOCKS_USER_PASS) {
+ *have_user_pass = 1;
+ } else if (method == SOCKS_NO_AUTH) {
+ *have_no_auth = 1;
+ }
+ }
+
+ end:
+ *drain_out = (size_t)parsed;
+ socks5_client_version_free(trunnel_req);
+
+ return res;
+}
+
+static int
+process_socks5_methods_request(socks_request_t *req, int have_user_pass,
+ int have_no_auth)
+{
+ int res = 0;
+ socks5_server_method_t *trunnel_resp = socks5_server_method_new();
+
+ socks5_server_method_set_version(trunnel_resp, 5);
+
+ if (have_user_pass && !(have_no_auth && req->socks_prefer_no_auth)) {
+ req->auth_type = SOCKS_USER_PASS;
+ socks5_server_method_set_method(trunnel_resp, SOCKS_USER_PASS);
+
+ req->socks_version = 5; // FIXME: come up with better way to remember
+ // that we negotiated auth
+
+ log_debug(LD_APP,"socks5: accepted method 2 (username/password)");
+ } else if (have_no_auth) {
+ req->auth_type = SOCKS_NO_AUTH;
+ socks5_server_method_set_method(trunnel_resp, SOCKS_NO_AUTH);
+
+ req->socks_version = 5;
+
+ log_debug(LD_APP,"socks5: accepted method 0 (no authentication)");
+ } else {
+ log_warn(LD_APP,
+ "socks5: offered methods don't include 'no auth' or "
+ "username/password. Rejecting.");
+ socks5_server_method_set_method(trunnel_resp, 0xFF); // reject all
+ res = -1;
+ }
+
+ const char *errmsg = socks5_server_method_check(trunnel_resp);
+ if (errmsg) {
+ log_warn(LD_APP, "socks5: method selection validation failed: %s",
+ errmsg);
+ res = -1;
+ } else {
+ ssize_t encoded =
+ socks5_server_method_encode(req->reply, sizeof(req->reply),
+ trunnel_resp);
+
+ if (encoded < 0) {
+ log_warn(LD_APP, "socks5: method selection encoding failed");
+ res = -1;
+ } else {
+ req->replylen = (size_t)encoded;
+ }
+ }
+
+ socks5_server_method_free(trunnel_resp);
+ return res;
+}
+
/** There is a (possibly incomplete) socks handshake on <b>buf</b>, of one
* of the forms
* - socks4: "socksheader username\\0"
@@ -259,6 +374,7 @@ fetch_from_buf_socks(buf_t *buf, socks_request_t *req,
int res = 0;
size_t datalen = buf_datalen(buf);
uint8_t *raw_data;
+ uint8_t *raw_ptr;
uint8_t socks_version;
raw_data = tor_malloc(datalen);
@@ -266,6 +382,8 @@ fetch_from_buf_socks(buf_t *buf, socks_request_t *req,
buf_peek(buf, (char *)raw_data, datalen);
+ raw_ptr = raw_data;
+
socks_version = (uint8_t)raw_data[0];
if (socks_version == 4) {
@@ -296,6 +414,45 @@ fetch_from_buf_socks(buf_t *buf, socks_request_t *req,
buf_clear(buf);
res = 1;
goto end;
+ } else if (socks_version == 5) {
+ if (datalen < 2) { /* version and another byte */
+ res = 0;
+ goto end;
+ }
+
+ if (!req->got_auth) {
+
+ }
+
+ if (req->socks_version != 5) {
+ int have_user_pass, have_no_auth;
+ int parse_status = parse_socks5_methods_request(raw_data,
+ req,
+ datalen,
+ &have_user_pass,
+ &have_no_auth,
+ drain_out);
+
+ if (parse_status != 1) {
+ res = parse_status;
+ goto end;
+ }
+
+ int process_status = process_socks5_methods_request(req,
+ have_user_pass,
+ have_no_auth);
+
+ if (process_status == -1) {
+ res = process_status;
+ goto end;
+ }
+
+ buf_drain(buf, n_drain); // TODO: do it like this for SOCKS4/4a as well
+ raw_ptr += n_drain;
+ datalen -= n_drain;
+ res = 0;
+ goto end;
+ }
}
ssize_t n_drain;
1
0
commit 853d9b869d3b32f7900a13ee70f23a25e43d50db
Author: rl1987 <rl1987(a)sdf.lonestar.org>
Date: Wed May 16 12:31:29 2018 +0200
Remove legacy SOCKS5 phase 1 code
---
src/or/proto_socks.c | 42 ------------------------------------------
1 file changed, 42 deletions(-)
diff --git a/src/or/proto_socks.c b/src/or/proto_socks.c
index 97297428e..41f5a2dbd 100644
--- a/src/or/proto_socks.c
+++ b/src/or/proto_socks.c
@@ -617,48 +617,6 @@ parse_socks(const char *data, size_t datalen, socks_request_t *req,
switch (socksver) { /* which version of socks? */
case 5: /* socks5 */
-
- if (req->socks_version != 5) { /* we need to negotiate a method */
- unsigned char nummethods = (unsigned char)*(data+1);
- int have_user_pass, have_no_auth;
- int r=0;
- tor_assert(!req->socks_version);
- if (datalen < 2u+nummethods) {
- *want_length_out = 2u+nummethods;
- return 0;
- }
- if (!nummethods)
- return -1;
- req->replylen = 2; /* 2 bytes of response */
- req->reply[0] = 5; /* socks5 reply */
- have_user_pass = (memchr(data+2, SOCKS_USER_PASS, nummethods) !=NULL);
- have_no_auth = (memchr(data+2, SOCKS_NO_AUTH, nummethods) !=NULL);
- if (have_user_pass && !(have_no_auth && req->socks_prefer_no_auth)) {
- req->auth_type = SOCKS_USER_PASS;
- req->reply[1] = SOCKS_USER_PASS; /* tell client to use "user/pass"
- auth method */
- req->socks_version = 5; /* remember we've already negotiated auth */
- log_debug(LD_APP,"socks5: accepted method 2 (username/password)");
- r=0;
- } else if (have_no_auth) {
- req->reply[1] = SOCKS_NO_AUTH; /* tell client to use "none" auth
- method */
- req->socks_version = 5; /* remember we've already negotiated auth */
- log_debug(LD_APP,"socks5: accepted method 0 (no authentication)");
- r=0;
- } else {
- log_warn(LD_APP,
- "socks5: offered methods don't include 'no auth' or "
- "username/password. Rejecting.");
- req->reply[1] = '\xFF'; /* reject all methods */
- r=-1;
- }
- /* Remove packet from buf. Some SOCKS clients will have sent extra
- * junk at this point; let's hope it's an authentication message. */
- *drain_out = 2u + nummethods;
-
- return r;
- }
if (req->auth_type != SOCKS_NO_AUTH && !req->got_auth) {
log_warn(LD_APP,
"socks5: negotiated authentication, but none provided");
1
0
commit 57342b19f5497f6e9362ae02953755df9f1f2262
Author: rl1987 <rl1987(a)sdf.lonestar.org>
Date: Mon May 21 12:55:20 2018 +0200
Remove legacy RFC1929 code
---
src/or/proto_socks.c | 47 -----------------------------------------------
1 file changed, 47 deletions(-)
diff --git a/src/or/proto_socks.c b/src/or/proto_socks.c
index 8c635825b..8fdb72235 100644
--- a/src/or/proto_socks.c
+++ b/src/or/proto_socks.c
@@ -671,7 +671,6 @@ parse_socks(const char *data, size_t datalen, socks_request_t *req,
char tmpbuf[TOR_ADDR_BUF_LEN+1];
tor_addr_t destaddr;
uint8_t socksver;
- unsigned char usernamelen, passlen;
if (datalen < 2) {
/* We always need at least 2 bytes. */
@@ -688,52 +687,6 @@ parse_socks(const char *data, size_t datalen, socks_request_t *req,
log_sockstype, safe_socks, drain_out);
}
- if (req->socks_version == 5 && !req->got_auth) {
- /* See if we have received authentication. Strictly speaking, we should
- also check whether we actually negotiated username/password
- authentication. But some broken clients will send us authentication
- even if we negotiated SOCKS_NO_AUTH. */
- if (*data == 1) { /* username/pass version 1 */
- /* Format is: authversion [1 byte] == 1
- usernamelen [1 byte]
- username [usernamelen bytes]
- passlen [1 byte]
- password [passlen bytes] */
- usernamelen = (unsigned char)*(data + 1);
- if (datalen < 2u + usernamelen + 1u) {
- *want_length_out = 2u + usernamelen + 1u;
- return 0;
- }
- passlen = (unsigned char)*(data + 2u + usernamelen);
- if (datalen < 2u + usernamelen + 1u + passlen) {
- *want_length_out = 2u + usernamelen + 1u + passlen;
- return 0;
- }
- req->replylen = 2; /* 2 bytes of response */
- req->reply[0] = 1; /* authversion == 1 */
- req->reply[1] = 0; /* authentication successful */
- log_debug(LD_APP,
- "socks5: Accepted username/password without checking.");
- if (usernamelen) {
- req->username = tor_memdup(data+2u, usernamelen);
- req->usernamelen = usernamelen;
- }
- if (passlen) {
- req->password = tor_memdup(data+3u+usernamelen, passlen);
- req->passwordlen = passlen;
- }
- *drain_out = 2u + usernamelen + 1u + passlen;
- req->got_auth = 1;
- *want_length_out = 7; /* Minimal socks5 command. */
- return 0;
- } else if (req->auth_type == SOCKS_USER_PASS) {
- /* unknown version byte */
- log_warn(LD_APP, "Socks5 username/password version %d not recognized; "
- "rejecting.", (int)*data);
- return -1;
- }
- }
-
switch (socksver) { /* which version of socks? */
case 5: /* socks5 */
if (req->auth_type != SOCKS_NO_AUTH && !req->got_auth) {
1
0