commit 84162c1d33c94f6d7eb87fdfea5934cba1d4fad3 Author: David Goulet dgoulet@torproject.org Date: Thu Oct 17 08:52:58 2019 -0400
socks: Send back extended error code if set
This commit defines the new extended error codes. It also flags the socks request object that it can use them.
Part of #30382
Signed-off-by: David Goulet dgoulet@torproject.org --- src/core/mainloop/connection.c | 2 ++ src/core/or/connection_edge.c | 10 ++++++++-- src/core/or/socks_request_st.h | 7 +++++++ src/lib/net/socks5_status.h | 9 +++++++++ 4 files changed, 26 insertions(+), 2 deletions(-)
diff --git a/src/core/mainloop/connection.c b/src/core/mainloop/connection.c index 6094f33e4..368041f92 100644 --- a/src/core/mainloop/connection.c +++ b/src/core/mainloop/connection.c @@ -1905,6 +1905,8 @@ connection_init_accepted_conn(connection_t *conn, conn->state = AP_CONN_STATE_SOCKS_WAIT; TO_ENTRY_CONN(conn)->socks_request->socks_prefer_no_auth = listener->entry_cfg.socks_prefer_no_auth; + TO_ENTRY_CONN(conn)->socks_request->socks_use_extended_errors = + listener->entry_cfg.extended_socks5_codes; break; case CONN_TYPE_AP_TRANS_LISTENER: TO_ENTRY_CONN(conn)->is_transparent_ap = 1; diff --git a/src/core/or/connection_edge.c b/src/core/or/connection_edge.c index 5f1664d28..f0d5752dd 100644 --- a/src/core/or/connection_edge.c +++ b/src/core/or/connection_edge.c @@ -3522,11 +3522,17 @@ connection_ap_handshake_socks_reply(entry_connection_t *conn, char *reply, size_t replylen, int endreason) { char buf[256]; - socks5_reply_status_t status = - stream_end_reason_to_socks5_response(endreason); + socks5_reply_status_t status;
tor_assert(conn->socks_request); /* make sure it's an AP stream */
+ if (conn->socks_request->socks_use_extended_errors && + conn->socks_request->socks_extended_error_code != 0) { + status = conn->socks_request->socks_extended_error_code; + } else { + status = stream_end_reason_to_socks5_response(endreason); + } + if (!SOCKS_COMMAND_IS_RESOLVE(conn->socks_request->command)) { control_event_stream_status(conn, status==SOCKS5_SUCCEEDED ? STREAM_EVENT_SUCCEEDED : STREAM_EVENT_FAILED, diff --git a/src/core/or/socks_request_st.h b/src/core/or/socks_request_st.h index 9fb941ff7..0f9898524 100644 --- a/src/core/or/socks_request_st.h +++ b/src/core/or/socks_request_st.h @@ -7,6 +7,8 @@ #ifndef SOCKS_REQUEST_ST_H #define SOCKS_REQUEST_ST_H
+#include "lib/net/socks5_status.h" + #define MAX_SOCKS_REPLY_LEN 1024
#define SOCKS_NO_AUTH 0x00 @@ -58,6 +60,11 @@ struct socks_request_t { * "username/password" authentication if both are offered. Used as input to * parse_socks. */ unsigned int socks_prefer_no_auth : 1; + /** If set, we can send back the extended error code in the reply. */ + unsigned int socks_use_extended_errors : 1; + /** If non zero, this contains the extended error code that should be used + * if the port was configured to use them. */ + socks5_reply_status_t socks_extended_error_code;
/** Number of bytes in username; 0 if username is NULL */ size_t usernamelen; diff --git a/src/lib/net/socks5_status.h b/src/lib/net/socks5_status.h index e55119e0b..47d9533d5 100644 --- a/src/lib/net/socks5_status.h +++ b/src/lib/net/socks5_status.h @@ -27,6 +27,15 @@ typedef enum { SOCKS5_TTL_EXPIRED = 0x06, SOCKS5_COMMAND_NOT_SUPPORTED = 0x07, SOCKS5_ADDRESS_TYPE_NOT_SUPPORTED = 0x08, + + /* Extended error code (see prop304). Only used if the SocksPort flag + * "ExtendedErrors" is set. */ + SOCKS5_HS_NOT_FOUND = 0xF0, + SOCKS5_HS_IS_INVALID = 0xF1, + SOCKS5_HS_INTRO_FAILED = 0xF2, + SOCKS5_HS_REND_FAILED = 0xF3, + SOCKS5_HS_MISSING_CLIENT_AUTH = 0xF4, + SOCKS5_HS_BAD_CLIENT_AUTH = 0xF5, } socks5_reply_status_t;
#endif /* !defined(TOR_SOCKS5_STATUS_H) */