| blob | 5a7d7ac9bea18a5dab738b27c4a9bb64720f5d96 |
1 /* Copyright (c) 2001 Matej Pfajfar.
2 * Copyright (c) 2001-2004, Roger Dingledine.
3 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4 * Copyright (c) 2007-2019, The Tor Project, Inc. */
5 /* See LICENSE for licensing information */
34 socks5_reply_status_t reason);
45 /**
46 * Wait this many seconds before warning the user about using SOCKS unsafely
47 * again. */
48 #define SOCKS_WARN_INTERVAL 5
50 /** Warn that the user application has made an unsafe socks request using
51 * protocol <b>socks_protocol</b> on port <b>port</b>. Don't warn more than
52 * once per SOCKS_WARN_INTERVAL, unless <b>safe_socks</b> is set. */
53 static void
56 {
61 "Your application (using socks%d to port %d) is giving "
62 "Tor only an IP address. Applications that do DNS resolves "
63 "themselves may leak information. Consider using Socks4A "
64 "(e.g. via privoxy or socat) instead. For more information, "
65 "please see https://wiki.torproject.org/TheOnionRouter/"
67 socks_protocol,
70 }
74 }
76 /** Do not attempt to parse socks messages longer than this. This value is
77 * actually significantly higher than the longest possible socks message. */
78 #define MAX_SOCKS_MESSAGE_LEN 512
80 /** Return a new socks_request_t. */
81 socks_request_t *
83 {
85 }
87 /** Free all storage held in the socks_request_t <b>req</b>. */
88 void
90 {
96 }
100 }
103 }
105 /**
106 * Parse a single SOCKS4 request from buffer <b>raw_data</b> of length
107 * <b>datalen</b> and update relevant fields of <b>req</b>. If SOCKS4a
108 * request is detected, set <b>*is_socks4a<b> to true. Set <b>*drain_out</b>
109 * to number of bytes we parsed so far.
110 *
111 * Return SOCKS_RESULT_DONE if parsing succeeded, SOCKS_RESULT_INVALID if
112 * parsing failed because of invalid input or SOCKS_RESULT_TRUNCATED if it
113 * failed due to incomplete (truncated) input.
114 */
115 static socks_result_t
118 {
119 // http://ss5.sourceforge.net/socks4.protocol.txt
120 // http://ss5.sourceforge.net/socks4A.protocol.txt
122 tor_addr_t destaddr;
134 ssize_t parsed =
146 }
148 }
164 }
175 }
181 }
184 // We cannot rely on trunnel here, as we want to detect if
185 // we have abnormally long hostname field.
200 }
208 }
209 }
211 end:
215 }
217 /**
218 * Validate SOCKS4/4a related fields in <b>req</b>. Expect SOCKS4a
219 * if <b>is_socks4a</b> is true. If <b>log_sockstype</b> is true,
220 * log a notice about possible DNS leaks on local system. If
221 * <b>safe_socks</b> is true, reject insecure usage of SOCKS
222 * protocol.
223 *
224 * Return SOCKS_RESULT_DONE if validation passed or
225 * SOCKS_RESULT_INVALID if it failed.
226 */
227 static socks_result_t
230 {
236 }
240 /* not a connect or resolve? we don't support it. (No resolve_ptr with
241 * socks4.) */
245 }
250 "Your application (using socks4a to port %d) instructed "
251 "Tor to take care of the DNS resolution itself if "
253 }
257 "Your application (using socks4 to port %d) gave Tor "
261 }
264 }
266 /** Parse a single SOCKS5 version identifier/method selection message
267 * from buffer <b>raw_data</b> (of length <b>datalen</b>). Update
268 * relevant fields of <b>req</b> (if any). Set <b>*have_user_pass</b> to
269 * true if username/password method is found. Set <b>*have_no_auth</b>
270 * if no-auth method is found. Set <b>*drain_out</b> to number of bytes
271 * we parsed so far.
272 *
273 * Return SOCKS_RESULT_DONE if parsing succeeded, SOCKS_RESULT_INVALID if
274 * parsing failed because of invalid input or SOCKS_RESULT_TRUNCATED if it
275 * failed due to incomplete (truncated) input.
276 */
277 static socks_result_t
281 {
286 datalen);
307 }
309 }
318 }
325 i);
331 }
332 }
334 end:
338 }
340 /**
341 * Validate and respond to version identifier/method selection message
342 * we parsed in parse_socks5_methods_request (corresponding to <b>req</b>
343 * and having user/pass method if <b>have_user_pass</b> is true, no-auth
344 * method if <b>have_no_auth</b> is true). Set <b>req->reply</b> to
345 * an appropriate response (in SOCKS5 wire format).
346 *
347 * On success, return SOCKS_RESULT_DONE. On failure, return
348 * SOCKS_RESULT_INVALID.
349 */
350 static socks_result_t
353 {
365 // FIXME: come up with better way to remember
366 // that we negotiated auth
378 "socks5: offered methods don't include 'no auth' or "
382 }
387 errmsg);
390 ssize_t encoded =
392 trunnel_resp);
399 }
400 }
404 }
406 /**
407 * Parse SOCKS5/RFC1929 username/password request from buffer
408 * <b>raw_data</b> of length <b>datalen</b> and update relevant
409 * fields of <b>req</b>. Set <b>*drain_out</b> to number of bytes
410 * we parsed so far.
411 *
412 * Return SOCKS_RESULT_DONE if parsing succeeded, SOCKS_RESULT_INVALID if
413 * parsing failed because of invalid input or SOCKS_RESULT_TRUNCATED if it
414 * failed due to incomplete (truncated) input.
415 */
416 static socks_result_t
419 {
423 datalen);
435 }
453 }
459 }
461 /**
462 * Yes, we allow username and/or password to be empty. Yes, that does
463 * violate RFC 1929. However, some client software can send a username/
464 * password message with these fields being empty and we want to allow them
465 * to be used with Tor.
466 */
469 end:
472 }
474 /**
475 * Validate and respond to SOCKS5 username/password request we
476 * parsed in parse_socks5_userpass_auth (corresponding to <b>req</b>.
477 * Set <b>req->reply</b> to appropriate responsed. Return
478 * SOCKS_RESULT_DONE on success or SOCKS_RESULT_INVALID on failure.
479 */
480 static socks_result_t
482 {
491 }
497 }
505 errmsg);
508 }
512 trunnel_resp);
518 }
522 end:
525 }
527 /**
528 * Parse a single SOCKS5 client request (RFC 1928 section 4) from buffer
529 * <b>raw_data</b> of length <b>datalen</b> and update relevant field of
530 * <b>req</b>. Set <b>*drain_out</b> to number of bytes we parsed so far.
531 *
532 * Return SOCKS_RESULT_DONE if parsing succeeded, SOCKS_RESULT_INVALID if
533 * parsing failed because of invalid input or SOCKS_RESULT_TRUNCATED if it
534 * failed due to incomplete (truncated) input.
535 */
536 static socks_result_t
539 {
541 tor_addr_t destaddr;
543 ssize_t parsed =
553 }
562 }
589 trunnel_req);
598 }
600 end:
603 }
605 /**
606 * Validate and respond to SOCKS5 request we parsed in
607 * parse_socks5_client_request (corresponding to <b>req</b>.
608 * Write appropriate response to <b>req->reply</b> (in
609 * SOCKS5 wire format). If <b>log_sockstype</b> is true, log a
610 * notice about possible DNS leaks on local system. If
611 * <b>safe_socks</b> is true, disallow insecure usage of SOCKS
612 * protocol. Return SOCKS_RESULT_DONE on success or
613 * SOCKS_RESULT_INVALID on failure.
614 */
615 static socks_result_t
619 {
628 }
639 }
645 "Your application (using socks5 to port %d) gave Tor "
651 }
661 }
662 }
663 }
667 "Your application (using socks5 to port %d) instructed "
668 "Tor to take care of the DNS resolution itself if "
671 end:
673 }
675 /**
676 * Handle (parse, validate, process, respond) a single SOCKS
677 * message in buffer <b>raw_data</b> of length <b>datalen</b>.
678 * Update relevant fields of <b>req</b>. If <b>log_sockstype</b>
679 * is true, log a warning about possible DNS leaks on local
680 * system. If <b>safe_socks</b> is true, disallow insecure
681 * usage of SOCKS protocol. Set <b>*drain_out</b> to number
682 * of bytes in <b>raw_data</b> that we processed so far and
683 * that can be safely drained from buffer.
684 *
685 * Return:
686 * - SOCKS_RESULT_DONE if succeeded and not expecting further
687 * messages from client.
688 * - SOCKS_RESULT_INVALID if any of the steps failed due to
689 * request being invalid or unexpected given current state.
690 * - SOCKS_RESULT_TRUNCATED if we do not found an expected
691 * SOCKS message in its entirety (more stuff has to arrive
692 * from client).
693 * - SOCKS_RESULT_MORE_EXPECTED if we handled current message
694 * successfully, but we expect more messages from the
695 * client.
696 */
697 static socks_result_t
701 {
713 }
721 }
724 safe_socks);
728 }
735 }
736 /* RFC1929 SOCKS5 username/password subnegotiation. */
740 drain_out);
744 }
749 }
758 drain_out);
762 }
765 have_no_auth);
769 }
778 }
781 }
784 safe_socks);
788 }
789 }
793 }
795 end:
797 }
799 /** There is a (possibly incomplete) socks handshake on <b>buf</b>, of one
800 * of the forms
801 * - socks4: "socksheader username\\0"
802 * - socks4a: "socksheader username\\0 destaddr\\0"
803 * - socks5 phase one: "version #methods methods"
804 * - socks5 phase two: "version command 0 addresstype..."
805 * If it's a complete and valid handshake, and destaddr fits in
806 * MAX_SOCKS_ADDR_LEN bytes, then pull the handshake off the buf,
807 * assign to <b>req</b>, and return 1.
808 *
809 * If it's invalid or too big, return -1.
810 *
811 * Else it's not all there yet, leave buf alone and return 0.
812 *
813 * If you want to specify the socks reply, write it into <b>req->reply</b>
814 * and set <b>req->replylen</b>, else leave <b>req->replylen</b> alone.
815 *
816 * If <b>log_sockstype</b> is non-zero, then do a notice-level log of whether
817 * the connection is possibly leaking DNS requests locally or not.
818 *
819 * If <b>safe_socks</b> is true, then reject unsafe socks protocols.
820 *
821 * If returning 0 or -1, <b>req->address</b> and <b>req->port</b> are
822 * undefined.
823 */
824 int
827 {
832 socks_result_t socks_res;
838 }
864 FALLTHROUGH;
868 }
871 end:
873 }
875 /** Create a SOCKS5 reply message with <b>reason</b> in its REP field and
876 * have Tor send it as error response to <b>req</b>.
877 */
878 static void
880 socks5_reply_status_t reason)
881 {
892 errmsg);
894 }
898 trunnel_resp);
904 }
906 end:
908 }
930 "https://www.torproject.org/documentation.html</a> for more "
936 /** Implementation helper to implement fetch_from_*_socks. Instead of looking
937 * at a buffer's contents, we look at the <b>datalen</b> bytes of data in
938 * <b>data</b>. Instead of removing data from the buffer, we set
939 * <b>drain_out</b> to the amount of data that should be removed (or -1 if the
940 * buffer should be cleared). Instead of pulling more data into the first
941 * chunk of the buffer, we set *<b>want_length_out</b> to the number of bytes
942 * we'd like to see in the input buffer, if they're available. */
943 static int
946 {
950 /* We always need at least 2 bytes. */
952 }
960 }
968 MAX_SOCKS_REPLY_LEN);
970 FALLTHROUGH;
973 "Socks version %d not recognized. (This port is not an "
976 {
977 /* Tell the controller the first 8 bytes. */
983 }
985 }
989 }
991 /** Inspect a reply from SOCKS server stored in <b>buf</b> according
992 * to <b>state</b>, removing the protocol data upon success. Return 0 on
993 * incomplete response, 1 on success and -1 on error, in which case
994 * <b>reason</b> is set to a descriptive message (free() when finished
995 * with it).
996 *
997 * As a special case, 2 is returned when user/pass is required
998 * during SOCKS5 handshake and user/pass is configured.
999 */
1000 int
1002 {
1022 }
1024 /** Implementation logic for fetch_from_*_socks_client. */
1025 static int
1029 {
1037 /* Wait for the complete response */
1044 }
1046 /* Success */
1051 /* we don't have any credentials */
1056 }
1063 /* we have a username and password. return 1 if we can proceed without
1064 * providing authentication, or 2 otherwise. */
1076 /* This wasn't supposed to be exhaustive; there are other
1077 * authentication methods too. */
1078 ;
1079 }
1086 /* handle server reply to rfc1929 authentication */
1090 }
1097 /* response is variable length. BND.ADDR, etc, isn't needed
1098 * (don't bother with buf_pullup()), but make sure to eat all
1099 * the data used */
1101 /* wait for address type field to arrive */
1120 }
1122 /* wait for address and port */
1129 }
1133 }
1135 /* LCOV_EXCL_START */
1136 /* shouldn't get here if the input state is one we know about... */
1140 /* LCOV_EXCL_STOP */
1141 }