[Pkg-gnupg-commit] [libassuan] 04/10: New feature to test for SOCKS5 proxy availability.

Eric Dorland eric at moszumanska.debian.org
Fri Dec 4 19:05:08 UTC 2015 

This is an automated email from the git hooks/post-receive script.

eric pushed a commit to branch master
in repository libassuan.

commit 05ac2dc5c77fa4b87e98508c1b15fd254806b1ce
Author: Werner Koch <wk at gnupg.org>
Date:   Fri Nov 27 11:54:52 2015 +0100

    New feature to test for SOCKS5 proxy availability.
    
    * src/assuan-socket.c (socks5_connect): Add special treatment for
    empty hostnames.
    (_assuan_sock_connect_byname): Add feature to test for proxy
    availibility.
    * tests/socks5.c (main): Add option --have-proxy.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>
---
 NEWS                |  3 +++
 doc/assuan.texi     |  7 ++++++-
 src/assuan-socket.c | 28 ++++++++++++++++++++++++----
 tests/socks5.c      | 34 ++++++++++++++++++++++++++++++++--
 4 files changed, 65 insertions(+), 7 deletions(-)

diff --git a/NEWS b/NEWS
index 7168207..a7e4237 100644
--- a/NEWS
+++ b/NEWS
@@ -4,6 +4,9 @@ Noteworthy changes in version 2.4.2 (unreleased) [C7/A7/R_]
  * The nPth version of the connect system hook does now wrap the call
    with npth_unprotec/npth_protect to avoid blocking during a connect.
 
+ * Add feature to assuan_sock_connect_byname to test for SOCKS5
+   availability.
+
 
 Noteworthy changes in version 2.4.1 (2015-11-23) [C7/A7/R1]
 ------------------------------------------------
diff --git a/doc/assuan.texi b/doc/assuan.texi
index 131ffc1..aae3de7 100644
--- a/doc/assuan.texi
+++ b/doc/assuan.texi
@@ -1995,7 +1995,12 @@ current implementation requires that @var{flags} has either
 new TCP STREAM socket is returned; on error @code{ASSUAN_INVALID_FD}
 and ERRNO set.  If @var{credentials} is not @code{NULL}, it is a
 string used for password based SOCKS authentication.  Username and
-password are separated by a colon. @var{reserved} should be 0.
+password are separated by a colon. @var{reserved} should be 0.  To
+test whether the proxy is available @var{host} and @var{port} may be
+given as NULL/0:  If the proxy is available the function returns a
+valid socket which is in the state after credentials sub-negotiation.
+The caller now knows that the SOCKS proxy is available and has been
+authenticated; normally the caller closes the socket then.
 @end deftypefun
 
 
diff --git a/src/assuan-socket.c b/src/assuan-socket.c
index bb0e610..d5e4ee4 100644
--- a/src/assuan-socket.c
+++ b/src/assuan-socket.c
@@ -814,6 +814,13 @@ socks5_connect (assuan_context_t ctx, assuan_fd_t sock,
         }
     }
 
+  if (hostname && !*hostname && !hostport)
+    {
+      /* Empty hostname given.  Stop right here to allow the caller to
+         do the actual proxy request.  */
+      return 0;
+    }
+
   /* Send request details (rfc-1928, 4).  */
   buffer[0] = 5; /* VER  */
   buffer[1] = 1; /* CMD = CONNECT  */
@@ -1059,11 +1066,13 @@ _assuan_sock_connect (assuan_context_t ctx, assuan_fd_t sockfd,
 
 /* Connect to HOST specified as host name on PORT.  The current
    implementation requires that either the flags ASSUAN_SOCK_SOCKS or
-   ASSUAN_SOCK_TOR are give in FLAGS.  On success a new socket is
+   ASSUAN_SOCK_TOR are given in FLAGS.  On success a new socket is
    returned; on error ASSUAN_INVALID_FD is returned and ERRNO set.  If
    CREDENTIALS is not NULL, it is a string used for password based
-   authentication.  Username and password are separated by a
-   colon.  RESERVED must be 0. */
+   authentication.  Username and password are separated by a colon.
+   RESERVED must be 0.  By passing HOST and PORT as 0 the function can
+   be used to check for proxy availability: If the proxy is available
+   a socket will be returned which the caller should then close.  */
 assuan_fd_t
 _assuan_sock_connect_byname (assuan_context_t ctx, const char *host,
                              unsigned short port, int reserved,
@@ -1082,12 +1091,23 @@ _assuan_sock_connect_byname (assuan_context_t ctx, const char *host,
       return ASSUAN_INVALID_FD;
     }
 
+  if (host && !*host)
+    {
+      /* Error out early on an empty host name.  See below.  */
+      gpg_err_set_errno (EINVAL);
+      return ASSUAN_INVALID_FD;
+    }
+
   fd = _assuan_sock_new (ctx, AF_INET, SOCK_STREAM, 0);
   if (fd == ASSUAN_INVALID_FD)
     return fd;
 
+  /* For HOST being NULL we pass an empty string which indicates to
+     socks5_connect to stop midway during the proxy negotiation.  Note
+     that we can't pass NULL directly as this indicates IP address
+     mode to the called function.  */
   if (socks5_connect (ctx, fd, socksport,
-                      credentials, host, port, NULL, 0))
+                      credentials, host? host:"", port, NULL, 0))
     {
       int save_errno = errno;
       assuan_sock_close (fd);
diff --git a/tests/socks5.c b/tests/socks5.c
index 7ab0438..b3754b8 100644
--- a/tests/socks5.c
+++ b/tests/socks5.c
@@ -53,6 +53,7 @@ main (int argc, char **argv)
   int only_v6 = 0;
   int only_v4 = 0;
   int use_tor = 0;
+  int opt_have_proxy = 0;
   int disable_socks = 0;
   int opt_byname = 0;
   const char *user = NULL;
@@ -87,6 +88,7 @@ main (int argc, char **argv)
                 "  --inet6-only     Use only IPv6\n"
                 "  --inet4-only     Use only IPv4\n"
                 "  --disable-socks  Connect w/o SOCKS\n"
+                "  --have-proxy     Check whether the proxy is available\n"
                 "  --byname         Use assuan_sock_connect_byname\n"
                 "  --user STRING    Use STRING as user for authentication\n"
                 "  --pass STRING    Use STRING as password for authentication\n"
@@ -128,6 +130,11 @@ main (int argc, char **argv)
           opt_byname = 1;
           argc--; argv++;
         }
+      else if (!strcmp (*argv, "--have-proxy"))
+        {
+          opt_have_proxy = 1;
+          argc--; argv++;
+        }
       else if (!strcmp (*argv, "--user"))
         {
           argc--; argv++;
@@ -153,7 +160,7 @@ main (int argc, char **argv)
         }
     }
 
-  if (argc != 2)
+  if (argc != 2 && !opt_have_proxy)
     {
       fputs ("usage: socks5 HOST PORT\n", stderr);
       exit (1);
@@ -175,7 +182,30 @@ main (int argc, char **argv)
                  use_tor? "TOR": "SOCKS", gpg_strerror (err));
     }
 
-  if (opt_byname)
+  if (opt_have_proxy)
+    {
+      char *cred;
+
+      if (user || pass)
+        cred = xstrconcat (user?user:"", ":", pass, NULL);
+      else
+        cred = NULL;
+
+      sock = assuan_sock_connect_byname
+        (NULL, 0, 0, cred, use_tor? ASSUAN_SOCK_TOR : ASSUAN_SOCK_SOCKS);
+      if (sock == ASSUAN_INVALID_FD)
+        {
+          err = gpg_error_from_syserror ();
+          log_error ("SOCKS proxy is not available (%s)\n", gpg_strerror (err));
+          exit (1);
+        }
+      xfree (cred);
+      assuan_sock_close (sock);
+      if (verbose)
+        log_info ("SOCKS proxy available\n");
+      exit (0);
+    }
+  else if (opt_byname)
     {
       unsigned short port;
       char *cred;

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/libassuan.git

More information about the Pkg-gnupg-commit mailing list