mirror of
https://github.com/moparisthebest/curl
synced 2024-12-21 23:58:49 -05:00
Based on Maxim Perenesenko's patch, we now do SOCKS5 operations and let the
proxy do the host name resolving and only if --socks5ip (or CURLOPT_SOCKS5_RESOLVE_LOCAL) is used we resolve the host name locally and pass on the IP address only to the proxy.
This commit is contained in:
parent
fcc485092a
commit
2e42b0a252
6
CHANGES
6
CHANGES
@ -6,6 +6,12 @@
|
||||
|
||||
Changelog
|
||||
|
||||
Daniel S (4 Jan 2008)
|
||||
- Based on Maxim Perenesenko's patch, we now do SOCKS5 operations and let the
|
||||
proxy do the host name resolving and only if --socks5ip (or
|
||||
CURLOPT_SOCKS5_RESOLVE_LOCAL) is used we resolve the host name locally and
|
||||
pass on the IP address only to the proxy.
|
||||
|
||||
Yang Tse (3 Jan 2008)
|
||||
- Modified test harness to allow SCP, SFTP and SOCKS4 tests to run with
|
||||
OpenSSH 2.9.9, SunSSH 1.0 or later versions. SOCKS5 tests need OpenSSH
|
||||
|
@ -1,8 +1,8 @@
|
||||
Curl and libcurl 7.17.2
|
||||
|
||||
Public curl releases: 103
|
||||
Command line options: 124
|
||||
curl_easy_setopt() options: 148
|
||||
Command line options: 125
|
||||
curl_easy_setopt() options: 149
|
||||
Public functions in libcurl: 55
|
||||
Public web site mirrors: 42
|
||||
Known libcurl bindings: 36
|
||||
@ -14,6 +14,7 @@ This release includes the following changes:
|
||||
o CURLOPT_PROXY_TRANSFER_MODE was added
|
||||
o --no-keep-alive was added
|
||||
o --socks4a added (proxy type CURLPROXY_SOCKS4A for libcurl)
|
||||
o --socks5ip added (CURLOPT_SOCKS5_RESOLVE_LOCAL for libcurl)
|
||||
|
||||
This release includes the following bugfixes:
|
||||
|
||||
@ -42,6 +43,7 @@ This release includes the following bugfixes:
|
||||
o bad connection re-use check with environment variable-activated proxy use
|
||||
o --libcurl now generates a return statement as well
|
||||
o socklen_t is no longer used in the public includes
|
||||
o SOCKS5 uses now let the proxy resolve the host names by default
|
||||
|
||||
This release includes the following known bugs:
|
||||
|
||||
@ -63,6 +65,6 @@ advice from friends like these:
|
||||
Robin Johnson, Michal Marek, Ates Goral, Andres Garcia, Rob Crittenden,
|
||||
Emil Romanus, Alessandro Vesely, Ray Pekowski, Spacen Jasset, Andrew Moise,
|
||||
Gilles Blanc, David Wright, Vikram Saxena, Mateusz Loskot, Gary Maxwell,
|
||||
Dmitry Kurochkin, Mohun Biswas, Richard Atterer
|
||||
Dmitry Kurochkin, Mohun Biswas, Richard Atterer, Maxim Perenesenko
|
||||
|
||||
Thanks! (and sorry if I forgot to mention someone)
|
||||
|
15
docs/curl.1
15
docs/curl.1
@ -1084,8 +1084,19 @@ mutually exclusive.
|
||||
|
||||
If this option is used several times, the last one will be used.
|
||||
.IP "--socks5 <host[:port]>"
|
||||
Use the specified SOCKS5 proxy. If the port number is not specified, it is
|
||||
assumed at port 1080. (Added in 7.11.1)
|
||||
Use the specified SOCKS5 proxy (and let the proxy resolve the host name). If
|
||||
the port number is not specified, it is assumed at port 1080. (Added in
|
||||
7.11.1)
|
||||
|
||||
This option overrides any previous use of \fI-x/--proxy\fP, as they are
|
||||
mutually exclusive.
|
||||
|
||||
If this option is used several times, the last one will be used. (This option
|
||||
was previously wrongly documented and used as --socks without the number
|
||||
appended.)
|
||||
.IP "--socks5ip <host[:port]>"
|
||||
Use the specified SOCKS5 proxy - but resolve the host name locally. If the
|
||||
port number is not specified, it is assumed at port 1080. (Added in 7.17.2)
|
||||
|
||||
This option overrides any previous use of \fI-x/--proxy\fP, as they are
|
||||
mutually exclusive.
|
||||
|
@ -21,7 +21,7 @@
|
||||
.\" * $Id$
|
||||
.\" **************************************************************************
|
||||
.\"
|
||||
.TH curl_easy_setopt 3 "30 Aug 2007" "libcurl 7.17.0" "libcurl Manual"
|
||||
.TH curl_easy_setopt 3 "4 Jan 2008" "libcurl 7.17.2" "libcurl Manual"
|
||||
.SH NAME
|
||||
curl_easy_setopt \- set options for a curl easy handle
|
||||
.SH SYNOPSIS
|
||||
@ -433,11 +433,19 @@ Pass a long with this option to set type of the proxy. Available options for
|
||||
this are \fICURLPROXY_HTTP\fP, \fICURLPROXY_SOCKS4\fP (added in 7.15.2),
|
||||
\fICURLPROXY_SOCKS5\fP and \fICURLPROXY_SOCKS4A\fP (added in 7.17.2). The HTTP
|
||||
type is default. (Added in 7.10)
|
||||
|
||||
See also \fIURLOPT_SOCKS5_RESOLVE_LOCAL\fP.
|
||||
.IP CURLOPT_HTTPPROXYTUNNEL
|
||||
Set the parameter to non-zero to get the library to tunnel all operations
|
||||
through a given HTTP proxy. There is a big difference between using a proxy
|
||||
and to tunnel through it. If you don't know what this means, you probably
|
||||
don't want this tunneling option.
|
||||
.IP CURLOPT_SOCKS5_RESOLVE_LOCAL
|
||||
Set the parameter to 1 to get the library to resolve the host name locally
|
||||
instead of passing it to the proxy to resolve, when using a SOCKS5 proxy.
|
||||
|
||||
Note that libcurl before 7.17.2 always resolved the host name locally even
|
||||
when SOCKS5 was used. (Added in 7.17.2)
|
||||
.IP CURLOPT_INTERFACE
|
||||
Pass a char * as parameter. This set the interface name to use as outgoing
|
||||
network interface. The name can be an interface name, an IP address or a host
|
||||
|
@ -1172,6 +1172,11 @@ typedef enum {
|
||||
/* set transfer mode (;type=<a|i>) when doing FTP via an HTTP proxy */
|
||||
CINIT(PROXY_TRANSFER_MODE, LONG, 166),
|
||||
|
||||
/* Set using of SOCKS5 to resolve host names locally instead of sending them
|
||||
to the proxy to let it resolve them. Valid only if CURLOPT_PROXYTYPE ==
|
||||
CURLPROXY_SOCKS5, otherwise ignored. */
|
||||
CINIT(SOCKS5_RESOLVE_LOCAL, LONG, 167),
|
||||
|
||||
CURLOPT_LASTENTRY /* the last unused */
|
||||
} CURLoption;
|
||||
|
||||
|
110
lib/socks.c
110
lib/socks.c
@ -390,6 +390,17 @@ CURLcode Curl_SOCKS5(const char *proxy_name,
|
||||
curl_socket_t sock = conn->sock[sockindex];
|
||||
struct SessionHandle *data = conn->data;
|
||||
long timeout;
|
||||
bool socks5_resolve_local = data->set.socks5_resolve_local;
|
||||
const size_t hostname_len = strlen(hostname);
|
||||
int packetsize = 0;
|
||||
|
||||
/* RFC1928 chapter 5 specifies max 255 chars for domain name in packet */
|
||||
if(!socks5_resolve_local && hostname_len > 255)
|
||||
{
|
||||
infof(conn->data,"SOCKS5: server resolving disabled for hostnames of "
|
||||
"length > 255 [actual len=%d]\n", hostname_len);
|
||||
socks5_resolve_local = TRUE;
|
||||
}
|
||||
|
||||
/* get timeout */
|
||||
if(data->set.timeout && data->set.connecttimeout) {
|
||||
@ -553,13 +564,26 @@ CURLcode Curl_SOCKS5(const char *proxy_name,
|
||||
socksreq[0] = 5; /* version (SOCKS5) */
|
||||
socksreq[1] = 1; /* connect */
|
||||
socksreq[2] = 0; /* must be zero */
|
||||
socksreq[3] = 1; /* IPv4 = 1 */
|
||||
|
||||
{
|
||||
if(!socks5_resolve_local) {
|
||||
packetsize = 5 + hostname_len + 2;
|
||||
|
||||
socksreq[3] = 3; /* ATYP: domain name = 3 */
|
||||
socksreq[4] = (char) hostname_len; /* address length */
|
||||
memcpy(&socksreq[5], hostname, hostname_len); /* address bytes w/o NULL */
|
||||
|
||||
*((unsigned short*)&socksreq[hostname_len+5]) =
|
||||
htons((unsigned short)remote_port);
|
||||
}
|
||||
else {
|
||||
struct Curl_dns_entry *dns;
|
||||
Curl_addrinfo *hp=NULL;
|
||||
int rc = Curl_resolv(conn, hostname, remote_port, &dns);
|
||||
|
||||
packetsize = 10;
|
||||
|
||||
socksreq[3] = 1; /* IPv4 = 1 */
|
||||
|
||||
if(rc == CURLRESOLV_ERROR)
|
||||
return CURLE_COULDNT_RESOLVE_HOST;
|
||||
|
||||
@ -595,40 +619,76 @@ CURLcode Curl_SOCKS5(const char *proxy_name,
|
||||
hostname);
|
||||
return CURLE_COULDNT_RESOLVE_HOST;
|
||||
}
|
||||
|
||||
*((unsigned short*)&socksreq[8]) = htons((unsigned short)remote_port);
|
||||
}
|
||||
|
||||
*((unsigned short*)&socksreq[8]) = htons((unsigned short)remote_port);
|
||||
code = Curl_write(conn, sock, (char *)socksreq, packetsize, &written);
|
||||
if((code != CURLE_OK) || (written != packetsize)) {
|
||||
failf(data, "Failed to send SOCKS5 connect request.");
|
||||
return CURLE_COULDNT_CONNECT;
|
||||
}
|
||||
|
||||
{
|
||||
const int packetsize = 10;
|
||||
packetsize = 10; /* minimum packet size is 10 */
|
||||
|
||||
code = Curl_write(conn, sock, (char *)socksreq, packetsize, &written);
|
||||
if((code != CURLE_OK) || (written != packetsize)) {
|
||||
failf(data, "Failed to send SOCKS5 connect request.");
|
||||
result = blockread_all(conn, sock, (char *)socksreq, packetsize,
|
||||
&actualread, timeout);
|
||||
if((result != CURLE_OK) || (actualread != packetsize)) {
|
||||
failf(data, "Failed to receive SOCKS5 connect request ack.");
|
||||
return CURLE_COULDNT_CONNECT;
|
||||
}
|
||||
|
||||
if(socksreq[0] != 5) { /* version */
|
||||
failf(data,
|
||||
"SOCKS5 reply has wrong version, version should be 5.");
|
||||
return CURLE_COULDNT_CONNECT;
|
||||
}
|
||||
if(socksreq[1] != 0) { /* Anything besides 0 is an error */
|
||||
failf(data,
|
||||
"Can't complete SOCKS5 connection to %d.%d.%d.%d:%d. (%d)",
|
||||
(unsigned char)socksreq[4], (unsigned char)socksreq[5],
|
||||
(unsigned char)socksreq[6], (unsigned char)socksreq[7],
|
||||
(unsigned int)ntohs(*(unsigned short*)(&socksreq[8])),
|
||||
socksreq[1]);
|
||||
return CURLE_COULDNT_CONNECT;
|
||||
}
|
||||
}
|
||||
|
||||
result = blockread_all(conn, sock, (char *)socksreq, packetsize,
|
||||
/* Fix: in general, returned BND.ADDR is variable length parameter by RFC
|
||||
1928, so the reply packet should be read until the end to avoid errors at
|
||||
subsequent protocol level.
|
||||
|
||||
+----+-----+-------+------+----------+----------+
|
||||
|VER | REP | RSV | ATYP | BND.ADDR | BND.PORT |
|
||||
+----+-----+-------+------+----------+----------+
|
||||
| 1 | 1 | X'00' | 1 | Variable | 2 |
|
||||
+----+-----+-------+------+----------+----------+
|
||||
|
||||
ATYP:
|
||||
o IP v4 address: X'01', BND.ADDR = 4 byte
|
||||
o domain name: X'03', BND.ADDR = [ 1 byte length, string ]
|
||||
o IP v6 address: X'04', BND.ADDR = 16 byte
|
||||
*/
|
||||
|
||||
/* Calculate real packet size */
|
||||
if(socksreq[3] == 3) {
|
||||
/* domain name */
|
||||
int addrlen = (int) socksreq[4];
|
||||
packetsize = 5 + addrlen + 2;
|
||||
}
|
||||
else if(socksreq[3] == 4) {
|
||||
/* IPv6 */
|
||||
packetsize = 4 + 16 + 2;
|
||||
}
|
||||
|
||||
/* At this point we already read first 10 bytes */
|
||||
if(packetsize > 10) {
|
||||
packetsize -= 10;
|
||||
result = blockread_all(conn, sock, (char *)&socksreq[10], packetsize,
|
||||
&actualread, timeout);
|
||||
if((result != CURLE_OK) || (actualread != packetsize)) {
|
||||
failf(data, "Failed to receive SOCKS5 connect request ack.");
|
||||
return CURLE_COULDNT_CONNECT;
|
||||
}
|
||||
|
||||
if(socksreq[0] != 5) { /* version */
|
||||
failf(data,
|
||||
"SOCKS5 reply has wrong version, version should be 5.");
|
||||
return CURLE_COULDNT_CONNECT;
|
||||
}
|
||||
if(socksreq[1] != 0) { /* Anything besides 0 is an error */
|
||||
failf(data,
|
||||
"Can't complete SOCKS5 connection to %d.%d.%d.%d:%d. (%d)",
|
||||
(unsigned char)socksreq[4], (unsigned char)socksreq[5],
|
||||
(unsigned char)socksreq[6], (unsigned char)socksreq[7],
|
||||
(unsigned int)ntohs(*(unsigned short*)(&socksreq[8])),
|
||||
socksreq[1]);
|
||||
return CURLE_COULDNT_CONNECT;
|
||||
}
|
||||
}
|
||||
|
||||
Curl_nonblock(sock, TRUE);
|
||||
|
@ -2054,6 +2054,14 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option,
|
||||
}
|
||||
break;
|
||||
|
||||
case CURLOPT_SOCKS5_RESOLVE_LOCAL:
|
||||
/*
|
||||
* Enable or disable using of SOCKS5 proxy server to resolve domain names
|
||||
* instead of using platform API like gethostbyname_r etc
|
||||
*/
|
||||
data->set.socks5_resolve_local = (bool)(0 != va_arg(param, long));
|
||||
break;
|
||||
|
||||
default:
|
||||
/* unknown tag and its companion, just ignore: */
|
||||
result = CURLE_FAILED_INIT; /* correct this */
|
||||
|
@ -7,7 +7,7 @@
|
||||
* | (__| |_| | _ <| |___
|
||||
* \___|\___/|_| \_\_____|
|
||||
*
|
||||
* Copyright (C) 1998 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al.
|
||||
* Copyright (C) 1998 - 2008, Daniel Stenberg, <daniel@haxx.se>, et al.
|
||||
*
|
||||
* This software is licensed as described in the file COPYING, which
|
||||
* you should have received as part of this distribution. The terms
|
||||
@ -1441,7 +1441,9 @@ struct UserDefined {
|
||||
long new_directory_perms; /* Permissions to use when creating remote dirs */
|
||||
bool proxy_transfer_mode; /* set transfer mode (;type=<a|i>) when doing FTP
|
||||
via an HTTP proxy */
|
||||
|
||||
bool socks5_resolve_local; /* resolve host names locally even if a SOCKS5
|
||||
proxy in use. Valid only if CURLOPT_PROXYTYPE
|
||||
== CURLPROXY_SOCKS5, otherwise ignored. */
|
||||
char *str[STRING_LAST]; /* array of strings, pointing to allocated memory */
|
||||
};
|
||||
|
||||
|
30
src/main.c
30
src/main.c
@ -480,6 +480,8 @@ struct Configurable {
|
||||
bool raw;
|
||||
bool post301;
|
||||
bool nokeepalive;
|
||||
bool socks5_resolve_local; /* don't use SOCKS5 proxy server to resolve
|
||||
domain names */
|
||||
struct OutStruct *outs;
|
||||
};
|
||||
|
||||
@ -713,7 +715,8 @@ static void help(void)
|
||||
" -S/--show-error Show error. With -s, make curl show errors when they occur",
|
||||
" --socks4 <host[:port]> Use SOCKS4 proxy on given host + port",
|
||||
" --socks4a <host[:port]> Use SOCKS4a proxy on given host + port",
|
||||
" --socks5 <host[:port]> Use SOCKS5 proxy on given host + port",
|
||||
" --socks5 <host[:port]> Use SOCKS5 proxy and let the proxy resolve names",
|
||||
" --socks5ip <host[:port]> Use SOCKS5 proxy on given host + port",
|
||||
" --stderr <file> Where to redirect stderr. - means stdout",
|
||||
" -t/--telnet-option <OPT=val> Set telnet option",
|
||||
" --trace <file> Write a debug trace to the given file",
|
||||
@ -1514,10 +1517,10 @@ static ParameterError getparameter(char *flag, /* f or -long-flag */
|
||||
{"*z", "disable-eprt", FALSE},
|
||||
{"$a", "ftp-ssl", FALSE},
|
||||
{"$b", "ftp-pasv", FALSE},
|
||||
{"$c", "socks5", TRUE},
|
||||
{"$c", "socks", TRUE}, /* this is how the option was documented but
|
||||
we prefer the --socks5 version for explicit
|
||||
version */
|
||||
{"$c", "socks5ip", TRUE},
|
||||
{"$c", "socks", TRUE}, /* this is how the option once was documented
|
||||
but we prefer the --socks5 version for
|
||||
explicit version */
|
||||
{"$d", "tcp-nodelay",FALSE},
|
||||
{"$e", "proxy-digest", FALSE},
|
||||
{"$f", "proxy-basic", FALSE},
|
||||
@ -1544,6 +1547,7 @@ static ParameterError getparameter(char *flag, /* f or -long-flag */
|
||||
{"$#", "raw", FALSE},
|
||||
{"$0", "post301", FALSE},
|
||||
{"$1", "no-keep-alive", FALSE},
|
||||
{"$2", "socks5", TRUE},
|
||||
|
||||
{"0", "http1.0", FALSE},
|
||||
{"1", "tlsv1", FALSE},
|
||||
@ -1900,9 +1904,11 @@ static ParameterError getparameter(char *flag, /* f or -long-flag */
|
||||
free(config->ftpport);
|
||||
config->ftpport = NULL;
|
||||
break;
|
||||
case 'c': /* --socks5 specifies a socks5 proxy to use */
|
||||
case 'c': /* --socks5ip specifies a socks5 proxy to use, but resolves
|
||||
the name locally and passes on the resolved address */
|
||||
GetStr(&config->socksproxy, nextarg);
|
||||
config->socksver = CURLPROXY_SOCKS5;
|
||||
config->socks5_resolve_local = TRUE;
|
||||
break;
|
||||
case 't': /* --socks4 specifies a socks4 proxy to use */
|
||||
GetStr(&config->socksproxy, nextarg);
|
||||
@ -1912,6 +1918,12 @@ static ParameterError getparameter(char *flag, /* f or -long-flag */
|
||||
GetStr(&config->socksproxy, nextarg);
|
||||
config->socksver = CURLPROXY_SOCKS4A;
|
||||
break;
|
||||
case '2': /* --socks5 specifies a socks5 proxy and enables name resolving
|
||||
with the proxy */
|
||||
GetStr(&config->socksproxy, nextarg);
|
||||
config->socksver = CURLPROXY_SOCKS5;
|
||||
config->socks5_resolve_local = FALSE;
|
||||
break;
|
||||
case 'd': /* --tcp-nodelay option */
|
||||
config->tcp_nodelay ^= TRUE;
|
||||
break;
|
||||
@ -4340,7 +4352,7 @@ operate(struct Configurable *config, int argc, argv_item_t argv[])
|
||||
my_setopt(curl, CURLOPT_SSH_PUBLIC_KEYFILE, config->pubkey);
|
||||
|
||||
/* SSH host key md5 checking allows us to fail if we are
|
||||
* not talking to who we think we should
|
||||
* not talking to who we think we should
|
||||
*/
|
||||
my_setopt(curl, CURLOPT_SSH_HOST_PUBLIC_KEY_MD5, config->hostpubmd5);
|
||||
|
||||
@ -4497,6 +4509,10 @@ operate(struct Configurable *config, int argc, argv_item_t argv[])
|
||||
if(config->socksproxy) {
|
||||
my_setopt(curl, CURLOPT_PROXY, config->socksproxy);
|
||||
my_setopt(curl, CURLOPT_PROXYTYPE, config->socksver);
|
||||
if(config->socksver==CURLPROXY_SOCKS5)
|
||||
/* added in 7.17.2 */
|
||||
my_setopt(curl, CURLOPT_SOCKS5_RESOLVE_LOCAL,
|
||||
config->socks5_resolve_local);
|
||||
}
|
||||
|
||||
/* curl 7.13.0 */
|
||||
|
Loading…
Reference in New Issue
Block a user