curl --socks5-{basic,gssapi}: control socks5 auth

Closes https://github.com/curl/curl/pull/1454
2024-12-21 15:48:49 -05:00 · 2017-05-19 18:11:47 +02:00 · 2017-05-19 18:11:47 +02:00 · ce2c3ebda2
commit ce2c3ebda2
parent 8924f58c37
9 changed files with 46 additions and 0 deletions
--- a/docs/cmdline-opts/Makefile.inc
+++ b/docs/cmdline-opts/Makefile.inc
@ -33,6 +33,7 @@ DPAGES = abstract-unix-socket.d anyauth.d append.d basic.d cacert.d capath.d cer
  remote-name-all.d remote-name.d remote-time.d request.d resolve.d     \
  retry-connrefused.d retry.d retry-delay.d retry-max-time.d sasl-ir.d  \
  service-name.d show-error.d silent.d socks4a.d socks4.d socks5.d      \
+  socks5-basic.d socks5-gssapi.d                                        \
  socks5-gssapi-nec.d socks5-gssapi-service.d socks5-hostname.d         \
  speed-limit.d speed-time.d ssl-allow-beast.d ssl.d ssl-no-revoke.d    \
  ssl-reqd.d sslv2.d sslv3.d stderr.d suppress-connect-headers.d        \
--- a/docs/cmdline-opts/socks5-basic.d
+++ b/docs/cmdline-opts/socks5-basic.d
@ -0,0 +1,7 @@
+Long: socks5-basic
+Help: Enable username/password auth for SOCKS5 proxies
+Added: 7.55.0
+---
+Tells curl to use username/password authentication when connecting to a SOCKS5
+proxy.  The username/password authentication is enabled by default.  Use
+--socks5-gssapi to force GSS-API authentication to SOCKS5 proxies.
--- a/docs/cmdline-opts/socks5-gssapi.d
+++ b/docs/cmdline-opts/socks5-gssapi.d
@ -0,0 +1,8 @@
+Long: socks5-gssapi
+Help: Enable GSS-API auth for SOCKS5 proxies
+Added: 7.55.0
+---
+Tells curl to use GSS-API authentication when connecting to a SOCKS5 proxy.
+The GSS-API authentication is enabled by default (if curl is compiled with
+GSS-API support).  Use --socks5-basic to force username/password authentication
+to SOCKS5 proxies.
--- a/src/tool_cfgable.h
+++ b/src/tool_cfgable.h
@ -189,6 +189,7 @@ struct OperationConfig {
  char *preproxy;
  int socks5_gssapi_nec;    /* The NEC reference server does not protect the
                               encryption type exchange */
+  unsigned long socks5_auth;/* auth bitmask for socks5 proxies */
  char *proxy_service_name; /* set authentication service name for HTTP and
                               SOCKS5 proxies */
  char *service_name;       /* set authentication service name for DIGEST-MD5,
--- a/src/tool_getparam.c
+++ b/src/tool_getparam.c
@ -251,6 +251,8 @@ static const struct LongShort aliases[]= {
  {"E7", "proxy-capath",             ARG_STRING},
  {"E8", "proxy-insecure",           ARG_BOOL},
  {"E9", "proxy-tlsv1",              ARG_NONE},
+  {"EA", "socks5-basic",             ARG_BOOL},
+  {"EB", "socks5-gssapi",            ARG_BOOL},
  {"f",  "fail",                     ARG_BOOL},
  {"fa", "fail-early",               ARG_BOOL},
  {"F",  "form",                     ARG_STRING},
@ -1560,6 +1562,22 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */
        config->proxy_ssl_version = CURL_SSLVERSION_TLSv1;
        break;

+      case 'A':
+        /* --socks5-basic */
+        if(toggle)
+          config->socks5_auth |= CURLAUTH_BASIC;
+        else
+          config->socks5_auth &= ~CURLAUTH_BASIC;
+        break;
+
+      case 'B':
+        /* --socks5-gssapi */
+        if(toggle)
+          config->socks5_auth |= CURLAUTH_GSSAPI;
+        else
+          config->socks5_auth &= ~CURLAUTH_GSSAPI;
+        break;
+
      default: /* unknown flag */
        return PARAM_OPTION_UNKNOWN;
      }
--- a/src/tool_help.c
+++ b/src/tool_help.c
@ -378,6 +378,10 @@ static const struct helptxt helptext[] = {
   "SOCKS4a proxy on given host + port"},
  {"    --socks5 <host[:port]>",
   "SOCKS5 proxy on given host + port"},
+  {"    --socks5-basic",
+   "Enable username/password auth for SOCKS5 proxies"},
+  {"    --socks5-gssapi",
+   "Enable GSS-API auth for SOCKS5 proxies"},
  {"    --socks5-gssapi-nec",
   "Compatibility with NEC SOCKS5 server"},
  {"    --socks5-gssapi-service <name>",
--- a/src/tool_operate.c
+++ b/src/tool_operate.c
@ -1343,6 +1343,11 @@ static CURLcode operate_do(struct GlobalConfig *global,
          my_setopt_str(curl, CURLOPT_SOCKS5_GSSAPI_NEC,
                        config->socks5_gssapi_nec);

+        /* new in curl 7.55.0 */
+        if(config->socks5_auth)
+          my_setopt_bitmask(curl, CURLOPT_SOCKS5_AUTH,
+                            (long)config->socks5_auth);
+
        /* new in curl 7.43.0 */
        if(config->proxy_service_name)
          my_setopt_str(curl, CURLOPT_PROXY_SERVICE_NAME,
--- a/src/tool_setopt.c
+++ b/src/tool_setopt.c
@ -170,6 +170,7 @@ static const NameValue setopt_nv_CURLNONZERODEFAULTS[] = {
  NV1(CURLOPT_TCP_NODELAY, 1),
  NV1(CURLOPT_PROXY_SSL_VERIFYPEER, 1),
  NV1(CURLOPT_PROXY_SSL_VERIFYHOST, 1),
+  NV1(CURLOPT_SOCKS5_AUTH, 1),
  NVEND
 };

--- a/src/tool_setopt.h
+++ b/src/tool_setopt.h
@ -72,6 +72,7 @@ extern const NameValueUnsigned setopt_nv_CURLAUTH[];
 #define setopt_nv_CURLOPT_REDIR_PROTOCOLS setopt_nv_CURLPROTO
 #define setopt_nv_CURLOPT_PROXYTYPE setopt_nv_CURLPROXY
 #define setopt_nv_CURLOPT_PROXYAUTH setopt_nv_CURLAUTH
+#define setopt_nv_CURLOPT_SOCKS5_AUTH setopt_nv_CURLAUTH

 /* Intercept setopt calls for --libcurl */