From ce2c3ebda20919fe636e675f219ae387e386f508 Mon Sep 17 00:00:00 2001 From: Kamil Dudka Date: Fri, 19 May 2017 18:11:47 +0200 Subject: [PATCH] curl --socks5-{basic,gssapi}: control socks5 auth Closes https://github.com/curl/curl/pull/1454 --- docs/cmdline-opts/Makefile.inc | 1 + docs/cmdline-opts/socks5-basic.d | 7 +++++++ docs/cmdline-opts/socks5-gssapi.d | 8 ++++++++ src/tool_cfgable.h | 1 + src/tool_getparam.c | 18 ++++++++++++++++++ src/tool_help.c | 4 ++++ src/tool_operate.c | 5 +++++ src/tool_setopt.c | 1 + src/tool_setopt.h | 1 + 9 files changed, 46 insertions(+) create mode 100644 docs/cmdline-opts/socks5-basic.d create mode 100644 docs/cmdline-opts/socks5-gssapi.d diff --git a/docs/cmdline-opts/Makefile.inc b/docs/cmdline-opts/Makefile.inc index 70d089035..7eea5c6c5 100644 --- a/docs/cmdline-opts/Makefile.inc +++ b/docs/cmdline-opts/Makefile.inc @@ -33,6 +33,7 @@ DPAGES = abstract-unix-socket.d anyauth.d append.d basic.d cacert.d capath.d cer remote-name-all.d remote-name.d remote-time.d request.d resolve.d \ retry-connrefused.d retry.d retry-delay.d retry-max-time.d sasl-ir.d \ service-name.d show-error.d silent.d socks4a.d socks4.d socks5.d \ + socks5-basic.d socks5-gssapi.d \ socks5-gssapi-nec.d socks5-gssapi-service.d socks5-hostname.d \ speed-limit.d speed-time.d ssl-allow-beast.d ssl.d ssl-no-revoke.d \ ssl-reqd.d sslv2.d sslv3.d stderr.d suppress-connect-headers.d \ diff --git a/docs/cmdline-opts/socks5-basic.d b/docs/cmdline-opts/socks5-basic.d new file mode 100644 index 000000000..67d16b3a6 --- /dev/null +++ b/docs/cmdline-opts/socks5-basic.d @@ -0,0 +1,7 @@ +Long: socks5-basic +Help: Enable username/password auth for SOCKS5 proxies +Added: 7.55.0 +--- +Tells curl to use username/password authentication when connecting to a SOCKS5 +proxy. The username/password authentication is enabled by default. Use +--socks5-gssapi to force GSS-API authentication to SOCKS5 proxies. diff --git a/docs/cmdline-opts/socks5-gssapi.d b/docs/cmdline-opts/socks5-gssapi.d new file mode 100644 index 000000000..0070f37eb --- /dev/null +++ b/docs/cmdline-opts/socks5-gssapi.d @@ -0,0 +1,8 @@ +Long: socks5-gssapi +Help: Enable GSS-API auth for SOCKS5 proxies +Added: 7.55.0 +--- +Tells curl to use GSS-API authentication when connecting to a SOCKS5 proxy. +The GSS-API authentication is enabled by default (if curl is compiled with +GSS-API support). Use --socks5-basic to force username/password authentication +to SOCKS5 proxies. diff --git a/src/tool_cfgable.h b/src/tool_cfgable.h index 8b6e0cfa7..254805c8c 100644 --- a/src/tool_cfgable.h +++ b/src/tool_cfgable.h @@ -189,6 +189,7 @@ struct OperationConfig { char *preproxy; int socks5_gssapi_nec; /* The NEC reference server does not protect the encryption type exchange */ + unsigned long socks5_auth;/* auth bitmask for socks5 proxies */ char *proxy_service_name; /* set authentication service name for HTTP and SOCKS5 proxies */ char *service_name; /* set authentication service name for DIGEST-MD5, diff --git a/src/tool_getparam.c b/src/tool_getparam.c index f64208a2b..64a84af99 100644 --- a/src/tool_getparam.c +++ b/src/tool_getparam.c @@ -251,6 +251,8 @@ static const struct LongShort aliases[]= { {"E7", "proxy-capath", ARG_STRING}, {"E8", "proxy-insecure", ARG_BOOL}, {"E9", "proxy-tlsv1", ARG_NONE}, + {"EA", "socks5-basic", ARG_BOOL}, + {"EB", "socks5-gssapi", ARG_BOOL}, {"f", "fail", ARG_BOOL}, {"fa", "fail-early", ARG_BOOL}, {"F", "form", ARG_STRING}, @@ -1560,6 +1562,22 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */ config->proxy_ssl_version = CURL_SSLVERSION_TLSv1; break; + case 'A': + /* --socks5-basic */ + if(toggle) + config->socks5_auth |= CURLAUTH_BASIC; + else + config->socks5_auth &= ~CURLAUTH_BASIC; + break; + + case 'B': + /* --socks5-gssapi */ + if(toggle) + config->socks5_auth |= CURLAUTH_GSSAPI; + else + config->socks5_auth &= ~CURLAUTH_GSSAPI; + break; + default: /* unknown flag */ return PARAM_OPTION_UNKNOWN; } diff --git a/src/tool_help.c b/src/tool_help.c index 2acc994d5..90ce7675a 100644 --- a/src/tool_help.c +++ b/src/tool_help.c @@ -378,6 +378,10 @@ static const struct helptxt helptext[] = { "SOCKS4a proxy on given host + port"}, {" --socks5 ", "SOCKS5 proxy on given host + port"}, + {" --socks5-basic", + "Enable username/password auth for SOCKS5 proxies"}, + {" --socks5-gssapi", + "Enable GSS-API auth for SOCKS5 proxies"}, {" --socks5-gssapi-nec", "Compatibility with NEC SOCKS5 server"}, {" --socks5-gssapi-service ", diff --git a/src/tool_operate.c b/src/tool_operate.c index 147081438..1e8d0073c 100644 --- a/src/tool_operate.c +++ b/src/tool_operate.c @@ -1343,6 +1343,11 @@ static CURLcode operate_do(struct GlobalConfig *global, my_setopt_str(curl, CURLOPT_SOCKS5_GSSAPI_NEC, config->socks5_gssapi_nec); + /* new in curl 7.55.0 */ + if(config->socks5_auth) + my_setopt_bitmask(curl, CURLOPT_SOCKS5_AUTH, + (long)config->socks5_auth); + /* new in curl 7.43.0 */ if(config->proxy_service_name) my_setopt_str(curl, CURLOPT_PROXY_SERVICE_NAME, diff --git a/src/tool_setopt.c b/src/tool_setopt.c index ad3d30739..694d3ffa5 100644 --- a/src/tool_setopt.c +++ b/src/tool_setopt.c @@ -170,6 +170,7 @@ static const NameValue setopt_nv_CURLNONZERODEFAULTS[] = { NV1(CURLOPT_TCP_NODELAY, 1), NV1(CURLOPT_PROXY_SSL_VERIFYPEER, 1), NV1(CURLOPT_PROXY_SSL_VERIFYHOST, 1), + NV1(CURLOPT_SOCKS5_AUTH, 1), NVEND }; diff --git a/src/tool_setopt.h b/src/tool_setopt.h index c27541b8b..da67deeb6 100644 --- a/src/tool_setopt.h +++ b/src/tool_setopt.h @@ -72,6 +72,7 @@ extern const NameValueUnsigned setopt_nv_CURLAUTH[]; #define setopt_nv_CURLOPT_REDIR_PROTOCOLS setopt_nv_CURLPROTO #define setopt_nv_CURLOPT_PROXYTYPE setopt_nv_CURLPROXY #define setopt_nv_CURLOPT_PROXYAUTH setopt_nv_CURLAUTH +#define setopt_nv_CURLOPT_SOCKS5_AUTH setopt_nv_CURLAUTH /* Intercept setopt calls for --libcurl */