[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[or-cvs] r9195: Add SOCKS5 and reverse lookup support to C verseion of tor-r (in tor/trunk: . doc src/tools)



Author: nickm
Date: 2006-12-26 17:41:49 -0500 (Tue, 26 Dec 2006)
New Revision: 9195

Modified:
   tor/trunk/
   tor/trunk/ChangeLog
   tor/trunk/doc/TODO
   tor/trunk/doc/tor-resolve.1
   tor/trunk/src/tools/tor-resolve.c
Log:
 r11719@Kushana:  nickm | 2006-12-26 17:41:09 -0500
 Add SOCKS5 and reverse lookup support to C verseion of tor-resolve



Property changes on: tor/trunk
___________________________________________________________________
 svk:merge ticket from /tor/trunk [r11719] on c95137ef-5f19-0410-b913-86e773d04f59

Modified: tor/trunk/ChangeLog
===================================================================
--- tor/trunk/ChangeLog	2006-12-26 22:41:43 UTC (rev 9194)
+++ tor/trunk/ChangeLog	2006-12-26 22:41:49 UTC (rev 9195)
@@ -66,6 +66,7 @@
       don't report X-Your-Address-Is is when it's an internal address; and
       never believe reported remote addresses when they're internal.
     - Add client-side caching for reverse DNS lookups.
+    - Add support to tor-resolve for reverse lookups and SOCKS5.
 
   o Security bugfixes:
     - Stop sending the HttpProxyAuthenticator string to directory

Modified: tor/trunk/doc/TODO
===================================================================
--- tor/trunk/doc/TODO	2006-12-26 22:41:43 UTC (rev 9194)
+++ tor/trunk/doc/TODO	2006-12-26 22:41:49 UTC (rev 9195)
@@ -93,13 +93,13 @@
       - Make evdns use windows strerror equivalents.
       - Make sure patches get into libevent.
       - Verify that it works well on windows
-    . Make reverse DNS work.
-      . Add client-side interface
+    o Make reverse DNS work.
+      o Add client-side interface
         o SOCKS interface: specify
         o SOCKS interface: implement
         o Cache answers client-side
         o Add to Tor-resolve.py
-        - Add to tor-resolve
+        o Add to tor-resolve
 d   - Be a DNS proxy.
     o Check for invalid characters in hostnames before trying to resolve
       them.  (This will help catch attempts do to mean things to our DNS

Modified: tor/trunk/doc/tor-resolve.1
===================================================================
--- tor/trunk/doc/tor-resolve.1	2006-12-26 22:41:43 UTC (rev 9194)
+++ tor/trunk/doc/tor-resolve.1	2006-12-26 22:41:49 UTC (rev 9195)
@@ -5,15 +5,34 @@
 tor-resolve \- resolve a hostname to an IP address via tor
 
 .SH SYNOPSIS
-\fBtor-resolve\fP\ [-4|-5] \fIhostname\fP\ [\fIsockshost\fP[:\fIsocksport]\fP]
+\fBtor-resolve\fP\ [-4|-5] [-v] [-x] \fIhostname\fP\ [\fIsockshost\fP[:\fIsocksport]\fP]
 
 .SH DESCRIPTION
 \fBtor-resolve\fR is a simple script to connect to a SOCKS proxy that
 knows about the SOCKS RESOLVE command, hand it a hostname, and return
 an IP address.
+.SH OPTIONS
+\fB-v \fP
+Display verbose output.
+.LP
+.TP
+\fB-x\fP
+Perform a reverse lookup: get the PTR record for an IPv4 address.
+.LP
+.TP
+\fB-5\fP
+Use the SOCKS5 protocol. (Default)
+.LP
+.TP
+\fB-4\fP
+Use the SOCKS4a protocol rather than the default SOCKS5 protocol.  Doesn't
+support reverse DNS.
 
-See doc/socks-extensions.txt in the Tor package for protocol details.
-
 .SH SEE ALSO
 .BR tor (1),
 .BR torify (1).
+.PP
+See doc/socks-extensions.txt in the Tor package for protocol details.
+
+.SH AUTHORS
+Roger Dingledine <arma@xxxxxxx>, Nick Mathewson <nickm@xxxxxxxxxxxx>.

Modified: tor/trunk/src/tools/tor-resolve.c
===================================================================
--- tor/trunk/src/tools/tor-resolve.c	2006-12-26 22:41:43 UTC (rev 9194)
+++ tor/trunk/src/tools/tor-resolve.c	2006-12-26 22:41:49 UTC (rev 9195)
@@ -39,7 +39,7 @@
 #endif
 #endif
 
-#define RESPONSE_LEN 8
+#define RESPONSE_LEN_4 8
 #define log_sock_error(act, _s)                                         \
   do { log_fn(LOG_ERR, LD_NET, "Error while %s: %s", act,              \
               tor_socket_strerror(tor_socket_errno(_s))); } while (0)
@@ -48,23 +48,52 @@
  * <b>username</b> and <b>hostname</b> as provided.  Return the number
  * of bytes in the request. */
 static int
-build_socks4a_resolve_request(char **out,
-                              const char *username,
-                              const char *hostname)
+build_socks_resolve_request(char **out,
+                            const char *username,
+                            const char *hostname,
+                            int reverse,
+                            int version)
 {
-  size_t len;
+  size_t len = 0;
   tor_assert(out);
   tor_assert(username);
   tor_assert(hostname);
 
-  len = 8 + strlen(username) + 1 + strlen(hostname) + 1;
-  *out = tor_malloc(len);
-  (*out)[0] = 4;      /* SOCKS version 4 */
-  (*out)[1] = '\xF0'; /* Command: resolve. */
-  set_uint16((*out)+2, htons(0)); /* port: 0. */
-  set_uint32((*out)+4, htonl(0x00000001u)); /* addr: 0.0.0.1 */
-  strcpy((*out)+8, username);
-  strcpy((*out)+8+strlen(username)+1, hostname);
+  if (version == 4) {
+    len = 8 + strlen(username) + 1 + strlen(hostname) + 1;
+    *out = tor_malloc(len);
+    (*out)[0] = 4;      /* SOCKS version 4 */
+    (*out)[1] = '\xF0'; /* Command: resolve. */
+    set_uint16((*out)+2, htons(0)); /* port: 0. */
+    set_uint32((*out)+4, htonl(0x00000001u)); /* addr: 0.0.0.1 */
+    strcpy((*out)+8, username);
+    strcpy((*out)+8+strlen(username)+1, hostname);
+  } else if (version == 5) {
+    int is_ip_address;
+    struct in_addr in;
+    size_t addrlen;
+    is_ip_address = tor_inet_aton(hostname, &in);
+    if (!is_ip_address && reverse) {
+      log_err(LD_GENERAL, "Tried to do a reverse lookup on a non-IP!");
+      return -1;
+    }
+    addrlen = is_ip_address ? 4 : 1 + strlen(hostname);
+    len = 6 + addrlen;
+    *out = tor_malloc(len);
+    (*out)[0] = 5; /* SOCKS version 5 */
+    (*out)[1] = reverse ? '\xF1' : '\xF0'; /* RESOLVE_PTR or RESOLVE */
+    (*out)[2] = 0; /* reserved. */
+    (*out)[3] = is_ip_address ? 1 : 3;
+    if (is_ip_address) {
+      set_uint32((*out)+4, htonl(in.s_addr));
+    } else {
+      (*out)[4] = (char)(uint8_t)(addrlen - 1);
+      memcpy((*out)+5, hostname, addrlen - 1);
+    }
+    set_uint16((*out)+4+addrlen, 0); /* port */
+  } else {
+    tor_assert(0);
+  }
 
   return len;
 }
@@ -81,7 +110,7 @@
   tor_assert(response);
   tor_assert(addr_out);
 
-  if (len < RESPONSE_LEN) {
+  if (len < RESPONSE_LEN_4) {
     log_warn(LD_PROTOCOL,"Truncated socks response.");
     return -1;
   }
@@ -109,17 +138,21 @@
  */
 static int
 do_resolve(const char *hostname, uint32_t sockshost, uint16_t socksport,
-           uint32_t *result_addr)
+           int reverse, int version,
+           uint32_t *result_addr, char **result_hostname)
 {
   int s;
   struct sockaddr_in socksaddr;
-  char *req, *cp;
-  int r, len;
-  char response_buf[RESPONSE_LEN];
+  char *req = NULL;
+  int len = 0;
 
   tor_assert(hostname);
   tor_assert(result_addr);
+  tor_assert(version == 4 || version == 5);
 
+  *result_addr = 0;
+  *result_hostname = NULL;
+
   s = socket(PF_INET,SOCK_STREAM,IPPROTO_TCP);
   if (s<0) {
     log_sock_error("creating_socket", -1);
@@ -135,43 +168,88 @@
     return -1;
   }
 
-  if ((len = build_socks4a_resolve_request(&req, "", hostname))<0) {
+  if (version == 5) {
+    char method_buf[2];
+    if (write_all(s, "\x05\x01\x00", 3, 1) != 3) {
+      log_err(LD_NET, "Error sending SOCKS5 method list.");
+      return -1;
+    }
+    if (read_all(s, method_buf, 2, 1) != 2) {
+      log_err(LD_NET, "Error reading SOCKS5 methods.");
+      return -1;
+    }
+    if (method_buf[0] != '\x05') {
+      log_err(LD_NET, "Unrecognized socks version: %u",
+              (unsigned)method_buf[0]);
+      return -1;
+    }
+    if (method_buf[1] != '\x00') {
+      log_err(LD_NET, "Unrecognized socks authentication method: %u",
+              (unsigned)method_buf[1]);
+      return -1;
+    }
+  }
+
+  if ((len = build_socks_resolve_request(&req, "", hostname, reverse,
+                                         version))<0) {
     log_err(LD_BUG,"Error generating SOCKS request");
     return -1;
   }
-
-  cp = req;
-  while (len) {
-    r = send(s, cp, len, 0);
-    if (r<0) {
-      log_sock_error("sending SOCKS request", s);
-      tor_free(req);
-      return -1;
-    }
-    len -= r;
-    cp += r;
+  if (write_all(s, req, len, 1) != len) {
+    log_sock_error("sending SOCKS request", s);
+    tor_free(req);
+    return -1;
   }
   tor_free(req);
 
-  len = 0;
-  while (len < RESPONSE_LEN) {
-    r = recv(s, response_buf+len, RESPONSE_LEN-len, 0);
-    if (r==0) {
-      log_warn(LD_NET,"EOF while reading SOCKS response");
+  if (version == 4) {
+    char reply_buf[RESPONSE_LEN_4];
+    if (read_all(s, reply_buf, RESPONSE_LEN_4, 1) != RESPONSE_LEN_4) {
+      log_err(LD_NET, "Error reading SOCKS4 response.");
       return -1;
     }
-    if (r<0) {
-      log_sock_error("reading SOCKS response", s);
+    if (parse_socks4a_resolve_response(reply_buf, RESPONSE_LEN_4,
+                                       result_addr)<0){
       return -1;
     }
-    len += r;
+  } else {
+    char reply_buf[4];
+    if (read_all(s, reply_buf, 4, 1) != 4) {
+      log_err(LD_NET, "Error reading SOCKS5 response.");
+      return -1;
+    }
+    if (reply_buf[0] != 5) {
+      log_err(LD_NET, "Bad SOCKS5 reply version.");
+      return -1;
+    }
+    if (reply_buf[1] != 0) {
+      log_warn(LD_NET,"Got status response '%u': SOCKS5 request failed.",
+               (unsigned)reply_buf[1]);
+      return -1;
+    }
+    if (reply_buf[3] == 1) {
+      /* IPv4 address */
+      if (read_all(s, reply_buf, 4, 1) != 4) {
+        log_err(LD_NET, "Error reading address in socks5 response.");
+        return -1;
+      }
+      *result_addr = ntohl(get_uint32(reply_buf));
+    } else if (reply_buf[3] == 3) {
+      size_t len;
+      if (read_all(s, reply_buf, 1, 1) != 1) {
+        log_err(LD_NET, "Error reading address_length in socks5 response.");
+        return -1;
+      }
+      len = *(uint8_t*)(reply_buf);
+      *result_hostname = tor_malloc(len+1);
+      if (read_all(s, *result_hostname, len, 1) != (int) len) {
+        log_err(LD_NET, "Error reading hostname in socks5 response.");
+        return -1;
+      }
+      (*result_hostname)[len] = '\0';
+    }
   }
 
-  if (parse_socks4a_resolve_response(response_buf, RESPONSE_LEN,
-                                     result_addr)<0){
-    return -1;
-  }
-
   return 0;
 }
 
@@ -179,7 +257,7 @@
 static void
 usage(void)
 {
-  puts("Syntax: tor-resolve [-v] hostname [sockshost:socksport]");
+  puts("Syntax: tor-resolve [-4] [-v] [-x] hostname [sockshost:socksport]");
   exit(1);
 }
 
@@ -189,10 +267,12 @@
 {
   uint32_t sockshost;
   uint16_t socksport;
+  int isSocks4 = 0, isVerbose = 0, isReverse = 0;
   char **arg;
   int n_args;
   struct in_addr a;
-  uint32_t result;
+  uint32_t result = 0;
+  char *result_hostname = NULL;
   char buf[INET_NTOA_BUF_LEN];
 
   arg = &argv[1];
@@ -205,10 +285,30 @@
     printf("Tor version %s.\n",VERSION);
     return 0;
   }
+  while (n_args && *arg[0] == '-') {
+    if (!strcmp("-v", arg[0]))
+      isVerbose = 1;
+    else if (!strcmp("-4", arg[0]))
+      isSocks4 = 1;
+    else if (!strcmp("-5", arg[0]))
+      isSocks4 = 0;
+    else if (!strcmp("-x", arg[0]))
+      isReverse = 1;
+    else {
+      fprintf(stderr, "Unrecognized flag '%s'\n", arg[0]);
+      usage();
+    }
+    ++arg;
+    --n_args;
+  }
 
-  if (!strcmp("-v", arg[0])) {
+  if (isSocks4 && isReverse) {
+    fprintf(stderr, "Reverse lookups not supported with SOCKS4a\n");
+    usage();
+  }
+
+  if (isVerbose) {
     add_stream_log(LOG_DEBUG, LOG_ERR, "<stderr>", stderr);
-    ++arg; --n_args;
   } else {
     add_stream_log(LOG_WARN, LOG_ERR, "<stderr>", stderr);
   }
@@ -242,12 +342,18 @@
     return 1;
   }
 
-  if (do_resolve(arg[0], sockshost, socksport, &result))
+  if (do_resolve(arg[0], sockshost, socksport, isReverse,
+                 isSocks4 ? 4 : 5, &result,
+                 &result_hostname))
     return 1;
 
-  a.s_addr = htonl(result);
-  tor_inet_ntoa(&a, buf, sizeof(buf));
-  printf("%s\n", buf);
+  if (result_hostname) {
+    printf("%s\n", result_hostname);
+  } else {
+    a.s_addr = htonl(result);
+    tor_inet_ntoa(&a, buf, sizeof(buf));
+    printf("%s\n", buf);
+  }
   return 0;
 }