socks 5 username/password authentication

honfika · honfika · commit 987dafc96b45 · 2019-12-26T20:09:41.000+01:00
diff --git a/src/Titanium.Web.Proxy/EventArguments/SessionEventArgsBase.cs b/src/Titanium.Web.Proxy/EventArguments/SessionEventArgsBase.cs
@@ -140,6 +140,11 @@ public bool EnableWinAuth
         /// </summary>
         public bool IsTransparent => ProxyEndPoint is TransparentProxyEndPoint;
 
+        /// <summary>
+        ///     Is this a SOCKS endpoint?
+        /// </summary>
+        public bool IsSocks => ProxyEndPoint is SocksProxyEndPoint;
+
         /// <summary>
         ///     The last exception that happened.
         /// </summary>
diff --git a/src/Titanium.Web.Proxy/RequestHandler.cs b/src/Titanium.Web.Proxy/RequestHandler.cs
@@ -90,7 +90,7 @@ await HeaderParser.ReadHeaders(clientStream, args.HttpClient.Request.Headers,
                             request.Method = requestLine.Method;
                             request.HttpVersion = requestLine.Version;
 
-                            if (!args.IsTransparent)
+                            if (!args.IsTransparent && !args.IsSocks)
                             {
                                 // proxy authorization check
                                 if (connectRequest == null && await checkAuthorization(args) == false)
diff --git a/src/Titanium.Web.Proxy/ResponseHandler.cs b/src/Titanium.Web.Proxy/ResponseHandler.cs
@@ -99,7 +99,7 @@ await handleHttpSessionRequest(args, null, args.ClientConnection.NegotiatedAppli
 
             response.Locked = true;
 
-            if (!args.IsTransparent)
+            if (!args.IsTransparent && !args.IsSocks)
             {
                 response.Headers.FixProxyHeaders();
             }
diff --git a/src/Titanium.Web.Proxy/SocksClientHandler.cs b/src/Titanium.Web.Proxy/SocksClientHandler.cs
@@ -1,4 +1,5 @@
 ﻿using System;
+using System.Text;
 using System.Threading;
 using System.Threading.Tasks;
 using Titanium.Web.Proxy.Extensions;
@@ -48,13 +49,76 @@ private async Task handleClient(SocksProxyEndPoint endPoint, TcpClientConnection
                 }
                 else if (buffer[0] == 5)
                 {
-                    if (buffer[1] == 0 || buffer[2] != 0)
+                    int authenticationMethodCount = buffer[1];
+                    if (read < authenticationMethodCount + 2)
                     {
                         return;
                     }
 
-                    buffer[1] = 0;
+                    int acceptedMethod = 255;
+                    for (int i = 0; i < authenticationMethodCount; i++)
+                    {
+                        int method = buffer[i + 2];
+                        if (method == 0 && ProxyBasicAuthenticateFunc == null)
+                        {
+                            acceptedMethod = 0;
+                            break;
+                        }
+
+                        if (method == 2)
+                        {
+                            acceptedMethod = 2;
+                            break;
+                        }
+                    }
+
+                    buffer[1] = (byte)acceptedMethod;
                     await stream.WriteAsync(buffer, 0, 2, cancellationToken);
+
+                    if (acceptedMethod == 255)
+                    {
+                        // no acceptable method
+                        return;
+                    }
+
+                    if (acceptedMethod == 2)
+                    {
+                        read = await stream.ReadAsync(buffer, 0, buffer.Length, cancellationToken);
+                        if (read < 3 || buffer[0] != 1)
+                        {
+                            // authentication version should be 1
+                            return;
+                        }
+
+                        int userNameLength = buffer[1];
+                        if (read < 3 + userNameLength)
+                        {
+                            return;
+                        }
+
+                        string userName = Encoding.ASCII.GetString(buffer, 2, userNameLength);
+
+                        int passwordLength = buffer[2 + userNameLength];
+                        if (read < 3 + userNameLength + passwordLength)
+                        {
+                            return;
+                        }
+
+                        string password = Encoding.ASCII.GetString(buffer, 3 + userNameLength, passwordLength);
+                        bool success = true;
+                        if (ProxySchemeAuthenticateFunc != null)
+                        {
+                            success = await ProxyBasicAuthenticateFunc.Invoke(null, userName, password);
+                        }
+
+                        buffer[1] = success ? (byte)0 : (byte)1;
+                        await stream.WriteAsync(buffer, 0, 2, cancellationToken);
+                        if (!success)
+                        {
+                            return;
+                        }
+                    }
+
                     read = await stream.ReadAsync(buffer, 0, buffer.Length, cancellationToken);
                     if (read < 10 || buffer[1] != 1)
                     {

Original file line number	Diff line number	Diff line change
`@@ -90,7 +90,7 @@ await HeaderParser.ReadHeaders(clientStream, args.HttpClient.Request.Headers,`
`90`	`90`	`request.Method = requestLine.Method;`
`91`	`91`	`request.HttpVersion = requestLine.Version;`
`92`	`92`
`93`		`- if (!args.IsTransparent)`
	`93`	`+ if (!args.IsTransparent && !args.IsSocks)`
`94`	`94`	`{`
`95`	`95`	`// proxy authorization check`
`96`	`96`	`if (connectRequest == null && await checkAuthorization(args) == false)`
Original file line number	Diff line number	Diff line change
`@@ -99,7 +99,7 @@ await handleHttpSessionRequest(args, null, args.ClientConnection.NegotiatedAppli`
`99`	`99`
`100`	`100`	`response.Locked = true;`
`101`	`101`
`102`		`- if (!args.IsTransparent)`
	`102`	`+ if (!args.IsTransparent && !args.IsSocks)`
`103`	`103`	`{`
`104`	`104`	`response.Headers.FixProxyHeaders();`
`105`	`105`	`}`