socks: Send back extended error code if set

This commit defines the new extended error codes. It also flags the socks
request object that it can use them.

Part of #30382

Signed-off-by: David Goulet <dgoulet@torproject.org>

diff --git a/src/core/mainloop/connection.c b/src/core/mainloop/connection.c
index 6094f33e4dbdeddb810a6af10dc5f1afc9220e2d..368041f92497c85e0b55f2e1c37d3980a9f940fd 100644 (file)
--- a/src/core/mainloop/connection.c
+++ b/src/core/mainloop/connection.c
@@ -1905,6 +1905,8 @@ connection_init_accepted_conn(connection_t *conn,
           conn->state = AP_CONN_STATE_SOCKS_WAIT;
           TO_ENTRY_CONN(conn)->socks_request->socks_prefer_no_auth =
             listener->entry_cfg.socks_prefer_no_auth;
+          TO_ENTRY_CONN(conn)->socks_request->socks_use_extended_errors =
+            listener->entry_cfg.extended_socks5_codes;
           break;
         case CONN_TYPE_AP_TRANS_LISTENER:
           TO_ENTRY_CONN(conn)->is_transparent_ap = 1;

diff --git a/src/core/or/connection_edge.c b/src/core/or/connection_edge.c
index 5f1664d286f4f206d1114b58bdc86be9b2c8a4ca..f0d5752dd96f63d066ef1e460336869ee86a7046 100644 (file)
--- a/src/core/or/connection_edge.c
+++ b/src/core/or/connection_edge.c
@@ -3522,11 +3522,17 @@ connection_ap_handshake_socks_reply(entry_connection_t *conn, char *reply,
                                     size_t replylen, int endreason)
 {
   char buf[256];
-  socks5_reply_status_t status =
-    stream_end_reason_to_socks5_response(endreason);
+  socks5_reply_status_t status;
 
   tor_assert(conn->socks_request); /* make sure it's an AP stream */
 
+  if (conn->socks_request->socks_use_extended_errors &&
+      conn->socks_request->socks_extended_error_code != 0) {
+    status = conn->socks_request->socks_extended_error_code;
+  } else {
+    status = stream_end_reason_to_socks5_response(endreason);
+  }
+
   if (!SOCKS_COMMAND_IS_RESOLVE(conn->socks_request->command)) {
     control_event_stream_status(conn, status==SOCKS5_SUCCEEDED ?
                                 STREAM_EVENT_SUCCEEDED : STREAM_EVENT_FAILED,

diff --git a/src/core/or/socks_request_st.h b/src/core/or/socks_request_st.h
index 9fb941ff7e5c48d1c3ad9afddbae3b4fbe8f13cd..0f9898524d2d0b8c5b3c85c2e9c440527fc5d7e9 100644 (file)
--- a/src/core/or/socks_request_st.h
+++ b/src/core/or/socks_request_st.h
@@ -7,6 +7,8 @@
 #ifndef SOCKS_REQUEST_ST_H
 #define SOCKS_REQUEST_ST_H
 
+#include "lib/net/socks5_status.h"
+
 #define MAX_SOCKS_REPLY_LEN 1024
 
 #define SOCKS_NO_AUTH 0x00
@@ -58,6 +60,11 @@ struct socks_request_t {
    * "username/password" authentication if both are offered. Used as input to
    * parse_socks. */
   unsigned int socks_prefer_no_auth : 1;
+  /** If set, we can send back the extended error code in the reply. */
+  unsigned int socks_use_extended_errors : 1;
+  /** If non zero, this contains the extended error code that should be used
+   * if the port was configured to use them. */
+  socks5_reply_status_t socks_extended_error_code;
 
   /** Number of bytes in username; 0 if username is NULL */
   size_t usernamelen;

diff --git a/src/lib/net/socks5_status.h b/src/lib/net/socks5_status.h
index e55119e0b05beb84f6019d9d9b6bc92bff281fe0..47d9533d51c59263f647de90db3d3b770b6f2550 100644 (file)
--- a/src/lib/net/socks5_status.h
+++ b/src/lib/net/socks5_status.h
@@ -27,6 +27,15 @@ typedef enum {
   SOCKS5_TTL_EXPIRED                = 0x06,
   SOCKS5_COMMAND_NOT_SUPPORTED      = 0x07,
   SOCKS5_ADDRESS_TYPE_NOT_SUPPORTED = 0x08,
+
+  /* Extended error code (see prop304). Only used if the SocksPort flag
+   * "ExtendedErrors" is set. */
+  SOCKS5_HS_NOT_FOUND               = 0xF0,
+  SOCKS5_HS_IS_INVALID              = 0xF1,
+  SOCKS5_HS_INTRO_FAILED            = 0xF2,
+  SOCKS5_HS_REND_FAILED             = 0xF3,
+  SOCKS5_HS_MISSING_CLIENT_AUTH     = 0xF4,
+  SOCKS5_HS_BAD_CLIENT_AUTH         = 0xF5,
 } socks5_reply_status_t;
 
 #endif /* !defined(TOR_SOCKS5_STATUS_H) */