SOCKS5 support added (contributed by a still unnamed person). Not properly

working for "IPv6 enabled" libcurls yet, but should be pretty easy for
someone to adjust.

Author: bagder

include/curl/curl.h

@@ -202,6 +202,12 @@ typedef enum {
   CURL_LAST /* never use! */
 } CURLcode;
 
+typedef enum {
+  CURLPROXY_HTTP = 0,
+  CURLPROXY_SOCKS4 = 4,
+  CURLPROXY_SOCKS5 = 5
+} curl_proxytype;
+
 /* this was the error code 50 in 7.7.3 and a few earlier versions, this
    is no longer used by libcurl but is instead #defined here only to not
    make programs break */
@@ -576,6 +582,10 @@ typedef enum {
   /* Explicitly allow insecure SSL connects */
   CINIT(SSL_INSECURE, LONG, 101),
 
+  /* indicates type of proxy. accepted values are CURLPROXY_HTTP (default),
+     CURLPROXY_SOCKS4 and CURLPROXY_SOCKS5. */
+  CINIT(PROXYTYPE, LONG, 102), 
+
   CURLOPT_LASTENTRY /* the last unused */
 } CURLoption;
 

lib/http.c

@@ -420,7 +420,7 @@ CURLcode Curl_http_connect(struct connectdata *conn)
    * has occured, can we start talking SSL
    */
 
-  if(data->change.proxy &&
+  if(data->change.proxy && (data->set.proxytype == CURLPROXY_HTTP) &&
      ((conn->protocol & PROT_HTTPS) || data->set.tunnel_thru_httpproxy)) {
 
     /* either HTTPS over proxy, OR explicitly asked for a tunnel */

lib/url.c

@@ -282,6 +282,8 @@ CURLcode Curl_open(struct SessionHandle **curl)
 
   data->set.proxyport = 1080;
 
+  data->set.proxytype = CURLPROXY_HTTP; /* defaults to HTTP proxy */
+
   /* create an array with connection data struct pointers */
   data->state.numconnects = 5; /* hard-coded right now */
   data->state.connects = (struct connectdata **)
@@ -1053,6 +1055,13 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option, ...)
     data->set.ssl.allow_insecure = va_arg(param, long)?TRUE:FALSE;
     break;
 
+  case CURLOPT_PROXYTYPE:
+    /*
+     * Set proxy type. HTTP/SOCKS4/SOCKS5
+     */
+    data->set.proxytype = va_arg(param, long);
+    break;
+
   default:
     /* unknown tag and its companion, just ignore: */
     return CURLE_FAILED_INIT; /* correct this */
@@ -1327,6 +1336,189 @@ ConnectionStore(struct SessionHandle *data,
   return i;
 }
 
+/*
+ * This function logs in to a SOCKS5 proxy and sends the specifies the final
+ * desitination server.
+ */
+static int handleSock5Proxy(
+    const char *proxy_name,
+    const char *proxy_password,
+    struct connectdata *conn,
+    int sock)
+{
+  unsigned char socksreq[600]; /* room for large user/pw (255 max each) */
+  int actualread;
+  int written;
+  CURLcode result;
+
+  Curl_nonblock(sock, FALSE);
+
+  socksreq[0] = 5; /* version */
+  socksreq[1] = (char)(proxy_name[0] ? 2 : 1); /* number of methods (below) */
+  socksreq[2] = 0; /* no authentication */
+  socksreq[3] = 2; /* username/password */
+
+  result = Curl_write(conn, sock, (char *)socksreq, (2 + (int)socksreq[1]),
+                      &written);
+  if ((result != CURLE_OK) || (written != (2 + (int)socksreq[1]))) {
+    failf(conn->data, "Unable to send initial SOCKS5 request.");
+    return 1;
+  }
+
+  result=Curl_read(conn, sock, (char *)socksreq, 2, &actualread);
+  if ((result != CURLE_OK) || (actualread != 2)) {
+    failf(conn->data, "Unable to receive initial SOCKS5 response.");
+    return 1;
+  }
+
+  if (socksreq[0] != 5) {
+    failf(conn->data, "Received invalid version in initial SOCKS5 response.");
+    return 1;
+  }
+  if (socksreq[1] == 0) {
+    /* Nothing to do, no authentication needed */
+    ;
+  }
+  else if (socksreq[1] == 2) {
+    /* Needs user name and password */
+    int userlen, pwlen, len;
+
+    userlen = strlen(proxy_name);
+    pwlen = strlen(proxy_password);
+
+    /*   username/password request looks like
+     * +----+------+----------+------+----------+
+     * |VER | ULEN |  UNAME   | PLEN |  PASSWD  |
+     * +----+------+----------+------+----------+
+     * | 1  |  1   | 1 to 255 |  1   | 1 to 255 |
+     * +----+------+----------+------+----------+
+     */
+    len = 0;
+    socksreq[len++] = 1;    /* username/pw subnegotiation version */
+    socksreq[len++] = (char) userlen;
+    memcpy(socksreq + len, proxy_name, (int) userlen);
+    len += userlen;
+    socksreq[len++] = (char) pwlen;
+    memcpy(socksreq + len, proxy_password, (int) pwlen);
+    len += pwlen;
+
+    result = Curl_write(conn, sock, (char *)socksreq, len, &written);
+    if ((result != CURLE_OK) || (len != written)) {
+      failf(conn->data, "Failed to send SOCKS5 sub-negotiation request.");
+      return 1;
+    }
+
+    result=Curl_read(conn, sock, (char *)socksreq, 2, &actualread);
+    if ((result != CURLE_OK) || (actualread != 2)) {
+      failf(conn->data, "Unable to receive SOCKS5 sub-negotiation response.");
+      return 1;
+    }
+
+    if ((socksreq[0] != 5) || /* version */
+        (socksreq[1] != 0)) { /* status */
+      failf(conn->data, "User was rejected by the SOCKS5 server (%d %d).",
+            socksreq[0], socksreq[1]);
+      return 1;
+    }
+
+    /* Everything is good so far, user was authenticated! */
+  }
+  else {
+    /* error */
+    if (socksreq[1] == 1) {
+      failf(conn->data,
+            "SOCKS5 GSSAPI per-message authentication is not supported.");
+      return 1;
+    }
+    else if (socksreq[1] == 255) {
+      if (proxy_name[0] == 0) {
+        failf(conn->data,
+              "No authentication method was acceptable. (It is quite likely"
+              " that the SOCKS5 server wanted a username/password, since none"
+              " was supplied to the server on this connection.)");
+      }
+      else {            
+        failf(conn->data, "No authentication method was acceptable.");
+      }
+      return 1;
+    }
+    else {
+      failf(conn->data,
+            "Undocumented SOCKS5 mode attempted to be used by server.");
+      return 1;
+    }
+  }
+
+  /* Authentication is complete, now specify destination to the proxy */
+  socksreq[0] = 5; /* version (SOCKS5) */
+  socksreq[1] = 1; /* connect */
+  socksreq[2] = 0; /* must be zero */
+  socksreq[3] = 1; /* IPv4 = 1 */
+    
+  {
+    Curl_addrinfo *hp;
+    hp = Curl_resolv(conn->data, conn->hostname, conn->remote_port);
+    /*
+     * We cannot use 'hostent' as a struct that Curl_resolv() returns.  It
+     * returns a Curl_addrinfo pointer that may not always look the same.
+     */
+#ifndef ENABLE_IPV6
+    if (hp && hp->h_addr_list[0]) {
+      socksreq[4] = ((char*)hp->h_addr_list[0])[0];
+      socksreq[5] = ((char*)hp->h_addr_list[0])[1];
+      socksreq[6] = ((char*)hp->h_addr_list[0])[2];
+      socksreq[7] = ((char*)hp->h_addr_list[0])[3];
+    }
+    else {
+      failf(conn->data, "Failed to resolve \"%s\" for SOCKS5 connect.",
+            conn->hostname);
+      return 1;
+    }
+#else
+    failf(conn->data,
+          "%s:%d has an internal error an needs to be fixed to work",
+          __FILE__, __LINE__);
+    return 1;
+#endif
+  }
+
+  *((unsigned short*)&socksreq[8]) = htons(conn->remote_port);
+
+  {
+    const int packetsize = 10;
+
+    result = Curl_write(conn, sock, (char *)socksreq, packetsize, &written);
+    if ((result != CURLE_OK) || (written != packetsize)) {
+      failf(conn->data, "Failed to send SOCKS5 connect request.");
+      return 1;
+    }
+
+    result = Curl_read(conn, sock, (char *)socksreq, packetsize, &actualread);
+    if ((result != CURLE_OK) || (actualread != packetsize)) {
+      failf(conn->data, "Failed to receive SOCKS5 connect request ack.");
+      return 1;
+    }
+
+    if (socksreq[0] != 5) { /* version */
+      failf(conn->data,
+            "SOCKS5 reply has wrong version, version should be 5.");
+      return 1;
+    }
+    if (socksreq[1] != 0) { /* Anything besides 0 is an error */
+        failf(conn->data,
+              "Can't complete SOCKS5 connection to %d.%d.%d.%d:%d. (%d)",
+              (unsigned char)socksreq[4], (unsigned char)socksreq[5],
+              (unsigned char)socksreq[6], (unsigned char)socksreq[7],
+              (unsigned int)ntohs(*(unsigned short*)(&socksreq[8])),
+              socksreq[1]);
+        return 1;
+    }
+  }
+
+  Curl_nonblock(sock, TRUE);
+  return 0; /* Proxy was successful! */
+}
+
 static CURLcode ConnectPlease(struct connectdata *conn,
                               Curl_addrinfo *hostaddr,
                               bool *connected)
@@ -1356,6 +1548,21 @@ static CURLcode ConnectPlease(struct connectdata *conn,
     conn->serv_addr.sin_family = hostaddr->h_addrtype;
     conn->serv_addr.sin_port = htons((unsigned short)conn->port);
 #endif
+
+    if (conn->data->set.proxytype == CURLPROXY_SOCKS5) {
+      return handleSock5Proxy(conn->data->state.proxyuser,
+                              conn->data->state.proxypasswd,
+                              conn,
+                              conn->firstsocket) ?
+        CURLE_COULDNT_CONNECT : CURLE_OK;
+    }
+    else if (conn->data->set.proxytype == CURLPROXY_HTTP) {
+      /* do nothing here. handled later. */
+    }
+    else {
+      failf(conn->data, "unknown proxytype option given");
+      return CURLE_COULDNT_CONNECT; 
+    }
   }
 
   return result;

lib/urldata.h

@@ -645,6 +645,8 @@ struct UserDefined {
   char *krb4_level; /* what security level */
   struct ssl_config_data ssl;  /* user defined SSL stuff */
 
+  curl_proxytype proxytype; /* what kind of proxy that is in use */
+
   int dns_cache_timeout; /* DNS cache timeout */
   long buffer_size;      /* size of receive buffer to use */
 

src/main.c

@@ -2698,7 +2698,7 @@ operate(struct Configurable *config, int argc, char *argv[])
       curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, errorbuffer);
       curl_easy_setopt(curl, CURLOPT_TIMEOUT, config->timeout);
       curl_easy_setopt(curl, CURLOPT_POSTFIELDS, config->postfields);
-        
+
       /* new in libcurl 7.2: */
       curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE, config->postfieldsize);