Skip to content

Commit

Permalink
Fixed Minor issues.
Browse files Browse the repository at this point in the history
  • Loading branch information
Rohit Kulkarni committed Oct 6, 2024
1 parent 27db782 commit 92d7ff4
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 118 deletions.
4 changes: 1 addition & 3 deletions Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,11 +12,9 @@ version = "0.5.3"
authors = ["Yilin Chen <[email protected]>"]
edition = "2018"

[badges]
travis-ci = { repository = "sticnarf/tokio-socks" }

[features]
default = ["tokio"]
default = ["tokio", "async-trait"]
tor = []
gssapi = ["async-trait"]

Expand Down
116 changes: 1 addition & 115 deletions src/tcp/socks5.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -540,121 +540,7 @@ where
}

#[cfg(feature = "gssapi")]
async fn gssapi_authentication_protocol<T: AsyncRead + AsyncWrite + Unpin>(&mut self, tcp: &mut T) -> Result<()> {
// Implement Gssapi Auth Protocol.
// Error out if: Server selected gssapi but, we had None
let renegotiate_sec_token = match &self.auth {
Authentication::Gssapi { gssapi_authenticator } => gssapi_authenticator.renegotiate_sec_token,
_ => return Err(Error::InvalidAuthValues("Server expected GSSApi auth")),
};

// Send sec_context token for first time with no renegotiation.
let sec_context_buf = self.prepare_send_gssapi_sec_context(None).await?;
tcp.write_all(&sec_context_buf).await?;

// Recieve and Validate server response
self.prepare_recv_gssapi_auth();
tcp.read_exact(&mut self.buf[self.ptr..self.len]).await?;

if self.buf[1] == 0xff {
/*
If the server refuses the client's connection for any reason (GSS-API authentication failure or otherwise), it will return:
+------+------+
+ ver | mtyp |
+------+------+
+ 0x01 | 0xff |
+------+------+
Where:
- "ver" is the protocol version number, here 1 to represent the
first version of the SOCKS/GSS-API protocol
- "mtyp" is the message type, here 0xff to represent an abort
message
*/
return Err(Error::GssapiAuthFailure(self.buf[1]));
} else {
/*
In all continue/confirmation cases, the server uses the same message
type as for the client -> server interaction.
+------+------+------+.......................+
+ ver | mtyp | len | token |
+------+------+------+.......................+
+ 0x01 | 0x01 | 0x02 | up to 2^16 - 1 octets |
+------+------+------+.......................+
*/

// On sec_context validation done.
// 1.a. Get length of output_token from response. If this token is non-empty we need to renegotiate.
self.prepare_recv_gssapi_auth();
tcp.read_exact(&mut self.buf[self.ptr..self.len]).await?;

let renego_challenge_len = u16::from_be_bytes([self.buf[0], self.buf[1]]);
// If the sub_negotiation challenge is non-empty get the challenge returned and renegotiate.
if renego_challenge_len > 0 {
/*
If gss_init_sec_context returns GSS_S_CONTINUE_NEEDED, then the
client should expect the server to issue a token in the
subsequent subnegotiation response. The client must pass the
token to another call to gss_init_sec_context, and repeat this
procedure until "continue" operations are complete.
*/
// Currently supporting only single re-negotitation.

let mut renego_challenge: Vec<u8> = Vec::with_capacity(renego_challenge_len as usize);
tcp.read_exact(&mut renego_challenge).await?;

// Do renegotiation only if user has specified to do so.
if renegotiate_sec_token {
let sec_context_buf = self.prepare_send_gssapi_sec_context(Some(&renego_challenge)).await?;
tcp.write_all(&sec_context_buf).await?;

// Check for success of renegotiation
self.prepare_recv_gssapi_auth();
tcp.read_exact(&mut self.buf[self.ptr..self.len]).await?;

if self.buf[1] == 0xff {
return Err(Error::GssapiAuthFailure(0));
} else {
self.prepare_recv_gssapi_auth();
tcp.read_exact(&mut self.buf[self.ptr..self.len]).await?;

let renego_challenge_len = u16::from_be_bytes([self.buf[0], self.buf[1]]);
// drain stream of the renegotiate token if any
let mut renego_challenge: Vec<u8> = Vec::with_capacity(renego_challenge_len as usize);
tcp.read_exact(&mut renego_challenge).await?;
// assume negotiation has succeded.
}
}
}

let gssapi_buf = self.prepare_send_gssapi_subnego_token().await?;
tcp.write_all(&gssapi_buf).await?;

// recv response
self.prepare_recv_gssapi_auth();
tcp.read_exact(&mut self.buf[self.ptr..self.len]).await?;

if self.buf[1] == 0x02 {
// Subnegotiation was success.
// If there is anything sent by server. We can drain the remaining buf, as we do not need it.
self.prepare_recv_gssapi_auth();
tcp.read_exact(&mut self.buf[self.ptr..self.len]).await?;
let remainder_len = u16::from_be_bytes([self.buf[0], self.buf[1]]);

let mut remainder_buf: Vec<u8> = Vec::with_capacity(remainder_len as usize);
tcp.read_exact(&mut remainder_buf).await?;
} else {
return Err(Error::GssapiAuthFailure(self.buf[1]));
}
}
Ok(())
}

#[cfg(feature = "gssapi")]
async fn gssapi_authentication_protocol<T: AsyncRead + AsyncWrite + Unpin>(&mut self, tcp: &mut T) -> Result<()> {
async fn gssapi_authentication_protocol<T: AsyncSocket + Unpin>(&mut self, tcp: &mut T) -> Result<()> {
// Implement Gssapi Auth Protocol.
// Error out if: Server selected gssapi but, we had None
let renegotiate_sec_token = match &self.auth {
Expand Down

0 comments on commit 92d7ff4

Please sign in to comment.