Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add User/Pass Authentication to Sock5 Dialer with Tests #189

Merged
merged 35 commits into from
Mar 22, 2024
Merged

feat: add User/Pass Authentication to Sock5 Dialer with Tests #189

merged 35 commits into from
Mar 22, 2024

Conversation

amircybersec
Copy link
Contributor

@amircybersec amircybersec commented Feb 25, 2024
edited by fortuna
Loading

This PR adds username/password authentication to Socks5 dialer. Changes to config package will come in a separate PR to avoid breaking build checks. The config URL for socks5 with authentication would like this:

socks5://username:password@hostname:port

For testing I am currently using this socks5 server implementation.

TODO

  • Add tests for authentication
  • Connect in a single round trip

@amircybersec amircybersec mentioned this pull request Feb 25, 2024
Closed
2 tasks
@amircybersec
Copy link
Contributor Author

@fortuna I will create a separate PR for config package changes to accept config URL with username/password for socks5 after this PR is merged otherwise the config package PR breaks the build.

fortuna
fortuna requested changes Mar 4, 2024
View reviewed changes
go.mod Outdated Show resolved Hide resolved
transport/socks5/stream_dialer.go Outdated
}

// SetUsername sets the username field, ensuring it doesn't exceed 255 bytes in length and is at least 1 byte.
func (c *Credentials) SetUsername(username string) error {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's nave a NewCredentials(username, password) (Credentials, error) instead. It's easier to use.

transport/socks5/stream_dialer.go Outdated Show resolved Hide resolved
transport/socks5/stream_dialer.go Outdated Show resolved Hide resolved
transport/socks5/stream_dialer.go Outdated Show resolved Hide resolved
transport/socks5/stream_dialer.go Outdated
// +----+--------+
// | 1 | 1 |
// +----+--------+
var subNegotiation [2]byte
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reuse buffer

transport/socks5/stream_dialer.go Outdated
return nil, fmt.Errorf("invalid protocol version %v. Expected 5", methodResponse[0])
}
if methodResponse[1] == 2 {
// 2. Read sub-negotiation version and status
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sub-negotiation is a bad name.

Use authentication response/reply instead.

transport/socks5/stream_dialer.go Outdated Show resolved Hide resolved
transport/socks5/stream_dialer.go Outdated
// +----+-----+-------+------+----------+----------+
// | 1 | 1 | X'00' | 1 | Variable | 2 |
// +----+-----+-------+------+----------+----------+
var connectResponse [4]byte
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reuse buffer

transport/socks5/stream_dialer.go Outdated Show resolved Hide resolved
@amircybersec amircybersec requested a review from fortuna March 20, 2024 16:01
@amircybersec
Copy link
Contributor Author

@fortuna Thanks again for the feedback! I applied your comments; Could you please review this again for me? Btw, header still escapes to the heap based on escape analysis I did with go build -gcflags "-m". Removing header from heap was not trivial and may not even be possible. I took the pre-allocated array approach in the original code to ensure more efficient memory allocation though.

@amircybersec
Copy link
Contributor Author

@fortuna also windows build failed again but I recall you mentioned it is due to some race condition. It sometimes pass for me and sometimes fail even though I am not making any breaking changes...

fortuna
fortuna requested changes Mar 21, 2024
View reviewed changes
transport/socks5/socks5.go Outdated Show resolved Hide resolved
transport/socks5/stream_dialer.go Outdated Show resolved Hide resolved
transport/socks5/stream_dialer.go Outdated Show resolved Hide resolved
transport/socks5/stream_dialer.go Outdated Show resolved Hide resolved
transport/socks5/stream_dialer.go Outdated Show resolved Hide resolved
transport/socks5/stream_dialer.go Outdated Show resolved Hide resolved
fortuna
fortuna requested changes Mar 21, 2024
View reviewed changes
transport/socks5/stream_dialer.go Show resolved Hide resolved
transport/socks5/stream_dialer.go Outdated Show resolved Hide resolved
transport/socks5/stream_dialer.go Outdated Show resolved Hide resolved
transport/socks5/stream_dialer.go Outdated Show resolved Hide resolved
transport/socks5/stream_dialer.go Outdated Show resolved Hide resolved
transport/socks5/stream_dialer.go Outdated Show resolved Hide resolved
transport/socks5/stream_dialer.go Outdated Show resolved Hide resolved
transport/socks5/stream_dialer.go Outdated Show resolved Hide resolved
transport/socks5/stream_dialer.go Outdated Show resolved Hide resolved
transport/socks5/stream_dialer_test.go Outdated Show resolved Hide resolved
@amircybersec amircybersec requested a review from fortuna March 21, 2024 22:10
@fortuna fortuna marked this pull request as ready for review March 22, 2024 16:03
fortuna
fortuna requested changes Mar 22, 2024
View reviewed changes
transport/socks5/socks5.go Show resolved Hide resolved
transport/socks5/stream_dialer_test.go Outdated Show resolved Hide resolved
transport/socks5/stream_dialer_test.go Outdated Show resolved Hide resolved
transport/socks5/stream_dialer_test.go Outdated Show resolved Hide resolved
transport/socks5/stream_dialer_test.go Outdated Show resolved Hide resolved
transport/socks5/stream_dialer_test.go Outdated Show resolved Hide resolved
transport/socks5/stream_dialer_test.go Outdated Show resolved Hide resolved
transport/socks5/stream_dialer_test.go Outdated Show resolved Hide resolved
transport/socks5/stream_dialer.go Outdated Show resolved Hide resolved
transport/socks5/stream_dialer.go Outdated Show resolved Hide resolved
@amircybersec amircybersec requested a review from fortuna March 22, 2024 18:53
fortuna
fortuna reviewed Mar 22, 2024
View reviewed changes
Copy link
Contributor

@fortuna fortuna left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just one minor thing

transport/socks5/stream_dialer.go Show resolved Hide resolved
@fortuna fortuna changed the title Added User/Pass Authentication to Sock5 Dialer with Tests feat: add User/Pass Authentication to Sock5 Dialer with Tests Mar 22, 2024
fortuna
fortuna reviewed Mar 22, 2024
View reviewed changes
transport/socks5/stream_dialer.go Outdated
@@ -23,26 +23,54 @@ import (
"github.com/Jigsaw-Code/outline-sdk/transport"
)

// https://datatracker.ietf.org/doc/html/rfc1929
// Credentials can be nil, and that means no authentication.
type Credentials struct {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Make it private

@fortuna fortuna merged commit 212ef96 into Jigsaw-Code:main Mar 22, 2024
4 checks passed
fortuna pushed a commit that referenced this pull request Apr 26, 2024
@amircybersec @fortuna
feat: add User/Pass Authentication to Sock5 Dialer with Tests (#189)
7fa9a1d
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fortuna fortuna fortuna approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@amircybersec @fortuna