1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
|
#!/bin/sh
set -e
TESTDIR="$(readlink -f "$(dirname "$0")")"
. "$TESTDIR/framework"
setupenvironment
# We don't do a real proxy here, we just look how the implementation
# reacts to certain responses from a "proxy" provided by socat
# Checks HTTP, but requesting https instead will check HTTPS (curl) which
# uses different error messages through – also: https://github.com/curl/curl/issues/944
# FIXME: Not run automatically as it uses a hardcoded port (5555)
msgtest 'Check that everything is installed' 'socat'
if dpkg-checkbuilddeps -d 'socat' /dev/null >/dev/null 2>&1; then
msgpass
else
msgskip "$(command dpkg -l socat)"
exit
fi
runclient() {
# this doesn't need to be an actually reachable webserver for this test
# in fact, its better if it isn't.
rm -f index.html
apthelper download-file "http://${2:-localhost:2903}/" index.html \
-o Acquire::http::Proxy="socks5h://${1}localhost:5555" \
-o Acquire::http::Timeout=2 -o Debug::Acquire::http=1 > client.output 2>&1 || true
}
runserver() {
socat -x tcp-listen:5555,reuseaddr \
system:"echo -n '$*' | xxd -r -p; echo 'HTTP/1.1 200 OK'; echo 'Content-Length: 5'; echo 'Connection: close'; echo; echo 'HTML'" \
> server.output 2>&1 &
}
PROXY="socks5h://localhost:5555"
msgmsg 'SOCKS does not run'
runclient
testsuccess grep 'Could not connect to localhost:5555' client.output
msgmsg 'SOCKS greets back with wrong version'
runserver '04 00'
runclient
testsuccess grep 'greets back with wrong version: 4' client.output
msgmsg 'SOCKS tries GSSAPI auth we have not advertised'
runserver '05 01'
runclient
testsuccess grep 'greets back having not found a common authorization method: 1' client.output
msgmsg 'SOCKS tries user&pass auth we have not advertised'
runserver '05 02'
runclient
testsuccess grep 'pass auth, but we had not offered it' client.output
msgmsg 'SOCKS user:pass wrong version'
runserver '05 02' '05 00'
runclient 'user:pass@'
testsuccess grep 'auth status response with wrong version: 5' client.output
msgmsg 'SOCKS user:pass wrong auth'
runserver '05 02' '01 01'
runclient 'user:pass@'
testsuccess grep 'reported authorization failure: username or password incorrect? (1)' client.output
msgmsg 'SOCKS user:pass request not granted no hostname'
runserver '05 02' '01 00' '05 01 00 03 00 1f 90'
runclient 'user:pass@'
testsuccess grep 'could not connect to localhost (:8080) due to: general SOCKS server failure (1)' client.output
msgmsg 'SOCKS user:pass request not granted with hostname'
runserver '05 02' '01 00' '05 01 00 03 09 68 6f 73 74 6c 6f 63 61 6c 1f 90'
runclient 'user:pass@'
testsuccess grep 'could not connect to localhost (hostlocal:8080) due to: general SOCKS server failure (1)' client.output
msgmsg 'SOCKS user:pass request not granted ipv4'
runserver '05 02' '01 00' '05 04 00 01 ac 10 fe 01 1f 90'
runclient 'user:pass@'
testsuccess grep 'could not connect to localhost (172.16.254.1:8080) due to: Host unreachable (4)' client.output
msgmsg 'SOCKS user:pass request not granted ipv6'
runserver '05 02' '01 00' '05 12 00 04 20 01 0d b8 ac 10 fe 00 00 00 00 00 00 00 00 00 1f 90'
runclient 'user:pass@'
testsuccess grep 'could not connect to localhost (\[2001:0DB8:AC10:FE00:0000:0000:0000:0000\]:8080) due to: Unknown error (18)' client.output
msgmsg 'SOCKS user:pass request granted ipv4'
runserver '05 02' '01 00' '05 00 00 01 ac 10 fe 01 1f 90'
runclient 'user:pass@'
testequal "http: SOCKS proxy $PROXY connection established to localhost (172.16.254.1:8080)" head -n 1 client.output
testfileequal index.html 'HTML'
msgmsg 'SOCKS user:pass request granted ipv6'
runserver '05 02' '01 00' '05 00 00 04 20 01 0d b8 ac 10 fe 00 00 00 00 00 00 00 00 00 1f 90'
runclient 'user:pass@'
testequal "http: SOCKS proxy $PROXY connection established to localhost ([2001:0DB8:AC10:FE00:0000:0000:0000:0000]:8080)" head -n 1 client.output
testfileequal index.html 'HTML'
msgmsg 'SOCKS no auth no hostname'
runserver '05 00 05 00 00 03 00 1f 90'
runclient
testequal "http: SOCKS proxy $PROXY connection established to localhost (:8080)" head -n 1 client.output
testfileequal index.html 'HTML'
msgmsg 'SOCKS no auth with hostname'
runserver '05 00 05 00 00 03 09 68 6f 73 74 6c 6f 63 61 6c 1f 90'
runclient
testequal "http: SOCKS proxy $PROXY connection established to localhost (hostlocal:8080)" head -n 1 client.output
testfileequal index.html 'HTML'
msgmsg 'SOCKS user-only request granted ipv4'
runserver '05 02' '01 00' '05 00 00 01 ac 10 fe 01 1f 90'
runclient 'apt@'
testequal "http: SOCKS proxy $PROXY connection established to localhost (172.16.254.1:8080)" head -n 1 client.output
testfileequal index.html 'HTML'
msgmsg 'tor: SOCKS user:pass request not granted'
runserver '05 02' '01 00' '05 04 00 01 00 00 00 00 00 00'
runclient 'user:pass@'
testsuccess grep 'could not connect to localhost (0.0.0.0:0) due to: Host unreachable (4)' client.output
msgmsg 'tor: SOCKS user:pass request tll expired'
runserver '05 02' '01 00' '05 06 00 01 00 00 00 00 00 00'
runclient 'user:pass@'
testsuccess grep 'could not connect to localhost (0.0.0.0:0) due to: TTL expired (6)' client.output
msgmsg 'tor: SOCKS user:pass request service unreachable'
runserver '05 02' '01 00' '05 06 00 01 00 00 00 00 00 00'
runclient 'user:pass@' 'vwakviie2ienjx6t.onion'
testsuccess grep 'could not connect to vwakviie2ienjx6t.onion (0.0.0.0:0) due to: Host unreachable (6)' client.output
msgmsg 'tor: SOCKS user:pass request not granted onion'
runserver '05 02' '01 00' '05 01 00 01 00 00 00 00 00 00'
runclient 'user:pass@' 'vwakviie2ienjx6t.onion'
testsuccess grep 'could not connect to vwakviie2ienjx6t.onion (0.0.0.0:0) due to: general SOCKS server failure (1)' client.output
msgmsg 'tor: SOCKS user:pass request not granted subdomain'
runserver '05 02' '01 00' '05 01 00 01 00 00 00 00 00 00'
runclient 'user:pass@' 'ftp.vwakviie2ienjx6t.onion'
testsuccess grep 'could not connect to ftp.vwakviie2ienjx6t.onion (0.0.0.0:0) due to: general SOCKS server failure (1)' client.output
msgmsg 'tor: SOCKS user:pass request not granted too short'
runserver '05 02' '01 00' '05 01 00 01 00 00 00 00 00 00'
runclient 'user:pass@' 'wakviie2ienjx6t.onion'
testsuccess grep 'could not connect to wakviie2ienjx6t.onion (0.0.0.0:0) due to: Invalid hostname: onion service name must be either 16 or 56 characters long (1)' client.output
msgmsg 'tor: SOCKS user:pass request not granted too long'
runserver '05 02' '01 00' '05 01 00 01 00 00 00 00 00 00'
runclient 'user:pass@' 'vwakviie2ienjx6t2.onion'
testsuccess grep 'could not connect to vwakviie2ienjx6t2.onion (0.0.0.0:0) due to: Invalid hostname: onion service name must be either 16 or 56 characters long (1)' client.output
msgmsg 'tor: SOCKS user:pass request not granted too short subdomain'
runserver '05 02' '01 00' '05 01 00 01 00 00 00 00 00 00'
runclient 'user:pass@' 'a.akviie2ienjx6t.onion'
testsuccess grep 'could not connect to a.akviie2ienjx6t.onion (0.0.0.0:0) due to: Invalid hostname: onion service name must be either 16 or 56 characters long (1)' client.output
msgmsg 'tor: SOCKS user:pass request not granted too short subdomains'
runserver '05 02' '01 00' '05 01 00 01 00 00 00 00 00 00'
runclient 'user:pass@' 'a.a.viie2ienjx6t.onion'
testsuccess grep 'could not connect to a.a.viie2ienjx6t.onion (0.0.0.0:0) due to: Invalid hostname: onion service name must be either 16 or 56 characters long (1)' client.output
msgmsg 'tor: SOCKS user:pass request not granted too short'
runserver '05 02' '01 00' '05 01 00 01 00 00 00 00 00 00'
runclient 'user:pass@' 'l5satjgud6gucryazcyvyvhuxhr74u6ygigiuyixe3a6ysis67oro.onion'
testsuccess grep 'could not connect to l5satjgud6gucryazcyvyvhuxhr74u6ygigiuyixe3a6ysis67oro.onion (0.0.0.0:0) due to: Invalid hostname: onion service name must be either 16 or 56 characters long (1)' client.output
msgmsg 'tor: SOCKS user:pass request not granted too long'
runserver '05 02' '01 00' '05 01 00 01 00 00 00 00 00 00'
runclient 'user:pass@' 'l5satjgud6gucryazcyvyvhuxhr74u6ygigiuyixe3a6ysis67ororad2.onion'
testsuccess grep 'could not connect to l5satjgud6gucryazcyvyvhuxhr74u6ygigiuyixe3a6ysis67ororad2.onion (0.0.0.0:0) due to: Invalid hostname: onion service name must be either 16 or 56 characters long (1)' client.output
msgmsg 'tor: SOCKS user:pass request not granted too short subdomain'
runserver '05 02' '01 00' '05 01 00 01 00 00 00 00 00 00'
runclient 'user:pass@' 'a.satjgud6gucryazcyvyvhuxhr74u6ygigiuyixe3a6ysis67ororad.onion'
testsuccess grep 'could not connect to a.satjgud6gucryazcyvyvhuxhr74u6ygigiuyixe3a6ysis67ororad.onion (0.0.0.0:0) due to: Invalid hostname: onion service name must be either 16 or 56 characters long (1)' client.output
msgmsg 'tor: SOCKS user:pass request not granted too short subdomains'
runserver '05 02' '01 00' '05 01 00 01 00 00 00 00 00 00'
runclient 'user:pass@' 'a.a.tjgud6gucryazcyvyvhuxhr74u6ygigiuyixe3a6ysis67ororad.onion'
testsuccess grep 'could not connect to a.a.tjgud6gucryazcyvyvhuxhr74u6ygigiuyixe3a6ysis67ororad.onion (0.0.0.0:0) due to: Invalid hostname: onion service name must be either 16 or 56 characters long (1)' client.output
|
