| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
| |
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
|
| |
|
|
| |
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
|
| |
|
|
|
|
| |
Fix Coverity issue 1195191.
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
|
| |
|
|
|
|
| |
Fix Coverity issue 1243012.
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
|
| |
|
|
|
|
|
| |
This commit adds the accept(2) value to syscall(2) so we can pass it on
to Tor and not deny it blindly.
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
|
| |
|
|
| |
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
|
| |
|
|
| |
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
|
| |
|
|
| |
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
|
| |
|
|
| |
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
|
| |
|
|
|
| |
Reported-by: Jacob Appelbaum <jacob@appelbaum.net>
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
|
| |
|
|
| |
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
|
| |
|
|
|
|
| |
Fixes coverity issue 1195182.
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
|
| |
|
|
|
|
| |
Fixes coverity issue 1072757.
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
|
| |
|
|
| |
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
|
| |
|
|
| |
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This adds a "validate_socket()" function that is called first to make
sure all criteria of a valid socket that torsocks can handle are met.
This has been done to have a single callsite that can do this validation
thus improving the clarity and flow of the code.
It now also returns EPERM for things that we deny instead of EINVAL or
EBADF. Because of that, the connect test has been changed to handle this
new errno value.
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
|
| |
|
|
| |
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
|
| |
|
|
|
|
| |
Add unit test for socket() and socketpair().
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
|
| |
|
|
|
|
|
|
|
|
| |
The SOCK_STREAM check was wrong since you could pass SOCK_DGRAM and
match the check so the socketpair() now denies INET/INET6 socket.
Note that socketpair() only supports AF_UNIX and AF_LOCAL on most *nix
system.
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Even though connect() makes a check, deny socket creation that are
INET/INET6 but NOT of type SOCK_STREAM. This fix makes our wrapper
handle socket type flags that can be passed to the kernel such as
SOCK_NONBLOCK and SOCK_CLOEXEC.
Furthermore, the type check was *not* right since having a type set to
SOCK_DGRAM also matches SOCK_STREAM when using the & operator.
A unit test is added for the IS_SOCK_STREAM(type) macro that test if a
socket type is a SOCK_STREAM.
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
|
| |
|
|
| |
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
|
| |
|
|
|
|
|
|
|
| |
This changes the loopback constant to be in host byte order and use
htonl() when needed in network byte order.
With this, tests pass on powerpc.
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
|
| |
|
|
| |
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
|
| |
|
|
| |
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
|
| |
|
|
| |
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
|
| |
|
|
|
|
|
|
|
| |
Major mistake in accept() which was checking the given sockaddr
structure instead of the given socket fd. The address structure passed
to accept is meant to be filled up by the accept function thus not
containing any usable data.
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
|
| |
|
|
| |
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
|
| |
|
|
|
|
| |
Fixes #28
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
|
| |
|
|
|
|
| |
Fixes #29
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
|
| |
|
|
| |
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This adds the possibility of telling torsocks to allow inbound
connections meaning allowing listen() and accept()/accept4() for non
localhost address.
Add a AllowInbound 0|1 option to the configuration file along with a
TORSOCKS_ALLOW_INBOUND environment variable to control that behavior.
By default, Unix socket are allowed.
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
|
| |
|
|
| |
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
|
| |
|
|
| |
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
|
| |
|
|
|
|
|
|
|
| |
Those files need to be installed by hand or from your distribution
package.
They've been taken from the old torsocks (1.3) package.
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
|
| |
|
|
| |
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
|
| |
|
|
| |
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
|
| |
|
|
|
|
|
|
|
|
| |
The -u, --user and -p, --pass are for the SOCKS5 authentication where
-d, --debug is to set torsocks in DEBUG mode.
Improve the usage output and make sure torsocks on/off is being sourced
else exit with error.
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
|
| |
|
|
| |
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
|
| |
|
|
|
|
|
|
|
| |
Introduce function pointers for send_data and recv_data so they can be
replaced for testing.
Closes #25
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
|
| |
|
|
| |
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
|
| |
|
|
|
|
|
|
|
|
| |
Using RFC1929, implement username/password authentication for circuit
isolation feature of Tor daemon.
This adds SOCKS5Username and SOCKS5Password option to torsocks.conf and
also environment variable to control them (TORSOCKS_USERNAME/PASSWORD).
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
|
| |
|
|
| |
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
|
| |
|
|
| |
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
|
| |
|
|
|
|
|
| |
Note that the tor daemon does not support IPv6 DNS resolution through
the SOCKS port thus for now it is denied.
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
|
| |
|
|
| |
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
|
| |
|
|
|
|
|
|
|
|
|
| |
This modifies the onion find by ip to use generic sockaddr structure.
Also, a utils call is added to extract the port from a sockaddr
structure depending on the family.
This is a step in the direction of fully supported IPv6 thus removing
the use of a cast sockaddr_in.
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
|
| |
|
|
| |
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
|
| |
|
|
| |
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
|
| |
|
|
| |
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
|
| |
|
|
| |
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
|
