diff --git a/README.md b/README.md index aba93a78..4b0e4e3d 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,11 @@ # redsocks – transparent TCP-to-proxy redirector +Adapted by Snorre to have some bugfixes: + +* Works with proxies sending multiple authentication requests +* Added RPM spec file +* Added _service for building on OSB + This tool allows you to redirect any TCP connection to SOCKS or HTTPS proxy using your firewall, so redirection may be system-wide or network-wide. @@ -251,3 +257,4 @@ Mailing list also has [archives](http://librelist.com/browser/redsocks/). ## Author This program was written by Leonid Evdokimov +Changed by Snorre diff --git a/RPM/_service b/RPM/_service new file mode 100644 index 00000000..70625519 --- /dev/null +++ b/RPM/_service @@ -0,0 +1,21 @@ + + + https://github.com/snorre-k/redsocks.git + git + RPM/redsocks.spec + @PARENT_TAG@+git@TAG_OFFSET@+%cd.%h + + + + + + + *.tar + gz + + + + diff --git a/RPM/redsocks.spec b/RPM/redsocks.spec new file mode 100644 index 00000000..ccac0ace --- /dev/null +++ b/RPM/redsocks.spec @@ -0,0 +1,102 @@ +# +# spec file for package +# +# Copyright (c) 2020 SUSE LINUX Products GmbH, Nuernberg, Germany. +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# + +%if 0%{!?_fillupdir:1} +# < SLES15 (para SLE15>=, /usr/share/fillup-templates) +%define _fillupdir %{_var}/adm/fillup-templates +%endif + +Name: redsocks +Version: _service +Release: 0 +License: Apache-2.0 +Summary: Redirect any TCP connection to a SOCKS or HTTPS proxy server +Url: http://darkk.net.ru/redsocks/ +Group: Productivity/Networking/Other +Source: %{name}-%{version}.tar.gz +BuildRequires: libevent-devel +PreReq: %fillup_prereq +PreReq: /usr/bin/getent +%if 0%{?suse_version} >= 1210 +BuildRequires: systemd +%endif +%{?systemd_requires} + +%description +Redsocks is a daemon running on the local system, that will transparently +tunnel any TCP connection via a remote SOCKS4, SOCKS5 or HTTP proxy server. It +uses the system firewall's redirection facility to intercept TCP connections, +thus the redirection is system-wide, with fine-grained control, and does +not depend on LD_PRELOAD libraries. + +Redsocks supports tunneling TCP connections and UDP packets. It has +authentication support for both, SOCKS and HTTP proxies. + +Also included is a small DNS server returning answers with the "truncated" flag +set for any UDP query, forcing the resolver to use TCP. + +%prep +%setup + +%build +CFLAGS="$RPM_OPT_FLAGS" make %{?_smp_mflags} + +%install +%{__install} -v -D -m 755 %{name} %buildroot/%_prefix/bin/%{name} +%{__install} -D %{name}.service %buildroot/%_unitdir/%{name}.service +sed -i -e 's#EnvironmentFile=.*#EnvironmentFile=%{_sysconfdir}/sysconfig/%{name}#' %buildroot/%_unitdir/%{name}.service +mkdir -p %{buildroot}%{_sbindir} +ln -s -f %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name} +%{__install} -D debian/%{name}.conf %buildroot/%_sysconfdir/%{name}/%{name}.conf +%{__install} -D debian/%{name}.8 %buildroot/%_mandir/man8/%{name}.8 +gzip %buildroot/%_mandir/man8/%{name}.8 +%{__install} -D -m644 SuSE/%{name}.sysconfig %{buildroot}%{_fillupdir}/sysconfig.%{name} +%{__install} -d -m 0755 %{buildroot}%{_tmpfilesdir} +echo "d /var/run/%name 755 %name %name" >%{buildroot}%{_tmpfilesdir}/%{name}.conf + +%pre +%service_add_pre %{name}.service +if ! /usr/bin/getent passwd %name &>/dev/null; then + echo "Creating %name user" + /usr/sbin/useradd -c "RedSocks user" -s /sbin/nologin -r -d /var/run/%name -U %name 2> /dev/null || : +fi + +%post +%fillup_only +%service_add_post %{name}.service +systemd-tmpfiles --create %{_tmpfilesdir}/%{name}.conf + +%preun +%service_del_preun %{name}.service + +%postun +%service_del_postun %{name}.service + +%files +%defattr(-,root,root) +%doc README.md redsocks.conf.example +%doc %attr(644,root,root) %_mandir/*/* +%dir %_sysconfdir/%{name} +%config(noreplace) %attr(644,root,root) %_sysconfdir/%{name}/%{name}.conf +%attr(755,root,root) %{_prefix}/bin/%{name} +%attr(755,root,root) %{_sbindir}/rc%{name} +%attr(644,root,root) %_unitdir/%{name}.service +%{_fillupdir}/sysconfig.%{name} +%{_tmpfilesdir}/%{name}.conf + +%changelog + diff --git a/SuSE/redsocks.sysconfig b/SuSE/redsocks.sysconfig new file mode 100644 index 00000000..efbadf70 --- /dev/null +++ b/SuSE/redsocks.sysconfig @@ -0,0 +1,9 @@ +## Path: Network/Others +## Description: socks redirector + +## Type: string +## Default: "/etc/redsocks/redsocks.conf" +# +# The config file. +# +REDSOCKS_CONF="/etc/redsocks/redsocks.conf" diff --git a/http-auth.c b/http-auth.c index c2a353c4..b5a36c66 100644 --- a/http-auth.c +++ b/http-auth.c @@ -285,13 +285,14 @@ char *http_auth_request_header(struct evbuffer *src, struct evbuffer *tee) return NULL; // I'm going up straight to the 403... } } - // FIXME: multi-line headers are not supported if (line == NULL || *line == '\0' || strchr(line, ':') == NULL) { free(line); return NULL; } - if (strncasecmp(line, auth_request_header, strlen(auth_request_header)) == 0) - return line; + if (strncasecmp(line, auth_request_header, strlen(auth_request_header)) == 0) + if (strcasestr(line, "Basic") != NULL || + strcasestr (line, "Digest") != NULL) + return line; free(line); } } diff --git a/redsocks.service b/redsocks.service index 2913b7d9..903e601f 100644 --- a/redsocks.service +++ b/redsocks.service @@ -1,5 +1,6 @@ [Unit] Description=Transparent redirector of any TCP connection to proxy using your firewall +After=network.target [Service] Type=forking