From 0d47952611198ef6b1163f366dc03922d20b1475 Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Wed, 17 Apr 2024 09:42:04 +0200
Subject: Adding upstream version 7.94+git20230807.3be01efb1+dfsg.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 nselib/socks.lua | 283 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 283 insertions(+)
 create mode 100644 nselib/socks.lua

(limited to 'nselib/socks.lua')

diff --git a/nselib/socks.lua b/nselib/socks.lua
new file mode 100644
index 0000000..fdf588f
--- /dev/null
+++ b/nselib/socks.lua
@@ -0,0 +1,283 @@
+---
+-- A smallish SOCKS version 5 proxy protocol implementation
+--
+-- @author Patrik Karlsson <patrik@cqure.net>
+--
+
+local match = require "match"
+local nmap = require "nmap"
+local stdnse = require "stdnse"
+local string = require "string"
+local table = require "table"
+_ENV = stdnse.module("socks", stdnse.seeall)
+
+-- SOCKS Authentication methods
+AuthMethod = {
+  NONE = 0,
+  GSSAPI = 1,
+  USERPASS = 2,
+}
+
+Request = {
+
+  -- Class that handles the connection request to the server
+  Connect = {
+
+    -- Creates a new instance of the class
+    -- @param auth_method table of requested authentication methods
+    -- @return o instance on success, nil on failure
+    new = function(self, auth_method)
+      local o = {
+        version = 5,
+        auth_method = ( "table" ~= type(auth_method) and { auth_method } or auth_method )
+      }
+      setmetatable(o, self)
+      self.__index = self
+      return o
+    end,
+
+    -- Converts the instance to string, so that it can be sent to the
+    -- server.
+    -- @return string containing the raw request
+    __tostring = function(self)
+      return string.pack("Bs1", self.version,
+        string.pack(("B"):rep(#self.auth_method), table.unpack(self.auth_method)))
+    end,
+
+  },
+
+  -- Class that handles the authentication request to the server
+  Authenticate = {
+
+    -- Creates a new instance of the class
+    -- @param auth_method number with the requested authentication method
+    -- @param creds method specific table of credentials
+    --        currently only user and pass authentication is supported
+    --        this method requires two fields to be present
+    --        <code>username</code> and <code>password</code>
+    -- @return o instance on success, nil on failure
+    new = function(self, auth_method, creds)
+      local o = {
+        auth_method = auth_method,
+        creds = creds
+      }
+      setmetatable(o, self)
+      self.__index = self
+      if ( auth_method == 2 ) then
+        return o
+      end
+    end,
+
+    -- Converts the instance to string, so that it can be sent to the
+    -- server.
+    -- @return string containing the raw request
+    __tostring = function(self)
+      -- we really don't support anything but 2, but let's pretend that
+      -- we actually do
+      if ( 2 == self.auth_method ) then
+        local version = 1
+        local username= self.creds.username or ""
+        local password= self.creds.password or ""
+
+        username = (username == "") and "\0" or username
+        password = (password == "") and "\0" or password
+
+        return string.pack("Bs1s1", version, username, password)
+      end
+    end,
+
+  }
+
+}
+
+Response = {
+
+  -- Class that handles the connection response
+  Connect = {
+
+    -- Creates a new instance of the class
+    -- @param data string containing the data as received over the socket
+    -- @return o instance on success, nil on failure
+    new = function(self, data)
+      local o = { data = data }
+      setmetatable(o, self)
+      self.__index = self
+      if ( o:parse() ) then
+        return o
+      end
+    end,
+
+    -- Parses the received data and populates member variables
+    -- @return true on success, false on failure
+    parse = function(self)
+      if ( #self.data ~= 2 ) then
+        return
+      end
+      local pos
+      self.version, self.method, pos = string.unpack("BB", self.data)
+      return true
+    end
+
+  },
+
+  -- Class that handles the authentication response
+  Authenticate = {
+
+    Status = {
+      SUCCESS = 0,
+      -- could be anything but zero
+      FAIL    = 1,
+    },
+
+    -- Creates a new instance of the class
+    -- @param data string containing the data as received over the socket
+    -- @return o instance on success, nil on failure
+    new = function(self, data)
+      local o = { data = data }
+      setmetatable(o, self)
+      self.__index = self
+      if ( o:parse() ) then
+        return o
+      end
+    end,
+
+    -- Parses the received data and populates member variables
+    -- @return true on success, false on failure
+    parse = function(self)
+      if ( #self.data ~= 2 ) then
+        return
+      end
+      local pos
+      self.version, self.status, pos = string.unpack("BB", self.data)
+      return true
+    end,
+
+    -- checks if the authentication was successful or not
+    -- @return true on success, false on failure
+    isSuccess = function(self)
+      return ( self.status == self.Status.SUCCESS )
+    end,
+
+  }
+
+}
+
+-- The main script interface
+Helper = {
+
+  -- Create a new instance of the class
+  -- @param host table containing the host table
+  -- @param port table containing the port table
+  -- @param options table containing library options, currently:
+  --        <code>timeout</code> - socket timeout in ms
+  -- @return o instance of Helper
+  new = function(self, host, port, options)
+    options = options or {}
+    local o = { host = host, port = port, options = options }
+    setmetatable(o, self)
+    self.__index = self
+    return o
+  end,
+
+  -- Get the authentication method name by number
+  -- @param method number containing the authentication method
+  -- @return string containing the method name or Unknown
+  authNameByNumber = function(self, method)
+    local methods = {
+      [0]  = "No authentication",
+      [1]  = "GSSAPI",
+      [2]  = "Username and password",
+    }
+    return methods[method] or ("Unknown method (%d)"):format(method)
+  end,
+
+  -- Connects to the SOCKS server
+  -- @param auth_method table containing the auth. methods to request
+  -- @return status true on success, false on failure
+  -- @return response table containing the response or err string on failure
+  connect = function(self, auth_method, socket)
+    self.socket = socket or nmap.new_socket()
+    self.socket:set_timeout(self.options.timeout or 10000)
+    local status, err = self.socket:connect(self.host, self.port)
+    if ( not(status) ) then
+      return status, err
+    end
+
+    auth_method = auth_method or {AuthMethod.NONE, AuthMethod.GSSAPI, AuthMethod.USERPASS}
+    status = self.socket:send( tostring(Request.Connect:new(auth_method)) )
+    if ( not(status) ) then
+      self.socket:close()
+      return false, "Failed to send connection request to server"
+    end
+
+    local status, data = self.socket:receive_buf(match.numbytes(2), true)
+    if ( not(status) ) then
+      self.socket:close()
+      return false, "Failed to receive connection response from server"
+    end
+
+    local response = Response.Connect:new(data)
+    if ( not(response) ) then
+      return false, "Failed to parse response from server"
+    end
+
+    if ( response.version ~= 5 ) then
+      return false, ("Unsupported SOCKS version (%d)"):format(response.version)
+    end
+    if ( response.method == 0xFF ) then
+      return false, "No acceptable authentication methods"
+    end
+
+    -- store the method so authenticate knows what to use
+    self.auth_method = response.method
+    return true, response
+  end,
+
+  -- Authenticates to the SOCKS server
+  -- @param creds table containing authentication method specific fields
+  --        currently only authentication method 2 (username and pass) is
+  --        implemented. That method requires the following fields:
+  --        <code>username</code> - containing the username
+  --        <code>password</code> - containing the password
+  -- @return status true on success, false on failure
+  -- @return err string containing the error message
+  authenticate = function(self, creds)
+    if ( self.auth_method ~= 2 ) then
+      return false, "Authentication method not supported"
+    end
+    local req = Request.Authenticate:new(self.auth_method, creds)
+    if ( not(req) ) then
+      return false, "Failed to create authentication request"
+    end
+
+    local status = self.socket:send(tostring(req))
+    if ( not(status) ) then
+      return false, "Failed to send authentication request"
+    end
+
+    if ( 2 == self.auth_method ) then
+      local status, data = self.socket:receive_buf(match.numbytes(2), true)
+      local auth = Response.Authenticate:new(data)
+
+      if ( not(auth) ) then
+        return false, "Failed to parse authentication response"
+      end
+
+      if ( auth:isSuccess() ) then
+        return true, "Authentication was successful"
+      else
+        return false, "Authentication failed"
+      end
+
+    end
+    return false, "Unsupported authentication method"
+  end,
+
+  -- closes the connection to the server
+  close = function(self)
+    return self.socket:close()
+  end,
+
+}
+
+return _ENV;
-- 
cgit v1.2.3