[This file contains two mail messages: * 13 Aug 97 patches from Larry Jones to allow the client/server CVS to connect using SOCKSv4, implemented via a SOCKSv4 client library. * Some further discussion between Jim Kingdon and Larry Jones about how to handle SOCKS in CVS. As far as I know, none of this is needed for recent implementations of CVS and SOCKS; you can just use runsocks to enable SOCKS at run-time (July 1998). -kingdon] From: larry.jones@sdrc.com Date: Wed, 13 Aug 97 16:27:56 -0400 To: bug-cvs@prep.ai.mit.edu Subject: SOCKS support >Submitter-Id: net >Originator: Larry Jones >Organization: net >Confidential: no >Synopsis: Changes for SOCKS support. >Severity: non-critical >Priority: medium >Category: cvs >Class: change-request >Release: cvs-1.9.15 >Environment: n/a >Description: These changes allow a cvs client behind a firewall to communicate with a server on the other side provided a SOCKS V4 client library is available. >How-To-Repeat: n/a >Fix: Index: ChangeLog =================================================================== RCS file: /home2/cvsroot/ccvs/ChangeLog,v retrieving revision 1.376 diff -u -r1.376 ChangeLog --- ChangeLog 1997/08/04 04:03:05 1.376 +++ ChangeLog 1997/08/13 20:15:26 @@ -1,3 +1,10 @@ +Wed Aug 13 15:33:00 1997 Larry Jones + + * configure.in: Check for SOCKSv4 firewall proxy client library. + * acconfig.h: Add HAVE_SOCKS4. + * config.h.in: Regenerated. + * configure: Regenerated. + Mon Aug 4 00:02:24 1997 Jim Kingdon * BUGS: Be specific about wrappers not working client/server. Index: acconfig.h =================================================================== RCS file: /home2/cvsroot/ccvs/acconfig.h,v retrieving revision 1.9 diff -u -r1.9 acconfig.h --- acconfig.h 1997/02/17 20:42:55 1.9 +++ acconfig.h 1997/08/13 20:15:26 @@ -16,3 +16,6 @@ /* Define if you have the connect function. */ #undef HAVE_CONNECT + +/* Define if you have SOCKS v4. */ +#undef HAVE_SOCKS4 Index: config.h.in =================================================================== RCS file: /home2/cvsroot/ccvs/config.h.in,v retrieving revision 1.32 diff -u -r1.32 config.h.in --- config.h.in 1997/06/09 03:48:44 1.32 +++ config.h.in 1997/08/13 20:15:27 @@ -75,6 +75,9 @@ /* Define if you have the connect function. */ #undef HAVE_CONNECT +/* Define if you have SOCKS v4. */ +#undef HAVE_SOCKS4 + /* Define if you have the crypt function. */ #undef HAVE_CRYPT @@ -221,3 +224,6 @@ /* Define if you have the socket library (-lsocket). */ #undef HAVE_LIBSOCKET + +/* Define if you have the socks library (-lsocks). */ +#undef HAVE_LIBSOCKS Index: configure =================================================================== RCS file: /home2/cvsroot/ccvs/configure,v retrieving revision 1.76 diff -u -r1.76 configure --- configure 1997/06/16 23:44:15 1.76 +++ configure 1997/08/13 20:15:44 @@ -2359,6 +2359,105 @@ #define HAVE_CONNECT 1 EOF + echo $ac_n "checking for Rconnect""... $ac_c" 1>&6 +if eval "test \"`echo '$''{'ac_cv_func_Rconnect'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char Rconnect(); + +int main() { return 0; } +int t() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_Rconnect) || defined (__stub___Rconnect) +choke me +#else +Rconnect(); +#endif + +; return 0; } +EOF +if { (eval echo configure:2392: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; }; then + rm -rf conftest* + eval "ac_cv_func_Rconnect=yes" +else + rm -rf conftest* + eval "ac_cv_func_Rconnect=no" +fi +rm -f conftest* + +fi +if eval "test \"`echo '$ac_cv_func_'Rconnect`\" = yes"; then + echo "$ac_t""yes" 1>&6 + : +else + echo "$ac_t""no" 1>&6 +echo $ac_n "checking for -lsocks""... $ac_c" 1>&6 +ac_lib_var=`echo socks'_'Rconnect | tr './+\055' '__p_'` +if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_save_LIBS="$LIBS" +LIBS="-lsocks $LIBS" +cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; }; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" +else + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=no" +fi +rm -f conftest* +LIBS="$ac_save_LIBS" + +fi +if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_lib=HAVE_LIB`echo socks | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + cat >> confdefs.h <&6 +fi + + if test "$ac_cv_lib_socks_Rconnect" = "yes"; then + ac_cv_func_Rconnect=yes + fi +fi + + if test "$ac_cv_func_Rconnect" = "yes"; then + cat >> confdefs.h <<\EOF +#define HAVE_SOCKS4 1 +EOF + + fi fi fi @@ -2376,7 +2475,7 @@ krb_h= echo $ac_n "checking for krb.h""... $ac_c" 1>&6 cat > conftest.$ac_ext < int main() { return 0; } @@ -2384,7 +2483,7 @@ int i; ; return 0; } EOF -if { (eval echo configure:2388: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; }; then +if { (eval echo configure:2487: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; }; then rm -rf conftest* krb_h=yes krb_incdir= else @@ -2393,7 +2492,7 @@ hold_cflags=$CFLAGS CFLAGS="$CFLAGS -I$KRB4/include" cat > conftest.$ac_ext < int main() { return 0; } @@ -2401,7 +2500,7 @@ int i; ; return 0; } EOF -if { (eval echo configure:2405: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; }; then +if { (eval echo configure:2504: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; }; then rm -rf conftest* krb_h=yes krb_incdir=$KRB4/include fi @@ -2414,7 +2513,7 @@ if test -z "$krb_h"; then cat > conftest.$ac_ext < int main() { return 0; } @@ -2422,7 +2521,7 @@ int i; ; return 0; } EOF -if { (eval echo configure:2426: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; }; then +if { (eval echo configure:2525: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; }; then rm -rf conftest* krb_h=yes krb_incdir= else @@ -2431,7 +2530,7 @@ hold_cflags=$CFLAGS CFLAGS="$CFLAGS -I$KRB4/include/kerberosIV" cat > conftest.$ac_ext < int main() { return 0; } @@ -2439,7 +2538,7 @@ int i; ; return 0; } EOF -if { (eval echo configure:2443: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; }; then +if { (eval echo configure:2542: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; }; then rm -rf conftest* krb_h=yes krb_incdir=$KRB4/include/kerberosIV fi @@ -2463,7 +2562,7 @@ ac_save_LIBS="$LIBS" LIBS="-lkrb $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; }; then +if { (eval echo configure:2578: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; }; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -2516,7 +2615,7 @@ ac_save_LIBS="$LIBS" LIBS="-ldes $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; }; then +if { (eval echo configure:2631: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; }; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -2560,7 +2659,7 @@ echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; }; then +if { (eval echo configure:2687: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; }; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -2631,7 +2730,7 @@ echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; }; then +if { (eval echo configure:2758: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; }; then rm -rf conftest* eval "ac_cv_func_gethostname=yes" else @@ -2732,7 +2831,7 @@ ac_save_LIBS="$LIBS" LIBS="-lcrypt $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; }; then +if { (eval echo configure:2847: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; }; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -2775,7 +2874,7 @@ echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; }; then +if { (eval echo configure:2902: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; }; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else Index: configure.in =================================================================== RCS file: /home2/cvsroot/ccvs/configure.in,v retrieving revision 1.82 diff -u -r1.82 configure.in --- configure.in 1997/07/21 13:50:58 1.82 +++ configure.in 1997/08/13 20:15:46 @@ -134,6 +134,14 @@ if test "$ac_cv_lib_socket_connect" = "yes" || test "$ac_cv_lib_inet_connect" = "yes"; then ac_cv_func_connect=yes AC_DEFINE(HAVE_CONNECT) + AC_CHECK_FUNC(Rconnect, :, + [AC_CHECK_LIB(socks, Rconnect) + if test "$ac_cv_lib_socks_Rconnect" = "yes"; then + ac_cv_func_Rconnect=yes + fi]) + if test "$ac_cv_func_Rconnect" = "yes"; then + AC_DEFINE(HAVE_SOCKS4) + fi fi]) dnl Index: src/ChangeLog =================================================================== RCS file: /home2/cvsroot/ccvs/src/ChangeLog,v retrieving revision 1.1186 diff -u -r1.1186 ChangeLog --- ChangeLog 1997/08/11 17:21:39 1.1186 +++ ChangeLog 1997/08/13 20:16:00 @@ -1,3 +1,7 @@ +Wed Aug 13 15:33:00 1997 Larry Jones + + * client.c, server.c, main.c (main): Add SOCKSv4 support. + Mon Aug 11 10:14:47 1997 Jim Kingdon * vers_ts.c (Version_TS): If vers_ts->vn_rcs == NULL, skip setting Index: src/client.c =================================================================== RCS file: /home2/cvsroot/ccvs/src/client.c,v retrieving revision 1.218 diff -u -r1.218 client.c --- client.c 1997/07/30 15:33:24 1.218 +++ client.c 1997/08/13 20:16:40 @@ -22,6 +22,16 @@ #ifdef CLIENT_SUPPORT +#ifdef HAVE_SOCKS4 +#define connect Rconnect +#define select Rselect +#define gethostbyname Rgethostbyname +#define getsockname Rgetsockname +#define bind Rbind +#define accept Raccept +#define listen Rlisten +#endif + #include "md5.h" #if defined(AUTH_CLIENT_SUPPORT) || HAVE_KERBEROS || defined(SOCK_ERRNO) || defined(SOCK_STRERROR) Index: src/main.c =================================================================== RCS file: /home2/cvsroot/ccvs/src/main.c,v retrieving revision 1.116 diff -u -r1.116 main.c --- main.c 1997/08/06 18:01:30 1.116 +++ main.c 1997/08/13 20:16:52 @@ -399,6 +399,10 @@ int option_index = 0; int need_to_create_root = 0; +#ifdef HAVE_SOCKS4 + SOCKSinit(argv[0]); +#endif + #ifdef SYSTEM_INITIALIZE /* Hook for OS-specific behavior, for example socket subsystems on NT and OS2 or dealing with windows and arguments on Mac. */ Index: src/server.c =================================================================== RCS file: /home2/cvsroot/ccvs/src/server.c,v retrieving revision 1.165 diff -u -r1.165 server.c --- server.c 1997/08/11 17:21:52 1.165 +++ server.c 1997/08/13 20:18:16 @@ -18,6 +18,16 @@ #ifdef SERVER_SUPPORT +#ifdef HAVE_SOCKS4 +#define connect Rconnect +#define select Rselect +#define gethostbyname Rgethostbyname +#define getsockname Rgetsockname +#define bind Rbind +#define accept Raccept +#define listen Rlisten +#endif + #ifdef HAVE_WINSOCK_H #include #endif -Larry Jones I've never seen a sled catch fire before. -- Hobbes Subject: Re: SOCKS support To: kingdon@cyclic.com (Jim Kingdon) Date: Thu, 14 Aug 1997 11:57:58 -0400 (EDT) Cc: bug-cvs@prep.ai.mit.edu From: larry.jones@sdrc.com (Larry Jones) Jim Kingdon writes: > Thanks for the patch. I've added it to > http://www.cyclic.com/cyclic-pages/unoff.html with the following text: > > SOCKS is a protocol to allow controlled traversal of firewalls. Here > is a patch to allow the client/server > CVS to connect using SOCKSv4, implemented via a SOCKSv4 client > library. Some of the questions/issues to answer before putting this > into the official CVS distribution are: (1) documentation, (2) how > does the user select SOCKS or non-SOCKS operation? Can a single CVS > binary support both?, (3) in the case of SOCKSv5 at least, how does > the user specify additional information such as username/password for > RFC1929 authentication or a GSS-API ticket for RFC1961 authentication, > (4) SOCKSv4 versus SOCKSv5 (SOCKSv5 has a greater set of choices for > authentication, but if SOCKSv4 is more widely deployed that means > something too), and (5) should CVS use an external SOCKS library, a > SOCKS library shipped with CVS, or should it just implement the SOCKS > protocol in a CVS-specific fashion? Some answers and opinions: (1) I'm not sure how much documentation is required or where it should be. If you're already using SOCKS, then presumably you already know quite a bit about it; if you're not, then either you don't need it or you need to go find out about it and install it. Perhaps just a brief mention of what it is and a pointer to the NEC web page (http://www.socks.nec.com/) along with a note that if configure can find the client library it will use it? (2) The user doesn't -- the SOCKSv4 client library automatically determines whether to make a connection through a SOCKS server or an ordinary direct connection based on the destination IP address and a configuration file. If the configuration file doesn't exist, the default is a direct connection. So, not only can a single binary support both, it behaves just like the SOCKS support wasn't there if SOCKS hasn't been configured on the machine. (3) I have no idea. :-) (4) SOCKSv4 has certainly been around much longer and, although the SOCKSv5 protocol has no provision for supporting v4 clients, the reference implementation from NEC does, so the vast majority of existing SOCKSv5 servers also support SOCKSv4 clients. The v5 client library also supports v4 servers, so the right thing to do (IMHO) is to support both the v4 and v5 client libraries. (We don't have v5 installed, so I don't know a whole lot about it, which is why I only contributed v4 stuff.) (5) There are significant benefits to using an external library. You don't have to write or maintain the code, the configuration is undoubtedly more flexible that what you'd write (see http://www.socks.nec.com/man/libsocks5.conf.5.html), and the user only has to set up the configuration information once rather than having to configure each application separately. There doesn't seem to be any benefit to shipping the library with CVS since it isn't much good without a SOCKS server and it comes with the server so anyone who needs it should already have it. -Larry Jones Pitiful. Just pitiful. -- Calvin