From 9df98a6e31bf3a2332759aa5770a414698d5e375 Mon Sep 17 00:00:00 2001 From: Matt Merhar Date: Fri, 13 Sep 2024 18:30:25 -0400 Subject: [PATCH 01/27] Avoid printing unterminated string in readline() When running with -v, readline() in io.c uses strncpy() to copy a string (*without* the terminating NULL) into an uninitialized buffer created by malloc(). When message() then prints this, it can lead to garbage data being emitted since it's potentially reading past the intended end of the string. In practice, this appears to only be an additional byte or 2 before a NULL is encountered. The issue was hit when readline() encountered "\r\n\r\n", not longer strings, but I imagine it's dependent on things like compiler / libc / the weather as to whether the end of the buffer returned by malloc() will be zeroed or not; I've seen similar issues pop up with "working" code running on newer distros. --- io.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/io.c b/io.c index e8df31a..56d516e 100644 --- a/io.c +++ b/io.c @@ -57,7 +57,7 @@ int readline(PTSTREAM *pts) { if( args_info.verbose_flag ) { /* Copy line of data into dstr without trailing newline */ - char *dstr = malloc(strlen(buf) + 1); + char *dstr = calloc(1, strlen(buf) + 1); strncpy( dstr, buf, strlen(buf)); if (strcmp(dstr, "")) message( " <- %s\n", dstr ); From 8ff6d58f1bca6805ce4a30b6c7025af4485af8e4 Mon Sep 17 00:00:00 2001 From: e9hack Date: Fri, 29 Nov 2024 12:08:56 +0100 Subject: [PATCH 02/27] Fixed loading of default and legacy provider - Verify that the default and legacy provider was loaded successfully. If not bail out. - On Windows, try to load the legacy.dll from multiple locations before bailing out. - Added legacy.dll to the proxytunnel.zip archive. --- Makefile | 7 +++++++ buildwin.sh | 10 +++++----- ntlm.c | 54 +++++++++++++++++++++++++++++++++++++++++++++++++++-- 3 files changed, 64 insertions(+), 7 deletions(-) diff --git a/Makefile b/Makefile index 1da0ce7..0f97693 100644 --- a/Makefile +++ b/Makefile @@ -20,6 +20,13 @@ OPTFLAGS += -DSETPROCTITLE -DSPT_TYPE=2 # System dependant blocks... if your system is listed below, uncomment # the relevant lines +# MSYS +# The current version of gcc from MSYS defines __MSYS__ and __CYGWIN__. +# To avoid to change the code, simply define CYGWIN additionally. +ifneq ($(filter $(MSYSTEM),MSYS MINGW32 MINGW64 UCRT64),) +CFLAGS += -DCYGWIN +endif + # OpenBSD #OPTFLAGS += -DHAVE_SYS_PSTAT_H diff --git a/buildwin.sh b/buildwin.sh index 52d8b59..5e1165c 100644 --- a/buildwin.sh +++ b/buildwin.sh @@ -4,13 +4,13 @@ echo "Build docs..." make -C docs echo "Build proxytunnel..." -make -f Makefile.ssl11 - -echo "Copy msys/openssl dll to build dir..." -cp /usr/bin/msys-2.0.dll /usr/bin/msys-crypto-1.1.dll /usr/bin/msys-ssl-1.1.dll /usr/bin/msys-z.dll . +make -f Makefile +strip -s proxytunnel.exe echo "Generate proxytunnel.zip with docs, exe and msys/openssl dll..." -zip proxytunnel.zip proxytunnel.exe *.dll docs/proxytunnel.1 docs/proxytunnel.1.html docs/proxytunnel-paper.html +zip proxytunnel.zip proxytunnel.exe docs/proxytunnel.1 docs/proxytunnel.1.html docs/proxytunnel-paper.html +DLLS="$(ldd proxytunnel.exe | grep msys.*\.dll | awk '{print $3}' | xargs) /usr/lib/ossl-modules/legacy.dll" +zip proxytunnel.zip -j $DLLS if [ ! -z "${TRAVIS_TAG}" ]; then echo "Deploy proxytunnel.zip to github release tag:${TRAVIS_TAG}..." diff --git a/ntlm.c b/ntlm.c index 54761f5..5159202 100644 --- a/ntlm.c +++ b/ntlm.c @@ -29,6 +29,9 @@ #include #include #if OPENSSL_VERSION_NUMBER >= 0x30000000L + #ifdef CYGWIN + #include + #endif #include #include #else @@ -71,8 +74,55 @@ unsigned char lm2digest[LM2_DIGEST_LEN]; void init_ntlm() { #if OPENSSL_VERSION_NUMBER >= 0x30000000L - OSSL_PROVIDER_load(NULL, "default"); - OSSL_PROVIDER_load(NULL, "legacy"); + OSSL_PROVIDER *provider; + provider = OSSL_PROVIDER_load(NULL, "default"); + if (!provider) { + my_perror("Loading default provider failed"); + exit(1); + } + provider = OSSL_PROVIDER_load(NULL, "legacy"); +#ifdef CYGWIN + if (!provider) { + // available at msys and git for windows + // the msys version has an additional dependency on libcrypto-3-x64.dll + provider = OSSL_PROVIDER_load(NULL, "/mingw64/lib/ossl-modules/legacy.dll"); + } + if (!provider) { + // available at msys (without dependency on libcrypto-3-x64.dll) + provider = OSSL_PROVIDER_load(NULL, "/usr/lib/ossl-modules/legacy.dll"); + } + if (!provider) { + // default installation path for additional tools + provider = OSSL_PROVIDER_load(NULL, "/usr/local/bin/legacy.dll"); + } + if (!provider) { + // directory of proxytunnel itself + const char *p = strrchr(program_name, '/'); + if (p) { + const int len = p - program_name; + char *tmp = (char*)alloca(len + sizeof("/legacy.dll")); + memcpy(tmp, program_name, len); + strcpy(tmp + len, "/legacy.dll"); + provider = OSSL_PROVIDER_load(NULL, tmp); + } + } + if (!provider) { + // current working directory + char *cwd = getcwd(NULL, 0); + if (cwd) { + const int len = strlen(cwd); + char *tmp = (char*)alloca(len + sizeof("/legacy.dll")); + memcpy(tmp, cwd, len); + free(cwd); + strcpy(tmp + len, "/legacy.dll"); + provider = OSSL_PROVIDER_load(NULL, tmp); + } + } +#endif + if (!provider) { + my_perror("Loading legacy provider failed"); + exit(1); + } md4alg = EVP_md4(); md5alg = EVP_md5(); mdctx = EVP_MD_CTX_new(); From b6daf27b8f6b72a089486623cf729be68ed3e6bb Mon Sep 17 00:00:00 2001 From: e9hack Date: Fri, 29 Nov 2024 12:41:27 +0100 Subject: [PATCH 03/27] Fixed NTLM authentication - analyse_HTTP: Read first something from the connection before analyse it - analyse_HTTP: Accepte a TAB as a second delimiter during parsing an answer from a proxy. - proxy_protocol(): In case of NTLM authentication, this function is called twice recursively. Use variable ntlm_challenge as marker of the state of the authentication to avoid endless recursive calls in case of an error and avoid to try to connect to the remote proxy twice. --- http.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/http.c b/http.c index a4e020c..12e1956 100644 --- a/http.c +++ b/http.c @@ -37,17 +37,16 @@ * header */ void analyze_HTTP(PTSTREAM *pts) { - char *p = strtok( buf, " "); + char *p; /* Strip html error pages for faulty proxies (Stephane Engel ) */ - while (strncmp( p, "HTTP/", 5) != 0 ) { - if ( readline(pts) ) { - p = strtok( buf, " "); - } else { + do { + if (readline(pts) <= 0) { message( "analyze_HTTP: readline failed: Connection closed by remote host\n" ); exit(2); } - } + p = strtok( buf, " \t"); + } while (strncmp( p, "HTTP/", 5) != 0 ); if (strcmp( p, "HTTP/1.0" ) != 0 && strcmp( p, "HTTP/1.1" ) != 0) { message( "Unsupported HTTP version number %s\n", p ); @@ -117,6 +116,7 @@ void proxy_protocol(PTSTREAM *pts) { if (args_info.ntlm_flag) { if (ntlm_challenge == 1) { build_type3_response(); + ntlm_challenge = 2; strzcat( buf, "Proxy-Authorization: NTLM %s\r\n", ntlm_type3_buf ); } else if (ntlm_challenge == 0) { strzcat( buf, "Proxy-Authorization: NTLM %s\r\n", ntlm_type1_buf ); @@ -157,7 +157,7 @@ void proxy_protocol(PTSTREAM *pts) { /* Read the first line of the response and analyze it */ analyze_HTTP(pts); - if (args_info.remproxy_given ) { + if (ntlm_challenge < 3 && args_info.remproxy_given ) { /* Clean buffer for next analysis */ while ( strcmp( buf, "\r\n" ) != 0 ) readline(pts); @@ -209,8 +209,8 @@ void proxy_protocol(PTSTREAM *pts) { * Then, repeat reading lines of the responses until a blank line * (which signifies the end of the response) is encountered. */ - if (ntlm_challenge == 1) { - ntlm_challenge = 2; + if (ntlm_challenge == 2) { + ntlm_challenge = 3; } else { do { readline(pts); From fb9b85a40e1c7c0626bd1dbbd466b0c3427a07ff Mon Sep 17 00:00:00 2001 From: Nick Braun Date: Fri, 20 Dec 2024 04:56:18 -0800 Subject: [PATCH 04/27] Increase MAX_HEADER_SIZE Increases the MAX_HEADER_SIZE in cmdline to be 4K --- cmdline.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmdline.h b/cmdline.h index 18b77e9..93cf460 100644 --- a/cmdline.h +++ b/cmdline.h @@ -23,7 +23,7 @@ #ifndef _cmdline_h #define _cmdline_h -#define MAX_HEADER_SIZE 1024 +#define MAX_HEADER_SIZE 4096 struct gengetopt_args_info { char *user_arg; /* Username to send to HTTPS proxy for auth. */ From 0e202442e5dcf0391240c9f6409db0c0acf3528b Mon Sep 17 00:00:00 2001 From: Sven Geuer <68420948@users.noreply.github.com> Date: Fri, 7 Mar 2025 22:23:12 +0100 Subject: [PATCH 05/27] CHANGES: chmode 755 to 644. --- CHANGES | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100755 => 100644 CHANGES diff --git a/CHANGES b/CHANGES old mode 100755 new mode 100644 From 6b99bb78984e16c2e02611446edd06eb59297da8 Mon Sep 17 00:00:00 2001 From: Sven Geuer <68420948@users.noreply.github.com> Date: Fri, 7 Mar 2025 22:27:28 +0100 Subject: [PATCH 06/27] TODO: Drop note about SSL proxy support, it has been added meanwhile. --- TODO | 5 ----- 1 file changed, 5 deletions(-) diff --git a/TODO b/TODO index 45c19e4..8ac9281 100644 --- a/TODO +++ b/TODO @@ -7,11 +7,6 @@ or: proxytunnel -p username:password@local-proxy:port -r username:password@remote-proxy:port -d %h:%p -### SSL proxy support -- Starting with Apache 2.4 using CONNECT over SSL is supported !! - See: http://issues.apache.org/bugzilla/show_bug.cgi?id=29744 - - ### Code cleanup - Find some hardcore C experts to help us improve the code quality From dc0945afb8383a196019cb8143f442d7f4011995 Mon Sep 17 00:00:00 2001 From: Sven Geuer <68420948@users.noreply.github.com> Date: Fri, 7 Mar 2025 23:04:56 +0100 Subject: [PATCH 07/27] Update CHANGES and config.h for release 1.12.3 --- CHANGES | 15 +++++++++++++++ config.h | 6 +++--- 2 files changed, 18 insertions(+), 3 deletions(-) diff --git a/CHANGES b/CHANGES index 35753b4..24d5bfb 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,18 @@ +Changes to proxytunnel 1.12.3 -- Fri Mar 7 23:04:25 CET 2025 + +- PR #83 from https://github.com/tofurky to avoid printing unterminated string + in readline(). +- PR #86 from https://github.com/e9hack to fix and improve ntlm authentication. +- PR #89 from https://github.com/njbraun to increase MAX_HEADER_SIZE to 4k. +- From Sven Geuer, https://github.com/68420948 + - Chmode 755 to 644 for file CHANGES. + - Drop obsolete entry about SSL proxy support from file TODO. + +Changes to proxytunnel 1.12.2 -- Mon Mar 25 14:50:38 CET 2024 + +- PRs #79 and #80 from https://github.com/hoilc implementing github action to + build windows binary. + Changes to proxytunnel 1.12.1 -- Tue Feb 6 17:36:38 CET 2024 [ Sven Geuer, https://github.com/68420948 ] diff --git a/config.h b/config.h index 80914fd..f73e2ed 100644 --- a/config.h +++ b/config.h @@ -17,9 +17,9 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#define VERSION "1.12.1" -#define VERSION_YEAR "2024" -#define VERSION_DATE "2024-02-06" +#define VERSION "1.12.3" +#define VERSION_YEAR "2025" +#define VERSION_DATE "2025-03-07" #define PACKAGE "proxytunnel" #define PURPOSE "Build generic tunnels through HTTPS proxies" #define AUTHORS "Jos Visser (Muppet) , Mark Janssen (Maniac) " From c5ab4648776ab415dba7012fd39fe4e7a7c97e33 Mon Sep 17 00:00:00 2001 From: zsuper Date: Tue, 1 Apr 2025 19:27:26 -0700 Subject: [PATCH 08/27] Added basic flake support for x86_64-linux. --- flake.lock | 27 +++++++++++++++++++++++++++ flake.nix | 39 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 66 insertions(+) create mode 100644 flake.lock create mode 100644 flake.nix diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..e0fe2d9 --- /dev/null +++ b/flake.lock @@ -0,0 +1,27 @@ +{ + "nodes": { + "nixpkgs": { + "locked": { + "lastModified": 1743315132, + "narHash": "sha256-6hl6L/tRnwubHcA4pfUUtk542wn2Om+D4UnDhlDW9BE=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "52faf482a3889b7619003c0daec593a1912fddc1", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..fa6fc9e --- /dev/null +++ b/flake.nix @@ -0,0 +1,39 @@ +{ + description = "A flake that provides the proxytunnel command"; + + inputs = { + nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-unstable"; + }; + + outputs = { + self, + nixpkgs, + ... + }: let + # TODO: Check functionality and add support for other architectures. + pkgs = nixpkgs.legacyPackages."x86_64-linux"; + in { + packages.x86_64-linux.default = pkgs.stdenv.mkDerivation { + pname = "proxytunnel"; + + version = "1.0.0"; + + src = ./.; + nativeBuildInputs = [pkgs.gnumake]; + buildInputs = [pkgs.openssl]; + + buildPhase = '' + make + ''; + + installPhase = '' + mkdir -p $out/bin + cp ./proxytunnel $out/bin + ''; + }; + + devShells.x86_64-linux.default = pkgs.mkShell { + packages = [self.packages.x86_64-linux.default]; + }; + }; +} From 20be023202745f67cba98c8f230836e28d1b9568 Mon Sep 17 00:00:00 2001 From: zsuper Date: Tue, 1 Apr 2025 19:58:45 -0700 Subject: [PATCH 09/27] Extended flake so support can easily be added for diff archs in the future --- flake.nix | 53 ++++++++++++++++++++++++++++++++--------------------- 1 file changed, 32 insertions(+), 21 deletions(-) diff --git a/flake.nix b/flake.nix index fa6fc9e..9068cbf 100644 --- a/flake.nix +++ b/flake.nix @@ -11,29 +11,40 @@ ... }: let # TODO: Check functionality and add support for other architectures. - pkgs = nixpkgs.legacyPackages."x86_64-linux"; + supportedSystems = ["x86_64-linux"]; + forAllSystems = nixpkgs.lib.genAttrs supportedSystems; + + mkProxyTunnel = system: let + pkgs = nixpkgs.legacyPackages.${system}; + in + pkgs.stdenv.mkDerivation { + pname = "proxytunnel"; + + version = "1.0.0"; + + src = ./.; + nativeBuildInputs = [pkgs.gnumake]; + buildInputs = [pkgs.openssl]; + + buildPhase = '' + make + ''; + + installPhase = '' + mkdir -p $out/bin + cp ./proxytunnel $out/bin + ''; + }; in { - packages.x86_64-linux.default = pkgs.stdenv.mkDerivation { - pname = "proxytunnel"; + packages = forAllSystems mkProxyTunnel; - version = "1.0.0"; + defaultPackage = forAllSystems (system: self.packages.${system}); - src = ./.; - nativeBuildInputs = [pkgs.gnumake]; - buildInputs = [pkgs.openssl]; - - buildPhase = '' - make - ''; - - installPhase = '' - mkdir -p $out/bin - cp ./proxytunnel $out/bin - ''; - }; - - devShells.x86_64-linux.default = pkgs.mkShell { - packages = [self.packages.x86_64-linux.default]; - }; + devShells = forAllSystems (system: let + pkgs = nixpkgs.legacyPackages.${system}; + in + pkgs.mkShell { + packages = [self.defaultPackage.${system}]; + }); }; } From 3ec1efe42ef895b2bda31b285a31d3f39c15a555 Mon Sep 17 00:00:00 2001 From: zsuper Date: Tue, 1 Apr 2025 23:09:45 -0700 Subject: [PATCH 10/27] Changed flake.nix to use flake-parts for modular arch support. Updated INSTALL.md --- INSTALL.md | 40 ++++++++++++++++++++++++++++++ flake.lock | 48 ++++++++++++++++++++++++++++++------ flake.nix | 71 +++++++++++++++++++++++++----------------------------- 3 files changed, 114 insertions(+), 45 deletions(-) diff --git a/INSTALL.md b/INSTALL.md index 9e2e7fa..c5b6905 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -10,6 +10,46 @@ to build simply run `make` and optionally `make install`. If you manually want to install, copy proxytunnel to /usr/local/bin and optionally the manual-page from the debian-subdirectory to your manpath +# Nix Flakes + +> NOTE: The Nix Flake installation currently only supports the default Makefile flags (i.e. GNU system assumed + SSL enabled). + +A simple Nix Flake is included to allow for use via flake inputs. To create a temporary Nix Shell with access to the `proxytunnel` binary, you can run the command: +```console +nix develop github:proxytunnel/proxytunnel +``` +If you instead want to include it as a flake input, the following `flake.nix` shows how to do so: +```nix +{ + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + + # Add proxytunnel as an input + proxytunnel.url = "github:proxytunnel/proxytunnel"; + }; + + outputs = { + nixpkgs, + proxytunnel, + ... + }: let + system = "x86_64-linux"; + pkgs = import nixpkgs {system = "x86_64-linux";}; + in { + devShells.${system}.default = pkgs.mkShell { + buildInputs = [ + # Make the `proxytunnel` binary available in a Nix Shell + proxytunnel.packages.${system}.default + + # And include any other packages as desired... + pkgs.gcc + pkgs.glibc.dev + ]; + }; + }; +} +``` + # msys2 To install msys2 with [chocolatey](https://chocolatey.org/install): diff --git a/flake.lock b/flake.lock index e0fe2d9..d496322 100644 --- a/flake.lock +++ b/flake.lock @@ -1,23 +1,57 @@ { "nodes": { - "nixpkgs": { + "flake-parts": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib" + }, "locked": { - "lastModified": 1743315132, - "narHash": "sha256-6hl6L/tRnwubHcA4pfUUtk542wn2Om+D4UnDhlDW9BE=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "52faf482a3889b7619003c0daec593a1912fddc1", + "lastModified": 1743550720, + "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "c621e8422220273271f52058f618c94e405bb0f5", "type": "github" }, "original": { - "owner": "nixos", + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1743448293, + "narHash": "sha256-bmEPmSjJakAp/JojZRrUvNcDX2R5/nuX6bm+seVaGhs=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "77b584d61ff80b4cef9245829a6f1dfad5afdfa3", + "type": "github" + }, + "original": { + "owner": "NixOS", "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } }, + "nixpkgs-lib": { + "locked": { + "lastModified": 1743296961, + "narHash": "sha256-b1EdN3cULCqtorQ4QeWgLMrd5ZGOjLSLemfa00heasc=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "e4822aea2a6d1cdd36653c134cacfd64c97ff4fa", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, "root": { "inputs": { + "flake-parts": "flake-parts", "nixpkgs": "nixpkgs" } } diff --git a/flake.nix b/flake.nix index 9068cbf..e83f8ff 100644 --- a/flake.nix +++ b/flake.nix @@ -1,50 +1,45 @@ { - description = "A flake that provides the proxytunnel command"; + description = "Basic flake that provides proxytunnel as a package or as a binary in a nix shell"; inputs = { - nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-unstable"; + flake-parts.url = "github:hercules-ci/flake-parts"; + nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; }; - outputs = { - self, - nixpkgs, - ... - }: let - # TODO: Check functionality and add support for other architectures. - supportedSystems = ["x86_64-linux"]; - forAllSystems = nixpkgs.lib.genAttrs supportedSystems; + outputs = inputs @ {flake-parts, ...}: + flake-parts.lib.mkFlake {inherit inputs;} { + # TODO: Add support for more systems once checked. + # TODO: Maybe add configuration options for toggling Makefile {C/LD/OPT}FLAGS + systems = ["x86_64-linux"]; - mkProxyTunnel = system: let - pkgs = nixpkgs.legacyPackages.${system}; - in - pkgs.stdenv.mkDerivation { - pname = "proxytunnel"; + perSystem = { + config, + pkgs, + ... + }: { + packages.default = config.packages.proxytunnel; - version = "1.0.0"; + packages.proxytunnel = pkgs.stdenv.mkDerivation { + pname = "proxytunnel"; + version = "1.0.0"; + src = ./.; - src = ./.; - nativeBuildInputs = [pkgs.gnumake]; - buildInputs = [pkgs.openssl]; + nativeBuildInputs = [pkgs.gnumake]; + buildInputs = [pkgs.openssl]; - buildPhase = '' - make - ''; + buildPhase = '' + make + ''; - installPhase = '' - mkdir -p $out/bin - cp ./proxytunnel $out/bin - ''; + installPhase = '' + mkdir -p $out/bin + cp ./proxytunnel $out/bin + ''; + }; + + devShells.default = pkgs.mkShell { + packages = [config.packages.default]; + }; }; - in { - packages = forAllSystems mkProxyTunnel; - - defaultPackage = forAllSystems (system: self.packages.${system}); - - devShells = forAllSystems (system: let - pkgs = nixpkgs.legacyPackages.${system}; - in - pkgs.mkShell { - packages = [self.defaultPackage.${system}]; - }); - }; + }; } From 8ab065fca1d6e7b1513cf4251ae5e85864b1d747 Mon Sep 17 00:00:00 2001 From: Piyush Kumbhare <130249145+zSuperx@users.noreply.github.com> Date: Tue, 1 Apr 2025 23:39:13 -0700 Subject: [PATCH 11/27] Update flake.nix version to match github Release v1.12.3 version --- flake.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index e83f8ff..ced1f98 100644 --- a/flake.nix +++ b/flake.nix @@ -21,7 +21,7 @@ packages.proxytunnel = pkgs.stdenv.mkDerivation { pname = "proxytunnel"; - version = "1.0.0"; + version = "1.12.3"; src = ./.; nativeBuildInputs = [pkgs.gnumake]; From 49824201601bde8c9fec8a12f24a167369ab8a96 Mon Sep 17 00:00:00 2001 From: zsuper Date: Thu, 3 Apr 2025 09:46:52 -0700 Subject: [PATCH 12/27] flake overlay test --- flake.lock | 6 +++--- flake.nix | 15 +++++++++++++-- 2 files changed, 16 insertions(+), 5 deletions(-) diff --git a/flake.lock b/flake.lock index d496322..d28337e 100644 --- a/flake.lock +++ b/flake.lock @@ -20,11 +20,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1743448293, - "narHash": "sha256-bmEPmSjJakAp/JojZRrUvNcDX2R5/nuX6bm+seVaGhs=", + "lastModified": 1743583204, + "narHash": "sha256-F7n4+KOIfWrwoQjXrL2wD9RhFYLs2/GGe/MQY1sSdlE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "77b584d61ff80b4cef9245829a6f1dfad5afdfa3", + "rev": "2c8d3f48d33929642c1c12cd243df4cc7d2ce434", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index ced1f98..1d29a2f 100644 --- a/flake.nix +++ b/flake.nix @@ -12,12 +12,17 @@ # TODO: Maybe add configuration options for toggling Makefile {C/LD/OPT}FLAGS systems = ["x86_64-linux"]; + imports = [inputs.flake-parts.flakeModules.easyOverlay]; + perSystem = { config, pkgs, ... }: { - packages.default = config.packages.proxytunnel; + overlayAttrs = { + inherit (config.packages) proxytunnel; + enableSSL = true; + }; packages.proxytunnel = pkgs.stdenv.mkDerivation { pname = "proxytunnel"; @@ -33,10 +38,16 @@ installPhase = '' mkdir -p $out/bin - cp ./proxytunnel $out/bin + cp ./proxytunnel $out/bin/${ + if config.overlayAttrs.enableSSL + then "proxytunnel-yes-ssl" + else "proxytunnel-no-ssl" + } ''; }; + packages.default = config.packages.proxytunnel; + devShells.default = pkgs.mkShell { packages = [config.packages.default]; }; From c4c6caafbb358fcb8c500e967c73fe324216d867 Mon Sep 17 00:00:00 2001 From: zsuper Date: Thu, 3 Apr 2025 11:20:21 -0700 Subject: [PATCH 13/27] use callPackage --- flake.nix | 48 +++++++++++++++++++++++------------------------- 1 file changed, 23 insertions(+), 25 deletions(-) diff --git a/flake.nix b/flake.nix index 1d29a2f..2b8a3bc 100644 --- a/flake.nix +++ b/flake.nix @@ -12,40 +12,38 @@ # TODO: Maybe add configuration options for toggling Makefile {C/LD/OPT}FLAGS systems = ["x86_64-linux"]; - imports = [inputs.flake-parts.flakeModules.easyOverlay]; - perSystem = { config, pkgs, ... }: { - overlayAttrs = { - inherit (config.packages) proxytunnel; - enableSSL = true; - }; + packages.proxytunnel = pkgs.callPackage ( + { + enableSSL ? true, + stdenv, + }: + stdenv.mkDerivation { + pname = "proxytunnel"; + version = "1.12.3"; + src = ./.; - packages.proxytunnel = pkgs.stdenv.mkDerivation { - pname = "proxytunnel"; - version = "1.12.3"; - src = ./.; + nativeBuildInputs = [pkgs.gnumake]; + buildInputs = [pkgs.openssl]; - nativeBuildInputs = [pkgs.gnumake]; - buildInputs = [pkgs.openssl]; + buildPhase = '' + make + ''; - buildPhase = '' - make - ''; - - installPhase = '' - mkdir -p $out/bin - cp ./proxytunnel $out/bin/${ - if config.overlayAttrs.enableSSL - then "proxytunnel-yes-ssl" - else "proxytunnel-no-ssl" + installPhase = '' + mkdir -p $out/bin + cp ./proxytunnel $out/bin/${ + if enableSSL + then "proxytunnel-yes-ssl" + else "proxytunnel-no-ssl" + } + ''; } - ''; - }; - + ) {}; packages.default = config.packages.proxytunnel; devShells.default = pkgs.mkShell { From 5e9a22d035ce7d111a75cad5e0186891b1eb9e9c Mon Sep 17 00:00:00 2001 From: zsuper Date: Thu, 3 Apr 2025 15:17:29 -0700 Subject: [PATCH 14/27] moved package mkDerivation to ./nix/proxytunnel.nix --- flake.nix | 33 ++++++--------------------------- nix/proxytunnel.nix | 31 +++++++++++++++++++++++++++++++ 2 files changed, 37 insertions(+), 27 deletions(-) create mode 100644 nix/proxytunnel.nix diff --git a/flake.nix b/flake.nix index 2b8a3bc..eb73249 100644 --- a/flake.nix +++ b/flake.nix @@ -9,41 +9,20 @@ outputs = inputs @ {flake-parts, ...}: flake-parts.lib.mkFlake {inherit inputs;} { # TODO: Add support for more systems once checked. - # TODO: Maybe add configuration options for toggling Makefile {C/LD/OPT}FLAGS systems = ["x86_64-linux"]; + imports = [inputs.flake-parts.flakeModules.easyOverlay]; + perSystem = { config, pkgs, ... }: { - packages.proxytunnel = pkgs.callPackage ( - { - enableSSL ? true, - stdenv, - }: - stdenv.mkDerivation { - pname = "proxytunnel"; - version = "1.12.3"; - src = ./.; + overlayAttrs = { + inherit (config.packages) proxytunnel; + }; - nativeBuildInputs = [pkgs.gnumake]; - buildInputs = [pkgs.openssl]; - - buildPhase = '' - make - ''; - - installPhase = '' - mkdir -p $out/bin - cp ./proxytunnel $out/bin/${ - if enableSSL - then "proxytunnel-yes-ssl" - else "proxytunnel-no-ssl" - } - ''; - } - ) {}; + packages.proxytunnel = pkgs.callPackage ./nix/proxytunnel.nix {}; packages.default = config.packages.proxytunnel; devShells.default = pkgs.mkShell { diff --git a/nix/proxytunnel.nix b/nix/proxytunnel.nix new file mode 100644 index 0000000..b72c112 --- /dev/null +++ b/nix/proxytunnel.nix @@ -0,0 +1,31 @@ +{ + enableSSL ? true, + set-proc-title ? true, + pkgs, +}: let + optflags = "${ + if enableSSL + then "-DUSE_SSL" + else "" + } ${ + if set-proc-title + then "-DSETPROCTITLE -DSPT_TYPE=2" + else "" + }"; +in + pkgs.stdenv.mkDerivation { + pname = "proxytunnel"; + version = "1.12.3"; + src = ./..; + + buildInputs = [pkgs.openssl]; + + buildPhase = '' + make OPTFLAGS="${optflags}" + ''; + + installPhase = '' + mkdir -p $out/bin + cp ./proxytunnel $out/bin + ''; + } From ad8a6a1c7e93473bcc5a616567a2f4186670119d Mon Sep 17 00:00:00 2001 From: zsuper Date: Thu, 3 Apr 2025 19:43:15 -0700 Subject: [PATCH 15/27] Added options for gnu-systems & setproctitle to flake --- nix/proxytunnel.nix | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/nix/proxytunnel.nix b/nix/proxytunnel.nix index b72c112..7272eec 100644 --- a/nix/proxytunnel.nix +++ b/nix/proxytunnel.nix @@ -1,11 +1,12 @@ { - enableSSL ? true, + gnu-system ? true, set-proc-title ? true, pkgs, }: let - optflags = "${ - if enableSSL - then "-DUSE_SSL" + # TODO: Due to the way the OPENSSL_VERSION_NUMBER macro is checked, the -DUSE_SSL flag is NECESSARY + optflags = "-DUSE_SSL ${ + if gnu-system + then "-DHAVE_GETOPT_LONG" else "" } ${ if set-proc-title From f320f2bf634a0a0e3e08e41f01d83019dad2d24e Mon Sep 17 00:00:00 2001 From: zsuper Date: Thu, 3 Apr 2025 19:50:31 -0700 Subject: [PATCH 16/27] Added preprocessor #ifdef USE_SSL around every instance of OPENSSL_VERSION_NUMBER --- nix/proxytunnel.nix | 9 +++++++-- ntlm.c | 14 ++++++++++++++ 2 files changed, 21 insertions(+), 2 deletions(-) diff --git a/nix/proxytunnel.nix b/nix/proxytunnel.nix index 7272eec..7940719 100644 --- a/nix/proxytunnel.nix +++ b/nix/proxytunnel.nix @@ -1,10 +1,15 @@ { + use-ssl ? true, gnu-system ? true, set-proc-title ? true, pkgs, }: let - # TODO: Due to the way the OPENSSL_VERSION_NUMBER macro is checked, the -DUSE_SSL flag is NECESSARY - optflags = "-DUSE_SSL ${ + optflags = "${ + if use-ssl + then "-DUSE_SSL" + else "" + } + ${ if gnu-system then "-DHAVE_GETOPT_LONG" else "" diff --git a/ntlm.c b/ntlm.c index 5159202..e33c437 100644 --- a/ntlm.c +++ b/ntlm.c @@ -28,6 +28,7 @@ #include "proxytunnel.h" #include #include +#ifdef USE_SSL #if OPENSSL_VERSION_NUMBER >= 0x30000000L #ifdef CYGWIN #include @@ -38,6 +39,7 @@ #include #include #endif +#endif /* USE_SSL */ #define TYPE1_DATA_SEG 8 #define TYPE2_BUF_SIZE 2048 @@ -73,6 +75,7 @@ uint32_t flags; unsigned char lm2digest[LM2_DIGEST_LEN]; void init_ntlm() { +#ifdef USE_SSL #if OPENSSL_VERSION_NUMBER >= 0x30000000L OSSL_PROVIDER *provider; provider = OSSL_PROVIDER_load(NULL, "default"); @@ -127,6 +130,7 @@ void init_ntlm() { md5alg = EVP_md5(); mdctx = EVP_MD_CTX_new(); #endif +#endif /* ifdef USE_SSL */ } void build_type1() { @@ -308,10 +312,12 @@ unsigned char* key; /* pointer to authentication key */ int key_len; /* length of authentication key */ unsigned char digest[16]; /* caller digest to be filled in */ { +#ifdef USE_SSL #if OPENSSL_VERSION_NUMBER >= 0x30000000L #else MD5_CTX context; #endif +#endif /* ifdef USE_SSL */ unsigned char k_ipad[65]; /* inner padding - key XORd with ipad */ unsigned char k_opad[65]; /* outer padding - key XORd with opad */ unsigned char tk[16]; @@ -319,6 +325,7 @@ unsigned char digest[16]; /* caller digest to be filled in */ /* if key is longer than 64 bytes reset it to key=MD5(key) */ if (key_len > 64) { +#ifdef USE_SSL #if OPENSSL_VERSION_NUMBER >= 0x30000000L EVP_DigestInit_ex(mdctx, md5alg, NULL); EVP_DigestUpdate(mdctx, key, key_len); @@ -328,6 +335,7 @@ unsigned char digest[16]; /* caller digest to be filled in */ MD5_Update(&context, key, key_len); MD5_Final(tk, &context); #endif +#endif /* ifdef USE_SSL */ key = tk; key_len = 16; } @@ -356,6 +364,7 @@ unsigned char digest[16]; /* caller digest to be filled in */ } /* perform inner MD5 */ +#ifdef USE_SSL #if OPENSSL_VERSION_NUMBER >= 0x30000000L EVP_DigestInit_ex(mdctx, md5alg, NULL); /* init context for 1st pass */ EVP_DigestUpdate(mdctx, k_ipad, 64); /* start with inner pad */ @@ -380,15 +389,18 @@ unsigned char digest[16]; /* caller digest to be filled in */ MD5_Update(&context, digest, 16); /* then results of 1st hash */ MD5_Final(digest, &context); /* finish up 2nd pass */ #endif +#endif /* ifdef USE_SSL */ } void build_ntlm2_response() { int i, j; int passlen = 0; +#ifdef USE_SSL #if OPENSSL_VERSION_NUMBER >= 0x30000000L #else MD4_CTX passcontext; #endif +#endif /* ifdef USE_SSL */ unsigned char passdigest[16]; unsigned char *userdom; int userdomlen; @@ -413,6 +425,7 @@ void build_ntlm2_response() { } } +#ifdef USE_SSL #if OPENSSL_VERSION_NUMBER >= 0x30000000L EVP_DigestInit_ex(mdctx, md4alg, NULL); EVP_DigestUpdate(mdctx, unipasswd, passlen); @@ -422,6 +435,7 @@ void build_ntlm2_response() { MD4_Update (&passcontext, unipasswd, passlen); MD4_Final (passdigest, &passcontext); #endif +#endif /* ifdef USE_SSL */ if( args_info.verbose_flag ) { message("NTLM: MD4 of password is: "); From 2ef739f7c2c52608fa47b7daa727f28cc7cd22fb Mon Sep 17 00:00:00 2001 From: zsuper Date: Thu, 3 Apr 2025 19:51:48 -0700 Subject: [PATCH 17/27] Fixed formatting issue that caused an error with OPTFLAGS --- nix/proxytunnel.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/nix/proxytunnel.nix b/nix/proxytunnel.nix index 7940719..454eac6 100644 --- a/nix/proxytunnel.nix +++ b/nix/proxytunnel.nix @@ -8,8 +8,7 @@ if use-ssl then "-DUSE_SSL" else "" - } - ${ + } ${ if gnu-system then "-DHAVE_GETOPT_LONG" else "" From 226c45c9698c3b7fa09a7032d1531584100aa5a9 Mon Sep 17 00:00:00 2001 From: zsuper Date: Thu, 3 Apr 2025 20:00:14 -0700 Subject: [PATCH 18/27] Added one more #ifdef for consistency --- ntlm.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ntlm.c b/ntlm.c index e33c437..945fb4c 100644 --- a/ntlm.c +++ b/ntlm.c @@ -46,11 +46,13 @@ #define DOMAIN_BUFLEN 256 #define LM2_DIGEST_LEN 24 +#ifdef USE_SSL #if OPENSSL_VERSION_NUMBER >= 0x30000000L const EVP_MD *md4alg; const EVP_MD *md5alg; EVP_MD_CTX *mdctx; #endif +#endif /* ifdef USE_SSL */ int ntlm_challenge = 0; void message( char *s, ... ); From 2e61c609bb4cd20701796856be679f08ea3bc687 Mon Sep 17 00:00:00 2001 From: zsuper Date: Thu, 3 Apr 2025 21:13:45 -0700 Subject: [PATCH 19/27] Updated INSTALL.md --- INSTALL.md | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/INSTALL.md b/INSTALL.md index c5b6905..2cb85f2 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -34,16 +34,30 @@ If you instead want to include it as a flake input, the following `flake.nix` sh ... }: let system = "x86_64-linux"; - pkgs = import nixpkgs {system = "x86_64-linux";}; + pkgs = import nixpkgs { + system = "x86_64-linux"; + overlays = [ + (_: _: { + # Add an overlay with this line to add proxytunnel's default features to your nixpkgs + proxytunnel = proxytunnel.packages.${system}.default; + + # Add an overlay with this line to override options (i.e. disable SSL support) + proxytunnel = proxytunnel.packages.${system}.default.override { use-ssl = false }; + + # For a full list of override options, see `nix/proxytunnel.nix` + }) + ] + }; in { devShells.${system}.default = pkgs.mkShell { - buildInputs = [ + packages = [ # Make the `proxytunnel` binary available in a Nix Shell proxytunnel.packages.${system}.default # And include any other packages as desired... pkgs.gcc pkgs.glibc.dev + # ... ]; }; }; From 85eeaabe28fb75940314cb7658c25b8705155d8a Mon Sep 17 00:00:00 2001 From: zsuper Date: Thu, 3 Apr 2025 21:29:38 -0700 Subject: [PATCH 20/27] Updated INSTALL.md again --- INSTALL.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/INSTALL.md b/INSTALL.md index 2cb85f2..b3b4918 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -52,7 +52,8 @@ If you instead want to include it as a flake input, the following `flake.nix` sh devShells.${system}.default = pkgs.mkShell { packages = [ # Make the `proxytunnel` binary available in a Nix Shell - proxytunnel.packages.${system}.default + # The above overlay adds it to nixpkgs. Without the overlay, use proxytunnel.packages.${system}.default + pkgs.proxytunnel # And include any other packages as desired... pkgs.gcc From b4ed20677c0986ac42e82c7e7e95c4b3b372bb47 Mon Sep 17 00:00:00 2001 From: zsuper Date: Fri, 4 Apr 2025 09:52:26 -0700 Subject: [PATCH 21/27] Removed use-ssl option as it does not make sense to disable SSL. Also added default overlay updated INSTALL.md with flake overlay --- INSTALL.md | 14 ++++---------- nix/proxytunnel.nix | 7 +------ 2 files changed, 5 insertions(+), 16 deletions(-) diff --git a/INSTALL.md b/INSTALL.md index b3b4918..a7db3fe 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -12,7 +12,7 @@ and optionally the manual-page from the debian-subdirectory to your manpath # Nix Flakes -> NOTE: The Nix Flake installation currently only supports the default Makefile flags (i.e. GNU system assumed + SSL enabled). +> NOTE: The Nix Flake installation currently only supports the `x86_64-linux` platform, and has not been tested on other architectures. A simple Nix Flake is included to allow for use via flake inputs. To create a temporary Nix Shell with access to the `proxytunnel` binary, you can run the command: ```console @@ -37,16 +37,11 @@ If you instead want to include it as a flake input, the following `flake.nix` sh pkgs = import nixpkgs { system = "x86_64-linux"; overlays = [ - (_: _: { - # Add an overlay with this line to add proxytunnel's default features to your nixpkgs - proxytunnel = proxytunnel.packages.${system}.default; - - # Add an overlay with this line to override options (i.e. disable SSL support) - proxytunnel = proxytunnel.packages.${system}.default.override { use-ssl = false }; + # Add proxytunnel's default features to your nixpkgs + proxytunnel = proxytunnel.overlays.default; # For a full list of override options, see `nix/proxytunnel.nix` - }) - ] + ]; }; in { devShells.${system}.default = pkgs.mkShell { @@ -57,7 +52,6 @@ If you instead want to include it as a flake input, the following `flake.nix` sh # And include any other packages as desired... pkgs.gcc - pkgs.glibc.dev # ... ]; }; diff --git a/nix/proxytunnel.nix b/nix/proxytunnel.nix index 454eac6..ad3a010 100644 --- a/nix/proxytunnel.nix +++ b/nix/proxytunnel.nix @@ -1,14 +1,9 @@ { - use-ssl ? true, gnu-system ? true, set-proc-title ? true, pkgs, }: let - optflags = "${ - if use-ssl - then "-DUSE_SSL" - else "" - } ${ + optflags = "-DUSE_SSL ${ if gnu-system then "-DHAVE_GETOPT_LONG" else "" From 77b9afda276f23e7f81776ece1772fa5ea9ab708 Mon Sep 17 00:00:00 2001 From: Mark Janssen -- Sig-I/O Automatisering Date: Wed, 14 May 2025 22:24:24 +0200 Subject: [PATCH 22/27] Fix #96 --- Makefile | 5 ++++- proxytunnel.h | 2 ++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 0f97693..0aa9db2 100644 --- a/Makefile +++ b/Makefile @@ -66,7 +66,6 @@ mandir = $(datadir)/man OBJ = proxytunnel.o \ base64.o \ strzcat.o \ - setproctitle.o \ io.o \ http.o \ basicauth.o \ @@ -77,6 +76,10 @@ OBJ = proxytunnel.o \ ntlm.o \ ptstream.o +ifneq (,$(findstring -DSETPROCTITLE,$(OPTFLAGS))) +OBJ += setproctitle.o +endif + UNAME = $(shell uname) ifneq ($(UNAME),Darwin) OBJ += strlcpy.o \ diff --git a/proxytunnel.h b/proxytunnel.h index 74547f8..88a5471 100644 --- a/proxytunnel.h +++ b/proxytunnel.h @@ -30,8 +30,10 @@ void analyze_HTTP(PTSTREAM *pts); void proxy_protocol(PTSTREAM *pts); void closeall(); void do_daemon(); +#ifdef SETPROCTITLE void initsetproctitle(int argc, char *argv[]); void setproctitle(const char *fmt, ...); +#endif #if defined(__APPLE__) && defined(__MACH__) /* Don't include strlcat and strlcpy since they are provided as macros on OSX */ From 882a22d80d8b0e08468cce9ecf95fb027f938310 Mon Sep 17 00:00:00 2001 From: zsuper Date: Wed, 14 May 2025 14:41:01 -0700 Subject: [PATCH 23/27] Reverted changes to ntlm.c --- ntlm.c | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/ntlm.c b/ntlm.c index 945fb4c..5159202 100644 --- a/ntlm.c +++ b/ntlm.c @@ -28,7 +28,6 @@ #include "proxytunnel.h" #include #include -#ifdef USE_SSL #if OPENSSL_VERSION_NUMBER >= 0x30000000L #ifdef CYGWIN #include @@ -39,20 +38,17 @@ #include #include #endif -#endif /* USE_SSL */ #define TYPE1_DATA_SEG 8 #define TYPE2_BUF_SIZE 2048 #define DOMAIN_BUFLEN 256 #define LM2_DIGEST_LEN 24 -#ifdef USE_SSL #if OPENSSL_VERSION_NUMBER >= 0x30000000L const EVP_MD *md4alg; const EVP_MD *md5alg; EVP_MD_CTX *mdctx; #endif -#endif /* ifdef USE_SSL */ int ntlm_challenge = 0; void message( char *s, ... ); @@ -77,7 +73,6 @@ uint32_t flags; unsigned char lm2digest[LM2_DIGEST_LEN]; void init_ntlm() { -#ifdef USE_SSL #if OPENSSL_VERSION_NUMBER >= 0x30000000L OSSL_PROVIDER *provider; provider = OSSL_PROVIDER_load(NULL, "default"); @@ -132,7 +127,6 @@ void init_ntlm() { md5alg = EVP_md5(); mdctx = EVP_MD_CTX_new(); #endif -#endif /* ifdef USE_SSL */ } void build_type1() { @@ -314,12 +308,10 @@ unsigned char* key; /* pointer to authentication key */ int key_len; /* length of authentication key */ unsigned char digest[16]; /* caller digest to be filled in */ { -#ifdef USE_SSL #if OPENSSL_VERSION_NUMBER >= 0x30000000L #else MD5_CTX context; #endif -#endif /* ifdef USE_SSL */ unsigned char k_ipad[65]; /* inner padding - key XORd with ipad */ unsigned char k_opad[65]; /* outer padding - key XORd with opad */ unsigned char tk[16]; @@ -327,7 +319,6 @@ unsigned char digest[16]; /* caller digest to be filled in */ /* if key is longer than 64 bytes reset it to key=MD5(key) */ if (key_len > 64) { -#ifdef USE_SSL #if OPENSSL_VERSION_NUMBER >= 0x30000000L EVP_DigestInit_ex(mdctx, md5alg, NULL); EVP_DigestUpdate(mdctx, key, key_len); @@ -337,7 +328,6 @@ unsigned char digest[16]; /* caller digest to be filled in */ MD5_Update(&context, key, key_len); MD5_Final(tk, &context); #endif -#endif /* ifdef USE_SSL */ key = tk; key_len = 16; } @@ -366,7 +356,6 @@ unsigned char digest[16]; /* caller digest to be filled in */ } /* perform inner MD5 */ -#ifdef USE_SSL #if OPENSSL_VERSION_NUMBER >= 0x30000000L EVP_DigestInit_ex(mdctx, md5alg, NULL); /* init context for 1st pass */ EVP_DigestUpdate(mdctx, k_ipad, 64); /* start with inner pad */ @@ -391,18 +380,15 @@ unsigned char digest[16]; /* caller digest to be filled in */ MD5_Update(&context, digest, 16); /* then results of 1st hash */ MD5_Final(digest, &context); /* finish up 2nd pass */ #endif -#endif /* ifdef USE_SSL */ } void build_ntlm2_response() { int i, j; int passlen = 0; -#ifdef USE_SSL #if OPENSSL_VERSION_NUMBER >= 0x30000000L #else MD4_CTX passcontext; #endif -#endif /* ifdef USE_SSL */ unsigned char passdigest[16]; unsigned char *userdom; int userdomlen; @@ -427,7 +413,6 @@ void build_ntlm2_response() { } } -#ifdef USE_SSL #if OPENSSL_VERSION_NUMBER >= 0x30000000L EVP_DigestInit_ex(mdctx, md4alg, NULL); EVP_DigestUpdate(mdctx, unipasswd, passlen); @@ -437,7 +422,6 @@ void build_ntlm2_response() { MD4_Update (&passcontext, unipasswd, passlen); MD4_Final (passdigest, &passcontext); #endif -#endif /* ifdef USE_SSL */ if( args_info.verbose_flag ) { message("NTLM: MD4 of password is: "); From 9203bdfef7994c0089ffba5810c4a22fbf559cd3 Mon Sep 17 00:00:00 2001 From: Sven Geuer <68420948@users.noreply.github.com> Date: Sat, 22 Nov 2025 15:49:53 +0100 Subject: [PATCH 24/27] cmdline.c: Fix check of proxy and destination being given. --- cmdline.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmdline.c b/cmdline.c index 36aafae..7e5db30 100644 --- a/cmdline.c +++ b/cmdline.c @@ -596,7 +596,7 @@ int cmdline_parser( int argc, char * const *argv, struct gengetopt_args_info *ar } } - if (! args_info->proxy_given && ! args_info->dest_given ) { + if (! args_info->proxy_given || ! args_info->dest_given ) { clear_args (); // cmdline_parser_print_help (); message( "No proxy or destination given, exiting\nUse '--help' flag for usage info\n" ); From c43ba13e02465f357e2f2529aa914bb0d8d4e3b3 Mon Sep 17 00:00:00 2001 From: Sven Geuer <68420948@users.noreply.github.com> Date: Sat, 22 Nov 2025 15:52:05 +0100 Subject: [PATCH 25/27] Corrections to the manual page - Drop mentioning of non-existent positional parameter. - Mark -p (or HTTP_PROXY) and -d as mandatory --- docs/proxytunnel.1.adoc | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/docs/proxytunnel.1.adoc b/docs/proxytunnel.1.adoc index e04b4ac..467643d 100644 --- a/docs/proxytunnel.1.adoc +++ b/docs/proxytunnel.1.adoc @@ -6,7 +6,7 @@ proxytunnel - program to tunnel a connection through a standard HTTPS proxy == SYNOPSIS -*proxytunnel* [_OPTION…_] [_host_++:++_port_] +*proxytunnel* [_OPTION…_] == DESCRIPTION @@ -32,15 +32,16 @@ also be used for other proxy-traversing purposes like proxy bouncing. [2001:db8::123:4567:89ab:cdef%eth0]:22 *-p*, *--proxy*=_host_++:++_port_:: - Use _host_ and _port_ as the local proxy to connect to, if not specified - the *HTTP_PROXY* environment variable, if set, will be used instead. + Use _host_ and _port_ as the local (primary) proxy to connect to, if not + specified the *HTTP_PROXY* environment variable, if set, will be used + instead. This option or the environment variable are mandatory. *-r*, *--remproxy*=_host_++:++_port_:: Use _host_ and _port_ as the remote (secondary) proxy to connect to. *-d*, *--dest*=_host_++:++_port_:: - Use _host_ and _port_ as the destination for the tunnel, you can also - specify them as the argument to the proxytunnel command. + Use _host_ and _port_ as the destination for the tunnel. This is a + mandatory option. *-e*, *--encrypt*:: SSL encrypt data between local proxy and destination. From 320ad4be83272cb5620df7d1ebdc000faed9e842 Mon Sep 17 00:00:00 2001 From: Sven Geuer <68420948@users.noreply.github.com> Date: Sat, 22 Nov 2025 19:08:08 +0100 Subject: [PATCH 26/27] More corrections to the manual page - Drop sections "Arguments", it describes the non-existent positional parameter in detail. --- docs/proxytunnel.1.adoc | 7 ------- 1 file changed, 7 deletions(-) diff --git a/docs/proxytunnel.1.adoc b/docs/proxytunnel.1.adoc index 467643d..0e8e6b5 100644 --- a/docs/proxytunnel.1.adoc +++ b/docs/proxytunnel.1.adoc @@ -151,13 +151,6 @@ also be used for other proxy-traversing purposes like proxy bouncing. Print version and exit. -== ARGUMENTS -_host_++:++_port_ is the destination hostname and port number combination. - -NOTE: Specifying the destination as arguments is exactly the same as -specifying them using the *-d* or *--dest* option. - - == USAGE Depending on your situation you might want to do any of the following things: From 7f32a099f92cd6b3d980840a840d9750d0d2cf3a Mon Sep 17 00:00:00 2001 From: Sven Geuer <68420948@users.noreply.github.com> Date: Tue, 9 Dec 2025 16:58:00 +0100 Subject: [PATCH 27/27] Makefile: Fix issue #101 by not emitting '-DSETPROCTITLE' with MSYS2. --- Makefile | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/Makefile b/Makefile index 0aa9db2..a925a89 100644 --- a/Makefile +++ b/Makefile @@ -14,19 +14,19 @@ OPTFLAGS += -DHAVE_GETOPT_LONG # Comment if you don't have/want ssl OPTFLAGS += -DUSE_SSL -# Most systems -OPTFLAGS += -DSETPROCTITLE -DSPT_TYPE=2 - -# System dependant blocks... if your system is listed below, uncomment -# the relevant lines - # MSYS # The current version of gcc from MSYS defines __MSYS__ and __CYGWIN__. # To avoid to change the code, simply define CYGWIN additionally. ifneq ($(filter $(MSYSTEM),MSYS MINGW32 MINGW64 UCRT64),) CFLAGS += -DCYGWIN +else +# Most systems, MSYS definitely not +OPTFLAGS += -DSETPROCTITLE -DSPT_TYPE=2 endif +# System dependant blocks... if your system is listed below, uncomment +# the relevant lines + # OpenBSD #OPTFLAGS += -DHAVE_SYS_PSTAT_H