From c5ab4648776ab415dba7012fd39fe4e7a7c97e33 Mon Sep 17 00:00:00 2001 From: zsuper Date: Tue, 1 Apr 2025 19:27:26 -0700 Subject: [PATCH 01/20] Added basic flake support for x86_64-linux. --- flake.lock | 27 +++++++++++++++++++++++++++ flake.nix | 39 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 66 insertions(+) create mode 100644 flake.lock create mode 100644 flake.nix diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..e0fe2d9 --- /dev/null +++ b/flake.lock @@ -0,0 +1,27 @@ +{ + "nodes": { + "nixpkgs": { + "locked": { + "lastModified": 1743315132, + "narHash": "sha256-6hl6L/tRnwubHcA4pfUUtk542wn2Om+D4UnDhlDW9BE=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "52faf482a3889b7619003c0daec593a1912fddc1", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..fa6fc9e --- /dev/null +++ b/flake.nix @@ -0,0 +1,39 @@ +{ + description = "A flake that provides the proxytunnel command"; + + inputs = { + nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-unstable"; + }; + + outputs = { + self, + nixpkgs, + ... + }: let + # TODO: Check functionality and add support for other architectures. + pkgs = nixpkgs.legacyPackages."x86_64-linux"; + in { + packages.x86_64-linux.default = pkgs.stdenv.mkDerivation { + pname = "proxytunnel"; + + version = "1.0.0"; + + src = ./.; + nativeBuildInputs = [pkgs.gnumake]; + buildInputs = [pkgs.openssl]; + + buildPhase = '' + make + ''; + + installPhase = '' + mkdir -p $out/bin + cp ./proxytunnel $out/bin + ''; + }; + + devShells.x86_64-linux.default = pkgs.mkShell { + packages = [self.packages.x86_64-linux.default]; + }; + }; +} From 20be023202745f67cba98c8f230836e28d1b9568 Mon Sep 17 00:00:00 2001 From: zsuper Date: Tue, 1 Apr 2025 19:58:45 -0700 Subject: [PATCH 02/20] Extended flake so support can easily be added for diff archs in the future --- flake.nix | 53 ++++++++++++++++++++++++++++++++--------------------- 1 file changed, 32 insertions(+), 21 deletions(-) diff --git a/flake.nix b/flake.nix index fa6fc9e..9068cbf 100644 --- a/flake.nix +++ b/flake.nix @@ -11,29 +11,40 @@ ... }: let # TODO: Check functionality and add support for other architectures. - pkgs = nixpkgs.legacyPackages."x86_64-linux"; + supportedSystems = ["x86_64-linux"]; + forAllSystems = nixpkgs.lib.genAttrs supportedSystems; + + mkProxyTunnel = system: let + pkgs = nixpkgs.legacyPackages.${system}; + in + pkgs.stdenv.mkDerivation { + pname = "proxytunnel"; + + version = "1.0.0"; + + src = ./.; + nativeBuildInputs = [pkgs.gnumake]; + buildInputs = [pkgs.openssl]; + + buildPhase = '' + make + ''; + + installPhase = '' + mkdir -p $out/bin + cp ./proxytunnel $out/bin + ''; + }; in { - packages.x86_64-linux.default = pkgs.stdenv.mkDerivation { - pname = "proxytunnel"; + packages = forAllSystems mkProxyTunnel; - version = "1.0.0"; + defaultPackage = forAllSystems (system: self.packages.${system}); - src = ./.; - nativeBuildInputs = [pkgs.gnumake]; - buildInputs = [pkgs.openssl]; - - buildPhase = '' - make - ''; - - installPhase = '' - mkdir -p $out/bin - cp ./proxytunnel $out/bin - ''; - }; - - devShells.x86_64-linux.default = pkgs.mkShell { - packages = [self.packages.x86_64-linux.default]; - }; + devShells = forAllSystems (system: let + pkgs = nixpkgs.legacyPackages.${system}; + in + pkgs.mkShell { + packages = [self.defaultPackage.${system}]; + }); }; } From 3ec1efe42ef895b2bda31b285a31d3f39c15a555 Mon Sep 17 00:00:00 2001 From: zsuper Date: Tue, 1 Apr 2025 23:09:45 -0700 Subject: [PATCH 03/20] Changed flake.nix to use flake-parts for modular arch support. Updated INSTALL.md --- INSTALL.md | 40 ++++++++++++++++++++++++++++++ flake.lock | 48 ++++++++++++++++++++++++++++++------ flake.nix | 71 +++++++++++++++++++++++++----------------------------- 3 files changed, 114 insertions(+), 45 deletions(-) diff --git a/INSTALL.md b/INSTALL.md index 9e2e7fa..c5b6905 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -10,6 +10,46 @@ to build simply run `make` and optionally `make install`. If you manually want to install, copy proxytunnel to /usr/local/bin and optionally the manual-page from the debian-subdirectory to your manpath +# Nix Flakes + +> NOTE: The Nix Flake installation currently only supports the default Makefile flags (i.e. GNU system assumed + SSL enabled). + +A simple Nix Flake is included to allow for use via flake inputs. To create a temporary Nix Shell with access to the `proxytunnel` binary, you can run the command: +```console +nix develop github:proxytunnel/proxytunnel +``` +If you instead want to include it as a flake input, the following `flake.nix` shows how to do so: +```nix +{ + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + + # Add proxytunnel as an input + proxytunnel.url = "github:proxytunnel/proxytunnel"; + }; + + outputs = { + nixpkgs, + proxytunnel, + ... + }: let + system = "x86_64-linux"; + pkgs = import nixpkgs {system = "x86_64-linux";}; + in { + devShells.${system}.default = pkgs.mkShell { + buildInputs = [ + # Make the `proxytunnel` binary available in a Nix Shell + proxytunnel.packages.${system}.default + + # And include any other packages as desired... + pkgs.gcc + pkgs.glibc.dev + ]; + }; + }; +} +``` + # msys2 To install msys2 with [chocolatey](https://chocolatey.org/install): diff --git a/flake.lock b/flake.lock index e0fe2d9..d496322 100644 --- a/flake.lock +++ b/flake.lock @@ -1,23 +1,57 @@ { "nodes": { - "nixpkgs": { + "flake-parts": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib" + }, "locked": { - "lastModified": 1743315132, - "narHash": "sha256-6hl6L/tRnwubHcA4pfUUtk542wn2Om+D4UnDhlDW9BE=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "52faf482a3889b7619003c0daec593a1912fddc1", + "lastModified": 1743550720, + "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "c621e8422220273271f52058f618c94e405bb0f5", "type": "github" }, "original": { - "owner": "nixos", + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1743448293, + "narHash": "sha256-bmEPmSjJakAp/JojZRrUvNcDX2R5/nuX6bm+seVaGhs=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "77b584d61ff80b4cef9245829a6f1dfad5afdfa3", + "type": "github" + }, + "original": { + "owner": "NixOS", "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } }, + "nixpkgs-lib": { + "locked": { + "lastModified": 1743296961, + "narHash": "sha256-b1EdN3cULCqtorQ4QeWgLMrd5ZGOjLSLemfa00heasc=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "e4822aea2a6d1cdd36653c134cacfd64c97ff4fa", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, "root": { "inputs": { + "flake-parts": "flake-parts", "nixpkgs": "nixpkgs" } } diff --git a/flake.nix b/flake.nix index 9068cbf..e83f8ff 100644 --- a/flake.nix +++ b/flake.nix @@ -1,50 +1,45 @@ { - description = "A flake that provides the proxytunnel command"; + description = "Basic flake that provides proxytunnel as a package or as a binary in a nix shell"; inputs = { - nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-unstable"; + flake-parts.url = "github:hercules-ci/flake-parts"; + nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; }; - outputs = { - self, - nixpkgs, - ... - }: let - # TODO: Check functionality and add support for other architectures. - supportedSystems = ["x86_64-linux"]; - forAllSystems = nixpkgs.lib.genAttrs supportedSystems; + outputs = inputs @ {flake-parts, ...}: + flake-parts.lib.mkFlake {inherit inputs;} { + # TODO: Add support for more systems once checked. + # TODO: Maybe add configuration options for toggling Makefile {C/LD/OPT}FLAGS + systems = ["x86_64-linux"]; - mkProxyTunnel = system: let - pkgs = nixpkgs.legacyPackages.${system}; - in - pkgs.stdenv.mkDerivation { - pname = "proxytunnel"; + perSystem = { + config, + pkgs, + ... + }: { + packages.default = config.packages.proxytunnel; - version = "1.0.0"; + packages.proxytunnel = pkgs.stdenv.mkDerivation { + pname = "proxytunnel"; + version = "1.0.0"; + src = ./.; - src = ./.; - nativeBuildInputs = [pkgs.gnumake]; - buildInputs = [pkgs.openssl]; + nativeBuildInputs = [pkgs.gnumake]; + buildInputs = [pkgs.openssl]; - buildPhase = '' - make - ''; + buildPhase = '' + make + ''; - installPhase = '' - mkdir -p $out/bin - cp ./proxytunnel $out/bin - ''; + installPhase = '' + mkdir -p $out/bin + cp ./proxytunnel $out/bin + ''; + }; + + devShells.default = pkgs.mkShell { + packages = [config.packages.default]; + }; }; - in { - packages = forAllSystems mkProxyTunnel; - - defaultPackage = forAllSystems (system: self.packages.${system}); - - devShells = forAllSystems (system: let - pkgs = nixpkgs.legacyPackages.${system}; - in - pkgs.mkShell { - packages = [self.defaultPackage.${system}]; - }); - }; + }; } From 8ab065fca1d6e7b1513cf4251ae5e85864b1d747 Mon Sep 17 00:00:00 2001 From: Piyush Kumbhare <130249145+zSuperx@users.noreply.github.com> Date: Tue, 1 Apr 2025 23:39:13 -0700 Subject: [PATCH 04/20] Update flake.nix version to match github Release v1.12.3 version --- flake.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index e83f8ff..ced1f98 100644 --- a/flake.nix +++ b/flake.nix @@ -21,7 +21,7 @@ packages.proxytunnel = pkgs.stdenv.mkDerivation { pname = "proxytunnel"; - version = "1.0.0"; + version = "1.12.3"; src = ./.; nativeBuildInputs = [pkgs.gnumake]; From 49824201601bde8c9fec8a12f24a167369ab8a96 Mon Sep 17 00:00:00 2001 From: zsuper Date: Thu, 3 Apr 2025 09:46:52 -0700 Subject: [PATCH 05/20] flake overlay test --- flake.lock | 6 +++--- flake.nix | 15 +++++++++++++-- 2 files changed, 16 insertions(+), 5 deletions(-) diff --git a/flake.lock b/flake.lock index d496322..d28337e 100644 --- a/flake.lock +++ b/flake.lock @@ -20,11 +20,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1743448293, - "narHash": "sha256-bmEPmSjJakAp/JojZRrUvNcDX2R5/nuX6bm+seVaGhs=", + "lastModified": 1743583204, + "narHash": "sha256-F7n4+KOIfWrwoQjXrL2wD9RhFYLs2/GGe/MQY1sSdlE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "77b584d61ff80b4cef9245829a6f1dfad5afdfa3", + "rev": "2c8d3f48d33929642c1c12cd243df4cc7d2ce434", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index ced1f98..1d29a2f 100644 --- a/flake.nix +++ b/flake.nix @@ -12,12 +12,17 @@ # TODO: Maybe add configuration options for toggling Makefile {C/LD/OPT}FLAGS systems = ["x86_64-linux"]; + imports = [inputs.flake-parts.flakeModules.easyOverlay]; + perSystem = { config, pkgs, ... }: { - packages.default = config.packages.proxytunnel; + overlayAttrs = { + inherit (config.packages) proxytunnel; + enableSSL = true; + }; packages.proxytunnel = pkgs.stdenv.mkDerivation { pname = "proxytunnel"; @@ -33,10 +38,16 @@ installPhase = '' mkdir -p $out/bin - cp ./proxytunnel $out/bin + cp ./proxytunnel $out/bin/${ + if config.overlayAttrs.enableSSL + then "proxytunnel-yes-ssl" + else "proxytunnel-no-ssl" + } ''; }; + packages.default = config.packages.proxytunnel; + devShells.default = pkgs.mkShell { packages = [config.packages.default]; }; From c4c6caafbb358fcb8c500e967c73fe324216d867 Mon Sep 17 00:00:00 2001 From: zsuper Date: Thu, 3 Apr 2025 11:20:21 -0700 Subject: [PATCH 06/20] use callPackage --- flake.nix | 48 +++++++++++++++++++++++------------------------- 1 file changed, 23 insertions(+), 25 deletions(-) diff --git a/flake.nix b/flake.nix index 1d29a2f..2b8a3bc 100644 --- a/flake.nix +++ b/flake.nix @@ -12,40 +12,38 @@ # TODO: Maybe add configuration options for toggling Makefile {C/LD/OPT}FLAGS systems = ["x86_64-linux"]; - imports = [inputs.flake-parts.flakeModules.easyOverlay]; - perSystem = { config, pkgs, ... }: { - overlayAttrs = { - inherit (config.packages) proxytunnel; - enableSSL = true; - }; + packages.proxytunnel = pkgs.callPackage ( + { + enableSSL ? true, + stdenv, + }: + stdenv.mkDerivation { + pname = "proxytunnel"; + version = "1.12.3"; + src = ./.; - packages.proxytunnel = pkgs.stdenv.mkDerivation { - pname = "proxytunnel"; - version = "1.12.3"; - src = ./.; + nativeBuildInputs = [pkgs.gnumake]; + buildInputs = [pkgs.openssl]; - nativeBuildInputs = [pkgs.gnumake]; - buildInputs = [pkgs.openssl]; + buildPhase = '' + make + ''; - buildPhase = '' - make - ''; - - installPhase = '' - mkdir -p $out/bin - cp ./proxytunnel $out/bin/${ - if config.overlayAttrs.enableSSL - then "proxytunnel-yes-ssl" - else "proxytunnel-no-ssl" + installPhase = '' + mkdir -p $out/bin + cp ./proxytunnel $out/bin/${ + if enableSSL + then "proxytunnel-yes-ssl" + else "proxytunnel-no-ssl" + } + ''; } - ''; - }; - + ) {}; packages.default = config.packages.proxytunnel; devShells.default = pkgs.mkShell { From 5e9a22d035ce7d111a75cad5e0186891b1eb9e9c Mon Sep 17 00:00:00 2001 From: zsuper Date: Thu, 3 Apr 2025 15:17:29 -0700 Subject: [PATCH 07/20] moved package mkDerivation to ./nix/proxytunnel.nix --- flake.nix | 33 ++++++--------------------------- nix/proxytunnel.nix | 31 +++++++++++++++++++++++++++++++ 2 files changed, 37 insertions(+), 27 deletions(-) create mode 100644 nix/proxytunnel.nix diff --git a/flake.nix b/flake.nix index 2b8a3bc..eb73249 100644 --- a/flake.nix +++ b/flake.nix @@ -9,41 +9,20 @@ outputs = inputs @ {flake-parts, ...}: flake-parts.lib.mkFlake {inherit inputs;} { # TODO: Add support for more systems once checked. - # TODO: Maybe add configuration options for toggling Makefile {C/LD/OPT}FLAGS systems = ["x86_64-linux"]; + imports = [inputs.flake-parts.flakeModules.easyOverlay]; + perSystem = { config, pkgs, ... }: { - packages.proxytunnel = pkgs.callPackage ( - { - enableSSL ? true, - stdenv, - }: - stdenv.mkDerivation { - pname = "proxytunnel"; - version = "1.12.3"; - src = ./.; + overlayAttrs = { + inherit (config.packages) proxytunnel; + }; - nativeBuildInputs = [pkgs.gnumake]; - buildInputs = [pkgs.openssl]; - - buildPhase = '' - make - ''; - - installPhase = '' - mkdir -p $out/bin - cp ./proxytunnel $out/bin/${ - if enableSSL - then "proxytunnel-yes-ssl" - else "proxytunnel-no-ssl" - } - ''; - } - ) {}; + packages.proxytunnel = pkgs.callPackage ./nix/proxytunnel.nix {}; packages.default = config.packages.proxytunnel; devShells.default = pkgs.mkShell { diff --git a/nix/proxytunnel.nix b/nix/proxytunnel.nix new file mode 100644 index 0000000..b72c112 --- /dev/null +++ b/nix/proxytunnel.nix @@ -0,0 +1,31 @@ +{ + enableSSL ? true, + set-proc-title ? true, + pkgs, +}: let + optflags = "${ + if enableSSL + then "-DUSE_SSL" + else "" + } ${ + if set-proc-title + then "-DSETPROCTITLE -DSPT_TYPE=2" + else "" + }"; +in + pkgs.stdenv.mkDerivation { + pname = "proxytunnel"; + version = "1.12.3"; + src = ./..; + + buildInputs = [pkgs.openssl]; + + buildPhase = '' + make OPTFLAGS="${optflags}" + ''; + + installPhase = '' + mkdir -p $out/bin + cp ./proxytunnel $out/bin + ''; + } From ad8a6a1c7e93473bcc5a616567a2f4186670119d Mon Sep 17 00:00:00 2001 From: zsuper Date: Thu, 3 Apr 2025 19:43:15 -0700 Subject: [PATCH 08/20] Added options for gnu-systems & setproctitle to flake --- nix/proxytunnel.nix | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/nix/proxytunnel.nix b/nix/proxytunnel.nix index b72c112..7272eec 100644 --- a/nix/proxytunnel.nix +++ b/nix/proxytunnel.nix @@ -1,11 +1,12 @@ { - enableSSL ? true, + gnu-system ? true, set-proc-title ? true, pkgs, }: let - optflags = "${ - if enableSSL - then "-DUSE_SSL" + # TODO: Due to the way the OPENSSL_VERSION_NUMBER macro is checked, the -DUSE_SSL flag is NECESSARY + optflags = "-DUSE_SSL ${ + if gnu-system + then "-DHAVE_GETOPT_LONG" else "" } ${ if set-proc-title From f320f2bf634a0a0e3e08e41f01d83019dad2d24e Mon Sep 17 00:00:00 2001 From: zsuper Date: Thu, 3 Apr 2025 19:50:31 -0700 Subject: [PATCH 09/20] Added preprocessor #ifdef USE_SSL around every instance of OPENSSL_VERSION_NUMBER --- nix/proxytunnel.nix | 9 +++++++-- ntlm.c | 14 ++++++++++++++ 2 files changed, 21 insertions(+), 2 deletions(-) diff --git a/nix/proxytunnel.nix b/nix/proxytunnel.nix index 7272eec..7940719 100644 --- a/nix/proxytunnel.nix +++ b/nix/proxytunnel.nix @@ -1,10 +1,15 @@ { + use-ssl ? true, gnu-system ? true, set-proc-title ? true, pkgs, }: let - # TODO: Due to the way the OPENSSL_VERSION_NUMBER macro is checked, the -DUSE_SSL flag is NECESSARY - optflags = "-DUSE_SSL ${ + optflags = "${ + if use-ssl + then "-DUSE_SSL" + else "" + } + ${ if gnu-system then "-DHAVE_GETOPT_LONG" else "" diff --git a/ntlm.c b/ntlm.c index 5159202..e33c437 100644 --- a/ntlm.c +++ b/ntlm.c @@ -28,6 +28,7 @@ #include "proxytunnel.h" #include #include +#ifdef USE_SSL #if OPENSSL_VERSION_NUMBER >= 0x30000000L #ifdef CYGWIN #include @@ -38,6 +39,7 @@ #include #include #endif +#endif /* USE_SSL */ #define TYPE1_DATA_SEG 8 #define TYPE2_BUF_SIZE 2048 @@ -73,6 +75,7 @@ uint32_t flags; unsigned char lm2digest[LM2_DIGEST_LEN]; void init_ntlm() { +#ifdef USE_SSL #if OPENSSL_VERSION_NUMBER >= 0x30000000L OSSL_PROVIDER *provider; provider = OSSL_PROVIDER_load(NULL, "default"); @@ -127,6 +130,7 @@ void init_ntlm() { md5alg = EVP_md5(); mdctx = EVP_MD_CTX_new(); #endif +#endif /* ifdef USE_SSL */ } void build_type1() { @@ -308,10 +312,12 @@ unsigned char* key; /* pointer to authentication key */ int key_len; /* length of authentication key */ unsigned char digest[16]; /* caller digest to be filled in */ { +#ifdef USE_SSL #if OPENSSL_VERSION_NUMBER >= 0x30000000L #else MD5_CTX context; #endif +#endif /* ifdef USE_SSL */ unsigned char k_ipad[65]; /* inner padding - key XORd with ipad */ unsigned char k_opad[65]; /* outer padding - key XORd with opad */ unsigned char tk[16]; @@ -319,6 +325,7 @@ unsigned char digest[16]; /* caller digest to be filled in */ /* if key is longer than 64 bytes reset it to key=MD5(key) */ if (key_len > 64) { +#ifdef USE_SSL #if OPENSSL_VERSION_NUMBER >= 0x30000000L EVP_DigestInit_ex(mdctx, md5alg, NULL); EVP_DigestUpdate(mdctx, key, key_len); @@ -328,6 +335,7 @@ unsigned char digest[16]; /* caller digest to be filled in */ MD5_Update(&context, key, key_len); MD5_Final(tk, &context); #endif +#endif /* ifdef USE_SSL */ key = tk; key_len = 16; } @@ -356,6 +364,7 @@ unsigned char digest[16]; /* caller digest to be filled in */ } /* perform inner MD5 */ +#ifdef USE_SSL #if OPENSSL_VERSION_NUMBER >= 0x30000000L EVP_DigestInit_ex(mdctx, md5alg, NULL); /* init context for 1st pass */ EVP_DigestUpdate(mdctx, k_ipad, 64); /* start with inner pad */ @@ -380,15 +389,18 @@ unsigned char digest[16]; /* caller digest to be filled in */ MD5_Update(&context, digest, 16); /* then results of 1st hash */ MD5_Final(digest, &context); /* finish up 2nd pass */ #endif +#endif /* ifdef USE_SSL */ } void build_ntlm2_response() { int i, j; int passlen = 0; +#ifdef USE_SSL #if OPENSSL_VERSION_NUMBER >= 0x30000000L #else MD4_CTX passcontext; #endif +#endif /* ifdef USE_SSL */ unsigned char passdigest[16]; unsigned char *userdom; int userdomlen; @@ -413,6 +425,7 @@ void build_ntlm2_response() { } } +#ifdef USE_SSL #if OPENSSL_VERSION_NUMBER >= 0x30000000L EVP_DigestInit_ex(mdctx, md4alg, NULL); EVP_DigestUpdate(mdctx, unipasswd, passlen); @@ -422,6 +435,7 @@ void build_ntlm2_response() { MD4_Update (&passcontext, unipasswd, passlen); MD4_Final (passdigest, &passcontext); #endif +#endif /* ifdef USE_SSL */ if( args_info.verbose_flag ) { message("NTLM: MD4 of password is: "); From 2ef739f7c2c52608fa47b7daa727f28cc7cd22fb Mon Sep 17 00:00:00 2001 From: zsuper Date: Thu, 3 Apr 2025 19:51:48 -0700 Subject: [PATCH 10/20] Fixed formatting issue that caused an error with OPTFLAGS --- nix/proxytunnel.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/nix/proxytunnel.nix b/nix/proxytunnel.nix index 7940719..454eac6 100644 --- a/nix/proxytunnel.nix +++ b/nix/proxytunnel.nix @@ -8,8 +8,7 @@ if use-ssl then "-DUSE_SSL" else "" - } - ${ + } ${ if gnu-system then "-DHAVE_GETOPT_LONG" else "" From 226c45c9698c3b7fa09a7032d1531584100aa5a9 Mon Sep 17 00:00:00 2001 From: zsuper Date: Thu, 3 Apr 2025 20:00:14 -0700 Subject: [PATCH 11/20] Added one more #ifdef for consistency --- ntlm.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ntlm.c b/ntlm.c index e33c437..945fb4c 100644 --- a/ntlm.c +++ b/ntlm.c @@ -46,11 +46,13 @@ #define DOMAIN_BUFLEN 256 #define LM2_DIGEST_LEN 24 +#ifdef USE_SSL #if OPENSSL_VERSION_NUMBER >= 0x30000000L const EVP_MD *md4alg; const EVP_MD *md5alg; EVP_MD_CTX *mdctx; #endif +#endif /* ifdef USE_SSL */ int ntlm_challenge = 0; void message( char *s, ... ); From 2e61c609bb4cd20701796856be679f08ea3bc687 Mon Sep 17 00:00:00 2001 From: zsuper Date: Thu, 3 Apr 2025 21:13:45 -0700 Subject: [PATCH 12/20] Updated INSTALL.md --- INSTALL.md | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/INSTALL.md b/INSTALL.md index c5b6905..2cb85f2 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -34,16 +34,30 @@ If you instead want to include it as a flake input, the following `flake.nix` sh ... }: let system = "x86_64-linux"; - pkgs = import nixpkgs {system = "x86_64-linux";}; + pkgs = import nixpkgs { + system = "x86_64-linux"; + overlays = [ + (_: _: { + # Add an overlay with this line to add proxytunnel's default features to your nixpkgs + proxytunnel = proxytunnel.packages.${system}.default; + + # Add an overlay with this line to override options (i.e. disable SSL support) + proxytunnel = proxytunnel.packages.${system}.default.override { use-ssl = false }; + + # For a full list of override options, see `nix/proxytunnel.nix` + }) + ] + }; in { devShells.${system}.default = pkgs.mkShell { - buildInputs = [ + packages = [ # Make the `proxytunnel` binary available in a Nix Shell proxytunnel.packages.${system}.default # And include any other packages as desired... pkgs.gcc pkgs.glibc.dev + # ... ]; }; }; From 85eeaabe28fb75940314cb7658c25b8705155d8a Mon Sep 17 00:00:00 2001 From: zsuper Date: Thu, 3 Apr 2025 21:29:38 -0700 Subject: [PATCH 13/20] Updated INSTALL.md again --- INSTALL.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/INSTALL.md b/INSTALL.md index 2cb85f2..b3b4918 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -52,7 +52,8 @@ If you instead want to include it as a flake input, the following `flake.nix` sh devShells.${system}.default = pkgs.mkShell { packages = [ # Make the `proxytunnel` binary available in a Nix Shell - proxytunnel.packages.${system}.default + # The above overlay adds it to nixpkgs. Without the overlay, use proxytunnel.packages.${system}.default + pkgs.proxytunnel # And include any other packages as desired... pkgs.gcc From b4ed20677c0986ac42e82c7e7e95c4b3b372bb47 Mon Sep 17 00:00:00 2001 From: zsuper Date: Fri, 4 Apr 2025 09:52:26 -0700 Subject: [PATCH 14/20] Removed use-ssl option as it does not make sense to disable SSL. Also added default overlay updated INSTALL.md with flake overlay --- INSTALL.md | 14 ++++---------- nix/proxytunnel.nix | 7 +------ 2 files changed, 5 insertions(+), 16 deletions(-) diff --git a/INSTALL.md b/INSTALL.md index b3b4918..a7db3fe 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -12,7 +12,7 @@ and optionally the manual-page from the debian-subdirectory to your manpath # Nix Flakes -> NOTE: The Nix Flake installation currently only supports the default Makefile flags (i.e. GNU system assumed + SSL enabled). +> NOTE: The Nix Flake installation currently only supports the `x86_64-linux` platform, and has not been tested on other architectures. A simple Nix Flake is included to allow for use via flake inputs. To create a temporary Nix Shell with access to the `proxytunnel` binary, you can run the command: ```console @@ -37,16 +37,11 @@ If you instead want to include it as a flake input, the following `flake.nix` sh pkgs = import nixpkgs { system = "x86_64-linux"; overlays = [ - (_: _: { - # Add an overlay with this line to add proxytunnel's default features to your nixpkgs - proxytunnel = proxytunnel.packages.${system}.default; - - # Add an overlay with this line to override options (i.e. disable SSL support) - proxytunnel = proxytunnel.packages.${system}.default.override { use-ssl = false }; + # Add proxytunnel's default features to your nixpkgs + proxytunnel = proxytunnel.overlays.default; # For a full list of override options, see `nix/proxytunnel.nix` - }) - ] + ]; }; in { devShells.${system}.default = pkgs.mkShell { @@ -57,7 +52,6 @@ If you instead want to include it as a flake input, the following `flake.nix` sh # And include any other packages as desired... pkgs.gcc - pkgs.glibc.dev # ... ]; }; diff --git a/nix/proxytunnel.nix b/nix/proxytunnel.nix index 454eac6..ad3a010 100644 --- a/nix/proxytunnel.nix +++ b/nix/proxytunnel.nix @@ -1,14 +1,9 @@ { - use-ssl ? true, gnu-system ? true, set-proc-title ? true, pkgs, }: let - optflags = "${ - if use-ssl - then "-DUSE_SSL" - else "" - } ${ + optflags = "-DUSE_SSL ${ if gnu-system then "-DHAVE_GETOPT_LONG" else "" From 77b9afda276f23e7f81776ece1772fa5ea9ab708 Mon Sep 17 00:00:00 2001 From: Mark Janssen -- Sig-I/O Automatisering Date: Wed, 14 May 2025 22:24:24 +0200 Subject: [PATCH 15/20] Fix #96 --- Makefile | 5 ++++- proxytunnel.h | 2 ++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 0f97693..0aa9db2 100644 --- a/Makefile +++ b/Makefile @@ -66,7 +66,6 @@ mandir = $(datadir)/man OBJ = proxytunnel.o \ base64.o \ strzcat.o \ - setproctitle.o \ io.o \ http.o \ basicauth.o \ @@ -77,6 +76,10 @@ OBJ = proxytunnel.o \ ntlm.o \ ptstream.o +ifneq (,$(findstring -DSETPROCTITLE,$(OPTFLAGS))) +OBJ += setproctitle.o +endif + UNAME = $(shell uname) ifneq ($(UNAME),Darwin) OBJ += strlcpy.o \ diff --git a/proxytunnel.h b/proxytunnel.h index 74547f8..88a5471 100644 --- a/proxytunnel.h +++ b/proxytunnel.h @@ -30,8 +30,10 @@ void analyze_HTTP(PTSTREAM *pts); void proxy_protocol(PTSTREAM *pts); void closeall(); void do_daemon(); +#ifdef SETPROCTITLE void initsetproctitle(int argc, char *argv[]); void setproctitle(const char *fmt, ...); +#endif #if defined(__APPLE__) && defined(__MACH__) /* Don't include strlcat and strlcpy since they are provided as macros on OSX */ From 882a22d80d8b0e08468cce9ecf95fb027f938310 Mon Sep 17 00:00:00 2001 From: zsuper Date: Wed, 14 May 2025 14:41:01 -0700 Subject: [PATCH 16/20] Reverted changes to ntlm.c --- ntlm.c | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/ntlm.c b/ntlm.c index 945fb4c..5159202 100644 --- a/ntlm.c +++ b/ntlm.c @@ -28,7 +28,6 @@ #include "proxytunnel.h" #include #include -#ifdef USE_SSL #if OPENSSL_VERSION_NUMBER >= 0x30000000L #ifdef CYGWIN #include @@ -39,20 +38,17 @@ #include #include #endif -#endif /* USE_SSL */ #define TYPE1_DATA_SEG 8 #define TYPE2_BUF_SIZE 2048 #define DOMAIN_BUFLEN 256 #define LM2_DIGEST_LEN 24 -#ifdef USE_SSL #if OPENSSL_VERSION_NUMBER >= 0x30000000L const EVP_MD *md4alg; const EVP_MD *md5alg; EVP_MD_CTX *mdctx; #endif -#endif /* ifdef USE_SSL */ int ntlm_challenge = 0; void message( char *s, ... ); @@ -77,7 +73,6 @@ uint32_t flags; unsigned char lm2digest[LM2_DIGEST_LEN]; void init_ntlm() { -#ifdef USE_SSL #if OPENSSL_VERSION_NUMBER >= 0x30000000L OSSL_PROVIDER *provider; provider = OSSL_PROVIDER_load(NULL, "default"); @@ -132,7 +127,6 @@ void init_ntlm() { md5alg = EVP_md5(); mdctx = EVP_MD_CTX_new(); #endif -#endif /* ifdef USE_SSL */ } void build_type1() { @@ -314,12 +308,10 @@ unsigned char* key; /* pointer to authentication key */ int key_len; /* length of authentication key */ unsigned char digest[16]; /* caller digest to be filled in */ { -#ifdef USE_SSL #if OPENSSL_VERSION_NUMBER >= 0x30000000L #else MD5_CTX context; #endif -#endif /* ifdef USE_SSL */ unsigned char k_ipad[65]; /* inner padding - key XORd with ipad */ unsigned char k_opad[65]; /* outer padding - key XORd with opad */ unsigned char tk[16]; @@ -327,7 +319,6 @@ unsigned char digest[16]; /* caller digest to be filled in */ /* if key is longer than 64 bytes reset it to key=MD5(key) */ if (key_len > 64) { -#ifdef USE_SSL #if OPENSSL_VERSION_NUMBER >= 0x30000000L EVP_DigestInit_ex(mdctx, md5alg, NULL); EVP_DigestUpdate(mdctx, key, key_len); @@ -337,7 +328,6 @@ unsigned char digest[16]; /* caller digest to be filled in */ MD5_Update(&context, key, key_len); MD5_Final(tk, &context); #endif -#endif /* ifdef USE_SSL */ key = tk; key_len = 16; } @@ -366,7 +356,6 @@ unsigned char digest[16]; /* caller digest to be filled in */ } /* perform inner MD5 */ -#ifdef USE_SSL #if OPENSSL_VERSION_NUMBER >= 0x30000000L EVP_DigestInit_ex(mdctx, md5alg, NULL); /* init context for 1st pass */ EVP_DigestUpdate(mdctx, k_ipad, 64); /* start with inner pad */ @@ -391,18 +380,15 @@ unsigned char digest[16]; /* caller digest to be filled in */ MD5_Update(&context, digest, 16); /* then results of 1st hash */ MD5_Final(digest, &context); /* finish up 2nd pass */ #endif -#endif /* ifdef USE_SSL */ } void build_ntlm2_response() { int i, j; int passlen = 0; -#ifdef USE_SSL #if OPENSSL_VERSION_NUMBER >= 0x30000000L #else MD4_CTX passcontext; #endif -#endif /* ifdef USE_SSL */ unsigned char passdigest[16]; unsigned char *userdom; int userdomlen; @@ -427,7 +413,6 @@ void build_ntlm2_response() { } } -#ifdef USE_SSL #if OPENSSL_VERSION_NUMBER >= 0x30000000L EVP_DigestInit_ex(mdctx, md4alg, NULL); EVP_DigestUpdate(mdctx, unipasswd, passlen); @@ -437,7 +422,6 @@ void build_ntlm2_response() { MD4_Update (&passcontext, unipasswd, passlen); MD4_Final (passdigest, &passcontext); #endif -#endif /* ifdef USE_SSL */ if( args_info.verbose_flag ) { message("NTLM: MD4 of password is: "); From 9203bdfef7994c0089ffba5810c4a22fbf559cd3 Mon Sep 17 00:00:00 2001 From: Sven Geuer <68420948@users.noreply.github.com> Date: Sat, 22 Nov 2025 15:49:53 +0100 Subject: [PATCH 17/20] cmdline.c: Fix check of proxy and destination being given. --- cmdline.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmdline.c b/cmdline.c index 36aafae..7e5db30 100644 --- a/cmdline.c +++ b/cmdline.c @@ -596,7 +596,7 @@ int cmdline_parser( int argc, char * const *argv, struct gengetopt_args_info *ar } } - if (! args_info->proxy_given && ! args_info->dest_given ) { + if (! args_info->proxy_given || ! args_info->dest_given ) { clear_args (); // cmdline_parser_print_help (); message( "No proxy or destination given, exiting\nUse '--help' flag for usage info\n" ); From c43ba13e02465f357e2f2529aa914bb0d8d4e3b3 Mon Sep 17 00:00:00 2001 From: Sven Geuer <68420948@users.noreply.github.com> Date: Sat, 22 Nov 2025 15:52:05 +0100 Subject: [PATCH 18/20] Corrections to the manual page - Drop mentioning of non-existent positional parameter. - Mark -p (or HTTP_PROXY) and -d as mandatory --- docs/proxytunnel.1.adoc | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/docs/proxytunnel.1.adoc b/docs/proxytunnel.1.adoc index e04b4ac..467643d 100644 --- a/docs/proxytunnel.1.adoc +++ b/docs/proxytunnel.1.adoc @@ -6,7 +6,7 @@ proxytunnel - program to tunnel a connection through a standard HTTPS proxy == SYNOPSIS -*proxytunnel* [_OPTION…_] [_host_++:++_port_] +*proxytunnel* [_OPTION…_] == DESCRIPTION @@ -32,15 +32,16 @@ also be used for other proxy-traversing purposes like proxy bouncing. [2001:db8::123:4567:89ab:cdef%eth0]:22 *-p*, *--proxy*=_host_++:++_port_:: - Use _host_ and _port_ as the local proxy to connect to, if not specified - the *HTTP_PROXY* environment variable, if set, will be used instead. + Use _host_ and _port_ as the local (primary) proxy to connect to, if not + specified the *HTTP_PROXY* environment variable, if set, will be used + instead. This option or the environment variable are mandatory. *-r*, *--remproxy*=_host_++:++_port_:: Use _host_ and _port_ as the remote (secondary) proxy to connect to. *-d*, *--dest*=_host_++:++_port_:: - Use _host_ and _port_ as the destination for the tunnel, you can also - specify them as the argument to the proxytunnel command. + Use _host_ and _port_ as the destination for the tunnel. This is a + mandatory option. *-e*, *--encrypt*:: SSL encrypt data between local proxy and destination. From 320ad4be83272cb5620df7d1ebdc000faed9e842 Mon Sep 17 00:00:00 2001 From: Sven Geuer <68420948@users.noreply.github.com> Date: Sat, 22 Nov 2025 19:08:08 +0100 Subject: [PATCH 19/20] More corrections to the manual page - Drop sections "Arguments", it describes the non-existent positional parameter in detail. --- docs/proxytunnel.1.adoc | 7 ------- 1 file changed, 7 deletions(-) diff --git a/docs/proxytunnel.1.adoc b/docs/proxytunnel.1.adoc index 467643d..0e8e6b5 100644 --- a/docs/proxytunnel.1.adoc +++ b/docs/proxytunnel.1.adoc @@ -151,13 +151,6 @@ also be used for other proxy-traversing purposes like proxy bouncing. Print version and exit. -== ARGUMENTS -_host_++:++_port_ is the destination hostname and port number combination. - -NOTE: Specifying the destination as arguments is exactly the same as -specifying them using the *-d* or *--dest* option. - - == USAGE Depending on your situation you might want to do any of the following things: From 7f32a099f92cd6b3d980840a840d9750d0d2cf3a Mon Sep 17 00:00:00 2001 From: Sven Geuer <68420948@users.noreply.github.com> Date: Tue, 9 Dec 2025 16:58:00 +0100 Subject: [PATCH 20/20] Makefile: Fix issue #101 by not emitting '-DSETPROCTITLE' with MSYS2. --- Makefile | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/Makefile b/Makefile index 0aa9db2..a925a89 100644 --- a/Makefile +++ b/Makefile @@ -14,19 +14,19 @@ OPTFLAGS += -DHAVE_GETOPT_LONG # Comment if you don't have/want ssl OPTFLAGS += -DUSE_SSL -# Most systems -OPTFLAGS += -DSETPROCTITLE -DSPT_TYPE=2 - -# System dependant blocks... if your system is listed below, uncomment -# the relevant lines - # MSYS # The current version of gcc from MSYS defines __MSYS__ and __CYGWIN__. # To avoid to change the code, simply define CYGWIN additionally. ifneq ($(filter $(MSYSTEM),MSYS MINGW32 MINGW64 UCRT64),) CFLAGS += -DCYGWIN +else +# Most systems, MSYS definitely not +OPTFLAGS += -DSETPROCTITLE -DSPT_TYPE=2 endif +# System dependant blocks... if your system is listed below, uncomment +# the relevant lines + # OpenBSD #OPTFLAGS += -DHAVE_SYS_PSTAT_H