From b8c6a2127de637c2c41eaf5d9b61c857116690e6 Mon Sep 17 00:00:00 2001
From: rofl0r <retnyg@gmx.net>
Date: Mon, 26 Feb 2018 00:13:58 +0000
Subject: [PATCH] implement user/password auth for socks5 upstream proxy

just like the rest of the socks code, this was stolen from
proxychains-ng, of which i'm happen to be the maintainer of,
so it's not an issue (the licenses are identical, too).
---
 src/reqs.c | 40 +++++++++++++++++++++++++++++++++++++---
 1 file changed, 37 insertions(+), 3 deletions(-)

diff --git a/src/reqs.c b/src/reqs.c
index a71cd47..202f77f 100644
--- a/src/reqs.c
+++ b/src/reqs.c
@@ -1285,9 +1285,15 @@ connect_to_upstream_proxy(struct conn_s *connptr, struct request_s *request)
 	unsigned len;
 	unsigned char buff[512]; /* won't use more than 7 + 255 */
 	unsigned short port;
+	size_t ulen, passlen;
+
 	struct hostent *host;
 	struct upstream *cur_upstream = connptr->upstream_proxy;
 
+	ulen = cur_upstream->ua.user ? strlen(cur_upstream->ua.user) : 0;
+	passlen = cur_upstream->pass ? strlen(cur_upstream->pass) : 0;
+
+
 	log_message(LOG_CONN,
 		    "Established connection to %s proxy \"%s\" using file descriptor %d.",
 		    proxy_type_name(cur_upstream->type), cur_upstream->host, connptr->server_fd);
@@ -1311,15 +1317,43 @@ connect_to_upstream_proxy(struct conn_s *connptr, struct request_s *request)
 	} else if (cur_upstream->type == PT_SOCKS5) {
 
 		/* init */
+		int n_methods = ulen ? 2 : 1;
 		buff[0] = 5; /* socks version */
-		buff[1] = 1; /* number of methods  */
+		buff[1] = n_methods; /* number of methods  */
 		buff[2] = 0; /* no auth method */
-		if (3 != safe_write(connptr->server_fd, buff, 3))
+		if (ulen) buff[3] = 2;  /* auth method -> username / password */
+		if (2+n_methods != safe_write(connptr->server_fd, buff, 2+n_methods))
 			return -1;
 		if (2 != safe_read(connptr->server_fd, buff, 2))
 			return -1;
-		if (buff[0]!=5 || buff[1]!=0)
+		if (buff[0] != 5 || (buff[1] != 0 && buff[1] != 2))
 			return -1;
+
+		if (buff[1] == 2) {
+			/* authentication */
+			char in[2];
+			char out[515];
+			char *cur = out;
+			size_t c;
+			*cur++ = 1;	/* version */
+			c = ulen & 0xFF;
+			*cur++ = c;
+			memcpy(cur, cur_upstream->ua.user, c);
+			cur += c;
+			c = passlen & 0xFF;
+			*cur++ = c;
+			memcpy(cur, cur_upstream->pass, c);
+			cur += c;
+
+			if((cur - out) != safe_write(connptr->server_fd, out, cur - out))
+				return -1;
+
+			if(2 != safe_read(connptr->server_fd, in, 2))
+				return -1;
+			if(in[0] != 5 || in[1] != 0) {
+				return -1;
+			}
+		}
 		/* connect */
 		buff[0] = 5; /* socks version */
 		buff[1] = 1; /* connect */