'[dante-misc] How to configure Dante to ignore wrong socks user authentication and pass?'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       dante-misc
Subject:    [dante-misc] How to configure Dante to ignore wrong socks user authentication and pass?
From:       Patrick Schleizer <patrick-mailinglists () whonix ! org>
Date:       2022-09-26 12:35:10
Message-ID: 7638c2ec-0c53-591e-e39b-763b4874bc64 () whonix ! org
[Download RAW message or body]

For a local-only use case (Dante running locally and only locally
running applications connecting to it), "socksmethod: none /
clientmethod: none" works great.

However, for 1 application that should use Dante socks:

- The application doesn't attempt to negotiate the socks authentication
method to be "none". (curl is more clever here. Even if curl is supposed
to use a username/password, it won't, even if Dante offers socksmethod
"none".) Additionally, even "socksmethod: none username / clientmethod:
none" won't work since the application will always send a socks user name.

- The application uses many "random" different user names. These are
non-existing Linux user accounts, so PAM will report "invalid user".
Therefore Dante will refuse the connection since authentication failed.

- It's not an option to create these user accounts. The desired result
is that Dante simply accepts the authentication without any checks

- It is difficult (time consuming) to modify the application so I didn't
attempt to.

Instead, I hacked sockd/accesscheck.c Dante source code file.

int
accesscheck(s, auth, src, dst, emsg, emsgsize)
   int s;
   authmethod_t *auth;
   const struct sockaddr_storage *src, *dst;
   char *emsg;
   size_t emsgsize;
{
   int match, authresultisfixed;
   match = 1;

   return match;
}

Now it's working. The application chooses "random" socks user names.
Dante accepts the authentication unconditionally. That is the feature /
behavior / option I am looking for.

Questions:

1) Does Dante have a feature "even if a socks user name is given, ignore
it and just accept everything"?

2) If there isn't, could you add this feature please?

3) Would you merge a patch if provided?

Cheers,
Patrick

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic