Merge remote-tracking branch 'tor-github/pr/1056' into maint-0.3.5

changes/bug29670

@@ -0,0 +1,4 @@
+  o Minor bugfixes (configuration, proxies):
+    - Fix a bug that prevented us from supporting SOCKS5 proxies that want
+      authentication along with configued (but unused!)
+      ClientTransportPlugins. Fixes bug 29670; bugfix on 0.2.6.1-alpha.

src/core/mainloop/connection.c

@@ -182,7 +182,7 @@ static const char *connection_proxy_state_to_string(int state);
 static int connection_read_https_proxy_response(connection_t *conn);
 static void connection_send_socks5_connect(connection_t *conn);
 static const char *proxy_type_to_string(int proxy_type);
-static int get_proxy_type(void);
+static int conn_get_proxy_type(const connection_t *conn);
 const tor_addr_t *conn_get_outbound_address(sa_family_t family,
                   const or_options_t *options, unsigned int conn_type);
 static void reenable_blocked_connection_init(const or_options_t *options);
@@ -2260,18 +2260,27 @@ connection_proxy_state_to_string(int state)
   return states[state];
 }
 
-/** Returns the global proxy type used by tor. Use this function for
+/** Returns the proxy type used by tor for a single connection, for
- *  logging or high-level purposes, don't use it to fill the
+ *  logging or high-level purposes. Don't use it to fill the
  *  <b>proxy_type</b> field of or_connection_t; use the actual proxy
  *  protocol instead.*/
 static int
-get_proxy_type(void)
+conn_get_proxy_type(const connection_t *conn)
 {
   const or_options_t *options = get_options();
 
-  if (options->ClientTransportPlugin)
+  if (options->ClientTransportPlugin) {
-    return PROXY_PLUGGABLE;
+    /* If we have plugins configured *and* this addr/port is a known bridge
-  else if (options->HTTPSProxy)
+     * with a transport, then we should be PROXY_PLUGGABLE. */
+    const transport_t *transport = NULL;
+    int r;
+    r = get_transport_by_bridge_addrport(&conn->addr, conn->port, &transport);
+    if (r == 0 && transport)
+      return PROXY_PLUGGABLE;
+  }
+
+  /* In all other cases, we're using a global proxy. */
+  if (options->HTTPSProxy)
     return PROXY_CONNECT;
   else if (options->Socks4Proxy)
     return PROXY_SOCKS4;
@@ -2358,7 +2367,7 @@ connection_proxy_connect(connection_t *conn, int type)
            arguments to transmit. If we do, compress all arguments to
            a single string in 'socks_args_string': */
 
-        if (get_proxy_type() == PROXY_PLUGGABLE) {
+        if (conn_get_proxy_type(conn) == PROXY_PLUGGABLE) {
           socks_args_string =
             pt_get_socks_args_for_proxy_addrport(&conn->addr, conn->port);
           if (socks_args_string)
@@ -2418,7 +2427,7 @@ connection_proxy_connect(connection_t *conn, int type)
          Socks5ProxyUsername or if we want to pass arguments to our
          pluggable transport proxy: */
       if ((options->Socks5ProxyUsername) ||
-          (get_proxy_type() == PROXY_PLUGGABLE &&
+          (conn_get_proxy_type(conn) == PROXY_PLUGGABLE &&
            (get_socks_args_by_bridge_addrport(&conn->addr, conn->port)))) {
       /* number of auth methods */
         buf[1] = 2;
@@ -2611,16 +2620,16 @@ connection_read_proxy_handshake(connection_t *conn)
         const char *user, *pass;
         char *socks_args_string = NULL;
 
-        if (get_proxy_type() == PROXY_PLUGGABLE) {
+        if (conn_get_proxy_type(conn) == PROXY_PLUGGABLE) {
           socks_args_string =
             pt_get_socks_args_for_proxy_addrport(&conn->addr, conn->port);
           if (!socks_args_string) {
-            log_warn(LD_NET, "Could not create SOCKS args string.");
+            log_warn(LD_NET, "Could not create SOCKS args string for PT.");
             ret = -1;
             break;
           }
 
-          log_debug(LD_NET, "SOCKS5 arguments: %s", socks_args_string);
+          log_debug(LD_NET, "PT SOCKS5 arguments: %s", socks_args_string);
           tor_assert(strlen(socks_args_string) > 0);
           tor_assert(strlen(socks_args_string) <= MAX_SOCKS5_AUTH_SIZE_TOTAL);