1 files changed, 215 insertions, 55 deletions
diff --git a/test/lisp/net/socks-tests.el b/test/lisp/net/socks-tests.el
index b378ed2964e..340a42d79cc 100644
--- a/test/lisp/net/socks-tests.el
+++ b/test/lisp/net/socks-tests.el
@@ -21,68 +21,151 @@
 ;;; Code:
+(require 'ert)
 (require 'socks)
 (require 'url-http)
-(defvar socks-tests-canned-server-port nil)
+(ert-deftest socks-tests-auth-registration-and-suite-offer ()
+  (ert-info ("Default favors user/pass auth")
+    (should (equal socks-authentication-methods
+                   '((2 "Username/Password" . socks-username/password-auth)
+                     (0 "No authentication" . identity))))
+    (should (equal "\2\0\2" (socks-build-auth-list)))) ; length [offer ...]
+  (let (socks-authentication-methods)
+    (ert-info ("Empty selection/no methods offered")
+      (should (equal "\0" (socks-build-auth-list))))
+    (ert-info ("Simulate library defaults")
+      (socks-register-authentication-method 0 "No authentication"
+                                            'identity)
+      (should (equal socks-authentication-methods
+                     '((0 "No authentication" . identity))))
+      (should (equal "\1\0" (socks-build-auth-list)))
+      (socks-register-authentication-method 2 "Username/Password"
+                                            'socks-username/password-auth)
+      (should (equal socks-authentication-methods
+                     '((2 "Username/Password" . socks-username/password-auth)
+                       (0 "No authentication" . identity))))
+      (should (equal "\2\0\2" (socks-build-auth-list))))
+    (ert-info ("Removal")
+      (socks-unregister-authentication-method 2)
+      (should (equal socks-authentication-methods
+                     '((0 "No authentication" . identity))))
+      (should (equal "\1\0" (socks-build-auth-list)))
+      (socks-unregister-authentication-method 0)
+      (should-not socks-authentication-methods)
+      (should (equal "\0" (socks-build-auth-list))))))
-(defun socks-tests-canned-server-create (verbatim patterns)
+(ert-deftest socks-tests-filter-response-parsing-v4 ()
-  "Create a fake SOCKS server and return the process.
+  "Ensure new chunks added on right (Bug#45162)."
+  (let* ((buf (generate-new-buffer "*test-socks-filter*"))
+         (proc (start-process "test-socks-filter" buf "sleep" "1")))
+    (process-put proc 'socks t)
+    (process-put proc 'socks-state socks-state-waiting)
+    (process-put proc 'socks-server-protocol 4)
+    (ert-info ("Receive initial incomplete segment")
+      (socks-filter proc (concat [0 90 0 0 93 184 216]))
+      ;; From example.com: OK status ^      ^ msg start
+      (ert-info ("State still set to waiting")
+        (should (eq (process-get proc 'socks-state) socks-state-waiting)))
+      (ert-info ("Response field is nil because processing incomplete")
+        (should-not (process-get proc 'socks-response)))
+      (ert-info ("Scratch field holds stashed partial payload")
+        (should (string= (concat [0 90 0 0 93 184 216])
+                         (process-get proc 'socks-scratch)))))
+    (ert-info ("Last part arrives")
+      (socks-filter proc "\42") ; ?\" 34
+      (ert-info ("State transitions to complete (length check passes)")
+        (should (eq (process-get proc 'socks-state) socks-state-connected)))
+      (ert-info ("Scratch and response fields hold stash w. last chunk")
+        (should (string= (concat [0 90 0 0 93 184 216 34])
+                         (process-get proc 'socks-response)))
+        (should (string= (process-get proc 'socks-response)
+                         (process-get proc 'socks-scratch)))))
+    (delete-process proc)
+    (kill-buffer buf)))
-`VERBATIM' and `PATTERNS' are dotted alists containing responses.
+(ert-deftest socks-tests-filter-response-parsing-v5 ()
-Requests are tried in order.  On failure, an error is raised."
+  "Ensure new chunks added on right (Bug#45162)."
-  (let* ((buf (generate-new-buffer "*canned-socks-server*"))
+  (let* ((buf (generate-new-buffer "*test-socks-filter*"))
+         (proc (start-process "test-socks-filter" buf "sleep" "1")))
+    (process-put proc 'socks t)
+    (process-put proc 'socks-state socks-state-waiting)
+    (process-put proc 'socks-server-protocol 5)
+    (ert-info ("Receive initial incomplete segment")
+      ;; From fedora.org: 2605:bc80:3010:600:dead:beef:cafe:fed9
+      ;; 5004 ~~> Version Status (OK) NOOP Addr-Type (4 -> IPv6)
+      (socks-filter proc "\5\0\0\4\x26\x05\xbc\x80\x30\x10\x00\x60")
+      (ert-info ("State still waiting and response emtpy")
+        (should (eq (process-get proc 'socks-state) socks-state-waiting))
+        (should-not (process-get proc 'socks-response)))
+      (ert-info ("Scratch field holds partial payload of pending msg")
+        (should (string= "\5\0\0\4\x26\x05\xbc\x80\x30\x10\x00\x60"
+                         (process-get proc 'socks-scratch)))))
+    (ert-info ("Middle chunk arrives")
+      (socks-filter proc "\xde\xad\xbe\xef\xca\xfe\xfe\xd9")
+      (ert-info ("State and response fields still untouched")
+        (should (eq (process-get proc 'socks-state) socks-state-waiting))
+        (should-not (process-get proc 'socks-response)))
+      (ert-info ("Scratch contains new arrival appended (on RHS)")
+        (should (string=  (concat "\5\0\0\4"
+                                  "\x26\x05\xbc\x80\x30\x10\x00\x60"
+                                  "\xde\xad\xbe\xef\xca\xfe\xfe\xd9")
+                          (process-get proc 'socks-scratch)))))
+    (ert-info ("Final part arrives (port number)")
+      (socks-filter proc "\0\0")
+      (ert-info ("State transitions to complete")
+        (should (eq (process-get proc 'socks-state) socks-state-connected)))
+      (ert-info ("Scratch and response fields show last chunk appended")
+        (should (string=  (concat "\5\0\0\4"
+                                  "\x26\x05\xbc\x80\x30\x10\x00\x60"
+                                  "\xde\xad\xbe\xef\xca\xfe\xfe\xd9"
+                                  "\0\0")
+                          (process-get proc 'socks-scratch)))
+        (should (string= (process-get proc 'socks-response)
+                         (process-get proc 'socks-scratch)))))
+    (delete-process proc)
+    (kill-buffer buf)))
+(defvar socks-tests-canned-server-patterns nil
+  "Alist containing request/response cons pairs to be tried in order.
+Vectors must match verbatim. Strings are considered regex patterns.")
+(defun socks-tests-canned-server-create ()
+  "Create and return a fake SOCKS server."
+  (let* ((port (nth 2 socks-server))
+         (name (format "socks-server:%d" port))
+         (pats socks-tests-canned-server-patterns)
         (filt (lambda (proc line)
-                 (let ((resp (or (assoc-default line verbatim
+                 (pcase-let ((`(,pat . ,resp) (pop pats)))
-                                                (lambda (k s) ; s is line
+                   (unless (or (and (vectorp pat) (equal pat (vconcat line)))
-                                                  (string= (concat k) s)))
+                               (string-match-p pat line))
-                                 (assoc-default line patterns
-                                                (lambda (p s)
-                                                  (string-match-p p s))))))
-                   (unless resp
                     (error "Unknown request: %s" line))
                   (let ((print-escape-control-characters t))
-                     (princ (format "<- %s\n" (prin1-to-string line)) buf)
+                     (message "[%s] <- %s" name (prin1-to-string line))
-                     (princ (format "-> %s\n" (prin1-to-string resp)) buf))
+                     (message "[%s] -> %s" name (prin1-to-string resp)))
                   (process-send-string proc (concat resp)))))
-         (srv (make-network-process :server 1
+         (serv (make-network-process :server 1
-                                    :buffer buf
+                                     :buffer (get-buffer-create name)
-                                    :filter filt
+                                     :filter filt
-                                    :name "server"
+                                     :name name
-                                    :family 'ipv4
+                                     :family 'ipv4
-                                    :host 'local
+                                     :host 'local
-                                    :service socks-tests-canned-server-port)))
+                                     :coding 'binary
-    (set-process-query-on-exit-flag srv nil)
+                                     :service port)))
-    (princ (format "[%s] Listening on localhost:10080\n" srv) buf)
+    (set-process-query-on-exit-flag serv nil)
-    srv))
+    serv))
-;; Add ([5 3 0 1 2] . [5 2]) to the `verbatim' list below to validate
-;; against curl 7.71 with the following options:
-;; $ curl --verbose -U foo:bar --proxy socks5h://127.0.0.1:10080 example.com
-;;
-;; If later implementing version 4a, try these:
-;; [4 1 0 80 0 0 0 1 0 ?e ?x ?a ?m ?p ?l ?e ?. ?c ?o ?m 0] . [0 90 0 0 0 0 0 0]
-;; $ curl --verbose --proxy socks4a://127.0.0.1:10080 example.com
-(ert-deftest socks-tests-auth-filter-url-http ()
+(defvar socks-tests--hello-world-http-request-pattern
-  "Verify correct handling of SOCKS5 user/pass authentication."
+  (cons "^GET /" (concat "HTTP/1.1 200 OK\r\n"
-  (let* ((socks-server '("server" "127.0.0.1" 10080 5))
+                         "Content-Type: text/plain\r\n"
-         (socks-username "foo")
+                         "Content-Length: 13\r\n\r\n"
-         (socks-password "bar")
+                         "Hello World!\n")))
-         (url-gateway-method 'socks)
+(defun socks-tests-perform-hello-world-http-request ()
+  "Start canned server, validate hello-world response, and finalize."
+  (let* ((url-gateway-method 'socks)
         (url (url-generic-parse-url "http://example.com"))
-         (verbatim '(([5 2 0 2] . [5 2])
+         (server (socks-tests-canned-server-create))
-                     ([1 3 ?f ?o ?o 3 ?b ?a ?r] . [1 0])
-                     ([5 1 0 3 11 ?e ?x ?a ?m ?p ?l ?e ?. ?c ?o ?m 0 80]
-                      . [5 0 0 1 0 0 0 0 0 0])))
-         (patterns
-          `(("^GET /" . ,(concat "HTTP/1.1 200 OK\r\n"
-                                 "Content-Type: text/plain; charset=UTF-8\r\n"
-                                 "Content-Length: 13\r\n\r\n"
-                                 "Hello World!\n"))))
-         (socks-tests-canned-server-port 10080)
-         (server (socks-tests-canned-server-create verbatim patterns))
-         (tries 10)
         ;;
         done
         ;;
@@ -90,14 +173,91 @@ Requests are tried in order.  On failure, an error is raised."
               (goto-char (point-min))
               (should (search-forward "Hello World" nil t))
               (setq done t)))
-         (buf (url-http url cb '(nil))))
+         (buf (url-http url cb '(nil)))
-    (ert-info ("Connect to HTTP endpoint over SOCKS5 with USER/PASS method")
+         (proc (get-buffer-process buf))
-      (while (and (not done) (< 0 (cl-decf tries))) ; cl-lib via url-http
+         (attempts 10))
-        (sleep-for 0.1)))
+    (while (and (not done) (< 0 (cl-decf attempts)))
+      (sleep-for 0.1))
    (should done)
    (delete-process server)
+    (delete-process proc) ; otherwise seems client proc is sometimes reused
    (kill-buffer (process-buffer server))
    (kill-buffer buf)
    (ignore url-gateway-method)))
+;; Replace first pattern below with ([5 3 0 1 2] . [5 2]) to validate
+;; against curl 7.71 with the following options:
+;; $ curl --verbose -U foo:bar --proxy socks5h://127.0.0.1:10080 example.com
+(ert-deftest socks-tests-v5-auth-user-pass ()
+  "Verify correct handling of SOCKS5 user/pass authentication."
+  (should (assq 2 socks-authentication-methods))
+  (let ((socks-server '("server" "127.0.0.1" 10080 5))
+        (socks-username "foo")
+        (socks-password "bar")
+        (url-user-agent "Test/auth-user-pass")
+        (socks-tests-canned-server-patterns
+         `(([5 2 0 2] . [5 2])
+           ([1 3 ?f ?o ?o 3 ?b ?a ?r] . [1 0])
+           ([5 1 0 3 11 ?e ?x ?a ?m ?p ?l ?e ?. ?c ?o ?m 0 80]
+            . [5 0 0 1 0 0 0 0 0 0])
+           ,socks-tests--hello-world-http-request-pattern)))
+    (ert-info ("Make HTTP request over SOCKS5 with USER/PASS auth method")
+      (socks-tests-perform-hello-world-http-request))))
+;; Services (like Tor) may be configured without auth but for some
+;; reason still prefer the user/pass method over none when offered both.
+;; Given this library's defaults, the scenario below is possible.
+;;
+;; FYI: RFC 1929 doesn't say that a username or password is required
+;; but notes that the length of both fields should be at least one.
+;; However, both socks.el and curl send zero-length fields (though
+;; curl drops the user part too when the password is empty).
+;;
+;; From Tor's docs /socks-extensions.txt, 1.1 Extent of support:
+;; > We allow username/password fields of this message to be empty ...
+;; line 41 in blob 5fd1f828f3e9d014f7b65fa3bd1d33c39e4129e2
+;; https://gitweb.torproject.org/torspec.git/tree/socks-extensions.txt
+;;
+;; To verify against curl 7.71, swap out the first two pattern pairs
+;; with ([5 3 0 1 2] . [5 2]) and ([1 0 0] . [1 0]), then run:
+;; $ curl verbose -U "foo:" --proxy socks5h://127.0.0.1:10081 example.com
+(ert-deftest socks-tests-v5-auth-user-pass-blank ()
+  "Verify correct SOCKS5 user/pass authentication with empty pass."
+  (should (assq 2 socks-authentication-methods))
+  (let ((socks-server '("server" "127.0.0.1" 10081 5))
+        (socks-username "foo") ; defaults to (user-login-name)
+        (socks-password "") ; simulate user hitting enter when prompted
+        (url-user-agent "Test/auth-user-pass-blank")
+        (socks-tests-canned-server-patterns
+         `(([5 2 0 2] . [5 2])
+           ([1 3 ?f ?o ?o 0] . [1 0])
+           ([5 1 0 3 11 ?e ?x ?a ?m ?p ?l ?e ?. ?c ?o ?m 0 80]
+            . [5 0 0 1 0 0 0 0 0 0])
+           ,socks-tests--hello-world-http-request-pattern)))
+    (ert-info ("Make HTTP request over SOCKS5 with USER/PASS auth method")
+      (socks-tests-perform-hello-world-http-request))))
+;; Swap out ([5 2 0 1] . [5 0]) with the first pattern below to validate
+;; against curl 7.71 with the following options:
+;; $ curl --verbose --proxy socks5h://127.0.0.1:10082 example.com
+(ert-deftest socks-tests-v5-auth-none ()
+  "Verify correct handling of SOCKS5 when auth method 0 requested."
+  (let ((socks-server '("server" "127.0.0.1" 10082 5))
+        (socks-authentication-methods (append socks-authentication-methods
+                                              nil))
+        (url-user-agent "Test/auth-none")
+        (socks-tests-canned-server-patterns
+         `(([5 1 0] . [5 0])
+           ([5 1 0 3 11 ?e ?x ?a ?m ?p ?l ?e ?. ?c ?o ?m 0 80]
+            . [5 0 0 1 0 0 0 0 0 0])
+           ,socks-tests--hello-world-http-request-pattern)))
+    (socks-unregister-authentication-method 2)
+    (should-not (assq 2 socks-authentication-methods))
+    (ert-info ("Make HTTP request over SOCKS5 with no auth method")
+      (socks-tests-perform-hello-world-http-request)))
+  (should (assq 2 socks-authentication-methods)))
 ;;; socks-tests.el ends here

diff --git a/test/lisp/net/socks-tests.el b/test/lisp/net/socks-tests.el index b378ed2964e..340a42d79cc 100644 --- a/test/lisp/net/socks-tests.el +++ b/test/lisp/net/socks-tests.el
@@ -21,68 +21,151 @@
21		21
22	;;; Code:	22	;;; Code:
23		23
		24	(require 'ert)
24	(require 'socks)	25	(require 'socks)
25	(require 'url-http)	26	(require 'url-http)
26		27
27	(defvar socks-tests-canned-server-port nil)	28	(ert-deftest socks-tests-auth-registration-and-suite-offer ()
		29	(ert-info ("Default favors user/pass auth")
		30	(should (equal socks-authentication-methods
		31	'((2 "Username/Password" . socks-username/password-auth)
		32	(0 "No authentication" . identity))))
		33	(should (equal "\2\0\2" (socks-build-auth-list)))) ; length [offer ...]
		34	(let (socks-authentication-methods)
		35	(ert-info ("Empty selection/no methods offered")
		36	(should (equal "\0" (socks-build-auth-list))))
		37	(ert-info ("Simulate library defaults")
		38	(socks-register-authentication-method 0 "No authentication"
		39	'identity)
		40	(should (equal socks-authentication-methods
		41	'((0 "No authentication" . identity))))
		42	(should (equal "\1\0" (socks-build-auth-list)))
		43	(socks-register-authentication-method 2 "Username/Password"
		44	'socks-username/password-auth)
		45	(should (equal socks-authentication-methods
		46	'((2 "Username/Password" . socks-username/password-auth)
		47	(0 "No authentication" . identity))))
		48	(should (equal "\2\0\2" (socks-build-auth-list))))
		49	(ert-info ("Removal")
		50	(socks-unregister-authentication-method 2)
		51	(should (equal socks-authentication-methods
		52	'((0 "No authentication" . identity))))
		53	(should (equal "\1\0" (socks-build-auth-list)))
		54	(socks-unregister-authentication-method 0)
		55	(should-not socks-authentication-methods)
		56	(should (equal "\0" (socks-build-auth-list))))))
28		57
29	(defun socks-tests-canned-server-create (verbatim patterns)	58	(ert-deftest socks-tests-filter-response-parsing-v4 ()
30	"Create a fake SOCKS server and return the process.	59	"Ensure new chunks added on right (Bug#45162)."
		60	(let* ((buf (generate-new-buffer "test-socks-filter"))
		61	(proc (start-process "test-socks-filter" buf "sleep" "1")))
		62	(process-put proc 'socks t)
		63	(process-put proc 'socks-state socks-state-waiting)
		64	(process-put proc 'socks-server-protocol 4)
		65	(ert-info ("Receive initial incomplete segment")
		66	(socks-filter proc (concat [0 90 0 0 93 184 216]))
		67	;; From example.com: OK status ^ ^ msg start
		68	(ert-info ("State still set to waiting")
		69	(should (eq (process-get proc 'socks-state) socks-state-waiting)))
		70	(ert-info ("Response field is nil because processing incomplete")
		71	(should-not (process-get proc 'socks-response)))
		72	(ert-info ("Scratch field holds stashed partial payload")
		73	(should (string= (concat [0 90 0 0 93 184 216])
		74	(process-get proc 'socks-scratch)))))
		75	(ert-info ("Last part arrives")
		76	(socks-filter proc "\42") ; ?\" 34
		77	(ert-info ("State transitions to complete (length check passes)")
		78	(should (eq (process-get proc 'socks-state) socks-state-connected)))
		79	(ert-info ("Scratch and response fields hold stash w. last chunk")
		80	(should (string= (concat [0 90 0 0 93 184 216 34])
		81	(process-get proc 'socks-response)))
		82	(should (string= (process-get proc 'socks-response)
		83	(process-get proc 'socks-scratch)))))
		84	(delete-process proc)
		85	(kill-buffer buf)))
31		86
32	`VERBATIM' and `PATTERNS' are dotted alists containing responses.	87	(ert-deftest socks-tests-filter-response-parsing-v5 ()
33	Requests are tried in order. On failure, an error is raised."	88	"Ensure new chunks added on right (Bug#45162)."
34	(let* ((buf (generate-new-buffer "canned-socks-server"))	89	(let* ((buf (generate-new-buffer "test-socks-filter"))
		90	(proc (start-process "test-socks-filter" buf "sleep" "1")))
		91	(process-put proc 'socks t)
		92	(process-put proc 'socks-state socks-state-waiting)
		93	(process-put proc 'socks-server-protocol 5)
		94	(ert-info ("Receive initial incomplete segment")
		95	;; From fedora.org: 2605:bc80:3010:600:dead:beef:cafe:fed9
		96	;; 5004 ~~> Version Status (OK) NOOP Addr-Type (4 -> IPv6)
		97	(socks-filter proc "\5\0\0\4\x26\x05\xbc\x80\x30\x10\x00\x60")
		98	(ert-info ("State still waiting and response emtpy")
		99	(should (eq (process-get proc 'socks-state) socks-state-waiting))
		100	(should-not (process-get proc 'socks-response)))
		101	(ert-info ("Scratch field holds partial payload of pending msg")
		102	(should (string= "\5\0\0\4\x26\x05\xbc\x80\x30\x10\x00\x60"
		103	(process-get proc 'socks-scratch)))))
		104	(ert-info ("Middle chunk arrives")
		105	(socks-filter proc "\xde\xad\xbe\xef\xca\xfe\xfe\xd9")
		106	(ert-info ("State and response fields still untouched")
		107	(should (eq (process-get proc 'socks-state) socks-state-waiting))
		108	(should-not (process-get proc 'socks-response)))
		109	(ert-info ("Scratch contains new arrival appended (on RHS)")
		110	(should (string= (concat "\5\0\0\4"
		111	"\x26\x05\xbc\x80\x30\x10\x00\x60"
		112	"\xde\xad\xbe\xef\xca\xfe\xfe\xd9")
		113	(process-get proc 'socks-scratch)))))
		114	(ert-info ("Final part arrives (port number)")
		115	(socks-filter proc "\0\0")
		116	(ert-info ("State transitions to complete")
		117	(should (eq (process-get proc 'socks-state) socks-state-connected)))
		118	(ert-info ("Scratch and response fields show last chunk appended")
		119	(should (string= (concat "\5\0\0\4"
		120	"\x26\x05\xbc\x80\x30\x10\x00\x60"
		121	"\xde\xad\xbe\xef\xca\xfe\xfe\xd9"
		122	"\0\0")
		123	(process-get proc 'socks-scratch)))
		124	(should (string= (process-get proc 'socks-response)
		125	(process-get proc 'socks-scratch)))))
		126	(delete-process proc)
		127	(kill-buffer buf)))
		128
		129	(defvar socks-tests-canned-server-patterns nil
		130	"Alist containing request/response cons pairs to be tried in order.
		131	Vectors must match verbatim. Strings are considered regex patterns.")
		132
		133	(defun socks-tests-canned-server-create ()
		134	"Create and return a fake SOCKS server."
		135	(let* ((port (nth 2 socks-server))
		136	(name (format "socks-server:%d" port))
		137	(pats socks-tests-canned-server-patterns)
35	(filt (lambda (proc line)	138	(filt (lambda (proc line)
36	(let ((resp (or (assoc-default line verbatim	139	(pcase-let ((`(,pat . ,resp) (pop pats)))
37	(lambda (k s) ; s is line	140	(unless (or (and (vectorp pat) (equal pat (vconcat line)))
38	(string= (concat k) s)))	141	(string-match-p pat line))
39	(assoc-default line patterns
40	(lambda (p s)
41	(string-match-p p s))))))
42	(unless resp
43	(error "Unknown request: %s" line))	142	(error "Unknown request: %s" line))
44	(let ((print-escape-control-characters t))	143	(let ((print-escape-control-characters t))
45	(princ (format "<- %s\n" (prin1-to-string line)) buf)	144	(message "[%s] <- %s" name (prin1-to-string line))
46	(princ (format "-> %s\n" (prin1-to-string resp)) buf))	145	(message "[%s] -> %s" name (prin1-to-string resp)))
47	(process-send-string proc (concat resp)))))	146	(process-send-string proc (concat resp)))))
48	(srv (make-network-process :server 1	147	(serv (make-network-process :server 1
49	:buffer buf	148	:buffer (get-buffer-create name)
50	:filter filt	149	:filter filt
51	:name "server"	150	:name name
52	:family 'ipv4	151	:family 'ipv4
53	:host 'local	152	:host 'local
54	:service socks-tests-canned-server-port)))	153	:coding 'binary
55	(set-process-query-on-exit-flag srv nil)	154	:service port)))
56	(princ (format "[%s] Listening on localhost:10080\n" srv) buf)	155	(set-process-query-on-exit-flag serv nil)
57	srv))	156	serv))
58
59	;; Add ([5 3 0 1 2] . [5 2]) to the `verbatim' list below to validate
60	;; against curl 7.71 with the following options:
61	;; $ curl --verbose -U foo:bar --proxy socks5h://127.0.0.1:10080 example.com
62	;;
63	;; If later implementing version 4a, try these:
64	;; [4 1 0 80 0 0 0 1 0 ?e ?x ?a ?m ?p ?l ?e ?. ?c ?o ?m 0] . [0 90 0 0 0 0 0 0]
65	;; $ curl --verbose --proxy socks4a://127.0.0.1:10080 example.com
66		157
67	(ert-deftest socks-tests-auth-filter-url-http ()	158	(defvar socks-tests--hello-world-http-request-pattern
68	"Verify correct handling of SOCKS5 user/pass authentication."	159	(cons "^GET /" (concat "HTTP/1.1 200 OK\r\n"
69	(let* ((socks-server '("server" "127.0.0.1" 10080 5))	160	"Content-Type: text/plain\r\n"
70	(socks-username "foo")	161	"Content-Length: 13\r\n\r\n"
71	(socks-password "bar")	162	"Hello World!\n")))
72	(url-gateway-method 'socks)	163
		164	(defun socks-tests-perform-hello-world-http-request ()
		165	"Start canned server, validate hello-world response, and finalize."
		166	(let* ((url-gateway-method 'socks)
73	(url (url-generic-parse-url "http://example.com"))	167	(url (url-generic-parse-url "http://example.com"))
74	(verbatim '(([5 2 0 2] . [5 2])	168	(server (socks-tests-canned-server-create))
75	([1 3 ?f ?o ?o 3 ?b ?a ?r] . [1 0])
76	([5 1 0 3 11 ?e ?x ?a ?m ?p ?l ?e ?. ?c ?o ?m 0 80]
77	. [5 0 0 1 0 0 0 0 0 0])))
78	(patterns
79	`(("^GET /" . ,(concat "HTTP/1.1 200 OK\r\n"
80	"Content-Type: text/plain; charset=UTF-8\r\n"
81	"Content-Length: 13\r\n\r\n"
82	"Hello World!\n"))))
83	(socks-tests-canned-server-port 10080)
84	(server (socks-tests-canned-server-create verbatim patterns))
85	(tries 10)
86	;;	169	;;
87	done	170	done
88	;;	171	;;
@@ -90,14 +173,91 @@ Requests are tried in order. On failure, an error is raised."
90	(goto-char (point-min))	173	(goto-char (point-min))
91	(should (search-forward "Hello World" nil t))	174	(should (search-forward "Hello World" nil t))
92	(setq done t)))	175	(setq done t)))
93	(buf (url-http url cb '(nil))))	176	(buf (url-http url cb '(nil)))
94	(ert-info ("Connect to HTTP endpoint over SOCKS5 with USER/PASS method")	177	(proc (get-buffer-process buf))
95	(while (and (not done) (< 0 (cl-decf tries))) ; cl-lib via url-http	178	(attempts 10))
96	(sleep-for 0.1)))	179	(while (and (not done) (< 0 (cl-decf attempts)))
		180	(sleep-for 0.1))
97	(should done)	181	(should done)
98	(delete-process server)	182	(delete-process server)
		183	(delete-process proc) ; otherwise seems client proc is sometimes reused
99	(kill-buffer (process-buffer server))	184	(kill-buffer (process-buffer server))
100	(kill-buffer buf)	185	(kill-buffer buf)
101	(ignore url-gateway-method)))	186	(ignore url-gateway-method)))
102		187
		188	;; Replace first pattern below with ([5 3 0 1 2] . [5 2]) to validate
		189	;; against curl 7.71 with the following options:
		190	;; $ curl --verbose -U foo:bar --proxy socks5h://127.0.0.1:10080 example.com
		191
		192	(ert-deftest socks-tests-v5-auth-user-pass ()
		193	"Verify correct handling of SOCKS5 user/pass authentication."
		194	(should (assq 2 socks-authentication-methods))
		195	(let ((socks-server '("server" "127.0.0.1" 10080 5))
		196	(socks-username "foo")
		197	(socks-password "bar")
		198	(url-user-agent "Test/auth-user-pass")
		199	(socks-tests-canned-server-patterns
		200	`(([5 2 0 2] . [5 2])
		201	([1 3 ?f ?o ?o 3 ?b ?a ?r] . [1 0])
		202	([5 1 0 3 11 ?e ?x ?a ?m ?p ?l ?e ?. ?c ?o ?m 0 80]
		203	. [5 0 0 1 0 0 0 0 0 0])
		204	,socks-tests--hello-world-http-request-pattern)))
		205	(ert-info ("Make HTTP request over SOCKS5 with USER/PASS auth method")
		206	(socks-tests-perform-hello-world-http-request))))
		207
		208	;; Services (like Tor) may be configured without auth but for some
		209	;; reason still prefer the user/pass method over none when offered both.
		210	;; Given this library's defaults, the scenario below is possible.
		211	;;
		212	;; FYI: RFC 1929 doesn't say that a username or password is required
		213	;; but notes that the length of both fields should be at least one.
		214	;; However, both socks.el and curl send zero-length fields (though
		215	;; curl drops the user part too when the password is empty).
		216	;;
		217	;; From Tor's docs /socks-extensions.txt, 1.1 Extent of support:
		218	;; > We allow username/password fields of this message to be empty ...
		219	;; line 41 in blob 5fd1f828f3e9d014f7b65fa3bd1d33c39e4129e2
		220	;; https://gitweb.torproject.org/torspec.git/tree/socks-extensions.txt
		221	;;
		222	;; To verify against curl 7.71, swap out the first two pattern pairs
		223	;; with ([5 3 0 1 2] . [5 2]) and ([1 0 0] . [1 0]), then run:
		224	;; $ curl verbose -U "foo:" --proxy socks5h://127.0.0.1:10081 example.com
		225
		226	(ert-deftest socks-tests-v5-auth-user-pass-blank ()
		227	"Verify correct SOCKS5 user/pass authentication with empty pass."
		228	(should (assq 2 socks-authentication-methods))
		229	(let ((socks-server '("server" "127.0.0.1" 10081 5))
		230	(socks-username "foo") ; defaults to (user-login-name)
		231	(socks-password "") ; simulate user hitting enter when prompted
		232	(url-user-agent "Test/auth-user-pass-blank")
		233	(socks-tests-canned-server-patterns
		234	`(([5 2 0 2] . [5 2])
		235	([1 3 ?f ?o ?o 0] . [1 0])
		236	([5 1 0 3 11 ?e ?x ?a ?m ?p ?l ?e ?. ?c ?o ?m 0 80]
		237	. [5 0 0 1 0 0 0 0 0 0])
		238	,socks-tests--hello-world-http-request-pattern)))
		239	(ert-info ("Make HTTP request over SOCKS5 with USER/PASS auth method")
		240	(socks-tests-perform-hello-world-http-request))))
		241
		242	;; Swap out ([5 2 0 1] . [5 0]) with the first pattern below to validate
		243	;; against curl 7.71 with the following options:
		244	;; $ curl --verbose --proxy socks5h://127.0.0.1:10082 example.com
		245
		246	(ert-deftest socks-tests-v5-auth-none ()
		247	"Verify correct handling of SOCKS5 when auth method 0 requested."
		248	(let ((socks-server '("server" "127.0.0.1" 10082 5))
		249	(socks-authentication-methods (append socks-authentication-methods
		250	nil))
		251	(url-user-agent "Test/auth-none")
		252	(socks-tests-canned-server-patterns
		253	`(([5 1 0] . [5 0])
		254	([5 1 0 3 11 ?e ?x ?a ?m ?p ?l ?e ?. ?c ?o ?m 0 80]
		255	. [5 0 0 1 0 0 0 0 0 0])
		256	,socks-tests--hello-world-http-request-pattern)))
		257	(socks-unregister-authentication-method 2)
		258	(should-not (assq 2 socks-authentication-methods))
		259	(ert-info ("Make HTTP request over SOCKS5 with no auth method")
		260	(socks-tests-perform-hello-world-http-request)))
		261	(should (assq 2 socks-authentication-methods)))
		262
103	;;; socks-tests.el ends here	263	;;; socks-tests.el ends here