search

IndySockets / Indy

Indy - Internet Direct
https://www.indyproject.org
434 stars 147 forks source link

TIdSocksServer and TIdEventSocksServer do not honor NeedsAuthentication property #506

Closed VA1DER closed 8 months ago

VA1DER commented 8 months ago

Neither the TIdSocksServer nor the TIdEventSocksServer components honor the "NeedsAuthentication" property. If OnAuthenticate is not set, both components will refuse to allow connections.

Only setting OnAuthenticate will allow connections:

function TIdCustomSocksServer.DoAuthenticate(AContext: TIdSocksServerContext): Boolean;
begin
  Result := Assigned(OnAuthenticate);
  if Result then begin
    OnAuthenticate(AContext, Result);
  end;
end;
rlebeau commented 8 months ago

NeedsAuthentication is currently handled only for SOCKS v5, in TIdCustomSocksServer.HandleConnectV5():

So, if you enable SOCKS v5, setting NeedsAuthentication=True requires you to also assign an OnAuthentication handler, whereas setting NeedsAuthentication=False makes OnAuthentication optional. This seems like expected behavior as designed.

In the case of SOCKS v4/a, on the other hand, a userid is part of the client's initial handshake, so OnAuthenticate is currently required to validate it. NeedsAuthentication is not looked at for SOCKS v4/a at this time. Is this what you are asking about? If so, then a simple fix would be to update TIdCustomSocksServer.HandleConnectV4() to look at NeedsAuthentication before calling DoAuthenticate().

VA1DER commented 8 months ago

Yes, it was for Socks 4/a. My project binds it to 127.0.0.1 since it's a local stream-over-http client. I don't need any authentication, and just assumed that NeedsAuthentication=False would handle that. It's a small thing to have an empty OnAuthenticate, but yes I would suggest implementing the change you propose.