Use socket error codes for connection rejections

Author: clue

README.md

@@ -442,6 +442,12 @@ $client = new Client(
 );
 ```
 
+> The authentication details will be transmitted in cleartext to the SOCKS proxy
+  server only if it requires username/password authentication.
+  If the authentication details are missing or not accepted by the remote SOCKS
+  proxy server, it is expected to reject each connection attempt with an
+  exception error code of `SOCKET_EACCES` (13).
+
 Authentication is only supported by protocol version 5 (SOCKS5),
 so passing authentication to the `Client` enforces communication with protocol
 version 5 and complains if you have explicitly set anything else:

src/Client.php

@@ -200,8 +200,13 @@ public function handleConnectedSocks(ConnectionInterface $stream, $host, $port)
         }
         $promise->then(function () use ($deferred, $stream) {
             $deferred->resolve($stream);
-        }, function($error) use ($deferred) {
-            $deferred->reject(new Exception('Unable to communicate...', 0, $error));
+        }, function (Exception $error) use ($deferred) {
+            // pass custom RuntimeException through as-is, otherwise wrap in protocol error
+            if (!$error instanceof RuntimeException) {
+                $error = new RuntimeException('Invalid response received from proxy (EBADMSG)', defined('SOCKET_EBADMSG') ? SOCKET_EBADMSG: 71, $error);
+            }
+
+            $deferred->reject($error);
         });
 
         return $deferred->promise()->then(
@@ -242,9 +247,12 @@ private function handleSocks4(ConnectionInterface $stream, $host, $port, StreamR
             'port'   => 'n',
             'ip'     => 'N'
         ))->then(function ($data) {
-            if ($data['null'] !== 0x00 || $data['status'] !== 0x5a) {
+            if ($data['null'] !== 0x00) {
                 throw new Exception('Invalid SOCKS response');
             }
+            if ($data['status'] !== 0x5a) {
+                throw new RuntimeException('Proxy refused connection with SOCKS error code ' . sprintf('0x%02X', $data['status']) . ' (ECONNREFUSED)', defined('SOCKET_ECONNREFUSED') ? SOCKET_ECONNREFUSED : 111);
+            }
         });
     }
 
@@ -282,12 +290,12 @@ private function handleSocks5(ConnectionInterface $stream, $host, $port, StreamR
                     'status'  => 'C'
                 ))->then(function ($data) {
                     if ($data['version'] !== 0x01 || $data['status'] !== 0x00) {
-                        throw new Exception('Username/Password authentication failed');
+                        throw new RuntimeException('Username/Password authentication failed (EACCES)', defined('SOCKET_EACCES') ? SOCKET_EACCES : 13);
                     }
                 });
             } else if ($data['method'] !== 0x00) {
                 // any other method than "no authentication"
-                throw new Exception('Unacceptable authentication method requested');
+                throw new RuntimeException('No acceptable authentication method found (EACCES)', defined('SOCKET_EACCES') ? SOCKET_EACCES : 13);
             }
         })->then(function () use ($stream, $reader, $host, $port) {
             // do not resolve hostname. only try to convert to (binary/packed) IP
@@ -312,9 +320,12 @@ private function handleSocks5(ConnectionInterface $stream, $host, $port, StreamR
                 'type'    => 'C'
             ));
         })->then(function ($data) use ($reader) {
-            if ($data['version'] !== 0x05 || $data['status'] !== 0x00 || $data['null'] !== 0x00) {
+            if ($data['version'] !== 0x05 || $data['null'] !== 0x00) {
                 throw new Exception('Invalid SOCKS response');
             }
+            if ($data['status'] !== 0x00) {
+                throw new RuntimeException('Proxy refused connection with SOCKS error code ' . sprintf('0x%02X', $data['status']) . ' (ECONNREFUSED)', defined('SOCKET_ECONNREFUSED') ? SOCKET_ECONNREFUSED : 111);
+            }
             if ($data['type'] === 0x01) {
                 // IPv4 address => skip IP and port
                 return $reader->readLength(6);

tests/ClientTest.php

@@ -178,6 +178,7 @@ public function testEmitConnectionCloseDuringSessionWillRejectConnection()
     public function testEmitConnectionErrorDuringSessionWillRejectConnection()
     {
         $stream = $this->getMockBuilder('React\Socket\Connection')->disableOriginalConstructor()->setMethods(array('write', 'close'))->getMock();
+        $stream->expects($this->once())->method('close');
 
         $promise = \React\Promise\resolve($stream);
 
@@ -189,4 +190,56 @@ public function testEmitConnectionErrorDuringSessionWillRejectConnection()
 
         $promise->then(null, $this->expectCallableOnceWithExceptionCode(SOCKET_EIO));
     }
+
+    public function testEmitInvalidSocks4DataDuringSessionWillRejectConnection()
+    {
+        $stream = $this->getMockBuilder('React\Socket\Connection')->disableOriginalConstructor()->setMethods(array('write', 'close'))->getMock();
+        $stream->expects($this->once())->method('close');
+
+        $promise = \React\Promise\resolve($stream);
+
+        $this->connector->expects($this->once())->method('connect')->with('127.0.0.1:1080?hostname=google.com')->willReturn($promise);
+
+        $promise = $this->client->connect('google.com:80');
+
+        $stream->emit('data', array("HTTP/1.1 400 Bad Request\r\n\r\n"));
+
+        $promise->then(null, $this->expectCallableOnceWithExceptionCode(SOCKET_EBADMSG));
+    }
+
+    public function testEmitInvalidSocks5DataDuringSessionWillRejectConnection()
+    {
+        $stream = $this->getMockBuilder('React\Socket\Connection')->disableOriginalConstructor()->setMethods(array('write', 'close'))->getMock();
+        $stream->expects($this->once())->method('close');
+
+        $promise = \React\Promise\resolve($stream);
+
+        $this->connector->expects($this->once())->method('connect')->with('127.0.0.1:1080?hostname=google.com')->willReturn($promise);
+
+        $this->client = new Client('socks5://127.0.0.1:1080', $this->connector);
+
+        $promise = $this->client->connect('google.com:80');
+
+        $stream->emit('data', array("HTTP/1.1 400 Bad Request\r\n\r\n"));
+
+        $promise->then(null, $this->expectCallableOnceWithExceptionCode(SOCKET_EBADMSG));
+    }
+
+    public function testEmitSocks5DataErrorDuringSessionWillRejectConnection()
+    {
+        $stream = $this->getMockBuilder('React\Socket\Connection')->disableOriginalConstructor()->setMethods(array('write', 'close'))->getMock();
+        $stream->expects($this->once())->method('close');
+
+        $promise = \React\Promise\resolve($stream);
+
+        $this->connector->expects($this->once())->method('connect')->with('127.0.0.1:1080?hostname=google.com')->willReturn($promise);
+
+        $this->client = new Client('socks5://127.0.0.1:1080', $this->connector);
+
+        $promise = $this->client->connect('google.com:80');
+
+        $stream->emit('data', array("\x05\x00" . "\x05\x01\x00\x00"));
+
+        $promise->then(null, $this->expectCallableOnceWithExceptionCode(SOCKET_ECONNREFUSED));
+    }
 }

tests/FunctionalTest.php

@@ -164,29 +164,20 @@ public function testConnectionAuthenticationUnused()
         $this->assertResolveStream($this->client->connect('www.google.com:80'));
     }
 
-    public function testConnectionInvalidProtocolDoesNotMatchDefault()
-    {
-        $this->server->setProtocolVersion(5);
-
-        $this->client = new Client('socks4://127.0.0.1:' . $this->port, $this->connector);
-
-        $this->assertRejectPromise($this->client->connect('www.google.com:80'));
-    }
-
     public function testConnectionInvalidProtocolDoesNotMatchSocks5()
     {
         $this->server->setProtocolVersion(5);
         $this->client = new Client('socks4a://127.0.0.1:' . $this->port, $this->connector);
 
-        $this->assertRejectPromise($this->client->connect('www.google.com:80'));
+        $this->assertRejectPromise($this->client->connect('www.google.com:80'), '', SOCKET_ECONNRESET);
     }
 
     public function testConnectionInvalidProtocolDoesNotMatchSocks4()
     {
         $this->server->setProtocolVersion(4);
         $this->client = new Client('socks5://127.0.0.1:' . $this->port, $this->connector);
 
-        $this->assertRejectPromise($this->client->connect('www.google.com:80'));
+        $this->assertRejectPromise($this->client->connect('www.google.com:80'), '', SOCKET_ECONNRESET);
     }
 
     public function testConnectionInvalidNoAuthentication()
@@ -195,7 +186,7 @@ public function testConnectionInvalidNoAuthentication()
 
         $this->client = new Client('socks5://127.0.0.1:' . $this->port, $this->connector);
 
-        $this->assertRejectPromise($this->client->connect('www.google.com:80'));
+        $this->assertRejectPromise($this->client->connect('www.google.com:80'), '', SOCKET_EACCES);
     }
 
     public function testConnectionInvalidAuthenticationMismatch()
@@ -204,7 +195,7 @@ public function testConnectionInvalidAuthenticationMismatch()
 
         $this->client = new Client('user:pass@127.0.0.1:' . $this->port, $this->connector);
 
-        $this->assertRejectPromise($this->client->connect('www.google.com:80'));
+        $this->assertRejectPromise($this->client->connect('www.google.com:80'), '', SOCKET_EACCES);
     }
 
     public function testConnectorOkay()
@@ -298,11 +289,11 @@ private function assertResolveStream($promise)
         Block\await($promise, $this->loop, 2.0);
     }
 
-    private function assertRejectPromise($promise)
+    private function assertRejectPromise($promise, $message = '', $code = null)
     {
         $this->expectPromiseReject($promise);
 
-        $this->setExpectedException('Exception');
+        $this->setExpectedException('Exception', $message, $code);
 
         Block\await($promise, $this->loop, 2.0);
     }