From e781e86e32ce290bfab79e6fd49670a5865239d2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E4=B8=96=E7=95=8C?= <i@sekai.icu>
Date: Mon, 25 Sep 2023 20:43:42 +0800
Subject: [PATCH] Reject socks4 unauthenticated request

---
 protocol/socks/handshake.go | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/protocol/socks/handshake.go b/protocol/socks/handshake.go
index cec1bf8..39f4cb7 100644
--- a/protocol/socks/handshake.go
+++ b/protocol/socks/handshake.go
@@ -110,6 +110,16 @@ func HandleConnection0(ctx context.Context, conn net.Conn, version byte, authent
 		}
 		switch request.Command {
 		case socks4.CommandConnect:
+			if authenticator != nil && !authenticator.Verify(request.Username, "") {
+				err = socks4.WriteResponse(conn, socks4.Response{
+					ReplyCode:   socks4.ReplyCodeRejectedOrFailed,
+					Destination: request.Destination,
+				})
+				if err != nil {
+					return err
+				}
+				return E.New("socks4: authentication failed, username=", request.Username)
+			}
 			err = socks4.WriteResponse(conn, socks4.Response{
 				ReplyCode:   socks4.ReplyCodeGranted,
 				Destination: M.SocksaddrFromNet(conn.LocalAddr()),