Esempio n. 1
0
func (v *Server) handleSocks4(clientAddr v2net.Destination, reader *bufio.BufferedReader, writer *bufio.BufferedWriter, auth protocol.Socks4AuthenticationRequest) error {
	result := protocol.Socks4RequestGranted
	if auth.Command == protocol.CmdBind {
		result = protocol.Socks4RequestRejected
	}
	socks4Response := protocol.NewSocks4AuthenticationResponse(result, auth.Port, auth.IP[:])

	socks4Response.Write(writer)

	if result == protocol.Socks4RequestRejected {
		log.Warning("Socks: Unsupported socks 4 command ", auth.Command)
		log.Access(clientAddr, "", log.AccessRejected, ErrUnsupportedSocksCommand)
		return ErrUnsupportedSocksCommand
	}

	reader.SetCached(false)
	writer.SetCached(false)

	dest := v2net.TCPDestination(v2net.IPAddress(auth.IP[:]), auth.Port)
	session := &proxy.SessionInfo{
		Source:      clientAddr,
		Destination: dest,
		Inbound:     v.meta,
	}
	log.Access(clientAddr, dest, log.AccessAccepted, "")
	v.transport(reader, writer, session)
	return nil
}
Esempio n. 2
0
func (v *Server) handleSocks5(clientAddr v2net.Destination, reader *bufio.BufferedReader, writer *bufio.BufferedWriter, auth protocol.Socks5AuthenticationRequest) error {
	expectedAuthMethod := protocol.AuthNotRequired
	if v.config.AuthType == AuthType_PASSWORD {
		expectedAuthMethod = protocol.AuthUserPass
	}

	if !auth.HasAuthMethod(expectedAuthMethod) {
		authResponse := protocol.NewAuthenticationResponse(protocol.AuthNoMatchingMethod)
		err := protocol.WriteAuthentication(writer, authResponse)
		writer.Flush()
		if err != nil {
			log.Warning("Socks: failed to write authentication: ", err)
			return err
		}
		log.Warning("Socks: client doesn't support any allowed auth methods.")
		return ErrUnsupportedAuthMethod
	}

	authResponse := protocol.NewAuthenticationResponse(expectedAuthMethod)
	protocol.WriteAuthentication(writer, authResponse)
	err := writer.Flush()
	if err != nil {
		log.Error("Socks: failed to write authentication: ", err)
		return err
	}
	if v.config.AuthType == AuthType_PASSWORD {
		upRequest, err := protocol.ReadUserPassRequest(reader)
		if err != nil {
			log.Warning("Socks: failed to read username and password: "******"Socks: failed to write user pass response: ", err)
			return err
		}
		if status != byte(0) {
			log.Warning("Socks: Invalid user account: ", upRequest.AuthDetail())
			log.Access(clientAddr, "", log.AccessRejected, crypto.ErrAuthenticationFailed)
			return crypto.ErrAuthenticationFailed
		}
	}

	request, err := protocol.ReadRequest(reader)
	if err != nil {
		log.Warning("Socks: failed to read request: ", err)
		return err
	}

	if request.Command == protocol.CmdUdpAssociate && v.config.UdpEnabled {
		return v.handleUDP(reader, writer)
	}

	if request.Command == protocol.CmdBind || request.Command == protocol.CmdUdpAssociate {
		response := protocol.NewSocks5Response()
		response.Error = protocol.ErrorCommandNotSupported
		response.Port = v2net.Port(0)
		response.SetIPv4([]byte{0, 0, 0, 0})

		response.Write(writer)
		writer.Flush()
		if err != nil {
			log.Error("Socks: failed to write response: ", err)
			return err
		}
		log.Warning("Socks: Unsupported socks command ", request.Command)
		return ErrUnsupportedSocksCommand
	}

	response := protocol.NewSocks5Response()
	response.Error = protocol.ErrorSuccess

	// Some SOCKS software requires a value other than dest. Let's fake one:
	response.Port = v2net.Port(1717)
	response.SetIPv4([]byte{0, 0, 0, 0})

	response.Write(writer)
	if err != nil {
		log.Error("Socks: failed to write response: ", err)
		return err
	}

	reader.SetCached(false)
	writer.SetCached(false)

	dest := request.Destination()
	session := &proxy.SessionInfo{
		Source:      clientAddr,
		Destination: dest,
		Inbound:     v.meta,
	}
	log.Info("Socks: TCP Connect request to ", dest)
	log.Access(clientAddr, dest, log.AccessAccepted, "")

	v.transport(reader, writer, session)
	return nil
}