Extract SOCKS5 logic into new class SocksProxySockct

src/DHTConnectionSocksProxyImpl.cc

@@ -39,13 +39,12 @@
 
 #include "SocketCore.h"
 #include "a2functional.h"
+#include "SocksProxySocket.h"
 
 namespace aria2 {
 
 DHTConnectionSocksProxyImpl::DHTConnectionSocksProxyImpl(int family)
-    : DHTConnectionImpl(family),
-      family_(family),
-      proxySocket_(make_unique<SocketCore>())
+    : DHTConnectionImpl(family), family_(family)
 {
 }
 
@@ -58,103 +57,38 @@ bool DHTConnectionSocksProxyImpl::startProxy(const std::string& host,
                                              const std::string& listenAddr,
                                              uint16_t listenPort)
 {
-  proxySocket_->establishConnection(host, port);
-  proxySocket_->setBlockingMode();
-  Endpoint proxyEndpoint;
-  unsigned char resBuf[10];
+  socket_ = make_unique<SocksProxySocket>(family_);
+  socket_->establish(host, port);
 
   // Authentication negotiation
   bool noAuth = user.empty() || passwd.empty();
   if (noAuth) {
-    std::string req("\x05\x01\x00", 3);
-    size_t resLen = 2;
-    proxySocket_->writeData(req);
-    proxySocket_->readData(resBuf, resLen);
-    if (resBuf[1] != '\x00') {
-      proxySocket_->closeConnection();
+    int authMethod =
+        socket_->negotiateAuth(std::vector<uint8_t>{SOCKS_AUTH_NO_AUTH});
+    if (authMethod < 0) {
       return false;
     }
   }
   else {
-    std::string req("\x05\x02\x00\x02", 4);
-    size_t resLen = 2;
-    proxySocket_->writeData(req);
-    Endpoint proxyEndpoint;
-    proxySocket_->readData(resBuf, resLen);
-    if (resBuf[1] != '\x02' && resBuf[1] != '\x00') {
-      proxySocket_->closeConnection();
+    int authMethod = socket_->negotiateAuth(
+        std::vector<uint8_t>{SOCKS_AUTH_NO_AUTH, SOCKS_AUTH_USERPASS});
+    if (authMethod < 0) {
       return false;
     }
 
-    // Username/password authentication
-    if (resBuf[1] == '\x02') {
-      req = std::string("\x01", 1);
-      req.push_back(static_cast<char>(user.length()));
-      req += user;
-      req.push_back(static_cast<char>(passwd.length()));
-      req += passwd;
-      size_t resLen = 2;
-      proxySocket_->writeData(req);
-      proxySocket_->readData(resBuf, resLen);
-      if (resBuf[1] != '\x00') {
-        proxySocket_->closeConnection();
+    // Username/Password authentication
+    if (authMethod == SOCKS_AUTH_USERPASS) {
+      int status = socket_->authByUserpass(user, passwd);
+      if (status != 0) {
         return false;
       }
     }
   }
 
   // UDP associate
-  std::string req("\x05\x03\x00", 3);
-  if (family_ == AF_INET) {
-    req.push_back('\x01');
-    char addrBuf[10];
-    net::getBinAddr(addrBuf, listenAddr);
-    req.append(addrBuf, 4);
-  }
-  else {
-    req.push_back('\x04');
-    char addrBuf[20];
-    net::getBinAddr(addrBuf, listenAddr);
-    req.append(addrBuf, 16);
-  }
-  uint16_t listenPortBuf = htons(listenPort);
-  req.append(reinterpret_cast<const char*>(&listenPortBuf), 2);
-  size_t resLen = 5;
-  proxySocket_->writeData(req);
-  proxySocket_->readData(resBuf, resLen);
-  if (resBuf[1] != '\x00') {
-    proxySocket_->closeConnection();
-    return false;
-  }
-  if (resBuf[3] == '\x01') {
-    unsigned char addrBuf[6];
-    addrBuf[0] = resBuf[4];
-    resLen = 5;
-    proxySocket_->readData(addrBuf + 1, resLen);
-    char addrStrBuf[20];
-    inetNtop(AF_INET, addrBuf, addrStrBuf, 20);
-    bndAddr_ = std::string(addrStrBuf);
-    bndPort_ = ntohs(*reinterpret_cast<uint16_t*>(addrBuf + 4));
-  }
-  else if (resBuf[3] == '\x04') {
-    unsigned char addrBuf[18];
-    addrBuf[0] = resBuf[4];
-    resLen = 17;
-    proxySocket_->readData(addrBuf + 1, resLen);
-    char addrStrBuf[50];
-    inetNtop(AF_INET6, addrBuf, addrStrBuf, 50);
-    bndAddr_ = std::string(addrStrBuf);
-    bndPort_ = ntohs(*reinterpret_cast<uint16_t*>(addrBuf + 16));
-  }
-  else if (resBuf[3] == '\x03') {
-    bndAddr_ = std::string(resBuf[4] + 2, '\x00');
-    resLen = resBuf[4] + 2;
-    proxySocket_->readData(&bndAddr_[0], resLen);
-    bndPort_ = ntohs(*reinterpret_cast<uint16_t*>(&bndAddr_[0] + resBuf[4]));
-    bndAddr_.resize(resBuf[4]);
-  }
-  else {
-    proxySocket_->closeConnection();
+  size_t i =
+      socket_->startUdpProxy(listenAddr, listenPort, &bndAddr_, &bndPort_);
+  if (i < 0) {
     return false;
   }
   return true;

src/DHTConnectionSocksProxyImpl.h

@@ -35,17 +35,18 @@
 #ifndef D_DHT_CONNECTION_SOCKS_PROXY_IMPL_H
 #define D_DHT_CONNECTION_SOCKS_PROXY_IMPL_H
 
-#include "DHTConnectionImpl.h"
-
 #include <memory>
 
+#include "DHTConnectionImpl.h"
+#include "SocksProxySocket.h"
+
 namespace aria2 {
 
 class SocketCore;
 
 class DHTConnectionSocksProxyImpl : public DHTConnectionImpl {
 private:
-  std::unique_ptr<SocketCore> proxySocket_;
+  std::unique_ptr<SocksProxySocket> socket_;
   int family_;
   std::string bndAddr_;
   uint16_t bndPort_;
@@ -58,9 +59,10 @@ public:
   // Connect to SOCKS5 server to start UDP proxy.
   // Leave user and passwd empty to indicate no authentication.
   // Leave listen host and port empty / 0 to indicate no receiving from proxy.
+  // MUST call the method before any receiveMessage/sendMessage.
   bool startProxy(const std::string& host, uint16_t port,
                   const std::string& user, const std::string& passwd,
-                  const std::string& listenHost, uint16_t listenPort);
+                  const std::string& listenAddr, uint16_t listenPort);
 
   virtual ssize_t receiveMessage(unsigned char* data, size_t len,
                                  std::string& host,

src/Makefile.am

@@ -231,6 +231,7 @@ SRCS =  \
 	SocketBuffer.cc SocketBuffer.h\
 	SocketCore.cc SocketCore.h\
 	SocketRecvBuffer.cc SocketRecvBuffer.h\
+	SocksProxySocket.cc SocksProxySocket.h\
 	SpeedCalc.cc SpeedCalc.h\
 	StatCalc.h\
 	StreamCheckIntegrityEntry.cc StreamCheckIntegrityEntry.h\

src/SocksProxySocket.cc

@@ -0,0 +1,201 @@
+/* <!-- copyright */
+/*
+ * aria2 - The high speed download utility
+ *
+ * Copyright (C) 2006 Tatsuhiro Tsujikawa
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ *
+ * In addition, as a special exception, the copyright holders give
+ * permission to link the code of portions of this program with the
+ * OpenSSL library under certain conditions as described in each
+ * individual source file, and distribute linked combinations
+ * including the two.
+ * You must obey the GNU General Public License in all respects
+ * for all of the code used other than OpenSSL.  If you modify
+ * file(s) with this exception, you may extend this exception to your
+ * version of the file(s), but you are not obligated to do so.  If you
+ * do not wish to do so, delete this exception statement from your
+ * version.  If you delete this exception statement from all source
+ * files in the program, then also delete it here.
+ */
+/* copyright --> */
+#include "SocksProxySocket.h"
+
+#include <netinet/in.h>
+#include <sstream>
+
+#include "SocketCore.h"
+#include "a2functional.h"
+
+namespace {
+const char C_SOCKS_VER = '\x05';
+const char C_AUTH_NONE = '\xff';
+const char C_AUTH_USERPASS_VER = '\x01';
+const char C_AUTH_USERPASS_OK = '\x00';
+const char C_CMD_UDP_ASSOCIATE = '\x03';
+const char C_ADDR_INET = '\x01';
+const char C_ADDR_DOMAIN = '\x03';
+const char C_ADDR_INET6 = '\x04';
+const char C_OK = '\x00';
+} // namespace
+
+namespace aria2 {
+
+SocksProxySocket::SocksProxySocket(int family) : family_(family) {}
+
+SocksProxySocket::~SocksProxySocket() = default;
+
+void SocksProxySocket::establish(const std::string& host, uint16_t port)
+{
+  socket_ = make_unique<SocketCore>();
+  socket_->establishConnection(host, port);
+  socket_->setBlockingMode();
+}
+
+void SocksProxySocket::establish(std::unique_ptr<SocketCore> socket)
+{
+  socket_ = std::move(socket);
+}
+
+int SocksProxySocket::negotiateAuth(std::vector<uint8_t> expected)
+{
+  std::stringstream req;
+  req << C_SOCKS_VER;
+  req << static_cast<char>(expected.size());
+  for (auto c : expected) {
+    req << c;
+  }
+  socket_->writeData(req.str());
+
+  char res[2];
+  size_t resLen = sizeof(res);
+  socket_->readData(res, resLen);
+  int authMethod = res[1];
+  if (authMethod == C_AUTH_NONE) {
+    socket_->closeConnection();
+    return -1;
+  }
+  return authMethod;
+}
+
+char SocksProxySocket::authByUserpass(const std::string& user,
+                                      const std::string& passwd)
+{
+  std::stringstream req;
+  req << C_AUTH_USERPASS_VER;
+  req << static_cast<char>(user.length()) << user;
+  req << static_cast<char>(passwd.length()) << passwd;
+  socket_->writeData(req.str());
+
+  char res[2];
+  size_t resLen = sizeof(res);
+  socket_->readData(res, resLen);
+  if (res[1] != C_AUTH_USERPASS_OK) {
+    socket_->closeConnection();
+  }
+  return res[1];
+}
+
+size_t SocksProxySocket::startUdpProxy(const std::string& listenAddr,
+                                       uint16_t listenPort,
+                                       std::string* bndAddrPtr,
+                                       uint16_t* bndPortPtr)
+{
+  std::stringstream req;
+  req << C_SOCKS_VER << C_CMD_UDP_ASSOCIATE << 0;
+  if (family_ == AF_INET) {
+    if (!listenAddr.empty()) {
+      char addrBuf[10];
+      net::getBinAddr(addrBuf, listenAddr);
+      req << C_ADDR_INET << std::string(addrBuf, 4);
+    }
+    else {
+      req << std::string(4, '\x00');
+    }
+  }
+  else {
+    if (!listenAddr.empty()) {
+      char addrBuf[20];
+      net::getBinAddr(addrBuf, listenAddr);
+      req << C_ADDR_INET6 << std::string(addrBuf, 16);
+    }
+    else {
+      req << std::string(16, '\x00');
+    }
+  }
+  if (listenPort) {
+    uint16_t listenPortBuf = htons(listenPort);
+    req << std::string(reinterpret_cast<const char*>(&listenPortBuf), 2);
+  }
+  else {
+    req << std::string(2, '\x00');
+  }
+  socket_->writeData(req.str());
+
+  char res[5];
+  size_t resLen = sizeof(res);
+  socket_->readData(res, resLen);
+  if (res[1] != C_OK) {
+    socket_->closeConnection();
+    return -1;
+  }
+
+  std::string bndAddr;
+  uint16_t bndPort;
+  if (res[3] == C_ADDR_INET) {
+    char addrBuf[6];
+    addrBuf[0] = res[4];
+    size_t addrLen = sizeof(addrBuf) - 1;
+    socket_->readData(addrBuf + 1, addrLen);
+    char addrStrBuf[20];
+    inetNtop(AF_INET, addrBuf, addrStrBuf, 20);
+    bndAddr = std::string(addrStrBuf);
+    bndPort = ntohs(*reinterpret_cast<uint16_t*>(addrBuf + 4));
+  }
+  else if (res[3] == C_ADDR_INET6) {
+    char addrBuf[18];
+    addrBuf[0] = res[4];
+    size_t addrLen = sizeof(addrBuf) - 1;
+    socket_->readData(addrBuf + 1, addrLen);
+    char addrStrBuf[50];
+    inetNtop(AF_INET6, addrBuf, addrStrBuf, 50);
+    bndAddr = std::string(addrStrBuf);
+    bndPort = ntohs(*reinterpret_cast<uint16_t*>(addrBuf + 16));
+  }
+  else if (res[3] == C_ADDR_DOMAIN) {
+    // 2 more bytes to hold port temporarily.
+    bndAddr = std::string(res[4] + 2, 0);
+    resLen = res[4] + 2;
+    socket_->readData(&bndAddr[0], resLen);
+    bndPort = ntohs(*reinterpret_cast<uint16_t*>(&bndAddr[0] + res[4]));
+    bndAddr.resize(res[4]);
+  }
+  else {
+    socket_->closeConnection();
+    return -1;
+  }
+
+  size_t i = bndAddrs_.size();
+  bndAddrs_.push_back(bndAddr);
+  bndPorts_.push_back(bndPort);
+  if (bndAddrPtr && bndPortPtr) {
+    *bndAddrPtr = bndAddr;
+    *bndPortPtr = bndPort;
+  }
+  return i;
+}
+
+} // namespace aria2

src/SocksProxySocket.h

@@ -0,0 +1,106 @@
+/* <!-- copyright */
+/*
+ * aria2 - The high speed download utility
+ *
+ * Copyright (C) 2006 Tatsuhiro Tsujikawa
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ *
+ * In addition, as a special exception, the copyright holders give
+ * permission to link the code of portions of this program with the
+ * OpenSSL library under certain conditions as described in each
+ * individual source file, and distribute linked combinations
+ * including the two.
+ * You must obey the GNU General Public License in all respects
+ * for all of the code used other than OpenSSL.  If you modify
+ * file(s) with this exception, you may extend this exception to your
+ * version of the file(s), but you are not obligated to do so.  If you
+ * do not wish to do so, delete this exception statement from your
+ * version.  If you delete this exception statement from all source
+ * files in the program, then also delete it here.
+ */
+/* copyright --> */
+#ifndef D_SOCKS_PROXY_SOCKET_H
+#define D_SOCKS_PROXY_SOCKET_H
+
+#include <memory>
+#include <vector>
+#include <string>
+
+namespace aria2 {
+
+class SocketCore;
+
+enum SocksProxyAuthMethod {
+  // No authentication required
+  SOCKS_AUTH_NO_AUTH = 0,
+  // Username/Password authentication
+  SOCKS_AUTH_USERPASS = 2,
+};
+
+// Other than transferring proxy traffic,
+// the class helps to start proxy connections.
+class SocksProxySocket {
+private:
+  int family_;
+  // The socket is not shared because as it is used as some kind of controller,
+  // when it is closed, all related proxy connections are closed.
+  std::unique_ptr<SocketCore> socket_;
+  std::vector<std::string> bndAddrs_;
+  std::vector<uint16_t> bndPorts_;
+
+public:
+  SocksProxySocket(int family);
+
+  virtual ~SocksProxySocket();
+
+  // Establish connection to SOCKS port.
+  void establish(const std::string& host, uint16_t port);
+
+  // Customize the TCP socket for SOCKS protocol.
+  // Socket should be blocking to ensure latter steps finished in order.
+  void establish(std::unique_ptr<SocketCore> socket);
+
+  // Negotiate authentication that returns selected auth method in 0-255.
+  // When no auth method is selected, return -1.
+  // Auth methods in expected should be from enum SocksProxyAuthMethod,
+  // which has its auth handlers.
+  // Returned auth method SHOULD be in expected but it is not checked.
+  int negotiateAuth(std::vector<uint8_t> expected);
+
+  // Username/Password authentication.
+  // user and pass should not be empty.
+  // Returns status replied from proxy server. 0 is OK.
+  char authByUserpass(const std::string& user, const std::string& passwd);
+
+  // Create an UDP association to start UDP proxy.
+  // Leave listen host and port empty / 0 to indicate no receiving from proxy.
+  // Returns -1 when error, otherwise the index to get the bnd addr and port.
+  // Set bndAddrPtr and bndPortPtr to directly get the result bnd addr and port.
+  size_t startUdpProxy(const std::string& listenAddr, uint16_t listenPort,
+                       std::string* bndAddrPtr = nullptr,
+                       uint16_t* bndPortPtr = nullptr);
+
+  // Get bnd addr and port via index i.
+  // i is not checked and should be got from start*Proxy methods.
+  std::pair<std::string, uint16_t> getBnd(size_t i)
+  {
+    return std::make_pair(bndAddrs_[i], bndPorts_[i]);
+  }
+};
+
+} // namespace aria2
+
+#endif // D_SOCKS_PROXY_SOCKET_H