diff --git a/src/DHTConnectionSocksProxyImpl.cc b/src/DHTConnectionSocksProxyImpl.cc index 4684e828..e8491e08 100644 --- a/src/DHTConnectionSocksProxyImpl.cc +++ b/src/DHTConnectionSocksProxyImpl.cc @@ -39,13 +39,12 @@ #include "SocketCore.h" #include "a2functional.h" +#include "SocksProxySocket.h" namespace aria2 { DHTConnectionSocksProxyImpl::DHTConnectionSocksProxyImpl(int family) - : DHTConnectionImpl(family), - family_(family), - proxySocket_(make_unique()) + : DHTConnectionImpl(family), family_(family) { } @@ -58,103 +57,38 @@ bool DHTConnectionSocksProxyImpl::startProxy(const std::string& host, const std::string& listenAddr, uint16_t listenPort) { - proxySocket_->establishConnection(host, port); - proxySocket_->setBlockingMode(); - Endpoint proxyEndpoint; - unsigned char resBuf[10]; + socket_ = make_unique(family_); + socket_->establish(host, port); // Authentication negotiation bool noAuth = user.empty() || passwd.empty(); if (noAuth) { - std::string req("\x05\x01\x00", 3); - size_t resLen = 2; - proxySocket_->writeData(req); - proxySocket_->readData(resBuf, resLen); - if (resBuf[1] != '\x00') { - proxySocket_->closeConnection(); + int authMethod = + socket_->negotiateAuth(std::vector{SOCKS_AUTH_NO_AUTH}); + if (authMethod < 0) { return false; } } else { - std::string req("\x05\x02\x00\x02", 4); - size_t resLen = 2; - proxySocket_->writeData(req); - Endpoint proxyEndpoint; - proxySocket_->readData(resBuf, resLen); - if (resBuf[1] != '\x02' && resBuf[1] != '\x00') { - proxySocket_->closeConnection(); + int authMethod = socket_->negotiateAuth( + std::vector{SOCKS_AUTH_NO_AUTH, SOCKS_AUTH_USERPASS}); + if (authMethod < 0) { return false; } - // Username/password authentication - if (resBuf[1] == '\x02') { - req = std::string("\x01", 1); - req.push_back(static_cast(user.length())); - req += user; - req.push_back(static_cast(passwd.length())); - req += passwd; - size_t resLen = 2; - proxySocket_->writeData(req); - proxySocket_->readData(resBuf, resLen); - if (resBuf[1] != '\x00') { - proxySocket_->closeConnection(); + // Username/Password authentication + if (authMethod == SOCKS_AUTH_USERPASS) { + int status = socket_->authByUserpass(user, passwd); + if (status != 0) { return false; } } } // UDP associate - std::string req("\x05\x03\x00", 3); - if (family_ == AF_INET) { - req.push_back('\x01'); - char addrBuf[10]; - net::getBinAddr(addrBuf, listenAddr); - req.append(addrBuf, 4); - } - else { - req.push_back('\x04'); - char addrBuf[20]; - net::getBinAddr(addrBuf, listenAddr); - req.append(addrBuf, 16); - } - uint16_t listenPortBuf = htons(listenPort); - req.append(reinterpret_cast(&listenPortBuf), 2); - size_t resLen = 5; - proxySocket_->writeData(req); - proxySocket_->readData(resBuf, resLen); - if (resBuf[1] != '\x00') { - proxySocket_->closeConnection(); - return false; - } - if (resBuf[3] == '\x01') { - unsigned char addrBuf[6]; - addrBuf[0] = resBuf[4]; - resLen = 5; - proxySocket_->readData(addrBuf + 1, resLen); - char addrStrBuf[20]; - inetNtop(AF_INET, addrBuf, addrStrBuf, 20); - bndAddr_ = std::string(addrStrBuf); - bndPort_ = ntohs(*reinterpret_cast(addrBuf + 4)); - } - else if (resBuf[3] == '\x04') { - unsigned char addrBuf[18]; - addrBuf[0] = resBuf[4]; - resLen = 17; - proxySocket_->readData(addrBuf + 1, resLen); - char addrStrBuf[50]; - inetNtop(AF_INET6, addrBuf, addrStrBuf, 50); - bndAddr_ = std::string(addrStrBuf); - bndPort_ = ntohs(*reinterpret_cast(addrBuf + 16)); - } - else if (resBuf[3] == '\x03') { - bndAddr_ = std::string(resBuf[4] + 2, '\x00'); - resLen = resBuf[4] + 2; - proxySocket_->readData(&bndAddr_[0], resLen); - bndPort_ = ntohs(*reinterpret_cast(&bndAddr_[0] + resBuf[4])); - bndAddr_.resize(resBuf[4]); - } - else { - proxySocket_->closeConnection(); + size_t i = + socket_->startUdpProxy(listenAddr, listenPort, &bndAddr_, &bndPort_); + if (i < 0) { return false; } return true; diff --git a/src/DHTConnectionSocksProxyImpl.h b/src/DHTConnectionSocksProxyImpl.h index d6f6d54c..cbb39dcc 100644 --- a/src/DHTConnectionSocksProxyImpl.h +++ b/src/DHTConnectionSocksProxyImpl.h @@ -35,17 +35,18 @@ #ifndef D_DHT_CONNECTION_SOCKS_PROXY_IMPL_H #define D_DHT_CONNECTION_SOCKS_PROXY_IMPL_H -#include "DHTConnectionImpl.h" - #include +#include "DHTConnectionImpl.h" +#include "SocksProxySocket.h" + namespace aria2 { class SocketCore; class DHTConnectionSocksProxyImpl : public DHTConnectionImpl { private: - std::unique_ptr proxySocket_; + std::unique_ptr socket_; int family_; std::string bndAddr_; uint16_t bndPort_; @@ -58,9 +59,10 @@ public: // Connect to SOCKS5 server to start UDP proxy. // Leave user and passwd empty to indicate no authentication. // Leave listen host and port empty / 0 to indicate no receiving from proxy. + // MUST call the method before any receiveMessage/sendMessage. bool startProxy(const std::string& host, uint16_t port, const std::string& user, const std::string& passwd, - const std::string& listenHost, uint16_t listenPort); + const std::string& listenAddr, uint16_t listenPort); virtual ssize_t receiveMessage(unsigned char* data, size_t len, std::string& host, diff --git a/src/Makefile.am b/src/Makefile.am index c352021a..c8d6f4f0 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -231,6 +231,7 @@ SRCS = \ SocketBuffer.cc SocketBuffer.h\ SocketCore.cc SocketCore.h\ SocketRecvBuffer.cc SocketRecvBuffer.h\ + SocksProxySocket.cc SocksProxySocket.h\ SpeedCalc.cc SpeedCalc.h\ StatCalc.h\ StreamCheckIntegrityEntry.cc StreamCheckIntegrityEntry.h\ diff --git a/src/SocksProxySocket.cc b/src/SocksProxySocket.cc new file mode 100644 index 00000000..53e42481 --- /dev/null +++ b/src/SocksProxySocket.cc @@ -0,0 +1,201 @@ +/* */ +#include "SocksProxySocket.h" + +#include +#include + +#include "SocketCore.h" +#include "a2functional.h" + +namespace { +const char C_SOCKS_VER = '\x05'; +const char C_AUTH_NONE = '\xff'; +const char C_AUTH_USERPASS_VER = '\x01'; +const char C_AUTH_USERPASS_OK = '\x00'; +const char C_CMD_UDP_ASSOCIATE = '\x03'; +const char C_ADDR_INET = '\x01'; +const char C_ADDR_DOMAIN = '\x03'; +const char C_ADDR_INET6 = '\x04'; +const char C_OK = '\x00'; +} // namespace + +namespace aria2 { + +SocksProxySocket::SocksProxySocket(int family) : family_(family) {} + +SocksProxySocket::~SocksProxySocket() = default; + +void SocksProxySocket::establish(const std::string& host, uint16_t port) +{ + socket_ = make_unique(); + socket_->establishConnection(host, port); + socket_->setBlockingMode(); +} + +void SocksProxySocket::establish(std::unique_ptr socket) +{ + socket_ = std::move(socket); +} + +int SocksProxySocket::negotiateAuth(std::vector expected) +{ + std::stringstream req; + req << C_SOCKS_VER; + req << static_cast(expected.size()); + for (auto c : expected) { + req << c; + } + socket_->writeData(req.str()); + + char res[2]; + size_t resLen = sizeof(res); + socket_->readData(res, resLen); + int authMethod = res[1]; + if (authMethod == C_AUTH_NONE) { + socket_->closeConnection(); + return -1; + } + return authMethod; +} + +char SocksProxySocket::authByUserpass(const std::string& user, + const std::string& passwd) +{ + std::stringstream req; + req << C_AUTH_USERPASS_VER; + req << static_cast(user.length()) << user; + req << static_cast(passwd.length()) << passwd; + socket_->writeData(req.str()); + + char res[2]; + size_t resLen = sizeof(res); + socket_->readData(res, resLen); + if (res[1] != C_AUTH_USERPASS_OK) { + socket_->closeConnection(); + } + return res[1]; +} + +size_t SocksProxySocket::startUdpProxy(const std::string& listenAddr, + uint16_t listenPort, + std::string* bndAddrPtr, + uint16_t* bndPortPtr) +{ + std::stringstream req; + req << C_SOCKS_VER << C_CMD_UDP_ASSOCIATE << 0; + if (family_ == AF_INET) { + if (!listenAddr.empty()) { + char addrBuf[10]; + net::getBinAddr(addrBuf, listenAddr); + req << C_ADDR_INET << std::string(addrBuf, 4); + } + else { + req << std::string(4, '\x00'); + } + } + else { + if (!listenAddr.empty()) { + char addrBuf[20]; + net::getBinAddr(addrBuf, listenAddr); + req << C_ADDR_INET6 << std::string(addrBuf, 16); + } + else { + req << std::string(16, '\x00'); + } + } + if (listenPort) { + uint16_t listenPortBuf = htons(listenPort); + req << std::string(reinterpret_cast(&listenPortBuf), 2); + } + else { + req << std::string(2, '\x00'); + } + socket_->writeData(req.str()); + + char res[5]; + size_t resLen = sizeof(res); + socket_->readData(res, resLen); + if (res[1] != C_OK) { + socket_->closeConnection(); + return -1; + } + + std::string bndAddr; + uint16_t bndPort; + if (res[3] == C_ADDR_INET) { + char addrBuf[6]; + addrBuf[0] = res[4]; + size_t addrLen = sizeof(addrBuf) - 1; + socket_->readData(addrBuf + 1, addrLen); + char addrStrBuf[20]; + inetNtop(AF_INET, addrBuf, addrStrBuf, 20); + bndAddr = std::string(addrStrBuf); + bndPort = ntohs(*reinterpret_cast(addrBuf + 4)); + } + else if (res[3] == C_ADDR_INET6) { + char addrBuf[18]; + addrBuf[0] = res[4]; + size_t addrLen = sizeof(addrBuf) - 1; + socket_->readData(addrBuf + 1, addrLen); + char addrStrBuf[50]; + inetNtop(AF_INET6, addrBuf, addrStrBuf, 50); + bndAddr = std::string(addrStrBuf); + bndPort = ntohs(*reinterpret_cast(addrBuf + 16)); + } + else if (res[3] == C_ADDR_DOMAIN) { + // 2 more bytes to hold port temporarily. + bndAddr = std::string(res[4] + 2, 0); + resLen = res[4] + 2; + socket_->readData(&bndAddr[0], resLen); + bndPort = ntohs(*reinterpret_cast(&bndAddr[0] + res[4])); + bndAddr.resize(res[4]); + } + else { + socket_->closeConnection(); + return -1; + } + + size_t i = bndAddrs_.size(); + bndAddrs_.push_back(bndAddr); + bndPorts_.push_back(bndPort); + if (bndAddrPtr && bndPortPtr) { + *bndAddrPtr = bndAddr; + *bndPortPtr = bndPort; + } + return i; +} + +} // namespace aria2 diff --git a/src/SocksProxySocket.h b/src/SocksProxySocket.h new file mode 100644 index 00000000..1447d08b --- /dev/null +++ b/src/SocksProxySocket.h @@ -0,0 +1,106 @@ +/* */ +#ifndef D_SOCKS_PROXY_SOCKET_H +#define D_SOCKS_PROXY_SOCKET_H + +#include +#include +#include + +namespace aria2 { + +class SocketCore; + +enum SocksProxyAuthMethod { + // No authentication required + SOCKS_AUTH_NO_AUTH = 0, + // Username/Password authentication + SOCKS_AUTH_USERPASS = 2, +}; + +// Other than transferring proxy traffic, +// the class helps to start proxy connections. +class SocksProxySocket { +private: + int family_; + // The socket is not shared because as it is used as some kind of controller, + // when it is closed, all related proxy connections are closed. + std::unique_ptr socket_; + std::vector bndAddrs_; + std::vector bndPorts_; + +public: + SocksProxySocket(int family); + + virtual ~SocksProxySocket(); + + // Establish connection to SOCKS port. + void establish(const std::string& host, uint16_t port); + + // Customize the TCP socket for SOCKS protocol. + // Socket should be blocking to ensure latter steps finished in order. + void establish(std::unique_ptr socket); + + // Negotiate authentication that returns selected auth method in 0-255. + // When no auth method is selected, return -1. + // Auth methods in expected should be from enum SocksProxyAuthMethod, + // which has its auth handlers. + // Returned auth method SHOULD be in expected but it is not checked. + int negotiateAuth(std::vector expected); + + // Username/Password authentication. + // user and pass should not be empty. + // Returns status replied from proxy server. 0 is OK. + char authByUserpass(const std::string& user, const std::string& passwd); + + // Create an UDP association to start UDP proxy. + // Leave listen host and port empty / 0 to indicate no receiving from proxy. + // Returns -1 when error, otherwise the index to get the bnd addr and port. + // Set bndAddrPtr and bndPortPtr to directly get the result bnd addr and port. + size_t startUdpProxy(const std::string& listenAddr, uint16_t listenPort, + std::string* bndAddrPtr = nullptr, + uint16_t* bndPortPtr = nullptr); + + // Get bnd addr and port via index i. + // i is not checked and should be got from start*Proxy methods. + std::pair getBnd(size_t i) + { + return std::make_pair(bndAddrs_[i], bndPorts_[i]); + } +}; + +} // namespace aria2 + +#endif // D_SOCKS_PROXY_SOCKET_H