2018-10-04 16:11:56 +02:00
|
|
|
"""
|
2019-12-19 12:24:53 +01:00
|
|
|
SOCKS5 proxy module
|
2018-10-04 16:11:56 +02:00
|
|
|
"""
|
|
|
|
# pylint: disable=attribute-defined-outside-init
|
|
|
|
|
2021-01-18 19:01:45 +01:00
|
|
|
import logging
|
2017-03-10 23:11:57 +01:00
|
|
|
import socket
|
|
|
|
import struct
|
|
|
|
|
2019-11-03 16:11:52 +01:00
|
|
|
from node import Peer
|
2018-10-04 16:11:56 +02:00
|
|
|
from proxy import GeneralProxyError, Proxy, ProxyError
|
|
|
|
|
2021-01-18 19:01:45 +01:00
|
|
|
logger = logging.getLogger('default')
|
|
|
|
|
2017-03-10 23:11:57 +01:00
|
|
|
|
2017-06-24 12:23:56 +02:00
|
|
|
class Socks5AuthError(ProxyError):
|
2018-07-17 13:28:56 +02:00
|
|
|
"""Rised when the socks5 protocol encounters an authentication error"""
|
|
|
|
errorCodes = (
|
|
|
|
"Succeeded",
|
|
|
|
"Authentication is required",
|
|
|
|
"All offered authentication methods were rejected",
|
|
|
|
"Unknown username or invalid password",
|
|
|
|
"Unknown error"
|
|
|
|
)
|
2017-06-24 12:23:56 +02:00
|
|
|
|
|
|
|
|
|
|
|
class Socks5Error(ProxyError):
|
2018-07-17 13:28:56 +02:00
|
|
|
"""Rised when socks5 protocol encounters an error"""
|
|
|
|
errorCodes = (
|
|
|
|
"Succeeded",
|
|
|
|
"General SOCKS server failure",
|
|
|
|
"Connection not allowed by ruleset",
|
|
|
|
"Network unreachable",
|
|
|
|
"Host unreachable",
|
|
|
|
"Connection refused",
|
|
|
|
"TTL expired",
|
|
|
|
"Command not supported",
|
|
|
|
"Address type not supported",
|
|
|
|
"Unknown error"
|
|
|
|
)
|
2017-03-10 23:11:57 +01:00
|
|
|
|
|
|
|
|
|
|
|
class Socks5(Proxy):
|
2018-10-04 16:11:56 +02:00
|
|
|
"""A socks5 proxy base class"""
|
2017-03-10 23:11:57 +01:00
|
|
|
def __init__(self, address=None):
|
|
|
|
Proxy.__init__(self, address)
|
|
|
|
self.ipaddr = None
|
|
|
|
self.destport = address[1]
|
|
|
|
|
|
|
|
def state_init(self):
|
2018-07-17 13:28:56 +02:00
|
|
|
"""Protocol initialization (before connection is established)"""
|
2017-03-10 23:11:57 +01:00
|
|
|
if self._auth:
|
2017-07-06 19:45:36 +02:00
|
|
|
self.append_write_buf(struct.pack('BBBB', 0x05, 0x02, 0x00, 0x02))
|
2017-03-10 23:11:57 +01:00
|
|
|
else:
|
2017-07-06 19:45:36 +02:00
|
|
|
self.append_write_buf(struct.pack('BBB', 0x05, 0x01, 0x00))
|
|
|
|
self.set_state("auth_1", length=0, expectBytes=2)
|
|
|
|
return True
|
2017-03-10 23:11:57 +01:00
|
|
|
|
|
|
|
def state_auth_1(self):
|
2018-10-04 16:11:56 +02:00
|
|
|
"""Perform authentication if peer is requesting it."""
|
2018-02-26 20:04:57 +01:00
|
|
|
ret = struct.unpack('BB', self.read_buf[:2])
|
2017-03-10 23:11:57 +01:00
|
|
|
if ret[0] != 5:
|
|
|
|
# general error
|
2017-06-24 12:23:56 +02:00
|
|
|
raise GeneralProxyError(1)
|
2017-03-10 23:11:57 +01:00
|
|
|
elif ret[1] == 0:
|
|
|
|
# no auth required
|
2017-07-06 19:45:36 +02:00
|
|
|
self.set_state("auth_done", length=2)
|
2017-03-10 23:11:57 +01:00
|
|
|
elif ret[1] == 2:
|
|
|
|
# username/password
|
2018-07-17 13:28:56 +02:00
|
|
|
self.append_write_buf(
|
2019-09-10 11:25:07 +02:00
|
|
|
struct.pack(
|
|
|
|
'BB', 1, len(self._auth[0])) + self._auth[0] + struct.pack(
|
|
|
|
'B', len(self._auth[1])) + self._auth[1])
|
2017-07-06 19:45:36 +02:00
|
|
|
self.set_state("auth_needed", length=2, expectBytes=2)
|
2017-03-10 23:11:57 +01:00
|
|
|
else:
|
|
|
|
if ret[1] == 0xff:
|
|
|
|
# auth error
|
2017-06-24 12:23:56 +02:00
|
|
|
raise Socks5AuthError(2)
|
2017-03-10 23:11:57 +01:00
|
|
|
else:
|
|
|
|
# other error
|
2017-06-24 12:23:56 +02:00
|
|
|
raise GeneralProxyError(1)
|
2017-07-06 19:45:36 +02:00
|
|
|
return True
|
2017-03-10 23:11:57 +01:00
|
|
|
|
|
|
|
def state_auth_needed(self):
|
2018-10-04 16:11:56 +02:00
|
|
|
"""Handle response to authentication attempt"""
|
2017-07-06 19:45:36 +02:00
|
|
|
ret = struct.unpack('BB', self.read_buf[0:2])
|
2017-03-10 23:11:57 +01:00
|
|
|
if ret[0] != 1:
|
|
|
|
# general error
|
2017-06-24 12:23:56 +02:00
|
|
|
raise GeneralProxyError(1)
|
2017-03-10 23:11:57 +01:00
|
|
|
if ret[1] != 0:
|
|
|
|
# auth error
|
2017-06-24 12:23:56 +02:00
|
|
|
raise Socks5AuthError(3)
|
2017-03-10 23:11:57 +01:00
|
|
|
# all ok
|
2017-07-06 19:45:36 +02:00
|
|
|
self.set_state("auth_done", length=2)
|
|
|
|
return True
|
2017-03-10 23:11:57 +01:00
|
|
|
|
|
|
|
def state_pre_connect(self):
|
2018-10-04 16:11:56 +02:00
|
|
|
"""Handle feedback from socks5 while it is connecting on our behalf."""
|
2017-03-10 23:11:57 +01:00
|
|
|
# Get the response
|
|
|
|
if self.read_buf[0:1] != chr(0x05).encode():
|
|
|
|
self.close()
|
2017-06-24 12:23:56 +02:00
|
|
|
raise GeneralProxyError(1)
|
2017-03-10 23:11:57 +01:00
|
|
|
elif self.read_buf[1:2] != chr(0x00).encode():
|
|
|
|
# Connection failed
|
|
|
|
self.close()
|
2018-10-04 16:11:56 +02:00
|
|
|
if ord(self.read_buf[1:2]) <= 8:
|
2017-06-24 12:23:56 +02:00
|
|
|
raise Socks5Error(ord(self.read_buf[1:2]))
|
2017-03-10 23:11:57 +01:00
|
|
|
else:
|
2017-06-24 12:23:56 +02:00
|
|
|
raise Socks5Error(9)
|
2017-03-10 23:11:57 +01:00
|
|
|
# Get the bound address/port
|
|
|
|
elif self.read_buf[3:4] == chr(0x01).encode():
|
2017-07-06 19:45:36 +02:00
|
|
|
self.set_state("proxy_addr_1", length=4, expectBytes=4)
|
2017-03-10 23:11:57 +01:00
|
|
|
elif self.read_buf[3:4] == chr(0x03).encode():
|
2017-07-06 19:45:36 +02:00
|
|
|
self.set_state("proxy_addr_2_1", length=4, expectBytes=1)
|
2017-03-10 23:11:57 +01:00
|
|
|
else:
|
|
|
|
self.close()
|
2017-06-24 12:23:56 +02:00
|
|
|
raise GeneralProxyError(1)
|
2017-07-06 19:45:36 +02:00
|
|
|
return True
|
2017-03-10 23:11:57 +01:00
|
|
|
|
|
|
|
def state_proxy_addr_1(self):
|
2018-10-04 16:11:56 +02:00
|
|
|
"""Handle IPv4 address returned for peer"""
|
2017-03-10 23:11:57 +01:00
|
|
|
self.boundaddr = self.read_buf[0:4]
|
2017-07-06 19:45:36 +02:00
|
|
|
self.set_state("proxy_port", length=4, expectBytes=2)
|
|
|
|
return True
|
2017-03-10 23:11:57 +01:00
|
|
|
|
|
|
|
def state_proxy_addr_2_1(self):
|
2018-10-04 16:11:56 +02:00
|
|
|
"""
|
2018-07-17 13:28:56 +02:00
|
|
|
Handle other addresses than IPv4 returned for peer
|
|
|
|
(e.g. IPv6, onion, ...). This is part 1 which retrieves the
|
2018-10-04 16:11:56 +02:00
|
|
|
length of the data.
|
|
|
|
"""
|
2017-03-10 23:11:57 +01:00
|
|
|
self.address_length = ord(self.read_buf[0:1])
|
2018-07-17 13:28:56 +02:00
|
|
|
self.set_state(
|
|
|
|
"proxy_addr_2_2", length=1, expectBytes=self.address_length)
|
2017-07-06 19:45:36 +02:00
|
|
|
return True
|
2017-03-10 23:11:57 +01:00
|
|
|
|
|
|
|
def state_proxy_addr_2_2(self):
|
2018-10-04 16:11:56 +02:00
|
|
|
"""
|
2018-07-17 13:28:56 +02:00
|
|
|
Handle other addresses than IPv4 returned for peer
|
|
|
|
(e.g. IPv6, onion, ...). This is part 2 which retrieves the data.
|
2018-10-04 16:11:56 +02:00
|
|
|
"""
|
2017-07-06 19:45:36 +02:00
|
|
|
self.boundaddr = self.read_buf[0:self.address_length]
|
|
|
|
self.set_state("proxy_port", length=self.address_length, expectBytes=2)
|
|
|
|
return True
|
2017-03-10 23:11:57 +01:00
|
|
|
|
|
|
|
def state_proxy_port(self):
|
2018-10-04 16:11:56 +02:00
|
|
|
"""Handle peer's port being returned."""
|
2017-03-10 23:11:57 +01:00
|
|
|
self.boundport = struct.unpack(">H", self.read_buf[0:2])[0]
|
|
|
|
self.__proxysockname = (self.boundaddr, self.boundport)
|
2017-06-24 12:23:56 +02:00
|
|
|
if self.ipaddr is not None:
|
2018-07-17 13:28:56 +02:00
|
|
|
self.__proxypeername = (
|
|
|
|
socket.inet_ntoa(self.ipaddr), self.destination[1])
|
2017-03-10 23:11:57 +01:00
|
|
|
else:
|
|
|
|
self.__proxypeername = (self.destination[0], self.destport)
|
2017-07-06 19:45:36 +02:00
|
|
|
self.set_state("proxy_handshake_done", length=2)
|
|
|
|
return True
|
2017-03-10 23:11:57 +01:00
|
|
|
|
|
|
|
def proxy_sock_name(self):
|
2019-12-19 12:24:53 +01:00
|
|
|
"""Handle return value when using SOCKS5
|
|
|
|
for DNS resolving instead of connecting."""
|
2017-06-24 12:23:56 +02:00
|
|
|
return socket.inet_ntoa(self.__proxysockname[0])
|
2017-03-10 23:11:57 +01:00
|
|
|
|
|
|
|
|
|
|
|
class Socks5Connection(Socks5):
|
2018-10-04 16:11:56 +02:00
|
|
|
"""Child socks5 class used for making outbound connections."""
|
2017-03-10 23:11:57 +01:00
|
|
|
def state_auth_done(self):
|
2018-10-04 16:11:56 +02:00
|
|
|
"""Request connection to be made"""
|
2017-03-10 23:11:57 +01:00
|
|
|
# Now we can request the actual connection
|
2017-07-06 19:45:36 +02:00
|
|
|
self.append_write_buf(struct.pack('BBB', 0x05, 0x01, 0x00))
|
2017-03-10 23:11:57 +01:00
|
|
|
# If the given destination address is an IP address, we'll
|
|
|
|
# use the IPv4 address request even if remote resolving was specified.
|
|
|
|
try:
|
|
|
|
self.ipaddr = socket.inet_aton(self.destination[0])
|
2017-07-06 19:45:36 +02:00
|
|
|
self.append_write_buf(chr(0x01).encode() + self.ipaddr)
|
2019-07-12 17:19:06 +02:00
|
|
|
except socket.error: # may be IPv6!
|
2017-03-10 23:11:57 +01:00
|
|
|
# Well it's not an IP number, so it's probably a DNS name.
|
2019-07-12 17:19:06 +02:00
|
|
|
if self._remote_dns:
|
2017-03-10 23:11:57 +01:00
|
|
|
# Resolve remotely
|
|
|
|
self.ipaddr = None
|
2019-09-10 11:25:07 +02:00
|
|
|
self.append_write_buf(chr(0x03).encode() + chr(
|
|
|
|
len(self.destination[0])).encode() + self.destination[0])
|
2017-03-10 23:11:57 +01:00
|
|
|
else:
|
|
|
|
# Resolve locally
|
2018-07-17 13:28:56 +02:00
|
|
|
self.ipaddr = socket.inet_aton(
|
|
|
|
socket.gethostbyname(self.destination[0]))
|
2017-07-06 19:45:36 +02:00
|
|
|
self.append_write_buf(chr(0x01).encode() + self.ipaddr)
|
|
|
|
self.append_write_buf(struct.pack(">H", self.destination[1]))
|
|
|
|
self.set_state("pre_connect", length=0, expectBytes=4)
|
|
|
|
return True
|
2017-03-10 23:11:57 +01:00
|
|
|
|
2017-07-05 09:07:00 +02:00
|
|
|
def state_pre_connect(self):
|
2018-10-04 16:11:56 +02:00
|
|
|
"""Tell socks5 to initiate a connection"""
|
2017-07-05 09:07:00 +02:00
|
|
|
try:
|
2017-07-06 19:45:36 +02:00
|
|
|
return Socks5.state_pre_connect(self)
|
2017-07-05 09:07:00 +02:00
|
|
|
except Socks5Error as e:
|
2017-10-19 09:08:05 +02:00
|
|
|
self.close_reason = e.message
|
|
|
|
self.set_state("close")
|
2017-07-05 09:07:00 +02:00
|
|
|
|
2017-03-10 23:11:57 +01:00
|
|
|
|
|
|
|
class Socks5Resolver(Socks5):
|
2018-10-04 16:11:56 +02:00
|
|
|
"""DNS resolver class using socks5"""
|
2017-03-10 23:11:57 +01:00
|
|
|
def __init__(self, host):
|
|
|
|
self.host = host
|
|
|
|
self.port = 8444
|
2019-11-03 16:11:52 +01:00
|
|
|
Socks5.__init__(self, address=Peer(self.host, self.port))
|
2017-03-10 23:11:57 +01:00
|
|
|
|
|
|
|
def state_auth_done(self):
|
2018-10-04 16:11:56 +02:00
|
|
|
"""Perform resolving"""
|
2017-03-10 23:11:57 +01:00
|
|
|
# Now we can request the actual connection
|
2017-07-06 19:45:36 +02:00
|
|
|
self.append_write_buf(struct.pack('BBB', 0x05, 0xF0, 0x00))
|
2019-09-10 11:25:07 +02:00
|
|
|
self.append_write_buf(chr(0x03).encode() + chr(
|
|
|
|
len(self.host)).encode() + str(self.host))
|
2017-07-06 19:45:36 +02:00
|
|
|
self.append_write_buf(struct.pack(">H", self.port))
|
|
|
|
self.set_state("pre_connect", length=0, expectBytes=4)
|
|
|
|
return True
|
2017-03-10 23:11:57 +01:00
|
|
|
|
|
|
|
def resolved(self):
|
2018-10-04 16:11:56 +02:00
|
|
|
"""
|
2018-07-17 13:28:56 +02:00
|
|
|
Resolving is done, process the return value.
|
|
|
|
To use this within PyBitmessage, a callback needs to be
|
2018-10-04 16:11:56 +02:00
|
|
|
implemented which hasn't been done yet.
|
|
|
|
"""
|
2021-01-18 19:01:45 +01:00
|
|
|
logger.debug(
|
|
|
|
'Resolved %s as %s', self.host, self.proxy_sock_name())
|