Source file src/net/http/socks_bundle.go

     1  // Code generated by golang.org/x/tools/cmd/bundle. DO NOT EDIT.
     2  //go:generate bundle -o socks_bundle.go -prefix socks golang.org/x/net/internal/socks
     3  
     4  // Package socks provides a SOCKS version 5 client implementation.
     5  //
     6  // SOCKS protocol version 5 is defined in RFC 1928.
     7  // Username/Password authentication for SOCKS version 5 is defined in
     8  // RFC 1929.
     9  //
    10  
    11  package http
    12  
    13  import (
    14  	"context"
    15  	"errors"
    16  	"io"
    17  	"net"
    18  	"strconv"
    19  	"time"
    20  )
    21  
    22  var (
    23  	socksnoDeadline   = time.Time{}
    24  	socksaLongTimeAgo = time.Unix(1, 0)
    25  )
    26  
    27  func (d *socksDialer) connect(ctx context.Context, c net.Conn, address string) (_ net.Addr, ctxErr error) {
    28  	host, port, err := sockssplitHostPort(address)
    29  	if err != nil {
    30  		return nil, err
    31  	}
    32  	if deadline, ok := ctx.Deadline(); ok && !deadline.IsZero() {
    33  		c.SetDeadline(deadline)
    34  		defer c.SetDeadline(socksnoDeadline)
    35  	}
    36  	if ctx != context.Background() {
    37  		errCh := make(chan error, 1)
    38  		done := make(chan struct{})
    39  		defer func() {
    40  			close(done)
    41  			if ctxErr == nil {
    42  				ctxErr = <-errCh
    43  			}
    44  		}()
    45  		go func() {
    46  			select {
    47  			case <-ctx.Done():
    48  				c.SetDeadline(socksaLongTimeAgo)
    49  				errCh <- ctx.Err()
    50  			case <-done:
    51  				errCh <- nil
    52  			}
    53  		}()
    54  	}
    55  
    56  	b := make([]byte, 0, 6+len(host)) // the size here is just an estimate
    57  	b = append(b, socksVersion5)
    58  	if len(d.AuthMethods) == 0 || d.Authenticate == nil {
    59  		b = append(b, 1, byte(socksAuthMethodNotRequired))
    60  	} else {
    61  		ams := d.AuthMethods
    62  		if len(ams) > 255 {
    63  			return nil, errors.New("too many authentication methods")
    64  		}
    65  		b = append(b, byte(len(ams)))
    66  		for _, am := range ams {
    67  			b = append(b, byte(am))
    68  		}
    69  	}
    70  	if _, ctxErr = c.Write(b); ctxErr != nil {
    71  		return
    72  	}
    73  
    74  	if _, ctxErr = io.ReadFull(c, b[:2]); ctxErr != nil {
    75  		return
    76  	}
    77  	if b[0] != socksVersion5 {
    78  		return nil, errors.New("unexpected protocol version " + strconv.Itoa(int(b[0])))
    79  	}
    80  	am := socksAuthMethod(b[1])
    81  	if am == socksAuthMethodNoAcceptableMethods {
    82  		return nil, errors.New("no acceptable authentication methods")
    83  	}
    84  	if d.Authenticate != nil {
    85  		if ctxErr = d.Authenticate(ctx, c, am); ctxErr != nil {
    86  			return
    87  		}
    88  	}
    89  
    90  	b = b[:0]
    91  	b = append(b, socksVersion5, byte(d.cmd), 0)
    92  	if ip := net.ParseIP(host); ip != nil {
    93  		if ip4 := ip.To4(); ip4 != nil {
    94  			b = append(b, socksAddrTypeIPv4)
    95  			b = append(b, ip4...)
    96  		} else if ip6 := ip.To16(); ip6 != nil {
    97  			b = append(b, socksAddrTypeIPv6)
    98  			b = append(b, ip6...)
    99  		} else {
   100  			return nil, errors.New("unknown address type")
   101  		}
   102  	} else {
   103  		if len(host) > 255 {
   104  			return nil, errors.New("FQDN too long")
   105  		}
   106  		b = append(b, socksAddrTypeFQDN)
   107  		b = append(b, byte(len(host)))
   108  		b = append(b, host...)
   109  	}
   110  	b = append(b, byte(port>>8), byte(port))
   111  	if _, ctxErr = c.Write(b); ctxErr != nil {
   112  		return
   113  	}
   114  
   115  	if _, ctxErr = io.ReadFull(c, b[:4]); ctxErr != nil {
   116  		return
   117  	}
   118  	if b[0] != socksVersion5 {
   119  		return nil, errors.New("unexpected protocol version " + strconv.Itoa(int(b[0])))
   120  	}
   121  	if cmdErr := socksReply(b[1]); cmdErr != socksStatusSucceeded {
   122  		return nil, errors.New("unknown error " + cmdErr.String())
   123  	}
   124  	if b[2] != 0 {
   125  		return nil, errors.New("non-zero reserved field")
   126  	}
   127  	l := 2
   128  	var a socksAddr
   129  	switch b[3] {
   130  	case socksAddrTypeIPv4:
   131  		l += net.IPv4len
   132  		a.IP = make(net.IP, net.IPv4len)
   133  	case socksAddrTypeIPv6:
   134  		l += net.IPv6len
   135  		a.IP = make(net.IP, net.IPv6len)
   136  	case socksAddrTypeFQDN:
   137  		if _, err := io.ReadFull(c, b[:1]); err != nil {
   138  			return nil, err
   139  		}
   140  		l += int(b[0])
   141  	default:
   142  		return nil, errors.New("unknown address type " + strconv.Itoa(int(b[3])))
   143  	}
   144  	if cap(b) < l {
   145  		b = make([]byte, l)
   146  	} else {
   147  		b = b[:l]
   148  	}
   149  	if _, ctxErr = io.ReadFull(c, b); ctxErr != nil {
   150  		return
   151  	}
   152  	if a.IP != nil {
   153  		copy(a.IP, b)
   154  	} else {
   155  		a.Name = string(b[:len(b)-2])
   156  	}
   157  	a.Port = int(b[len(b)-2])<<8 | int(b[len(b)-1])
   158  	return &a, nil
   159  }
   160  
   161  func sockssplitHostPort(address string) (string, int, error) {
   162  	host, port, err := net.SplitHostPort(address)
   163  	if err != nil {
   164  		return "", 0, err
   165  	}
   166  	portnum, err := strconv.Atoi(port)
   167  	if err != nil {
   168  		return "", 0, err
   169  	}
   170  	if 1 > portnum || portnum > 0xffff {
   171  		return "", 0, errors.New("port number out of range " + port)
   172  	}
   173  	return host, portnum, nil
   174  }
   175  
   176  // A Command represents a SOCKS command.
   177  type socksCommand int
   178  
   179  func (cmd socksCommand) String() string {
   180  	switch cmd {
   181  	case socksCmdConnect:
   182  		return "socks connect"
   183  	case sockscmdBind:
   184  		return "socks bind"
   185  	default:
   186  		return "socks " + strconv.Itoa(int(cmd))
   187  	}
   188  }
   189  
   190  // An AuthMethod represents a SOCKS authentication method.
   191  type socksAuthMethod int
   192  
   193  // A Reply represents a SOCKS command reply code.
   194  type socksReply int
   195  
   196  func (code socksReply) String() string {
   197  	switch code {
   198  	case socksStatusSucceeded:
   199  		return "succeeded"
   200  	case 0x01:
   201  		return "general SOCKS server failure"
   202  	case 0x02:
   203  		return "connection not allowed by ruleset"
   204  	case 0x03:
   205  		return "network unreachable"
   206  	case 0x04:
   207  		return "host unreachable"
   208  	case 0x05:
   209  		return "connection refused"
   210  	case 0x06:
   211  		return "TTL expired"
   212  	case 0x07:
   213  		return "command not supported"
   214  	case 0x08:
   215  		return "address type not supported"
   216  	default:
   217  		return "unknown code: " + strconv.Itoa(int(code))
   218  	}
   219  }
   220  
   221  // Wire protocol constants.
   222  const (
   223  	socksVersion5 = 0x05
   224  
   225  	socksAddrTypeIPv4 = 0x01
   226  	socksAddrTypeFQDN = 0x03
   227  	socksAddrTypeIPv6 = 0x04
   228  
   229  	socksCmdConnect socksCommand = 0x01 // establishes an active-open forward proxy connection
   230  	sockscmdBind    socksCommand = 0x02 // establishes a passive-open forward proxy connection
   231  
   232  	socksAuthMethodNotRequired         socksAuthMethod = 0x00 // no authentication required
   233  	socksAuthMethodUsernamePassword    socksAuthMethod = 0x02 // use username/password
   234  	socksAuthMethodNoAcceptableMethods socksAuthMethod = 0xff // no acceptable authentication methods
   235  
   236  	socksStatusSucceeded socksReply = 0x00
   237  )
   238  
   239  // An Addr represents a SOCKS-specific address.
   240  // Either Name or IP is used exclusively.
   241  type socksAddr struct {
   242  	Name string // fully-qualified domain name
   243  	IP   net.IP
   244  	Port int
   245  }
   246  
   247  func (a *socksAddr) Network() string { return "socks" }
   248  
   249  func (a *socksAddr) String() string {
   250  	if a == nil {
   251  		return "<nil>"
   252  	}
   253  	port := strconv.Itoa(a.Port)
   254  	if a.IP == nil {
   255  		return net.JoinHostPort(a.Name, port)
   256  	}
   257  	return net.JoinHostPort(a.IP.String(), port)
   258  }
   259  
   260  // A Conn represents a forward proxy connection.
   261  type socksConn struct {
   262  	net.Conn
   263  
   264  	boundAddr net.Addr
   265  }
   266  
   267  // BoundAddr returns the address assigned by the proxy server for
   268  // connecting to the command target address from the proxy server.
   269  func (c *socksConn) BoundAddr() net.Addr {
   270  	if c == nil {
   271  		return nil
   272  	}
   273  	return c.boundAddr
   274  }
   275  
   276  // A Dialer holds SOCKS-specific options.
   277  type socksDialer struct {
   278  	cmd          socksCommand // either CmdConnect or cmdBind
   279  	proxyNetwork string       // network between a proxy server and a client
   280  	proxyAddress string       // proxy server address
   281  
   282  	// ProxyDial specifies the optional dial function for
   283  	// establishing the transport connection.
   284  	ProxyDial func(context.Context, string, string) (net.Conn, error)
   285  
   286  	// AuthMethods specifies the list of request authentication
   287  	// methods.
   288  	// If empty, SOCKS client requests only AuthMethodNotRequired.
   289  	AuthMethods []socksAuthMethod
   290  
   291  	// Authenticate specifies the optional authentication
   292  	// function. It must be non-nil when AuthMethods is not empty.
   293  	// It must return an error when the authentication is failed.
   294  	Authenticate func(context.Context, io.ReadWriter, socksAuthMethod) error
   295  }
   296  
   297  // DialContext connects to the provided address on the provided
   298  // network.
   299  //
   300  // The returned error value may be a net.OpError. When the Op field of
   301  // net.OpError contains "socks", the Source field contains a proxy
   302  // server address and the Addr field contains a command target
   303  // address.
   304  //
   305  // See func Dial of the net package of standard library for a
   306  // description of the network and address parameters.
   307  func (d *socksDialer) DialContext(ctx context.Context, network, address string) (net.Conn, error) {
   308  	if err := d.validateTarget(network, address); err != nil {
   309  		proxy, dst, _ := d.pathAddrs(address)
   310  		return nil, &net.OpError{Op: d.cmd.String(), Net: network, Source: proxy, Addr: dst, Err: err}
   311  	}
   312  	if ctx == nil {
   313  		proxy, dst, _ := d.pathAddrs(address)
   314  		return nil, &net.OpError{Op: d.cmd.String(), Net: network, Source: proxy, Addr: dst, Err: errors.New("nil context")}
   315  	}
   316  	var err error
   317  	var c net.Conn
   318  	if d.ProxyDial != nil {
   319  		c, err = d.ProxyDial(ctx, d.proxyNetwork, d.proxyAddress)
   320  	} else {
   321  		var dd net.Dialer
   322  		c, err = dd.DialContext(ctx, d.proxyNetwork, d.proxyAddress)
   323  	}
   324  	if err != nil {
   325  		proxy, dst, _ := d.pathAddrs(address)
   326  		return nil, &net.OpError{Op: d.cmd.String(), Net: network, Source: proxy, Addr: dst, Err: err}
   327  	}
   328  	a, err := d.connect(ctx, c, address)
   329  	if err != nil {
   330  		c.Close()
   331  		proxy, dst, _ := d.pathAddrs(address)
   332  		return nil, &net.OpError{Op: d.cmd.String(), Net: network, Source: proxy, Addr: dst, Err: err}
   333  	}
   334  	return &socksConn{Conn: c, boundAddr: a}, nil
   335  }
   336  
   337  // DialWithConn initiates a connection from SOCKS server to the target
   338  // network and address using the connection c that is already
   339  // connected to the SOCKS server.
   340  //
   341  // It returns the connection's local address assigned by the SOCKS
   342  // server.
   343  func (d *socksDialer) DialWithConn(ctx context.Context, c net.Conn, network, address string) (net.Addr, error) {
   344  	if err := d.validateTarget(network, address); err != nil {
   345  		proxy, dst, _ := d.pathAddrs(address)
   346  		return nil, &net.OpError{Op: d.cmd.String(), Net: network, Source: proxy, Addr: dst, Err: err}
   347  	}
   348  	if ctx == nil {
   349  		proxy, dst, _ := d.pathAddrs(address)
   350  		return nil, &net.OpError{Op: d.cmd.String(), Net: network, Source: proxy, Addr: dst, Err: errors.New("nil context")}
   351  	}
   352  	a, err := d.connect(ctx, c, address)
   353  	if err != nil {
   354  		proxy, dst, _ := d.pathAddrs(address)
   355  		return nil, &net.OpError{Op: d.cmd.String(), Net: network, Source: proxy, Addr: dst, Err: err}
   356  	}
   357  	return a, nil
   358  }
   359  
   360  // Dial connects to the provided address on the provided network.
   361  //
   362  // Unlike DialContext, it returns a raw transport connection instead
   363  // of a forward proxy connection.
   364  //
   365  // Deprecated: Use DialContext or DialWithConn instead.
   366  func (d *socksDialer) Dial(network, address string) (net.Conn, error) {
   367  	if err := d.validateTarget(network, address); err != nil {
   368  		proxy, dst, _ := d.pathAddrs(address)
   369  		return nil, &net.OpError{Op: d.cmd.String(), Net: network, Source: proxy, Addr: dst, Err: err}
   370  	}
   371  	var err error
   372  	var c net.Conn
   373  	if d.ProxyDial != nil {
   374  		c, err = d.ProxyDial(context.Background(), d.proxyNetwork, d.proxyAddress)
   375  	} else {
   376  		c, err = net.Dial(d.proxyNetwork, d.proxyAddress)
   377  	}
   378  	if err != nil {
   379  		proxy, dst, _ := d.pathAddrs(address)
   380  		return nil, &net.OpError{Op: d.cmd.String(), Net: network, Source: proxy, Addr: dst, Err: err}
   381  	}
   382  	if _, err := d.DialWithConn(context.Background(), c, network, address); err != nil {
   383  		c.Close()
   384  		return nil, err
   385  	}
   386  	return c, nil
   387  }
   388  
   389  func (d *socksDialer) validateTarget(network, address string) error {
   390  	switch network {
   391  	case "tcp", "tcp6", "tcp4":
   392  	default:
   393  		return errors.New("network not implemented")
   394  	}
   395  	switch d.cmd {
   396  	case socksCmdConnect, sockscmdBind:
   397  	default:
   398  		return errors.New("command not implemented")
   399  	}
   400  	return nil
   401  }
   402  
   403  func (d *socksDialer) pathAddrs(address string) (proxy, dst net.Addr, err error) {
   404  	for i, s := range []string{d.proxyAddress, address} {
   405  		host, port, err := sockssplitHostPort(s)
   406  		if err != nil {
   407  			return nil, nil, err
   408  		}
   409  		a := &socksAddr{Port: port}
   410  		a.IP = net.ParseIP(host)
   411  		if a.IP == nil {
   412  			a.Name = host
   413  		}
   414  		if i == 0 {
   415  			proxy = a
   416  		} else {
   417  			dst = a
   418  		}
   419  	}
   420  	return
   421  }
   422  
   423  // NewDialer returns a new Dialer that dials through the provided
   424  // proxy server's network and address.
   425  func socksNewDialer(network, address string) *socksDialer {
   426  	return &socksDialer{proxyNetwork: network, proxyAddress: address, cmd: socksCmdConnect}
   427  }
   428  
   429  const (
   430  	socksauthUsernamePasswordVersion = 0x01
   431  	socksauthStatusSucceeded         = 0x00
   432  )
   433  
   434  // UsernamePassword are the credentials for the username/password
   435  // authentication method.
   436  type socksUsernamePassword struct {
   437  	Username string
   438  	Password string
   439  }
   440  
   441  // Authenticate authenticates a pair of username and password with the
   442  // proxy server.
   443  func (up *socksUsernamePassword) Authenticate(ctx context.Context, rw io.ReadWriter, auth socksAuthMethod) error {
   444  	switch auth {
   445  	case socksAuthMethodNotRequired:
   446  		return nil
   447  	case socksAuthMethodUsernamePassword:
   448  		if len(up.Username) == 0 || len(up.Username) > 255 || len(up.Password) > 255 {
   449  			return errors.New("invalid username/password")
   450  		}
   451  		b := []byte{socksauthUsernamePasswordVersion}
   452  		b = append(b, byte(len(up.Username)))
   453  		b = append(b, up.Username...)
   454  		b = append(b, byte(len(up.Password)))
   455  		b = append(b, up.Password...)
   456  		// TODO(mikio): handle IO deadlines and cancelation if
   457  		// necessary
   458  		if _, err := rw.Write(b); err != nil {
   459  			return err
   460  		}
   461  		if _, err := io.ReadFull(rw, b[:2]); err != nil {
   462  			return err
   463  		}
   464  		if b[0] != socksauthUsernamePasswordVersion {
   465  			return errors.New("invalid username/password version")
   466  		}
   467  		if b[1] != socksauthStatusSucceeded {
   468  			return errors.New("username/password authentication failed")
   469  		}
   470  		return nil
   471  	}
   472  	return errors.New("unsupported authentication method " + strconv.Itoa(int(auth)))
   473  }
   474  

View as plain text