# -*- coding:utf-8 -*- ## src/common/socks5.py ## ## Copyright (C) 2005-2006 Dimitur Kirov ## Nikos Kouremenos ## Copyright (C) 2005-2014 Yann Leboulanger ## Copyright (C) 2006-2008 Jean-Marie Traissard ## Copyright (C) 2008 Jonathan Schleifer ## ## This file is part of Gajim. ## ## Gajim is free software; you can redistribute it and/or modify ## it under the terms of the GNU General Public License as published ## by the Free Software Foundation; version 3 only. ## ## Gajim is distributed in the hope that it will be useful, ## but WITHOUT ANY WARRANTY; without even the implied warranty of ## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ## GNU General Public License for more details. ## ## You should have received a copy of the GNU General Public License ## along with Gajim. If not, see . ## import socket import struct import hashlib import os import time from errno import EWOULDBLOCK from errno import ENOBUFS from errno import EINTR from errno import EISCONN from errno import EINPROGRESS from errno import EAFNOSUPPORT from nbxmpp.idlequeue import IdleObject from common.file_props import FilesProp from common import gajim from common import jingle_xtls if jingle_xtls.PYOPENSSL_PRESENT: import OpenSSL import logging log = logging.getLogger('gajim.c.socks5') MAX_BUFF_LEN = 65536 # after foo seconds without activity label transfer as 'stalled' STALLED_TIMEOUT = 10 # after foo seconds of waiting to connect, disconnect from # streamhost and try next one CONNECT_TIMEOUT = 30 # nothing received for the last foo seconds - stop transfer # if it is 0, then transfer will wait forever READ_TIMEOUT = 180 # nothing sent for the last foo seconds - stop transfer # if it is 0, then transfer will wait forever SEND_TIMEOUT = 180 class SocksQueue: """ Queue for all file requests objects """ def __init__(self, idlequeue, complete_transfer_cb=None, progress_transfer_cb=None, error_cb=None): self.connected = 0 self.readers = {} self.senders = {} self.idx = 1 self.listener = None self.sha_handlers = {} # handle all io events in the global idle queue, instead of processing # each foo seconds self.idlequeue = idlequeue self.complete_transfer_cb = complete_transfer_cb self.progress_transfer_cb = progress_transfer_cb self.error_cb = error_cb self.on_success = {} # {id: cb} self.on_failure = {} # {id: cb} def start_listener(self, port, sha_str, sha_handler, file_props, fingerprint=None, typ='sender'): """ Start waiting for incomming connections on (host, port) and do a socks5 authentication using sid for generated SHA """ log.debug('Start listening for socks5 connection') sid = file_props.sid self.sha_handlers[sha_str] = (sha_handler, sid) if self.listener is None or self.listener.connections == []: self.listener = Socks5Listener(self.idlequeue, port, file_props, fingerprint=fingerprint) self.listener.queue = self self.listener.bind() else: # There is already a listener, we update the file's information # on the new connection. self.listener.file_props = file_props self.connected += 1 return self.listener def send_success_reply(self, file_props, streamhost): if file_props.streamhost_used == True: for proxy in file_props.proxyhosts: if proxy['host'] == streamhost['host']: self.on_success[file_props.sid](proxy) return 1 return 0 for host in file_props.streamhosts: if streamhost['state'] == 1: return 0 streamhost['state'] = 1 self.on_success[file_props.sid](streamhost) return 1 def connect_to_hosts(self, account, sid, on_success=None, on_failure=None, fingerprint=None, receiving=True): self.on_success[sid] = on_success self.on_failure[sid] = on_failure file_props = FilesProp.getFileProp(account, sid) file_props.failure_cb = on_failure streamhosts_to_test = [] # Remove local IPs to not connect to ourself for streamhost in file_props.streamhosts: if streamhost['host'] == '127.0.0.1' or streamhost['host'] == '::1': continue streamhosts_to_test.append(streamhost) if not streamhosts_to_test: on_failure(file_props.sid) # add streamhosts to the queue for streamhost in streamhosts_to_test: if 'type' in streamhost and streamhost['type'] == 'proxy': fp = None else: fp = fingerprint if receiving: log.debug('Trying to connect as receiver to cid ' + streamhost['cid']) file_props.type_ = 'r' socks5obj = Socks5ReceiverClient(self.idlequeue, streamhost, sid, file_props, fingerprint=fp) self.add_sockobj(account, socks5obj) else: log.debug('Trying to connect as sender to cid' + streamhost['cid']) if file_props.sha_str: idx = file_props.sha_str else: idx = self.idx self.idx = self.idx + 1 file_props.type_ = 's' if 'type' in streamhost and streamhost['type'] == 'proxy': file_props.is_a_proxy = True file_props.proxy_sender = streamhost['target'] file_props.proxy_receiver = streamhost['initiator'] socks5obj = Socks5SenderClient(self.idlequeue, idx, self, _sock=None,host=str(streamhost['host']), port=int(streamhost['port']),fingerprint=fp, connected=False, file_props=file_props, initiator=streamhost['initiator'], target=streamhost['target']) socks5obj.streamhost = streamhost self.add_sockobj(account, socks5obj) streamhost['idx'] = socks5obj.queue_idx def _socket_connected(self, streamhost, file_props): """ Called when there is a host connected to one of the senders's streamhosts. Stop other attempts for connections """ log.debug('Connected to cid ' + streamhost['cid']) for host in file_props.streamhosts: if host != streamhost and 'idx' in host: if host['state'] == 1: # remove current if file_props.type_ == 's': self.remove_sender(streamhost['idx'], False) else: self.remove_receiver(streamhost['idx']) return # set state -2, meaning that this streamhost is stopped, # but it may be connectected later if host['state'] >= 0: if file_props.type_ == 's': self.remove_sender(host['idx'], False) else: self.remove_receiver(host['idx']) host['idx'] = -1 host['state'] = -2 def reconnect_client(self, client, streamhost): """ Check the state of all streamhosts and if all has failed, then emit connection failure cb. If there are some which are still not connected try to establish connection to one of them """ self.idlequeue.remove_timeout(client.fd) self.idlequeue.unplug_idle(client.fd) file_props = client.file_props streamhost['state'] = -1 # boolean, indicates that there are hosts, which are not tested yet unused_hosts = False for host in file_props.streamhosts: if 'idx' in host: if host['state'] >= 0: return elif host['state'] == -2: unused_hosts = True if unused_hosts: for host in file_props.streamhosts: if host['state'] == -2: host['state'] = 0 # FIXME: make the sender reconnect also client = Socks5ReceiverClient(self.idlequeue, host, host['sid'], file_props) self.add_sockobj(client.account, client) host['idx'] = client.queue_idx # we still have chances to connect return if file_props.received_len == 0: # there are no other streamhosts and transfer hasn't started self._connection_refused(streamhost, file_props, client.queue_idx) else: # transfer stopped, it is most likely stopped from sender client.disconnect() file_props.error = -1 self.process_result(-1, client) def _connection_refused(self, streamhost, file_props, idx): """ Called when we loose connection during transfer """ log.debug('Connection refused to cid ' + streamhost['cid']) if file_props is None: return streamhost['state'] = -1 # FIXME: should only the receiver be remove? what if we are sending? self.remove_receiver(idx, False) for host in file_props.streamhosts: if host['state'] != -1: return self.readers = {} # failure_cb exists - this means that it has never been called if file_props.failure_cb: file_props.failure_cb(file_props.sid) file_props.failure_cb = None def add_sockobj(self, account, sockobj): """ Add new file a sockobj type receiver or sender, and use it to connect to server """ if sockobj.file_props.type_ == 'r': self._add(sockobj, self.readers, sockobj.file_props, self.idx) else: self._add(sockobj, self.senders, sockobj.file_props, self.idx) sockobj.queue_idx = self.idx sockobj.queue = self sockobj.account = account self.idx += 1 result = sockobj.connect() self.connected += 1 if result is not None: result = sockobj.main() self.process_result(result, sockobj) return 1 return None def _add(self, sockobj, sockobjects, file_props, hash_): ''' Adds the sockobj to the current list of sockobjects ''' keys = (file_props.sid, file_props.name, hash_) sockobjects[keys] = sockobj def result_sha(self, sha_str, idx): if sha_str in self.sha_handlers: props = self.sha_handlers[sha_str] props[0](props[1], idx) def activate_proxy(self, idx): if not self.isHashInSockObjs(self.senders, idx): return for key in self.senders.keys(): if idx in key: sender = self.senders[key] if sender.file_props.type_ != 's': return sender.state = 6 if sender.connected: sender.file_props.error = 0 sender.file_props.disconnect_cb = sender.disconnect sender.file_props.started = True sender.file_props.completed = False sender.file_props.paused = False sender.file_props.stalled = False sender.file_props.elapsed_time = 0 sender.file_props.last_time = time.time() sender.file_props.received_len = 0 sender.pauses = 0 # start sending file to proxy self.idlequeue.set_read_timeout(sender.fd, STALLED_TIMEOUT) self.idlequeue.plug_idle(sender, True, False) result = sender.write_next() self.process_result(result, sender) def send_file(self, file_props, account, mode): for key in self.senders.keys(): if self.senders == {}: # Python acts very weird with this. When there is no keys # in the dictionary It says that it has a key. # Maybe it is my machine. Without this there is a KeyError # traceback. return if file_props.name in key and file_props.sid in key \ and self.senders[key].mode == mode: log.info('socks5: sending file') sender = self.senders[key] file_props.streamhost_used = True sender.account = account sender.file_props = file_props result = sender.send_file() self.process_result(result, sender) def isHashInSockObjs(self, sockobjs, hash): ''' It tells wether there is a particular hash in sockobjs or not ''' for key in sockobjs: if hash in key: return True return False def on_connection_accepted(self, sock, listener): sock_hash = sock.__hash__() if listener.file_props.type_ == 's' and \ not self.isHashInSockObjs(self.senders, sock_hash): sockobj = Socks5SenderServer(self.idlequeue, sock_hash, self, sock[0], sock[1][0], sock[1][1], fingerprint=None, file_props=listener.file_props) self._add(sockobj, self.senders, listener.file_props, sock_hash) # Start waiting for data self.idlequeue.plug_idle(sockobj, False, True) self.connected += 1 if listener.file_props.type_ == 'r' and \ not self.isHashInSockObjs(self.readers, sock_hash): sh = {} sh['host'] = sock[1][0] sh['port'] = sock[1][1] sh['initiator'] = None sh['target'] = None sockobj = Socks5ReceiverServer(idlequeue=self.idlequeue, streamhost=sh,sid=None, file_props=listener.file_props, fingerprint=None) self._add(sockobj, self.readers, listener.file_props, sock_hash) sockobj.set_sock(sock[0]) sockobj.queue = self self.connected += 1 def process_result(self, result, actor): """ Take appropriate actions upon the result: [ 0, - 1 ] complete/end transfer [ > 0 ] send progress message [ None ] do nothing """ if result is None: return if result in (0, -1) and self.complete_transfer_cb is not None: account = actor.account if account is None and actor.file_props.tt_account: account = actor.file_props.tt_account self.complete_transfer_cb(account, actor.file_props) elif self.progress_transfer_cb is not None: self.progress_transfer_cb(actor.account, actor.file_props) def remove_receiver_by_key(self, key, do_disconnect=True): reader = self.readers[key] self.idlequeue.unplug_idle(reader.fd) self.idlequeue.remove_timeout(reader.fd) if do_disconnect: reader.disconnect() else: if reader.streamhost is not None: reader.streamhost['state'] = -1 del(self.readers[key]) def remove_sender_by_key(self, key, do_disconnect=True): sender = self.senders[key] if do_disconnect: sender.disconnect() else: self.idlequeue.unplug_idle(sender.fd) self.idlequeue.remove_timeout(sender.fd) del(self.senders[key]) if self.connected > 0: self.connected -= 1 def remove_receiver(self, idx, do_disconnect=True, remove_all=False): """ Remove reciver from the list and decrease the number of active connections with 1 """ if idx != -1: for key in list(self.readers.keys()): if idx in key: self.remove_receiver_by_key(key, do_disconnect=do_disconnect) if not remove_all: break def remove_sender(self, idx, do_disconnect=True, remove_all=False): """ Remove sender from the list of senders and decrease the number of active connections with 1 """ if idx != -1: for key in self.senders.keys(): if idx in key: self.remove_sender_by_key(key, do_disconnect=do_disconnect) if not remove_all: break if len(self.senders) == 0 and self.listener is not None: self.listener.disconnect() self.listener = None self.connected -= 1 def remove_by_mode(self, sid, mode, do_disconnect=True): for (key, sock) in self.senders.copy().items(): if key[0] == sid and sock.mode == mode: self.remove_sender_by_key(key) for (key, sock) in self.readers.copy().items(): if key[0] == sid and sock.mode == mode: self.remove_receiver_by_key(key) def remove_server(self, sid, do_disconnect=True): self.remove_by_mode(sid, 'server') def remove_client(self, sid, do_disconnect=True): self.remove_by_mode(sid, 'client') class Socks5(object): def __init__(self, idlequeue, host, port, initiator, target, sid): if host is not None: try: self.host = host self.ais = socket.getaddrinfo(host, port, socket.AF_UNSPEC, socket.SOCK_STREAM) except socket.gaierror: self.ais = None self.idlequeue = idlequeue self.fd = -1 self.port = port self.initiator = initiator self.target = target self.sid = sid self._sock = None self.account = None self.state = 0 # not connected self.pauses = 0 self.size = 0 self.remaining_buff = b'' self.file = None self.connected = False self.mode = '' self.ssl_cert = None self.ssl_errnum = 0 def _is_connected(self): if self.state < 5: return False return True def ssl_verify_cb(self, ssl_conn, cert, error_num, depth, return_code): if depth == 0: self.ssl_cert = cert self.ssl_errnum = error_num return True def connect(self): """ Create the socket and plug it to the idlequeue """ if self.ais is None: return None for ai in self.ais: try: self._sock = socket.socket(*ai[:3]) if self.fingerprint is not None: if self.file_props.type_ == 's': remote_jid = gajim.get_jid_without_resource( self.file_props.receiver) else: remote_jid = gajim.get_jid_without_resource( self.file_props.sender) self._sock = OpenSSL.SSL.Connection( jingle_xtls.get_context('client', verify_cb=self.ssl_verify_cb, remote_jid=remote_jid), self._sock) # this will not block the GUI self._sock.setblocking(False) self._server = ai[4] break except socket.error as e: if e.errno == EINPROGRESS: break # for all other errors, we try other addresses continue self.fd = self._sock.fileno() self.state = 0 # about to be connected self.idlequeue.plug_idle(self, True, False) self.do_connect() self.idlequeue.set_read_timeout(self.fd, CONNECT_TIMEOUT) return None def do_connect(self): try: self._sock.connect(self._server) self._send=self._sock.send self._recv=self._sock.recv except (OpenSSL.SSL.WantReadError, OpenSSL.SSL.WantWriteError) as e: pass except Exception as ee: errnum = ee.errno self.connect_timeout += 1 if errnum == 111 or self.connect_timeout > 1000: self.queue._connection_refused(self.streamhost, self.file_props, self.queue_idx) self.connected = False return None # win32 needs this elif errnum not in (10056, EISCONN) or self.state != 0: return None else: # socket is already connected self._sock.setblocking(False) self._send=self._sock.send self._recv=self._sock.recv self.buff = '' self.connected = True self.file_props.connected = True self.file_props.disconnect_cb = self.disconnect self.file_props.paused = False self.state = 1 # connected # stop all others connections to sender's streamhosts self.queue._socket_connected(self.streamhost, self.file_props) self.idlequeue.plug_idle(self, True, False) return 1 # we are connected def read_timeout(self): self.idlequeue.remove_timeout(self.fd) if self.state > 5: # no activity for foo seconds if self.file_props.stalled == False: self.file_props.stalled = True self.queue.process_result(-1, self) if not self.file_props.received_len: self.file_props.received_len = 0 if SEND_TIMEOUT > 0: self.idlequeue.set_read_timeout(self.fd, SEND_TIMEOUT) else: # stop transfer, there is no error code for this self.pollend() else: if self.mode == 'client': self.queue.reconnect_client(self, self.streamhost) def open_file_for_reading(self): if self.file is None: try: self.file = open(self.file_props.file_name, 'rb') if self.file_props.offset: self.size = self.file_props.offset self.file.seek(self.size) self.file_props.received_len = self.size except IOError as e: self.close_file() raise IOError(str(e)) def close_file(self): # Close file we're sending from if self.file: if not self.file.closed: try: self.file.close() except Exception: pass self.file = None # Close file we're receiving into if self.file_props.fd: try: self.file_props.fd.close() except Exception: pass def get_fd(self): """ Test if file is already open and return its fd, or just open the file and return the fd """ if self.file_props.fd: fd = self.file_props.fd else: offset = 0 opt = 'wb' if self.file_props.offset: offset = self.file_props.offset opt = 'ab' fd = open(self.file_props.file_name, opt) self.file_props.fd = fd self.file_props.elapsed_time = 0 self.file_props.last_time = time.time() self.file_props.received_len = offset return fd def rem_fd(self, fd): if self.file_props.fd: self.file_props.fd = None try: fd.close() except Exception: pass def receive(self): """ Read small chunks of data. Call owner's disconnected() method if appropriate """ received = b'' try: add = self._recv(64) except (OpenSSL.SSL.WantReadError, OpenSSL.SSL.WantWriteError, OpenSSL.SSL.WantX509LookupError) as e: log.info('SSL rehandshake request : ' + repr(e)) raise e except Exception: add = b'' received += add if len(add) == 0: self.disconnect() return add def send_raw(self, raw_data): """ Write raw outgoing data """ try: self._send(raw_data) except (OpenSSL.SSL.WantReadError, OpenSSL.SSL.WantWriteError, OpenSSL.SSL.WantX509LookupError) as e: log.info('SSL rehandshake request :' + repr(e)) raise e except Exception: self.disconnect() return len(raw_data) def write_next(self): if self.remaining_buff != b'': buff = self.remaining_buff else: try: self.open_file_for_reading() except IOError: self.state = 8 # end connection self.disconnect() self.file_props.error = -7 # unable to read from file return -1 buff = self.file.read(MAX_BUFF_LEN) if len(buff) > 0: lenn = 0 try: lenn = self._send(buff) except (OpenSSL.SSL.WantReadError, OpenSSL.SSL.WantWriteError, OpenSSL.SSL.WantX509LookupError) as e: log.info('SSL rehandshake request :' + repr(e)) raise e except Exception as e: if e.errno not in (EINTR, ENOBUFS, EWOULDBLOCK): # peer stopped reading self.state = 8 # end connection self.disconnect() self.file_props.error = -1 return -1 self.size += lenn current_time = time.time() self.file_props.elapsed_time += current_time - \ self.file_props.last_time self.file_props.last_time = current_time self.file_props.received_len = self.size if self.size >= self.file_props.size: self.state = 8 # end connection self.file_props.error = 0 self.disconnect() return -1 if lenn != len(buff): self.remaining_buff = buff[lenn:] else: self.remaining_buff = b'' self.state = 7 # continue to write in the socket if lenn == 0: return None self.file_props.stalled = False return lenn else: self.state = 8 # end connection self.disconnect() return -1 def get_file_contents(self, timeout): """ Read file contents from socket and write them to file """ if self.file_props is None or not self.file_props.file_name: self.file_props.error = -2 return None fd = None if self.remaining_buff != b'': try: fd = self.get_fd() except IOError: self.disconnect(False) self.file_props.error = -6 # file system error return 0 fd.write(self.remaining_buff) lenn = len(self.remaining_buff) current_time = time.time() self.file_props.elapsed_time += current_time - \ self.file_props.last_time self.file_props.last_time = current_time self.file_props.received_len += lenn self.remaining_buff = b'' if self.file_props.received_len == self.file_props.size: self.rem_fd(fd) self.disconnect() self.file_props.error = 0 self.file_props.completed = True return 0 else: try: fd = self.get_fd() except IOError: self.disconnect(False) self.file_props.error = -6 # file system error return 0 try: buff = self._recv(MAX_BUFF_LEN) except (OpenSSL.SSL.WantReadError, OpenSSL.SSL.WantWriteError, OpenSSL.SSL.WantX509LookupError) as e: log.info('SSL rehandshake request :' + repr(e)) raise e except Exception: buff = b'' current_time = time.time() self.file_props.elapsed_time += current_time - \ self.file_props.last_time self.file_props.last_time = current_time self.file_props.received_len += len(buff) if len(buff) == 0: # Transfer stopped somehow: # reset, paused or network error self.rem_fd(fd) self.disconnect() self.file_props.error = -1 return 0 try: fd.write(buff) except IOError: self.rem_fd(fd) self.disconnect() self.file_props.error = -6 # file system error return 0 if self.file_props.received_len >= self.file_props.size: # transfer completed self.rem_fd(fd) self.disconnect() self.file_props.error = 0 self.file_props.completed = True return 0 # return number of read bytes. It can be used in progressbar if fd is not None: self.file_props.stalled = False if fd is None and self.file_props.stalled is False: return None if self.file_props.received_len: if self.file_props.received_len != 0: return self.file_props.received_len return None def disconnect(self): """ Close open descriptors and remover socket descr. from idleque """ # be sure that we don't leave open file self.close_file() self.idlequeue.remove_timeout(self.fd) self.idlequeue.unplug_idle(self.fd) if self.mode == 'server' and self.queue.listener: try: self.queue.listener.connections.remove(self._sock) except ValueError: pass # Not in list if self.queue.listener.connections == []: self.queue.listener.disconnect() try: if isinstance(self._sock, OpenSSL.SSL.Connection): self._sock.shutdown() else: self._sock.shutdown(socket.SHUT_RDWR) self._sock.close() except Exception: # socket is already closed pass self.connected = False self.fd = -1 self.state = -1 def _get_auth_buff(self): """ Message, that we support 1 one auth mechanism: the 'no auth' mechanism """ return struct.pack('!BBB', 0x05, 0x01, 0x00) def _parse_auth_buff(self, buff): """ Parse the initial message and create a list of auth mechanisms """ auth_mechanisms = [] try: num_auth = struct.unpack('!xB', buff[:2])[0] for i in range(num_auth): mechanism, = struct.unpack('!B', buff[1 + i]) auth_mechanisms.append(mechanism) except Exception: return None return auth_mechanisms def _get_auth_response(self): """ Socks version(5), number of extra auth methods (we send 0x00 - no auth) """ return struct.pack('!BB', 0x05, 0x00) def _get_connect_buff(self): """ Connect request by domain name """ buff = struct.pack('!BBBBB%dsBB' % len(self.host), 0x05, 0x01, 0x00, 0x03, len(self.host), self.host.encode('utf-8'), self.port >> 8, self.port & 0xff) return buff def _get_request_buff(self, msg, command = 0x01): """ Connect request by domain name, sid sha, instead of domain name (jep 0096) """ if isinstance(msg, str): msg = msg.encode('utf-8') buff = struct.pack('!BBBBB%dsBB' % len(msg), 0x05, command, 0x00, 0x03, len(msg), msg, 0, 0) return buff def _parse_request_buff(self, buff): try: # don't trust on what comes from the outside req_type, host_type, = struct.unpack('!xBxB', buff[:4]) if host_type == 0x01: host_arr = struct.unpack('!iiii', buff[4:8]) host, = '.'.join(str(s) for s in host_arr) host_len = len(host) elif host_type == 0x03: host_len, = struct.unpack('!B', buff[4]) host, = struct.unpack('!%ds' % host_len, buff[5:5 + host_len]) portlen = len(buff[host_len + 5:]) if portlen == 1: port, = struct.unpack('!B', buff[host_len + 5]) elif portlen == 2: port, = struct.unpack('!H', buff[host_len + 5:]) # file data, comes with auth message (Gaim bug) else: port, = struct.unpack('!H', buff[host_len + 5: host_len + 7]) self.remaining_buff = buff[host_len + 7:] except Exception: return (None, None, None) return (req_type, host, port) def read_connect(self): """ Connect response: version, auth method """ try: buff = self._recv().decode('utf-8') except (OpenSSL.SSL.WantReadError, OpenSSL.SSL.WantWriteError, OpenSSL.SSL.WantX509LookupError) as e: log.info("SSL rehandshake request : " + repr(e)) raise e try: version, method = struct.unpack('!BB', buff) except Exception: version, method = None, None if version != 0x05 or method == 0xff: self.disconnect() def continue_paused_transfer(self): if self.state < 5: return if self.file_props.type_ == 'r': self.idlequeue.plug_idle(self, False, True) else: self.idlequeue.plug_idle(self, True, False) def _get_sha1_auth(self): """ Get sha of sid + Initiator jid + Target jid """ if self.file_props.is_a_proxy: return hashlib.sha1(('%s%s%s' % (self.sid, self.file_props.proxy_sender, self.file_props.proxy_receiver)).\ encode('utf-8')).hexdigest() return hashlib.sha1(('%s%s%s' % (self.sid, self.initiator, self.target)).encode('utf-8')).hexdigest() class Socks5Sender(IdleObject): """ Class for sending file to socket over socks5 """ def __init__(self, idlequeue, sock_hash, parent, _sock, host=None, port=None, fingerprint = None, connected=True, file_props=None): self.fingerprint = fingerprint self.queue_idx = sock_hash self.queue = parent self.file_props = file_props self.proxy = False self._sock = _sock if _sock is not None: if self.fingerprint is not None and not isinstance(self._sock, OpenSSL.SSL.Connection): self._sock = OpenSSL.SSL.Connection( jingle_xtls.get_context('server'), _sock) else: self._sock.setblocking(False) self.fd = _sock.fileno() self._recv = _sock.recv self._send = _sock.send self.connected = connected self.state = 1 # waiting for first bytes self.connect_timeout = 0 self.file_props.error = 0 self.file_props.disconnect_cb = self.disconnect self.file_props.started = True self.file_props.completed = False self.file_props.paused = False self.file_props.continue_cb = self.continue_paused_transfer self.file_props.stalled = False self.file_props.connected = True self.file_props.elapsed_time = 0 self.file_props.last_time = time.time() self.file_props.received_len = 0 def start_transfer(self): """ Send the file """ return self.write_next() def set_connection_sock(self, _sock): self._sock = _sock if self.fingerprint is not None: self._sock = OpenSSL.SSL.Connection( jingle_xtls.get_context('client'), _sock) else: self._sock.setblocking(False) self.fd = _sock.fileno() self._recv = _sock.recv self._send = _sock.send self.connected = True self.state = 1 # waiting for first bytes self.file_props = None # start waiting for data self.idlequeue.plug_idle(self, False, True) def send_file(self): """ Start sending the file over verified connection """ self.pauses = 0 self.state = 7 # plug for writing self.idlequeue.plug_idle(self, True, False) return self.write_next() # initial for nl byte def disconnect(self, cb=True): """ Close the socket """ # close connection and remove us from the queue Socks5.disconnect(self) if self.file_props is not None: self.file_props.connected = False self.file_props.disconnect_cb = None if self.queue is not None: self.queue.remove_sender(self.queue_idx, False) class Socks5Receiver(IdleObject): def __init__(self, idlequeue, streamhost, sid, file_props = None, fingerprint=None): """ fingerprint: fingerprint of certificates we shall use, set to None if TLS connection not desired """ self.queue_idx = -1 self.streamhost = streamhost self.queue = None self.fingerprint = fingerprint self.connect_timeout = 0 self.connected = False self.pauses = 0 self.file_props = file_props self.file_props.disconnect_cb = self.disconnect self.file_props.error = 0 self.file_props.started = True self.file_props.completed = False self.file_props.paused = False self.file_props.continue_cb = self.continue_paused_transfer self.file_props.stalled = False self.file_props.received_len = 0 def receive_file(self): """ Start receiving the file over verified connection """ if self.file_props.started: return self.file_props.error = 0 self.file_props.disconnect_cb = self.disconnect self.file_props.started = True self.file_props.completed = False self.file_props.paused = False self.file_props.continue_cb = self.continue_paused_transfer self.file_props.stalled = False self.file_props.connected = True self.file_props.elapsed_time = 0 self.file_props.last_time = time.time() self.file_props.received_len = 0 self.pauses = 0 self.state = 7 # plug for reading self.idlequeue.plug_idle(self, False, True) return self.get_file_contents(0) # initial for nl byte def start_transfer(self): """ Receive the file """ return self.get_file_contents(0) def set_sock(self, _sock): self._sock = _sock self._sock.setblocking(False) self.fd = _sock.fileno() self._recv = _sock.recv self._send = _sock.send self.connected = True self.state = 1 # waiting for first bytes # start waiting for data self.idlequeue.plug_idle(self, False, True) def disconnect(self, cb=True): """ Close the socket. Remove self from queue if cb is True """ # close connection Socks5.disconnect(self) if cb is True: self.file_props.disconnect_cb = None if self.queue is not None: self.queue.remove_receiver(self.queue_idx, False) class Socks5Server(Socks5): def __init__(self, idlequeue, host, port, initiator, target, sid): Socks5.__init__(self, idlequeue, host, port, initiator, target, sid) self.mode = 'server' def main(self): """ Initial requests for verifying the connection """ if self.state == 1: # initial read buff = self.receive() if not self.connected: return -1 mechs = self._parse_auth_buff(buff) if mechs is None: return -1 # invalid auth methods received elif self.state == 3: # get next request buff = self.receive() req_type, self.sha_msg = self._parse_request_buff(buff)[:2] if req_type != 0x01: return -1 # request is not of type 'connect' self.state += 1 # go to the next step # unplug & plug for writing self.idlequeue.plug_idle(self, True, False) return None def pollin(self): self.idlequeue.remove_timeout(self.fd) if self.connected: try: if self.state < 5: result = self.main() if self.state == 4: self.queue.result_sha(self.sha_msg, self.queue_idx) if result == -1: self.disconnect() elif self.state == 5: self.state = 7 if self.file_props.type_ == 's': # We wait for the end of the negotiation to # send the file self.idlequeue.plug_idle(self, False, False) else: # We plug for reading self.idlequeue.plug_idle(self, False, True) return elif self.state == 7: if self.file_props.paused: self.file_props.continue_cb = \ self.continue_paused_transfer self.idlequeue.plug_idle(self, False, False) return self.idlequeue.set_read_timeout(self.fd, STALLED_TIMEOUT) result = self.start_transfer() # send self.queue.process_result(result, self) except (OpenSSL.SSL.WantReadError, OpenSSL.SSL.WantWriteError, OpenSSL.SSL.WantX509LookupError) as e: log.info('caught SSL exception, ignored') else: self.disconnect() def pollend(self): self.state = 8 # end connection self.disconnect() self.file_props.error = -1 self.queue.process_result(-1, self) def pollout(self): if not self.connected: self.disconnect() return self.idlequeue.remove_timeout(self.fd) try: if self.state == 2: # send reply with desired auth type self.send_raw(self._get_auth_response()) elif self.state == 4: # send positive response to the 'connect' self.send_raw(self._get_request_buff(self.sha_msg, 0x00)) elif self.state == 7: if self.file_props.paused: self.file_props.continue_cb = self.continue_paused_transfer self.idlequeue.plug_idle(self, False, False) return result = self.start_transfer() # send self.queue.process_result(result, self) if result is None or result <= 0: self.disconnect() return self.idlequeue.set_read_timeout(self.fd, STALLED_TIMEOUT) elif self.state == 8: self.disconnect() return else: self.disconnect() except (OpenSSL.SSL.WantReadError, OpenSSL.SSL.WantWriteError, OpenSSL.SSL.WantX509LookupError) as e: log.info('caught SSL exception, ignored') return if self.state < 5: self.state += 1 # unplug and plug this time for reading self.idlequeue.plug_idle(self, False, True) class Socks5Client(Socks5): def __init__(self, idlequeue, host, port, initiator, target, sid): Socks5.__init__(self, idlequeue, host, port, initiator, target, sid) self.mode = 'client' def main(self, timeout=0): """ Begin negotiation. on success 'address' != 0 """ result = 1 buff = self.receive() if buff == '': # end connection self.pollend() return if self.state == 2: # read auth response if buff is None or len(buff) != 2: return None version, method = struct.unpack('!BB', buff[:2]) if version != 0x05 or method == 0xff: self.disconnect() elif self.state == 4: # get approve of our request if buff is None: return None sub_buff = buff[:4] if len(sub_buff) < 4: return None version, address_type = struct.unpack('!BxxB', buff[:4]) addrlen = 0 if address_type == 0x03: addrlen = buff[4] address = struct.unpack('!%ds' % addrlen, buff[5:addrlen + 5]) portlen = len(buff[addrlen + 5:]) if portlen == 1: port, = struct.unpack('!B', buff[addrlen + 5]) elif portlen == 2: port, = struct.unpack('!H', buff[addrlen + 5:]) else: # Gaim bug :) port, = struct.unpack('!H', buff[addrlen + 5:addrlen + 7]) self.remaining_buff = buff[addrlen + 7:] self.state = 5 # for senders: init file_props and send '\n' if self.queue.on_success: result = self.queue.send_success_reply(self.file_props, self.streamhost) if self.file_props.type_ == 's' and self.proxy: self.queue.process_result(self.send_file(), self) return if result == 0: self.state = 8 self.disconnect() # for senders: init file_props if result == 1 and self.state == 5: if self.file_props.type_ == 's': self.file_props.error = 0 self.file_props.disconnect_cb = self.disconnect self.file_props.started = True self.file_props.completed = False self.file_props.paused = False self.file_props.stalled = False self.file_props.elapsed_time = 0 self.file_props.last_time = time.time() self.file_props.received_len = 0 self.pauses = 0 # start sending file contents to socket #self.idlequeue.set_read_timeout(self.fd, STALLED_TIMEOUT) #self.idlequeue.plug_idle(self, True, False) self.idlequeue.plug_idle(self, False, False) else: # receiving file contents from socket self.idlequeue.plug_idle(self, False, True) self.file_props.continue_cb = self.continue_paused_transfer # we have set up the connection, next - retrieve file self.state = 6 if self.state < 5: self.idlequeue.plug_idle(self, True, False) self.state += 1 return None def send_file(self): if self.ssl_errnum > 0: log.error('remote certificate does not match the announced one.' + \ '\nSSL Error: %d\nCancelling file transfer' % self.ssl_errnum) self.file_props.error = -12 return -1 return super(Socks5Client, self).send_file() def pollin(self): self.idlequeue.remove_timeout(self.fd) if self.connected: try: if self.file_props.paused: self.idlequeue.plug_idle(self, False, False) return if self.state < 5: self.idlequeue.set_read_timeout(self.fd, CONNECT_TIMEOUT) result = self.main(0) self.queue.process_result(result, self) elif self.state == 5: # wait for proxy reply pass elif self.file_props.type_ == 'r': self.idlequeue.set_read_timeout(self.fd, STALLED_TIMEOUT) result = self.start_transfer() # receive self.queue.process_result(result, self) except (OpenSSL.SSL.WantReadError, OpenSSL.SSL.WantWriteError, OpenSSL.SSL.WantX509LookupError) as e: log.info('caught SSL exception, ignored') return else: self.disconnect() def pollout(self): self.idlequeue.remove_timeout(self.fd) try: if self.state == 0: self.do_connect() return elif self.state == 1: # send initially: version and auth types self.send_raw(self._get_auth_buff()) elif self.state == 3: # send 'connect' request self.send_raw(self._get_request_buff(self._get_sha1_auth())) elif self.file_props.type_ != 'r': if self.file_props.paused: self.idlequeue.plug_idle(self, False, False) return result = self.start_transfer() # send self.queue.process_result(result, self) return except (OpenSSL.SSL.WantReadError, OpenSSL.SSL.WantWriteError, OpenSSL.SSL.WantX509LookupError) as e: log.info('caught SSL exception, ignored') return self.state += 1 # unplug and plug for reading self.idlequeue.plug_idle(self, False, True) self.idlequeue.set_read_timeout(self.fd, CONNECT_TIMEOUT) def pollend(self): if self.state >= 5: # error during transfer self.disconnect() self.file_props.error = -1 self.queue.process_result(-1, self) else: self.queue.reconnect_client(self, self.streamhost) class Socks5SenderClient(Socks5Client, Socks5Sender): def __init__(self, idlequeue, sock_hash, parent,_sock, host=None, port=None, fingerprint = None, connected=True, file_props=None, initiator=None, target=None): Socks5Client.__init__(self, idlequeue, host, port, initiator, target, file_props.sid) Socks5Sender.__init__(self,idlequeue, sock_hash, parent,_sock, host, port, fingerprint , connected, file_props) class Socks5SenderServer(Socks5Server, Socks5Sender): def __init__(self, idlequeue, sock_hash, parent,_sock, host=None, port=None, fingerprint = None, connected=True, file_props=None): Socks5Server.__init__(self, idlequeue, host, port, None, None, file_props.sid) Socks5Sender.__init__(self,idlequeue, sock_hash, parent, _sock, host, port, fingerprint , connected, file_props) class Socks5ReceiverClient(Socks5Client, Socks5Receiver): def __init__(self, idlequeue, streamhost, sid, file_props=None, fingerprint=None): Socks5Client.__init__(self, idlequeue, streamhost['host'], int(streamhost['port']), streamhost['initiator'], streamhost['target'], sid) Socks5Receiver.__init__(self, idlequeue, streamhost, sid, file_props, fingerprint) class Socks5ReceiverServer(Socks5Server, Socks5Receiver): def __init__(self, idlequeue, streamhost, sid, file_props=None, fingerprint=None): Socks5Server.__init__(self, idlequeue, streamhost['host'], int(streamhost['port']), streamhost['initiator'], streamhost['target'], sid) Socks5Receiver.__init__(self, idlequeue, streamhost, sid, file_props, fingerprint) class Socks5Listener(IdleObject): def __init__(self, idlequeue, port, fp, fingerprint=None): """ Handle all incomming connections on (0.0.0.0, port) This class implements IdleObject, but we will expect only pollin events though fingerprint: fingerprint of certificates we shall use, set to None if TLS connection not desired """ self.port = port self.ais = socket.getaddrinfo(None, port, socket.AF_UNSPEC, socket.SOCK_STREAM, socket.SOL_TCP, socket.AI_PASSIVE) self.ais.sort(reverse=True) # Try IPv6 first self.queue_idx = -1 self.idlequeue = idlequeue self.queue = None self.started = False self._sock = None self.fd = -1 self.fingerprint = fingerprint self.file_props = fp self.connections = [] def bind(self): for ai in self.ais: # try the different possibilities (ipv6, ipv4, etc.) try: self._serv = socket.socket(*ai[:3]) if self.fingerprint is not None: self._serv = OpenSSL.SSL.Connection( jingle_xtls.get_context('server'), self._serv) except socket.error as e: if e.errno == EAFNOSUPPORT: self.ai = None continue raise self._serv.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) self._serv.setsockopt(socket.SOL_SOCKET, socket.SO_KEEPALIVE, 1) self._serv.setsockopt(socket.IPPROTO_TCP, socket.TCP_NODELAY, 1) # Under windows Vista, we need that to listen on ipv6 AND ipv4 # Doesn't work under windows XP if os.name == 'nt': ver = os.sys.getwindowsversion() if (ver[3], ver[0]) == (2, 6): # Win Vista + # 47 is socket.IPPROTO_IPV6 # 27 is socket.IPV6_V6ONLY under windows, but not defined ... self._serv.setsockopt(41, 27, 0) # will fail when port as busy, or we don't have rights to bind try: self._serv.bind(ai[4]) f = ai[4] self.ai = ai break except Exception: self.ai = None continue if not self.ai: log.error('unable to bind to port ' + str(self.port)) return None self._serv.listen(socket.SOMAXCONN) self._serv.setblocking(False) self.fd = self._serv.fileno() self.idlequeue.plug_idle(self, False, True) self.started = True def pollend(self): """ Called when we stop listening on (host, port) """ self.disconnect() def pollin(self): """ Accept a new incomming connection and notify queue """ sock = self.accept_conn() self.queue.on_connection_accepted(sock, self) def disconnect(self): """ Free all resources, we are not listening anymore """ self.idlequeue.remove_timeout(self.fd) self.idlequeue.unplug_idle(self.fd) self.fd = -1 self.state = -1 self.started = False try: self._serv.close() except Exception: pass def accept_conn(self): """ Accept a new incomming connection """ _sock = self._serv.accept() _sock[0].setblocking(False) self.connections.append(_sock[0]) return _sock