socks-go/socks5.go

package socks

import (
	"errors"
	"fmt"
	"io"
	"log"
	"net"
	//"strconv"
	"encoding/binary"
)

/*
socks5 protocol

initial

byte | 0  |   1    | 2 | ...... | n |
     |0x05|num auth|  auth methods  |


reply

byte | 0  |  1  |
     |0x05| auth|


username/password auth request

byte | 0  |  1         |          |     1 byte   |          |
     |0x01|username_len| username | password_len | password |

username/password auth reponse

byte | 0  | 1    |
     |0x01|status|

request

byte | 0  | 1 | 2  |   3    | 4 | .. | n-2 | n-1| n |
     |0x05|cmd|0x00|addrtype|      addr    |  port  |

response
byte |0   |  1   | 2  |   3    | 4 | .. | n-2 | n-1 | n |
     |0x05|status|0x00|addrtype|     addr     |  port   |

*/

// Socks5AuthRequired means socks5 server need auth or not

type socks5Conn struct {
	//addr        string
	clientConn net.Conn
	serverConn net.Conn
	dial       DialFunc
	auth       AuthService
}

func (s5 *socks5Conn) Serve(b []byte, n int) {
	defer s5.Close()

	if err := s5.handshake(b, n); err != nil {
		log.Println(err)
		return
	}

	if err := s5.processRequest(); err != nil {
		log.Println(err)
		return
	}
}

func (s5 *socks5Conn) handshake(buf []byte, n int) (err error) {

	// read auth methods
	if n < 2 {
		n1, err := io.ReadAtLeast(s5.clientConn, buf[1:], 1)
		if err != nil {
			return err
		}
		n += n1
	}

	l := int(buf[1])
	if n != (l + 2) {
		// read remains data
		n1, err := io.ReadFull(s5.clientConn, buf[n:l+2+1])
		if err != nil {
			return err
		}
		n += n1
	}

	if s5.auth == nil {
		// no auth required
		s5.clientConn.Write([]byte{0x05, 0x00})
		return nil
	}

	hasPassAuth := false
	var passAuth byte = 0x02

	// check auth method
	// only password(0x02) supported
	for i := 2; i < n; i++ {
		if buf[i] == passAuth {
			hasPassAuth = true
			break
		}
	}

	if !hasPassAuth {
		s5.clientConn.Write([]byte{0x05, 0xff})
		return errors.New("no supported auth method")
	}

	err = s5.passwordAuth()
	return err
}

func (s5 *socks5Conn) passwordAuth() error {
	buf := make([]byte, 32)

	// username/password required
	s5.clientConn.Write([]byte{0x05, 0x02})
	n, err := io.ReadAtLeast(s5.clientConn, buf, 2)
	if err != nil {
		return err
	}

	//log.Printf("%+v", buf[:n])

	// check auth version
	if buf[0] != 0x01 {
		return errors.New("unsupported auth version")
	}

	usernameLen := int(buf[1])

	p0 := 2
	p1 := p0 + usernameLen

	if n < p1 {
		n1, err := s5.clientConn.Read(buf[n:])
		if err != nil {
			return err
		}
		n += n1
	}

	username := buf[p0:p1]
	passwordLen := int(buf[p1])

	p3 := p1 + 1
	p4 := p3 + passwordLen

	if n < p4 {
		n1, err := s5.clientConn.Read(buf[n:])
		if err != nil {
			return err
		}
		n += n1
	}

	password := buf[p3:p4]

	// log.Printf("get username: %s, password: %s", username, password)

	if s5.auth != nil {
		ret := s5.auth.Authenticate(
			string(username), string(password),
			s5.clientConn.RemoteAddr())
		if ret {
			s5.clientConn.Write([]byte{0x01, 0x00})
			return nil
		}
		s5.clientConn.Write([]byte{0x01, 0x01})

		return errors.New("access denied")
	}

	return errors.New("no auth method")
}

func (s5 *socks5Conn) processRequest() error {
	buf := make([]byte, 258)

	// read header
	n, err := io.ReadAtLeast(s5.clientConn, buf, 10)
	if err != nil {
		return err
	}

	if buf[0] != socks5Version {
		return fmt.Errorf("error version %d", buf[0])
	}

	// command only support connect
	if buf[1] != cmdConnect {
		return fmt.Errorf("unsupported command %d", buf[1])
	}

	hlen := 0   // target address length
	host := ""  // target address
	msglen := 0 // header length

	switch buf[3] {
	case addrTypeIPv4:
		hlen = 4
	case addrTypeDomain:
		hlen = int(buf[4]) + 1
	case addrTypeIPv6:
		hlen = 16
	}

	msglen = 6 + hlen

	if n < msglen {
		// read remains header
		_, err := io.ReadFull(s5.clientConn, buf[n:msglen])
		if err != nil {
			return err
		}
	}

	// get target address
	addr := buf[4 : 4+hlen]
	if buf[3] == addrTypeDomain {
		host = string(addr[1:])
	} else {
		host = net.IP(addr).String()
	}

	// get target port
	port := binary.BigEndian.Uint16(buf[msglen-2 : msglen])

	// target address
	target := net.JoinHostPort(host, fmt.Sprintf("%d", port))

	//log.Printf("connecing to %s\r\n", target)

	// connect to the target
	s5.serverConn, err = s5.dial("tcp", target)
	if err != nil {
		// connection failed
		s5.clientConn.Write([]byte{0x05, 0x01, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x01, 0x01})
		return err
	}

	// connection success
	s5.clientConn.Write([]byte{0x05, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x01, 0x01})

	// enter data exchange
	forward(s5.clientConn, s5.serverConn)

	return nil
}

func (s5 *socks5Conn) Close() {
	if s5.serverConn != nil {
		s5.serverConn.Close()
	}
	if s5.clientConn != nil {
		s5.clientConn.Close()
	}
}
Initial commit 9 years ago			`package socks`

			`import (`
add password auth for socks5 8 years ago			`"errors"`
Initial commit 9 years ago			`"fmt"`
			`"io"`
			`"log"`
			`"net"`
			`//"strconv"`
			`"encoding/binary"`
			`)`

add protocol data format 8 years ago			`/*`
			`socks5 protocol`

			`initial`

			`byte \| 0 \| 1 \| 2 \| ...... \| n \|`
			`\|0x05\|num auth\| auth methods \|`


			`reply`

			`byte \| 0 \| 1 \|`
			`\|0x05\| auth\|`


add password auth for socks5 8 years ago			`username/password auth request`

			`byte \| 0 \| 1 \| \| 1 byte \| \|`
			`\|0x01\|username_len\| username \| password_len \| password \|`

			`username/password auth reponse`

			`byte \| 0 \| 1 \|`
			`\|0x01\|status\|`

add protocol data format 8 years ago			`request`

			`byte \| 0 \| 1 \| 2 \| 3 \| 4 \| .. \| n-2 \| n-1\| n \|`
			`\|0x05\|cmd\|0x00\|addrtype\| addr \| port \|`

			`response`
			`byte \|0 \| 1 \| 2 \| 3 \| 4 \| .. \| n-2 \| n-1 \| n \|`
			`\|0x05\|status\|0x00\|addrtype\| addr \| port \|`

			`*/`
add password auth for socks5 8 years ago
add socks client support 8 years ago			`// Socks5AuthRequired means socks5 server need auth or not`
add password auth for socks5 8 years ago
Initial commit 9 years ago			`type socks5Conn struct {`
			`//addr string`
golint 8 years ago			`clientConn net.Conn`
			`serverConn net.Conn`
export DialFunc 7 years ago			`dial DialFunc`
add auth service to auth user for socks5 6 years ago			`auth AuthService`
Initial commit 9 years ago			`}`

refine the code read all data at once allocate byte buffer once reply a error to client when connect to remote failed, instead of connection reset socks4/5 use the same data exchange method 7 years ago			`func (s5 *socks5Conn) Serve(b []byte, n int) {`
Initial commit 9 years ago			`defer s5.Close()`
minor changes add some comments fix some wrong format change the method of forward finish check 8 years ago
refine the code read all data at once allocate byte buffer once reply a error to client when connect to remote failed, instead of connection reset socks4/5 use the same data exchange method 7 years ago			`if err := s5.handshake(b, n); err != nil {`
Initial commit 9 years ago			`log.Println(err)`
			`return`
			`}`

			`if err := s5.processRequest(); err != nil {`
			`log.Println(err)`
			`return`
			`}`
			`}`

refine the code read all data at once allocate byte buffer once reply a error to client when connect to remote failed, instead of connection reset socks4/5 use the same data exchange method 7 years ago			`func (s5 *socks5Conn) handshake(buf []byte, n int) (err error) {`
minor changes add some comments fix some wrong format change the method of forward finish check 8 years ago
			`// read auth methods`
refine the code read all data at once allocate byte buffer once reply a error to client when connect to remote failed, instead of connection reset socks4/5 use the same data exchange method 7 years ago			`if n < 2 {`
			`n1, err := io.ReadAtLeast(s5.clientConn, buf[1:], 1)`
			`if err != nil {`
			`return err`
			`}`
			`n += n1`
Initial commit 9 years ago			`}`

refine the code read all data at once allocate byte buffer once reply a error to client when connect to remote failed, instead of connection reset socks4/5 use the same data exchange method 7 years ago			`l := int(buf[1])`
			`if n != (l + 2) {`
minor changes add some comments fix some wrong format change the method of forward finish check 8 years ago			`// read remains data`
refine the code read all data at once allocate byte buffer once reply a error to client when connect to remote failed, instead of connection reset socks4/5 use the same data exchange method 7 years ago			`n1, err := io.ReadFull(s5.clientConn, buf[n:l+2+1])`
add socks client support 8 years ago			`if err != nil {`
add password auth for socks5 8 years ago			`return err`
			`}`
add socks client support 8 years ago			`n += n1`
add password auth for socks5 8 years ago			`}`

add auth service to auth user for socks5 6 years ago			`if s5.auth == nil {`
add password auth for socks5 8 years ago			`// no auth required`
			`s5.clientConn.Write([]byte{0x05, 0x00})`
			`return nil`
			`}`

			`hasPassAuth := false`
			`var passAuth byte = 0x02`

			`// check auth method`
			`// only password(0x02) supported`
refine the code read all data at once allocate byte buffer once reply a error to client when connect to remote failed, instead of connection reset socks4/5 use the same data exchange method 7 years ago			`for i := 2; i < n; i++ {`
add password auth for socks5 8 years ago			`if buf[i] == passAuth {`
			`hasPassAuth = true`
			`break`
			`}`
			`}`

			`if !hasPassAuth {`
			`s5.clientConn.Write([]byte{0x05, 0xff})`
			`return errors.New("no supported auth method")`
			`}`

			`err = s5.passwordAuth()`
			`return err`
			`}`

			`func (s5 *socks5Conn) passwordAuth() error {`
			`buf := make([]byte, 32)`

			`// username/password required`
			`s5.clientConn.Write([]byte{0x05, 0x02})`
			`n, err := io.ReadAtLeast(s5.clientConn, buf, 2)`
			`if err != nil {`
			`return err`
			`}`

			`//log.Printf("%+v", buf[:n])`

			`// check auth version`
			`if buf[0] != 0x01 {`
			`return errors.New("unsupported auth version")`
			`}`

add socks client support 8 years ago			`usernameLen := int(buf[1])`
add password auth for socks5 8 years ago
			`p0 := 2`
add socks client support 8 years ago			`p1 := p0 + usernameLen`
add password auth for socks5 8 years ago
			`if n < p1 {`
			`n1, err := s5.clientConn.Read(buf[n:])`
Initial commit 9 years ago			`if err != nil {`
			`return err`
			`}`
add password auth for socks5 8 years ago			`n += n1`
Initial commit 9 years ago			`}`

add password auth for socks5 8 years ago			`username := buf[p0:p1]`
add socks client support 8 years ago			`passwordLen := int(buf[p1])`
add password auth for socks5 8 years ago
			`p3 := p1 + 1`
add socks client support 8 years ago			`p4 := p3 + passwordLen`
add password auth for socks5 8 years ago
			`if n < p4 {`
			`n1, err := s5.clientConn.Read(buf[n:])`
			`if err != nil {`
			`return err`
			`}`
			`n += n1`
			`}`

			`password := buf[p3:p4]`

add socks client support 8 years ago			`// log.Printf("get username: %s, password: %s", username, password)`
add password auth for socks5 8 years ago
add auth service to auth user for socks5 6 years ago			`if s5.auth != nil {`
			`ret := s5.auth.Authenticate(`
			`string(username), string(password),`
			`s5.clientConn.RemoteAddr())`
			`if ret {`
			`s5.clientConn.Write([]byte{0x01, 0x00})`
			`return nil`
			`}`
			`s5.clientConn.Write([]byte{0x01, 0x01})`
Initial commit 9 years ago
add auth service to auth user for socks5 6 years ago			`return errors.New("access denied")`
			`}`
add socks client support 8 years ago
add auth service to auth user for socks5 6 years ago			`return errors.New("no auth method")`
Initial commit 9 years ago			`}`

			`func (s5 *socks5Conn) processRequest() error {`
			`buf := make([]byte, 258)`
minor changes add some comments fix some wrong format change the method of forward finish check 8 years ago
			`// read header`
golint 8 years ago			`n, err := io.ReadAtLeast(s5.clientConn, buf, 10)`
Initial commit 9 years ago			`if err != nil {`
			`return err`
			`}`
minor changes add some comments fix some wrong format change the method of forward finish check 8 years ago
Initial commit 9 years ago			`if buf[0] != socks5Version {`
minor changes add some comments fix some wrong format change the method of forward finish check 8 years ago			`return fmt.Errorf("error version %d", buf[0])`
Initial commit 9 years ago			`}`

minor changes add some comments fix some wrong format change the method of forward finish check 8 years ago			`// command only support connect`
Initial commit 9 years ago			`if buf[1] != cmdConnect {`
go vet 8 years ago			`return fmt.Errorf("unsupported command %d", buf[1])`
Initial commit 9 years ago			`}`

minor changes add some comments fix some wrong format change the method of forward finish check 8 years ago			`hlen := 0 // target address length`
			`host := "" // target address`
			`msglen := 0 // header length`

Initial commit 9 years ago			`switch buf[3] {`
			`case addrTypeIPv4:`
			`hlen = 4`
			`case addrTypeDomain:`
			`hlen = int(buf[4]) + 1`
			`case addrTypeIPv6:`
			`hlen = 16`
			`}`

			`msglen = 6 + hlen`

			`if n < msglen {`
minor changes add some comments fix some wrong format change the method of forward finish check 8 years ago			`// read remains header`
golint 8 years ago			`_, err := io.ReadFull(s5.clientConn, buf[n:msglen])`
Initial commit 9 years ago			`if err != nil {`
			`return err`
			`}`
			`}`

			`// get target address`
			`addr := buf[4 : 4+hlen]`
			`if buf[3] == addrTypeDomain {`
			`host = string(addr[1:])`
			`} else {`
			`host = net.IP(addr).String()`
			`}`

minor changes add some comments fix some wrong format change the method of forward finish check 8 years ago			`// get target port`
Initial commit 9 years ago			`port := binary.BigEndian.Uint16(buf[msglen-2 : msglen])`

minor changes add some comments fix some wrong format change the method of forward finish check 8 years ago			`// target address`
Initial commit 9 years ago			`target := net.JoinHostPort(host, fmt.Sprintf("%d", port))`

minor changes add some comments fix some wrong format change the method of forward finish check 8 years ago			`//log.Printf("connecing to %s\r\n", target)`
Initial commit 9 years ago
			`// connect to the target`
golint 8 years ago			`s5.serverConn, err = s5.dial("tcp", target)`
Initial commit 9 years ago			`if err != nil {`
refine the code read all data at once allocate byte buffer once reply a error to client when connect to remote failed, instead of connection reset socks4/5 use the same data exchange method 7 years ago			`// connection failed`
			`s5.clientConn.Write([]byte{0x05, 0x01, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x01, 0x01})`
Initial commit 9 years ago			`return err`
			`}`

refine the code read all data at once allocate byte buffer once reply a error to client when connect to remote failed, instead of connection reset socks4/5 use the same data exchange method 7 years ago			`// connection success`
			`s5.clientConn.Write([]byte{0x05, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x01, 0x01})`

Initial commit 9 years ago			`// enter data exchange`
refine the code read all data at once allocate byte buffer once reply a error to client when connect to remote failed, instead of connection reset socks4/5 use the same data exchange method 7 years ago			`forward(s5.clientConn, s5.serverConn)`
Initial commit 9 years ago
			`return nil`
			`}`

			`func (s5 *socks5Conn) Close() {`
golint 8 years ago			`if s5.serverConn != nil {`
			`s5.serverConn.Close()`
Initial commit 9 years ago			`}`
golint 8 years ago			`if s5.clientConn != nil {`
			`s5.clientConn.Close()`
Initial commit 9 years ago			`}`
			`}`