aboutsummaryrefslogtreecommitdiffstats
path: root/plugins/mod_proxy65.lua
diff options
context:
space:
mode:
Diffstat (limited to 'plugins/mod_proxy65.lua')
-rw-r--r--plugins/mod_proxy65.lua327
1 files changed, 136 insertions, 191 deletions
diff --git a/plugins/mod_proxy65.lua b/plugins/mod_proxy65.lua
index 5b490730..2ed9faac 100644
--- a/plugins/mod_proxy65.lua
+++ b/plugins/mod_proxy65.lua
@@ -1,109 +1,80 @@
+-- Prosody IM
+-- Copyright (C) 2008-2011 Matthew Wild
+-- Copyright (C) 2008-2011 Waqas Hussain
-- Copyright (C) 2009 Thilo Cestonaro
---
+--
-- This project is MIT/X11 licensed. Please see the
-- COPYING file in the source package for more information.
--
---[[
-* to restart the proxy in the console: e.g.
-module:unload("proxy65");
-> server.removeserver(<proxy65_port>);
-module:load("proxy65", <proxy65_jid>);
-]]--
+module:set_global();
-local module = module;
-local tostring = tostring;
-local jid_split, jid_join, jid_compare = require "util.jid".split, require "util.jid".join, require "util.jid".compare;
+local jid_compare, jid_prep = require "util.jid".compare, require "util.jid".prep;
local st = require "util.stanza";
-local connlisteners = require "net.connlisteners";
local sha1 = require "util.hashes".sha1;
+local b64 = require "util.encodings".base64.encode;
local server = require "net.server";
+local portmanager = require "core.portmanager";
-local host, name = module:get_host(), "SOCKS5 Bytestreams Service";
-local sessions, transfers, replies_cache = {}, {}, {};
-
-local proxy_port = module:get_option("proxy65_port") or 5000;
-local proxy_interface = module:get_option("proxy65_interface") or "*";
-local proxy_address = module:get_option("proxy65_address") or (proxy_interface ~= "*" and proxy_interface) or host;
-local proxy_acl = module:get_option("proxy65_acl");
+local sessions, transfers = module:shared("sessions", "transfers");
local max_buffer_size = 4096;
-local connlistener = { default_port = proxy_port, default_interface = proxy_interface, default_mode = "*a" };
+local listener = {};
-function connlistener.onincoming(conn, data)
+function listener.onincoming(conn, data)
local session = sessions[conn] or {};
-
- if session.setup == nil and data ~= nil and data:byte(1) == 0x05 and #data > 2 then
- local nmethods = data:byte(2);
- local methods = data:sub(3);
- local supported = false;
- for i=1, nmethods, 1 do
- if(methods:byte(i) == 0x00) then -- 0x00 == method: NO AUTH
- supported = true;
- break;
- end
- end
- if(supported) then
- module:log("debug", "new session found ... ")
- session.setup = true;
- sessions[conn] = session;
- conn:write(string.char(5, 0));
- end
+
+ local transfer = transfers[session.sha];
+ if transfer and transfer.activated then -- copy data between initiator and target
+ local initiator, target = transfer.initiator, transfer.target;
+ (conn == initiator and target or initiator):write(data);
return;
- end
- if session.setup then
- if session.sha ~= nil and transfers[session.sha] ~= nil then
- local sha = session.sha;
- if transfers[sha].activated == true and transfers[sha].target ~= nil then
- if transfers[sha].initiator == conn then
- transfers[sha].target:write(data);
- else
- transfers[sha].initiator:write(data);
- end
+ end -- FIXME server.link should be doing this?
+
+ if not session.greeting_done then
+ local nmethods = data:byte(2) or 0;
+ if data:byte(1) == 0x05 and nmethods > 0 and #data == 2 + nmethods then -- check if we have all the data
+ if data:find("%z") then -- 0x00 = 'No authentication' is supported
+ session.greeting_done = true;
+ sessions[conn] = session;
+ conn:write("\5\0"); -- send (SOCKS version 5, No authentication)
+ module:log("debug", "SOCKS5 greeting complete");
return;
end
- end
- if data ~= nil and #data == 0x2F and -- 40 == length of SHA1 HASH, and 7 other bytes => 47 => 0x2F
- data:byte(1) == 0x05 and -- SOCKS5 has 5 in first byte
- data:byte(2) == 0x01 and -- CMD must be 1
- data:byte(3) == 0x00 and -- RSV must be 0
- data:byte(4) == 0x03 and -- ATYP must be 3
- data:byte(5) == 40 and -- SHA1 HASH length must be 40 (0x28)
- data:byte(-2) == 0x00 and -- PORT must be 0, size 2 byte
- data:byte(-1) == 0x00
- then
- local sha = data:sub(6, 45); -- second param is not count! it's the ending index (included!)
- if transfers[sha] == nil then
+ end -- else error, unexpected input
+ conn:write("\5\255"); -- send (SOCKS version 5, no acceptable method)
+ conn:close();
+ module:log("debug", "Invalid SOCKS5 greeting recieved: '%s'", b64(data));
+ else -- connection request
+ --local head = string.char( 0x05, 0x01, 0x00, 0x03, 40 ); -- ( VER=5=SOCKS5, CMD=1=CONNECT, RSV=0=RESERVED, ATYP=3=DOMAIMNAME, SHA-1 size )
+ if #data == 47 and data:sub(1,5) == "\5\1\0\3\40" and data:sub(-2) == "\0\0" then
+ local sha = data:sub(6, 45);
+ conn:pause();
+ conn:write("\5\0\0\3\40" .. sha .. "\0\0"); -- VER, REP, RSV, ATYP, BND.ADDR (sha), BND.PORT (2 Byte)
+ if not transfers[sha] then
transfers[sha] = {};
- transfers[sha].activated = false;
transfers[sha].target = conn;
session.sha = sha;
- module:log("debug", "target connected ... ");
- elseif transfers[sha].target ~= nil then
+ module:log("debug", "SOCKS5 target connected for session %s", sha);
+ else -- transfers[sha].target ~= nil
transfers[sha].initiator = conn;
session.sha = sha;
- module:log("debug", "initiator connected ... ");
+ module:log("debug", "SOCKS5 initiator connected for session %s", sha);
server.link(conn, transfers[sha].target, max_buffer_size);
server.link(transfers[sha].target, conn, max_buffer_size);
end
- conn:write(string.char(5, 0, 0, 3, #sha) .. sha .. string.char(0, 0)); -- VER, REP, RSV, ATYP, BND.ADDR (sha), BND.PORT (2 Byte)
- conn:lock_read(true)
- else
- module:log("warn", "Neither data transfer nor initial connect of a participator of a transfer.")
- conn:close();
- end
- else
- if data ~= nil then
- module:log("warn", "unknown connection with no authentication data -> closing it");
+ else -- error, unexpected input
+ conn:write("\5\1\0\3\0\0\0"); -- VER, REP, RSV, ATYP, BND.ADDR (sha), BND.PORT (2 Byte)
conn:close();
+ module:log("debug", "Invalid SOCKS5 negotiation recieved: '%s'", b64(data));
end
end
end
-function connlistener.ondisconnect(conn, err)
+function listener.ondisconnect(conn, err)
local session = sessions[conn];
if session then
- if session.sha and transfers[session.sha] then
+ if transfers[session.sha] then
local initiator, target = transfers[session.sha].initiator, transfers[session.sha].target;
if initiator == conn and target ~= nil then
target:close();
@@ -117,131 +88,105 @@ function connlistener.ondisconnect(conn, err)
end
end
-module:add_identity("proxy", "bytestreams", name);
-module:add_feature("http://jabber.org/protocol/bytestreams");
-
-module:hook("iq-get/host/http://jabber.org/protocol/disco#info:query", function(event)
- local origin, stanza = event.origin, event.stanza;
- local reply = replies_cache.disco_info;
- if reply == nil then
- reply = st.iq({type='result', from=host}):query("http://jabber.org/protocol/disco#info")
- :tag("identity", {category='proxy', type='bytestreams', name=name}):up()
- :tag("feature", {var="http://jabber.org/protocol/bytestreams"});
- replies_cache.disco_info = reply;
- end
+function module.add_host(module)
+ local host, name = module:get_host(), module:get_option_string("name", "SOCKS5 Bytestreams Service");
- reply.attr.id = stanza.attr.id;
- reply.attr.to = stanza.attr.from;
- origin.send(reply);
- return true;
-end, -1);
-
-module:hook("iq-get/host/http://jabber.org/protocol/disco#items:query", function(event)
- local origin, stanza = event.origin, event.stanza;
- local reply = replies_cache.disco_items;
- if reply == nil then
- reply = st.iq({type='result', from=host}):query("http://jabber.org/protocol/disco#items");
- replies_cache.disco_items = reply;
- end
-
- reply.attr.id = stanza.attr.id;
- reply.attr.to = stanza.attr.from;
- origin.send(reply);
- return true;
-end, -1);
-
-module:hook("iq-get/host/http://jabber.org/protocol/bytestreams:query", function(event)
- local origin, stanza = event.origin, event.stanza;
- local reply = replies_cache.stream_host;
- local err_reply = replies_cache.stream_host_err;
- local sid = stanza.tags[1].attr.sid;
- local allow = false;
- local jid = stanza.attr.from;
-
- if proxy_acl and #proxy_acl > 0 then
- for _, acl in ipairs(proxy_acl) do
- if jid_compare(jid, acl) then allow = true; end
- end
- else
- allow = true;
+ local proxy_address = module:get_option("proxy65_address", host);
+ local proxy_port = next(portmanager.get_active_services():search("proxy65", nil)[1] or {});
+ local proxy_acl = module:get_option("proxy65_acl");
+
+ -- COMPAT w/pre-0.9 where proxy65_port was specified in the components section of the config
+ local legacy_config = module:get_option_number("proxy65_port");
+ if legacy_config then
+ module:log("warn", "proxy65_port is deprecated, please put proxy65_ports = { %d } into the global section instead", legacy_config);
end
- if allow == true then
- if reply == nil then
- reply = st.iq({type="result", from=host})
- :query("http://jabber.org/protocol/bytestreams")
- :tag("streamhost", {jid=host, host=proxy_address, port=proxy_port});
- replies_cache.stream_host = reply;
+
+ module:add_identity("proxy", "bytestreams", name);
+ module:add_feature("http://jabber.org/protocol/bytestreams");
+
+ module:hook("iq-get/host/http://jabber.org/protocol/disco#info:query", function(event)
+ local origin, stanza = event.origin, event.stanza;
+ if not stanza.tags[1].attr.node then
+ origin.send(st.reply(stanza):query("http://jabber.org/protocol/disco#info")
+ :tag("identity", {category='proxy', type='bytestreams', name=name}):up()
+ :tag("feature", {var="http://jabber.org/protocol/bytestreams"}) );
+ return true;
end
- else
- module:log("warn", "Denying use of proxy for %s", tostring(jid));
- if err_reply == nil then
- err_reply = st.iq({type="error", from=host})
- :query("http://jabber.org/protocol/bytestreams")
- :tag("error", {code='403', type='auth'})
- :tag("forbidden", {xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'});
- replies_cache.stream_host_err = err_reply;
+ end, -1);
+
+ module:hook("iq-get/host/http://jabber.org/protocol/disco#items:query", function(event)
+ local origin, stanza = event.origin, event.stanza;
+ if not stanza.tags[1].attr.node then
+ origin.send(st.reply(stanza):query("http://jabber.org/protocol/disco#items"));
+ return true;
end
- reply = err_reply;
- end
- reply.attr.id = stanza.attr.id;
- reply.attr.to = stanza.attr.from;
- reply.tags[1].attr.sid = sid;
- origin.send(reply);
- return true;
-end);
-
-module.unload = function()
- connlisteners.deregister(module.host .. ':proxy65');
-end
+ end, -1);
-local function set_activation(stanza)
- local to, reply;
- local from = stanza.attr.from;
- local query = stanza.tags[1];
- local sid = query.attr.sid;
- if query.tags[1] and query.tags[1].name == "activate" then
- to = query.tags[1][1];
- end
- if from ~= nil and to ~= nil and sid ~= nil then
- reply = st.iq({type="result", from=host, to=from});
- reply.attr.id = stanza.attr.id;
- end
- return reply, from, to, sid;
-end
+ module:hook("iq-get/host/http://jabber.org/protocol/bytestreams:query", function(event)
+ local origin, stanza = event.origin, event.stanza;
-module:hook("iq-set/host/http://jabber.org/protocol/bytestreams:query", function(event)
- local origin, stanza = event.origin, event.stanza;
-
- module:log("debug", "Received activation request from %s", stanza.attr.from);
- local reply, from, to, sid = set_activation(stanza);
- if reply ~= nil and from ~= nil and to ~= nil and sid ~= nil then
- local sha = sha1(sid .. from .. to, true);
- if transfers[sha] == nil then
- module:log("error", "transfers[sha]: nil");
- elseif(transfers[sha] ~= nil and transfers[sha].initiator ~= nil and transfers[sha].target ~= nil) then
- origin.send(reply);
- transfers[sha].activated = true;
- transfers[sha].target:lock_read(false);
- transfers[sha].initiator:lock_read(false);
- else
- module:log("debug", "Both parties were not yet connected");
- local message = "Neither party is connected to the proxy";
- if transfers[sha].initiator then
- message = "The recipient is not connected to the proxy";
- elseif transfers[sha].target then
- message = "The sender (you) is not connected to the proxy";
+ -- check ACL
+ while proxy_acl and #proxy_acl > 0 do -- using 'while' instead of 'if' so we can break out of it
+ local jid = stanza.attr.from;
+ local allow;
+ for _, acl in ipairs(proxy_acl) do
+ if jid_compare(jid, acl) then allow = true; break; end
end
- origin.send(st.error_reply(stanza, "cancel", "not-allowed", message));
+ if allow then break; end
+ module:log("warn", "Denying use of proxy for %s", tostring(stanza.attr.from));
+ origin.send(st.error_reply(stanza, "auth", "forbidden"));
+ return true;
end
- return true;
- else
- module:log("error", "activation failed: sid: %s, initiator: %s, target: %s", tostring(sid), tostring(from), tostring(to));
- end
-end);
-if not connlisteners.register(module.host .. ':proxy65', connlistener) then
- module:log("error", "mod_proxy65: Could not establish a connection listener. Check your configuration please.");
- module:log("error", "Possibly two proxy65 components are configured to share the same port.");
+ local sid = stanza.tags[1].attr.sid;
+ origin.send(st.reply(stanza):tag("query", {xmlns="http://jabber.org/protocol/bytestreams", sid=sid})
+ :tag("streamhost", {jid=host, host=proxy_address, port=proxy_port}));
+ return true;
+ end);
+
+ module:hook("iq-set/host/http://jabber.org/protocol/bytestreams:query", function(event)
+ local origin, stanza = event.origin, event.stanza;
+
+ local query = stanza.tags[1];
+ local sid = query.attr.sid;
+ local from = stanza.attr.from;
+ local to = query:get_child_text("activate");
+ local prepped_to = jid_prep(to);
+
+ local info = "sid: "..tostring(sid)..", initiator: "..tostring(from)..", target: "..tostring(prepped_to or to);
+ if prepped_to and sid then
+ local sha = sha1(sid .. from .. prepped_to, true);
+ if not transfers[sha] then
+ module:log("debug", "Activation request has unknown session id; activation failed (%s)", info);
+ origin.send(st.error_reply(stanza, "modify", "item-not-found"));
+ elseif not transfers[sha].initiator then
+ module:log("debug", "The sender was not connected to the proxy; activation failed (%s)", info);
+ origin.send(st.error_reply(stanza, "cancel", "not-allowed", "The sender (you) is not connected to the proxy"));
+ --elseif not transfers[sha].target then -- can't happen, as target is set when a transfer object is created
+ -- module:log("debug", "The recipient was not connected to the proxy; activation failed (%s)", info);
+ -- origin.send(st.error_reply(stanza, "cancel", "not-allowed", "The recipient is not connected to the proxy"));
+ else -- if transfers[sha].initiator ~= nil and transfers[sha].target ~= nil then
+ module:log("debug", "Transfer activated (%s)", info);
+ transfers[sha].activated = true;
+ transfers[sha].target:resume();
+ transfers[sha].initiator:resume();
+ origin.send(st.reply(stanza));
+ end
+ elseif to and sid then
+ module:log("debug", "Malformed activation jid; activation failed (%s)", info);
+ origin.send(st.error_reply(stanza, "modify", "jid-malformed"));
+ else
+ module:log("debug", "Bad request; activation failed (%s)", info);
+ origin.send(st.error_reply(stanza, "modify", "bad-request"));
+ end
+ return true;
+ end);
end
-connlisteners.start(module.host .. ':proxy65');
+module:provides("net", {
+ default_port = 5000;
+ listener = listener;
+ multiplex = {
+ pattern = "^\5";
+ };
+});