1 files changed, 136 insertions, 191 deletions
diff --git a/plugins/mod_proxy65.lua b/plugins/mod_proxy65.lua
index 5b490730..2ed9faac 100644
--- a/plugins/mod_proxy65.lua
+++ b/plugins/mod_proxy65.lua
@@ -1,109 +1,80 @@
+-- Prosody IM
+-- Copyright (C) 2008-2011 Matthew Wild
+-- Copyright (C) 2008-2011 Waqas Hussain
 -- Copyright (C) 2009 Thilo Cestonaro
--- 
+--
 -- This project is MIT/X11 licensed. Please see the
 -- COPYING file in the source package for more information.
 --
---[[
-* to restart the proxy in the console: e.g.
-module:unload("proxy65");
-> server.removeserver(<proxy65_port>);
-module:load("proxy65", <proxy65_jid>);
-]]--
 
+module:set_global();
 
-local module = module;
-local tostring = tostring;
-local jid_split, jid_join, jid_compare = require "util.jid".split, require "util.jid".join, require "util.jid".compare;
+local jid_compare, jid_prep = require "util.jid".compare, require "util.jid".prep;
 local st = require "util.stanza";
-local connlisteners = require "net.connlisteners";
 local sha1 = require "util.hashes".sha1;
+local b64 = require "util.encodings".base64.encode;
 local server = require "net.server";
+local portmanager = require "core.portmanager";
 
-local host, name = module:get_host(), "SOCKS5 Bytestreams Service";
-local sessions, transfers, replies_cache = {}, {}, {};
-
-local proxy_port = module:get_option("proxy65_port") or 5000;
-local proxy_interface = module:get_option("proxy65_interface") or "*";
-local proxy_address = module:get_option("proxy65_address") or (proxy_interface ~= "*" and proxy_interface) or host;
-local proxy_acl = module:get_option("proxy65_acl");
+local sessions, transfers = module:shared("sessions", "transfers");
 local max_buffer_size = 4096;
 
-local connlistener = { default_port = proxy_port, default_interface = proxy_interface, default_mode = "*a" };
+local listener = {};
 
-function connlistener.onincoming(conn, data)
+function listener.onincoming(conn, data)
 	local session = sessions[conn] or {};
-	
-	if session.setup == nil and data ~= nil and data:byte(1) == 0x05 and #data > 2 then
-		local nmethods = data:byte(2);
-		local methods = data:sub(3);
-		local supported = false;
-		for i=1, nmethods, 1 do
-			if(methods:byte(i) == 0x00) then -- 0x00 == method: NO AUTH
-				supported = true;
-				break;
-			end
-		end
-		if(supported) then
-			module:log("debug", "new session found ... ")
-			session.setup = true;
-			sessions[conn] = session;
-			conn:write(string.char(5, 0));
-		end
+
+	local transfer = transfers[session.sha];
+	if transfer and transfer.activated then -- copy data between initiator and target
+		local initiator, target = transfer.initiator, transfer.target;
+		(conn == initiator and target or initiator):write(data);
 		return;
-	end
-	if session.setup then
-		if session.sha ~= nil and transfers[session.sha] ~= nil then
-			local sha = session.sha;
-			if transfers[sha].activated == true and transfers[sha].target ~= nil then
-				if  transfers[sha].initiator == conn then
-					transfers[sha].target:write(data);
-				else
-					transfers[sha].initiator:write(data);
-				end
+	end -- FIXME server.link should be doing this?
+
+	if not session.greeting_done then
+		local nmethods = data:byte(2) or 0;
+		if data:byte(1) == 0x05 and nmethods > 0 and #data == 2 + nmethods then -- check if we have all the data
+			if data:find("%z") then -- 0x00 = 'No authentication' is supported
+				session.greeting_done = true;
+				sessions[conn] = session;
+				conn:write("\5\0"); -- send (SOCKS version 5, No authentication)
+				module:log("debug", "SOCKS5 greeting complete");
 				return;
 			end
-		end
-		if data ~= nil and #data == 0x2F and  -- 40 == length of SHA1 HASH, and 7 other bytes => 47 => 0x2F
-			data:byte(1) == 0x05 and -- SOCKS5 has 5 in first byte
-			data:byte(2) == 0x01 and -- CMD must be 1
-			data:byte(3) == 0x00 and -- RSV must be 0
-			data:byte(4) == 0x03 and -- ATYP must be 3
-			data:byte(5) == 40 and -- SHA1 HASH length must be 40 (0x28)
-			data:byte(-2) == 0x00 and -- PORT must be 0, size 2 byte
-			data:byte(-1) == 0x00
-		then
-			local sha = data:sub(6, 45); -- second param is not count! it's the ending index (included!)
-			if transfers[sha] == nil then
+		end -- else error, unexpected input
+		conn:write("\5\255"); -- send (SOCKS version 5, no acceptable method)
+		conn:close();
+		module:log("debug", "Invalid SOCKS5 greeting recieved: '%s'", b64(data));
+	else -- connection request
+		--local head = string.char( 0x05, 0x01, 0x00, 0x03, 40 ); -- ( VER=5=SOCKS5, CMD=1=CONNECT, RSV=0=RESERVED, ATYP=3=DOMAIMNAME, SHA-1 size )
+		if #data == 47 and data:sub(1,5) == "\5\1\0\3\40" and data:sub(-2) == "\0\0" then
+			local sha = data:sub(6, 45);
+			conn:pause();
+			conn:write("\5\0\0\3\40" .. sha .. "\0\0"); -- VER, REP, RSV, ATYP, BND.ADDR (sha), BND.PORT (2 Byte)
+			if not transfers[sha] then
 				transfers[sha] = {};
-				transfers[sha].activated = false;
 				transfers[sha].target = conn;
 				session.sha = sha;
-				module:log("debug", "target connected ... ");
-			elseif transfers[sha].target ~= nil then
+				module:log("debug", "SOCKS5 target connected for session %s", sha);
+			else -- transfers[sha].target ~= nil
 				transfers[sha].initiator = conn;
 				session.sha = sha;
-				module:log("debug", "initiator connected ... ");
+				module:log("debug", "SOCKS5 initiator connected for session %s", sha);
 				server.link(conn, transfers[sha].target, max_buffer_size);
 				server.link(transfers[sha].target, conn, max_buffer_size);
 			end
-			conn:write(string.char(5, 0, 0, 3, #sha) .. sha .. string.char(0, 0)); -- VER, REP, RSV, ATYP, BND.ADDR (sha), BND.PORT (2 Byte)
-			conn:lock_read(true)
-		else
-			module:log("warn", "Neither data transfer nor initial connect of a participator of a transfer.")
-			conn:close();
-		end
-	else
-		if data ~= nil then
-			module:log("warn", "unknown connection with no authentication data -> closing it");
+		else -- error, unexpected input
+			conn:write("\5\1\0\3\0\0\0"); -- VER, REP, RSV, ATYP, BND.ADDR (sha), BND.PORT (2 Byte)
 			conn:close();
+			module:log("debug", "Invalid SOCKS5 negotiation recieved: '%s'", b64(data));
 		end
 	end
 end
 
-function connlistener.ondisconnect(conn, err)
+function listener.ondisconnect(conn, err)
 	local session = sessions[conn];
 	if session then
-		if session.sha and transfers[session.sha] then
+		if transfers[session.sha] then
 			local initiator, target = transfers[session.sha].initiator, transfers[session.sha].target;
 			if initiator == conn and target ~= nil then
 				target:close();
@@ -117,131 +88,105 @@ function connlistener.ondisconnect(conn, err)
 	end
 end
 
-module:add_identity("proxy", "bytestreams", name);
-module:add_feature("http://jabber.org/protocol/bytestreams");
-
-module:hook("iq-get/host/http://jabber.org/protocol/disco#info:query", function(event)
-	local origin, stanza = event.origin, event.stanza;
-	local reply = replies_cache.disco_info;
-	if reply == nil then
-	 	reply = st.iq({type='result', from=host}):query("http://jabber.org/protocol/disco#info")
-			:tag("identity", {category='proxy', type='bytestreams', name=name}):up()
-			:tag("feature", {var="http://jabber.org/protocol/bytestreams"});
-		replies_cache.disco_info = reply;
-	end
+function module.add_host(module)
+	local host, name = module:get_host(), module:get_option_string("name", "SOCKS5 Bytestreams Service");
 
-	reply.attr.id = stanza.attr.id;
-	reply.attr.to = stanza.attr.from;
-	origin.send(reply);
-	return true;
-end, -1);
-
-module:hook("iq-get/host/http://jabber.org/protocol/disco#items:query", function(event)
-	local origin, stanza = event.origin, event.stanza;
-	local reply = replies_cache.disco_items;
-	if reply == nil then
-	 	reply = st.iq({type='result', from=host}):query("http://jabber.org/protocol/disco#items");
-		replies_cache.disco_items = reply;
-	end
-	
-	reply.attr.id = stanza.attr.id;
-	reply.attr.to = stanza.attr.from;
-	origin.send(reply);
-	return true;
-end, -1);
-
-module:hook("iq-get/host/http://jabber.org/protocol/bytestreams:query", function(event)
-	local origin, stanza = event.origin, event.stanza;
-	local reply = replies_cache.stream_host;
-	local err_reply = replies_cache.stream_host_err;
-	local sid = stanza.tags[1].attr.sid;
-	local allow = false;
-	local jid = stanza.attr.from;
-	
-	if proxy_acl and #proxy_acl > 0 then
-		for _, acl in ipairs(proxy_acl) do
-			if jid_compare(jid, acl) then allow = true; end
-		end
-	else
-		allow = true;
+	local proxy_address = module:get_option("proxy65_address", host);
+	local proxy_port = next(portmanager.get_active_services():search("proxy65", nil)[1] or {});
+	local proxy_acl = module:get_option("proxy65_acl");
+
+	-- COMPAT w/pre-0.9 where proxy65_port was specified in the components section of the config
+	local legacy_config = module:get_option_number("proxy65_port");
+	if legacy_config then
+		module:log("warn", "proxy65_port is deprecated, please put proxy65_ports = { %d } into the global section instead", legacy_config);
 	end
-	if allow == true then
-		if reply == nil then
-			reply = st.iq({type="result", from=host})
-				:query("http://jabber.org/protocol/bytestreams")
-				:tag("streamhost", {jid=host, host=proxy_address, port=proxy_port});
-			replies_cache.stream_host = reply;
+
+	module:add_identity("proxy", "bytestreams", name);
+	module:add_feature("http://jabber.org/protocol/bytestreams");
+
+	module:hook("iq-get/host/http://jabber.org/protocol/disco#info:query", function(event)
+		local origin, stanza = event.origin, event.stanza;
+		if not stanza.tags[1].attr.node then
+			origin.send(st.reply(stanza):query("http://jabber.org/protocol/disco#info")
+				:tag("identity", {category='proxy', type='bytestreams', name=name}):up()
+				:tag("feature", {var="http://jabber.org/protocol/bytestreams"}) );
+			return true;
 		end
-	else
-		module:log("warn", "Denying use of proxy for %s", tostring(jid));
-		if err_reply == nil then
-			err_reply = st.iq({type="error", from=host})
-				:query("http://jabber.org/protocol/bytestreams")
-				:tag("error", {code='403', type='auth'})
-				:tag("forbidden", {xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'});
-			replies_cache.stream_host_err = err_reply;
+	end, -1);
+
+	module:hook("iq-get/host/http://jabber.org/protocol/disco#items:query", function(event)
+		local origin, stanza = event.origin, event.stanza;
+		if not stanza.tags[1].attr.node then
+			origin.send(st.reply(stanza):query("http://jabber.org/protocol/disco#items"));
+			return true;
 		end
-		reply = err_reply;
-	end
-	reply.attr.id = stanza.attr.id;
-	reply.attr.to = stanza.attr.from;
-	reply.tags[1].attr.sid = sid;
-	origin.send(reply);
-	return true;
-end);
-
-module.unload = function()
-	connlisteners.deregister(module.host .. ':proxy65');
-end
+	end, -1);
 
-local function set_activation(stanza)
-	local to, reply;
-	local from = stanza.attr.from;
-	local query = stanza.tags[1];
-	local sid = query.attr.sid;
-	if query.tags[1] and query.tags[1].name == "activate" then
-		to = query.tags[1][1];
-	end
-	if from ~= nil and to ~= nil and sid ~= nil then
-		reply = st.iq({type="result", from=host, to=from});
-		reply.attr.id = stanza.attr.id;
-	end
-	return reply, from, to, sid;
-end
+	module:hook("iq-get/host/http://jabber.org/protocol/bytestreams:query", function(event)
+		local origin, stanza = event.origin, event.stanza;
 
-module:hook("iq-set/host/http://jabber.org/protocol/bytestreams:query", function(event)
-	local origin, stanza = event.origin, event.stanza;
-
-	module:log("debug", "Received activation request from %s", stanza.attr.from);
-	local reply, from, to, sid = set_activation(stanza);
-	if reply ~= nil and from ~= nil and to ~= nil and sid ~= nil then
-		local sha = sha1(sid .. from .. to, true);
-		if transfers[sha] == nil then
-			module:log("error", "transfers[sha]: nil");
-		elseif(transfers[sha] ~= nil and transfers[sha].initiator ~= nil and transfers[sha].target ~= nil) then
-			origin.send(reply);
-			transfers[sha].activated = true;
-			transfers[sha].target:lock_read(false);
-			transfers[sha].initiator:lock_read(false);
-		else
-			module:log("debug", "Both parties were not yet connected");
-			local message = "Neither party is connected to the proxy";
-			if transfers[sha].initiator then
-				message = "The recipient is not connected to the proxy";
-			elseif transfers[sha].target then
-				message = "The sender (you) is not connected to the proxy";
+		-- check ACL
+		while proxy_acl and #proxy_acl > 0 do -- using 'while' instead of 'if' so we can break out of it
+			local jid = stanza.attr.from;
+			local allow;
+			for _, acl in ipairs(proxy_acl) do
+				if jid_compare(jid, acl) then allow = true; break; end
 			end
-			origin.send(st.error_reply(stanza, "cancel", "not-allowed", message));
+			if allow then break; end
+			module:log("warn", "Denying use of proxy for %s", tostring(stanza.attr.from));
+			origin.send(st.error_reply(stanza, "auth", "forbidden"));
+			return true;
 		end
-		return true;
-	else
-		module:log("error", "activation failed: sid: %s, initiator: %s, target: %s", tostring(sid), tostring(from), tostring(to));
-	end
-end);
 
-if not connlisteners.register(module.host .. ':proxy65', connlistener) then
-	module:log("error", "mod_proxy65: Could not establish a connection listener. Check your configuration please.");
-	module:log("error", "Possibly two proxy65 components are configured to share the same port.");
+		local sid = stanza.tags[1].attr.sid;
+		origin.send(st.reply(stanza):tag("query", {xmlns="http://jabber.org/protocol/bytestreams", sid=sid})
+			:tag("streamhost", {jid=host, host=proxy_address, port=proxy_port}));
+		return true;
+	end);
+
+	module:hook("iq-set/host/http://jabber.org/protocol/bytestreams:query", function(event)
+		local origin, stanza = event.origin, event.stanza;
+
+		local query = stanza.tags[1];
+		local sid = query.attr.sid;
+		local from = stanza.attr.from;
+		local to = query:get_child_text("activate");
+		local prepped_to = jid_prep(to);
+
+		local info = "sid: "..tostring(sid)..", initiator: "..tostring(from)..", target: "..tostring(prepped_to or to);
+		if prepped_to and sid then
+			local sha = sha1(sid .. from .. prepped_to, true);
+			if not transfers[sha] then
+				module:log("debug", "Activation request has unknown session id; activation failed (%s)", info);
+				origin.send(st.error_reply(stanza, "modify", "item-not-found"));
+			elseif not transfers[sha].initiator then
+				module:log("debug", "The sender was not connected to the proxy; activation failed (%s)", info);
+				origin.send(st.error_reply(stanza, "cancel", "not-allowed", "The sender (you) is not connected to the proxy"));
+			--elseif not transfers[sha].target then -- can't happen, as target is set when a transfer object is created
+			--	module:log("debug", "The recipient was not connected to the proxy; activation failed (%s)", info);
+			--	origin.send(st.error_reply(stanza, "cancel", "not-allowed", "The recipient is not connected to the proxy"));
+			else -- if transfers[sha].initiator ~= nil and transfers[sha].target ~= nil then
+				module:log("debug", "Transfer activated (%s)", info);
+				transfers[sha].activated = true;
+				transfers[sha].target:resume();
+				transfers[sha].initiator:resume();
+				origin.send(st.reply(stanza));
+			end
+		elseif to and sid then
+			module:log("debug", "Malformed activation jid; activation failed (%s)", info);
+			origin.send(st.error_reply(stanza, "modify", "jid-malformed"));
+		else
+			module:log("debug", "Bad request; activation failed (%s)", info);
+			origin.send(st.error_reply(stanza, "modify", "bad-request"));
+		end
+		return true;
+	end);
 end
 
-connlisteners.start(module.host .. ':proxy65');
+module:provides("net", {
+	default_port = 5000;
+	listener = listener;
+	multiplex = {
+		pattern = "^\5";
+	};
+});