Software /
code /
prosody
File
plugins/mod_proxy65.lua @ 4410:2928a74357c8
Makefile: Fix making of prosody.version
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Sun, 23 Oct 2011 20:56:33 +0200 |
parent | 4376:99277a1abe58 |
child | 4414:aa2e79f20962 |
line wrap: on
line source
-- Copyright (C) 2009 Thilo Cestonaro -- -- This project is MIT/X11 licensed. Please see the -- COPYING file in the source package for more information. -- --[[ * to restart the proxy in the console: e.g. module:unload("proxy65"); > server.removeserver(<proxy65_port>); module:load("proxy65", <proxy65_jid>); ]]-- local module = module; local tostring = tostring; local jid_compare, jid_prep = require "util.jid".compare, require "util.jid".prep; local st = require "util.stanza"; local connlisteners = require "net.connlisteners"; local sha1 = require "util.hashes".sha1; local server = require "net.server"; local host, name = module:get_host(), "SOCKS5 Bytestreams Service"; local sessions, transfers = {}, {}; local proxy_port = module:get_option("proxy65_port") or 5000; local proxy_interface = module:get_option("proxy65_interface") or "*"; local proxy_address = module:get_option("proxy65_address") or (proxy_interface ~= "*" and proxy_interface) or host; local proxy_acl = module:get_option("proxy65_acl"); local max_buffer_size = 4096; local connlistener = { default_port = proxy_port, default_interface = proxy_interface, default_mode = "*a" }; function connlistener.onincoming(conn, data) local session = sessions[conn] or {}; if session.setup == nil and data ~= nil and data:byte(1) == 0x05 and #data > 2 then local nmethods = data:byte(2); local methods = data:sub(3); local supported = false; for i=1, nmethods, 1 do if(methods:byte(i) == 0x00) then -- 0x00 == method: NO AUTH supported = true; break; end end if(supported) then module:log("debug", "new session found ... ") session.setup = true; sessions[conn] = session; conn:write(string.char(5, 0)); end return; end if session.setup then if session.sha ~= nil and transfers[session.sha] ~= nil then local sha = session.sha; if transfers[sha].activated == true and transfers[sha].target ~= nil then if transfers[sha].initiator == conn then transfers[sha].target:write(data); else transfers[sha].initiator:write(data); end return; end end if data ~= nil and #data == 0x2F and -- 40 == length of SHA1 HASH, and 7 other bytes => 47 => 0x2F data:byte(1) == 0x05 and -- SOCKS5 has 5 in first byte data:byte(2) == 0x01 and -- CMD must be 1 data:byte(3) == 0x00 and -- RSV must be 0 data:byte(4) == 0x03 and -- ATYP must be 3 data:byte(5) == 40 and -- SHA1 HASH length must be 40 (0x28) data:byte(-2) == 0x00 and -- PORT must be 0, size 2 byte data:byte(-1) == 0x00 then local sha = data:sub(6, 45); -- second param is not count! it's the ending index (included!) if transfers[sha] == nil then transfers[sha] = {}; transfers[sha].activated = false; transfers[sha].target = conn; session.sha = sha; module:log("debug", "target connected ... "); elseif transfers[sha].target ~= nil then transfers[sha].initiator = conn; session.sha = sha; module:log("debug", "initiator connected ... "); server.link(conn, transfers[sha].target, max_buffer_size); server.link(transfers[sha].target, conn, max_buffer_size); end conn:write(string.char(5, 0, 0, 3, #sha) .. sha .. string.char(0, 0)); -- VER, REP, RSV, ATYP, BND.ADDR (sha), BND.PORT (2 Byte) conn:lock_read(true) else module:log("warn", "Neither data transfer nor initial connect of a participator of a transfer.") conn:close(); end else if data ~= nil then module:log("warn", "unknown connection with no authentication data -> closing it"); conn:close(); end end end function connlistener.ondisconnect(conn, err) local session = sessions[conn]; if session then if session.sha and transfers[session.sha] then local initiator, target = transfers[session.sha].initiator, transfers[session.sha].target; if initiator == conn and target ~= nil then target:close(); elseif target == conn and initiator ~= nil then initiator:close(); end transfers[session.sha] = nil; end -- Clean up any session-related stuff here sessions[conn] = nil; end end module:add_identity("proxy", "bytestreams", name); module:add_feature("http://jabber.org/protocol/bytestreams"); module:hook("iq-get/host/http://jabber.org/protocol/disco#info:query", function(event) local origin, stanza = event.origin, event.stanza; origin.send(st.reply(stanza):query("http://jabber.org/protocol/disco#info") :tag("identity", {category='proxy', type='bytestreams', name=name}):up() :tag("feature", {var="http://jabber.org/protocol/bytestreams"}) ); return true; end, -1); module:hook("iq-get/host/http://jabber.org/protocol/disco#items:query", function(event) local origin, stanza = event.origin, event.stanza; origin.send(st.reply(stanza):query("http://jabber.org/protocol/disco#items")); return true; end, -1); module:hook("iq-get/host/http://jabber.org/protocol/bytestreams:query", function(event) local origin, stanza = event.origin, event.stanza; -- check ACL while proxy_acl and #proxy_acl > 0 do -- using 'while' instead of 'if' so we can break out of it local jid = stanza.attr.from; for _, acl in ipairs(proxy_acl) do if jid_compare(jid, acl) then break; end end module:log("warn", "Denying use of proxy for %s", tostring(stanza.attr.from)); origin.send(st.error_reply(stanza, "auth", "forbidden")); return true; end local sid = stanza.tags[1].attr.sid; origin.send(st.reply(stanza):tag("query", {xmlns="http://jabber.org/protocol/bytestreams", sid=sid}) :tag("streamhost", {jid=host, host=proxy_address, port=proxy_port})); return true; end); module.unload = function() connlisteners.deregister(module.host .. ':proxy65'); end module:hook("iq-set/host/http://jabber.org/protocol/bytestreams:query", function(event) local origin, stanza = event.origin, event.stanza; local query = stanza.tags[1]; local sid = query.attr.sid; local from = stanza.attr.from; local to = query:get_child_text("activate"); local prepped_to = jid_prep(to); module:log("debug", "received activation request from %s", stanza.attr.from); if prepped_to and sid then local sha = sha1(sid .. from .. prepped_to, true); if transfers[sha] == nil then module:log("error", "transfers[sha]: nil"); origin.send(st.error_reply(stanza, "modify", "item-not-found")); elseif(transfers[sha] ~= nil and transfers[sha].initiator ~= nil and transfers[sha].target ~= nil) then transfers[sha].activated = true; transfers[sha].target:lock_read(false); transfers[sha].initiator:lock_read(false); origin.send(st.reply(stanza)); else module:log("debug", "Both parties were not yet connected"); local message = "Neither party is connected to the proxy"; if transfers[sha].initiator then message = "The recipient is not connected to the proxy"; elseif transfers[sha].target then message = "The sender (you) is not connected to the proxy"; end origin.send(st.error_reply(stanza, "cancel", "not-allowed", message)); end elseif to and sid then origin.send(st.error_reply(stanza, "modify", "jid-malformed")); else module:log("error", "activation failed: sid: %s, initiator: %s, target: %s", tostring(sid), tostring(from), tostring(to)); origin.send(st.error_reply(stanza, "modify", "bad-request")); end return true; end); if not connlisteners.register(module.host .. ':proxy65', connlistener) then module:log("error", "mod_proxy65: Could not establish a connection listener. Check your configuration please."); module:log("error", "Possibly two proxy65 components are configured to share the same port."); end connlisteners.start(module.host .. ':proxy65');