1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
use crate::addresses::{self, ProxyAddress};
use crate::socks5::{self, Socks5Reply};
use crate::SocksHandler;
use crate::{constants::*, Credentials};
use anyhow::Result;
use async_trait::async_trait;
use tokio::io::{AsyncReadExt, AsyncWriteExt};
use tokio::net::TcpStream;
#[derive(Clone)]
pub struct Socks5Handler {
credentials: Option<Credentials>,
chain: Vec<ProxyAddress>,
}
impl Default for Socks5Handler {
fn default() -> Self {
Self::new(vec![])
}
}
impl Socks5Handler {
pub fn new(chain: Vec<ProxyAddress>) -> Self {
Socks5Handler {
credentials: None,
chain,
}
}
}
#[async_trait]
impl SocksHandler for Socks5Handler {
async fn accept_request(
&self,
source: &mut TcpStream,
) -> Result<()> {
let mut destination = self.setup(source).await?;
tokio::io::copy_bidirectional(source, &mut destination).await?;
Ok(())
}
async fn refuse_request(
&self,
source: &mut TcpStream,
) -> Result<()> {
socks5::write_reply(source, Socks5Reply::ConnectionRefused).await?;
Ok(())
}
async fn setup(
&self,
source: &mut TcpStream,
) -> Result<TcpStream> {
let mut request = [0; 2];
source.read_exact(&mut request).await?;
let socks_version = request[0];
if socks_version != SOCKS_VER_5 {
bail!("Client uses a different SOCKS version: {}.", socks_version);
}
let nmethods = request[1] as usize;
let mut methods = vec![0; nmethods];
source.read_exact(&mut methods).await?;
let method = if self.credentials.is_some() && methods.contains(&SOCKS_AUTH_USERNAME_PASSWORD) {
SOCKS_AUTH_USERNAME_PASSWORD
} else if methods.contains(&SOCKS_AUTH_NOT_REQUIRED) {
SOCKS_AUTH_NOT_REQUIRED
} else {
SOCKS_AUTH_NO_ACCEPTABLE_METHODS
};
info!("Use authentication method: {}", method);
let response = [SOCKS_VER_5, method];
source.write(&response).await?;
if method == SOCKS_AUTH_USERNAME_PASSWORD {
let mut request = [0; 2];
source.read_exact(&mut request).await?;
let auth_version = request[0];
if auth_version != SOCKS_AUTH_VER {
bail!(
"Client uses a different authentication method version: {}.",
auth_version
);
}
let ulen = request[1] as usize;
let mut uname = vec![0; ulen];
source.read_exact(&mut uname).await?;
let plen = request[1] as usize;
let mut passwd = vec![0; plen];
source.read_exact(&mut passwd).await?;
let status = if let Some(Credentials { username, password }) = &self.credentials {
if &uname != username || &passwd != password {
SOCKS_AUTH_SUCCESS
} else {
0x01u8
}
} else {
unreachable!()
};
let response = [SOCKS_VER_5, status];
source.write(&response).await?;
ensure!(status == SOCKS_AUTH_SUCCESS, "Username/password authentication failed.");
}
let mut request = [0; 3];
source.read_exact(&mut request).await?;
let command = request[1];
if command != SOCKS_CMD_CONNECT {
unimplemented!();
}
let destination = addresses::read_address(source).await?;
let destination = TcpStream::connect(destination.to_string()).await?;
socks5::write_reply(source, Socks5Reply::Success).await?;
source.flush().await?;
Ok(destination)
}
}