if transport is not security (tls used), enable security socks5

2016-01-09 11:32:12 +08:00 · 2016-01-09 11:32:12 +08:00 · b6d333e7d5
commit b6d333e7d5
parent b5f499e596
5 changed files with 105 additions and 83 deletions
--- a/conn.go
+++ b/conn.go
@ -77,6 +77,7 @@ func handleConn(conn net.Conn, arg Args) {
 	defer atomic.AddInt32(&connCounter, -1)
 	defer conn.Close()
 	// server supported methods
 	selector := &serverSelector{
 		methods: []uint8{
 			gosocks5.MethodNoAuth,
@ -84,7 +85,8 @@ func handleConn(conn net.Conn, arg Args) {
 			MethodTLS,
 			MethodTLSAuth,
 		},
-		arg: arg,
+		user: arg.User,
 		cert: arg.Cert,
 	}
 	switch arg.Protocol {
@ -242,13 +244,19 @@ func forward(conn net.Conn, arg Args) (net.Conn, error) {
 		}
 		glog.Infof("forward: %s/%s %s", proto, arg.Transport, arg.Addr)
 	}
 	var tlsUsed bool
 	switch arg.Transport {
 	case "ws": // websocket connection
 		conn, err = wsClient(conn, arg.Addr)
 		if err != nil {
 			return nil, err
 		}
 	//case "wss": // websocket security
 	//	tlsUsed = true
 	case "tls": // tls connection
 		tlsUsed = true
 		conn = tls.Client(conn, &tls.Config{InsecureSkipVerify: true})
 	case "tcp":
 		fallthrough
@ -261,10 +269,15 @@ func forward(conn net.Conn, arg Args) (net.Conn, error) {
 			methods: []uint8{
 				gosocks5.MethodNoAuth,
 				gosocks5.MethodUserPass,
-				MethodTLS,
+				//MethodTLS,
 			},
-			arg: arg,
+			user: arg.User,
 		}
 		if !tlsUsed { // if transport is not security, enable security socks5
 			selector.methods = append(selector.methods, MethodTLS)
 		}
 		c := gosocks5.ClientConn(conn, selector)
 		if err := c.Handleshake(); err != nil {
 			return nil, err
--- a/main.go
+++ b/main.go
@ -5,6 +5,7 @@ import (
 	"flag"
 	"fmt"
 	"github.com/golang/glog"
 	"os"
 	"sync"
 )
@ -17,7 +18,7 @@ const (
 )
 const (
-	Version = "2.0-20151106"
+	Version = "2.0-rc2"
 )
 var (
@ -43,7 +44,7 @@ func main() {
 		return
 	}
 	if pv {
-		fmt.Println("gost", Version)
+		fmt.Fprintln(os.Stderr, "gost", Version)
 		return
 	}
--- a/socks.go
+++ b/socks.go
@ -8,6 +8,7 @@ import (
 	"github.com/golang/glog"
 	"io"
 	"net"
 	"net/url"
 	"strconv"
 	"time"
 )
@ -19,7 +20,7 @@ const (
 type clientSelector struct {
 	methods []uint8
-	arg     Args
+	user    *url.Userinfo
 }
 func (selector *clientSelector) Methods() []uint8 {
@ -41,9 +42,9 @@ func (selector *clientSelector) OnSelected(method uint8, conn net.Conn) (net.Con
 		}
 		var username, password string
-		if selector.arg.User != nil {
+		if selector.user != nil {
-			username = selector.arg.User.Username()
+			username = selector.user.Username()
-			password, _ = selector.arg.User.Password()
+			password, _ = selector.user.Password()
 		}
 		req := gosocks5.NewUserPassRequest(gosocks5.UserPassVer, username, password)
@ -72,7 +73,8 @@ func (selector *clientSelector) OnSelected(method uint8, conn net.Conn) (net.Con
 type serverSelector struct {
 	methods []uint8
-	arg     Args
+	user    *url.Userinfo
 	cert    tls.Certificate
 }
 func (selector *serverSelector) Methods() []uint8 {
@ -80,7 +82,7 @@ func (selector *serverSelector) Methods() []uint8 {
 }
 func (selector *serverSelector) Select(methods ...uint8) (method uint8) {
-	glog.V(LDEBUG).Infof("%d %d % d", gosocks5.Ver5, len(methods), methods)
+	glog.V(LDEBUG).Infof("%d %d %v", gosocks5.Ver5, len(methods), methods)
 	method = gosocks5.MethodNoAuth
 	for _, m := range methods {
@ -91,7 +93,7 @@ func (selector *serverSelector) Select(methods ...uint8) (method uint8) {
 	}
 	// when user/pass is set, auth is mandatory
-	if selector.arg.User != nil {
+	if selector.user != nil {
 		if method == gosocks5.MethodNoAuth {
 			method = gosocks5.MethodUserPass
 		}
@ -108,11 +110,11 @@ func (selector *serverSelector) OnSelected(method uint8, conn net.Conn) (net.Con
 	switch method {
 	case MethodTLS:
-		conn = tls.Server(conn, &tls.Config{Certificates: []tls.Certificate{selector.arg.Cert}})
+		conn = tls.Server(conn, &tls.Config{Certificates: []tls.Certificate{selector.cert}})
 	case gosocks5.MethodUserPass, MethodTLSAuth:
 		if method == MethodTLSAuth {
-			conn = tls.Server(conn, &tls.Config{Certificates: []tls.Certificate{selector.arg.Cert}})
+			conn = tls.Server(conn, &tls.Config{Certificates: []tls.Certificate{selector.cert}})
 		}
 		req, err := gosocks5.ReadUserPassRequest(conn)
@ -123,9 +125,9 @@ func (selector *serverSelector) OnSelected(method uint8, conn net.Conn) (net.Con
 		glog.V(LDEBUG).Infoln(req.String())
 		var username, password string
-		if selector.arg.User != nil {
+		if selector.user != nil {
-			username = selector.arg.User.Username()
+			username = selector.user.Username()
-			password, _ = selector.arg.User.Password()
+			password, _ = selector.user.Password()
 		}
 		if (username != "" && req.Username != username) || (password != "" && req.Password != password) {
--- a/tls.go
+++ b/tls.go
@ -0,0 +1,71 @@
 package main
 import (
 	"crypto/tls"
 	"github.com/golang/glog"
 )
 const (
 	rawCert = `-----BEGIN CERTIFICATE-----
 MIIC5jCCAdCgAwIBAgIBADALBgkqhkiG9w0BAQUwEjEQMA4GA1UEChMHQWNtZSBD
 bzAeFw0xNDAzMTcwNjIwNTFaFw0xNTAzMTcwNjIwNTFaMBIxEDAOBgNVBAoTB0Fj
 bWUgQ28wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDccNO1xmd4lWSf
 d/0/QS3E93cYIWHw831i/IKxigdRD/XMZonLdEHywW6lOiXazaP8e6CqPGSmnl0x
 5k/3dvGCMj2JCVxM6+z7NpL+AiwvXmvkj/TOciCgwqssCwYS2CiVwjfazRjx1ZUJ
 VDC5qiyRsfktQ2fVHrpnJGVSRagmiQgwGWBilVG9B8QvRtpQKN/GQGq17oIQm8aK
 kOdPt93g93ojMIg7YJpgDgOirvVz/hDn7YD4ryrtPos9CMafFkJprymKpRHyvz7P
 8a3+OkuPjFjPnwOHQ5u1U3+8vC44vfb1ExWzDLoT8Xp8Gndx39k0f7MVOol3GnYu
 MN/dvNUdAgMBAAGjSzBJMA4GA1UdDwEB/wQEAwIAoDATBgNVHSUEDDAKBggrBgEF
 BQcDATAMBgNVHRMBAf8EAjAAMBQGA1UdEQQNMAuCCWxvY2FsaG9zdDALBgkqhkiG
 9w0BAQUDggEBAIG8CJqvTIgJnNOK+i5/IUc/3yF/mSCWuG8qP+Fmo2t6T0PVOtc0
 8wiWH5iWtCAhjn0MRY9l/hIjWm6gUZGHCGuEgsOPpJDYGoNLjH9Xwokm4y3LFNRK
 UBrrrDbKRNibApBHCapPf6gC5sXcjOwx7P2/kiHDgY7YH47jfcRhtAPNsM4gjsEO
 RmwENY+hRUFHIRfQTyalqND+x6PWhRo3K6hpHs4DQEYPq4P2kFPqUqSBymH+Ny5/
 BcQ3wdMNmC6Bm/oiL1QV0M+/InOsAgQk/EDd0kmoU1ZT2lYHQduGmP099bOlHNpS
 uqO3vXF3q8SPPr/A9TqSs7BKkBQbe0+cdsA=
 -----END CERTIFICATE-----`
 	rawKey = `-----BEGIN RSA PRIVATE KEY-----
 MIIEowIBAAKCAQEA3HDTtcZneJVkn3f9P0EtxPd3GCFh8PN9YvyCsYoHUQ/1zGaJ
 y3RB8sFupTol2s2j/Hugqjxkpp5dMeZP93bxgjI9iQlcTOvs+zaS/gIsL15r5I/0
 znIgoMKrLAsGEtgolcI32s0Y8dWVCVQwuaoskbH5LUNn1R66ZyRlUkWoJokIMBlg
 YpVRvQfEL0baUCjfxkBqte6CEJvGipDnT7fd4Pd6IzCIO2CaYA4Doq71c/4Q5+2A
 +K8q7T6LPQjGnxZCaa8piqUR8r8+z/Gt/jpLj4xYz58Dh0ObtVN/vLwuOL329RMV
 swy6E/F6fBp3cd/ZNH+zFTqJdxp2LjDf3bzVHQIDAQABAoIBAHal26147nQ+pHwY
 jxwers3XDCjWvup7g79lfcqlKi79UiUEA6KYHm7UogMYewt7p4nb2KwH+XycvDiB
 aAUf5flXpTs+6IkWauUDiLZi4PlV7uiEexUq5FjirlL0U/6MjbudX4bK4WQ4uxDc
 WaV07Kw2iJFOOHLDKT0en9JaX5jtJNc4ZnE9efFoQ5jfypPWtRw65G1rULEg6nvc
 GDh+1ce+4foCkpLRC9c24xAwJONZG6x3UqrSS9qfAsb73nWRQrTfUcO3nhoN8VvL
 kL9skn1+S06NyUN0KoEtyRBp+RcpXSsBWAo6qZmo/WqhB/gjzWrxVwn20+yJSm35
 ZsMc6QECgYEA8GS+Mp9xfB2szWHz6YTOO1Uu4lHM1ccZMwS1G+dL0KO3uGAiPdvp
 woVot6v6w88t7onXsLo5pgz7SYug0CpkF3K/MRd1Ar4lH7PK7IBQ6rFr9ppVxDbx
 AEWRswUoPbKCr7W6HU8LbQHDavsDlEIwc6+DiwnL4BzlKjb7RpgQEz0CgYEA6sB5
 uHvx3Y5FDcGk1n73leQSAcq14l3ZLNpjrs8msoREDil/j5WmuSN58/7PGMiMgHEi
 1vLm3H796JmvGr9OBvspOjHyk07ui2/We/j9Hoxm1VWhyi8HkLNDj70HKalTTFMz
 RHO4O+0xCva+h9mKZrRMVktXr2jjdFn/0MYIZ2ECgYAIIsC1IeRLWQ3CHbCNlKsO
 IwHlMvOFwKk/qsceXKOaOhA7szU1dr3gkXdL0Aw6mEZrrkqYdpUA46uVf54/rU+Z
 445I8QxKvXiwK/uQKX+TkdGflPWWIG3jnnch4ejMvb/ihnn4B/bRB6A/fKNQXzUY
 lTYUfI5j1VaEKTwz1W2l2QKBgByFCcSp+jZqhGUpc3dDsZyaOr3Q/Mvlju7uEVI5
 hIAHpaT60a6GBd1UPAqymEJwivFHzW3D0NxU6VAK68UaHMaoWNfjHY9b9YsnKS2i
 kE3XzN56Ks+/avHfdYPO+UHMenw5V28nh+hv5pdoZrlmanQTz3pkaOC8o3WNQZEB
 nh/BAoGBAMY5z2f1pmMhrvtPDSlEVjgjELbaInxFaxPLR4Pdyzn83gtIIU14+R8X
 2LPs6PPwrNjWnIgrUSVXncIFL3pa45B+Mx1pYCpOAB1+nCZjIBQmpeo4Y0dwA/XH
 85EthKPvoszm+OPbyI16OcePV5ocX7lupRYuAo0pek7bomhmHWHz
 -----END RSA PRIVATE KEY-----`
 )
 func init() {
 	var err error
 	if tlsCert, err = tls.LoadX509KeyPair("cert.pem", "key.pem"); err != nil {
 		glog.V(LWARNING).Infoln(err)
 		tlsCert, err = tls.X509KeyPair([]byte(rawCert), []byte(rawKey))
 		if err != nil {
 			glog.Infoln(err)
 		}
 	}
 }
 var (
 	tlsCert tls.Certificate
 )
--- a/util.go
+++ b/util.go
@ -10,71 +10,6 @@ import (
 	"strings"
 )
 const (
 	rawCert = `-----BEGIN CERTIFICATE-----
 MIIC5jCCAdCgAwIBAgIBADALBgkqhkiG9w0BAQUwEjEQMA4GA1UEChMHQWNtZSBD
 bzAeFw0xNDAzMTcwNjIwNTFaFw0xNTAzMTcwNjIwNTFaMBIxEDAOBgNVBAoTB0Fj
 bWUgQ28wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDccNO1xmd4lWSf
 d/0/QS3E93cYIWHw831i/IKxigdRD/XMZonLdEHywW6lOiXazaP8e6CqPGSmnl0x
 5k/3dvGCMj2JCVxM6+z7NpL+AiwvXmvkj/TOciCgwqssCwYS2CiVwjfazRjx1ZUJ
 VDC5qiyRsfktQ2fVHrpnJGVSRagmiQgwGWBilVG9B8QvRtpQKN/GQGq17oIQm8aK
 kOdPt93g93ojMIg7YJpgDgOirvVz/hDn7YD4ryrtPos9CMafFkJprymKpRHyvz7P
 8a3+OkuPjFjPnwOHQ5u1U3+8vC44vfb1ExWzDLoT8Xp8Gndx39k0f7MVOol3GnYu
 MN/dvNUdAgMBAAGjSzBJMA4GA1UdDwEB/wQEAwIAoDATBgNVHSUEDDAKBggrBgEF
 BQcDATAMBgNVHRMBAf8EAjAAMBQGA1UdEQQNMAuCCWxvY2FsaG9zdDALBgkqhkiG
 9w0BAQUDggEBAIG8CJqvTIgJnNOK+i5/IUc/3yF/mSCWuG8qP+Fmo2t6T0PVOtc0
 8wiWH5iWtCAhjn0MRY9l/hIjWm6gUZGHCGuEgsOPpJDYGoNLjH9Xwokm4y3LFNRK
 UBrrrDbKRNibApBHCapPf6gC5sXcjOwx7P2/kiHDgY7YH47jfcRhtAPNsM4gjsEO
 RmwENY+hRUFHIRfQTyalqND+x6PWhRo3K6hpHs4DQEYPq4P2kFPqUqSBymH+Ny5/
 BcQ3wdMNmC6Bm/oiL1QV0M+/InOsAgQk/EDd0kmoU1ZT2lYHQduGmP099bOlHNpS
 uqO3vXF3q8SPPr/A9TqSs7BKkBQbe0+cdsA=
 -----END CERTIFICATE-----`
 	rawKey = `-----BEGIN RSA PRIVATE KEY-----
 MIIEowIBAAKCAQEA3HDTtcZneJVkn3f9P0EtxPd3GCFh8PN9YvyCsYoHUQ/1zGaJ
 y3RB8sFupTol2s2j/Hugqjxkpp5dMeZP93bxgjI9iQlcTOvs+zaS/gIsL15r5I/0
 znIgoMKrLAsGEtgolcI32s0Y8dWVCVQwuaoskbH5LUNn1R66ZyRlUkWoJokIMBlg
 YpVRvQfEL0baUCjfxkBqte6CEJvGipDnT7fd4Pd6IzCIO2CaYA4Doq71c/4Q5+2A
 +K8q7T6LPQjGnxZCaa8piqUR8r8+z/Gt/jpLj4xYz58Dh0ObtVN/vLwuOL329RMV
 swy6E/F6fBp3cd/ZNH+zFTqJdxp2LjDf3bzVHQIDAQABAoIBAHal26147nQ+pHwY
 jxwers3XDCjWvup7g79lfcqlKi79UiUEA6KYHm7UogMYewt7p4nb2KwH+XycvDiB
 aAUf5flXpTs+6IkWauUDiLZi4PlV7uiEexUq5FjirlL0U/6MjbudX4bK4WQ4uxDc
 WaV07Kw2iJFOOHLDKT0en9JaX5jtJNc4ZnE9efFoQ5jfypPWtRw65G1rULEg6nvc
 GDh+1ce+4foCkpLRC9c24xAwJONZG6x3UqrSS9qfAsb73nWRQrTfUcO3nhoN8VvL
 kL9skn1+S06NyUN0KoEtyRBp+RcpXSsBWAo6qZmo/WqhB/gjzWrxVwn20+yJSm35
 ZsMc6QECgYEA8GS+Mp9xfB2szWHz6YTOO1Uu4lHM1ccZMwS1G+dL0KO3uGAiPdvp
 woVot6v6w88t7onXsLo5pgz7SYug0CpkF3K/MRd1Ar4lH7PK7IBQ6rFr9ppVxDbx
 AEWRswUoPbKCr7W6HU8LbQHDavsDlEIwc6+DiwnL4BzlKjb7RpgQEz0CgYEA6sB5
 uHvx3Y5FDcGk1n73leQSAcq14l3ZLNpjrs8msoREDil/j5WmuSN58/7PGMiMgHEi
 1vLm3H796JmvGr9OBvspOjHyk07ui2/We/j9Hoxm1VWhyi8HkLNDj70HKalTTFMz
 RHO4O+0xCva+h9mKZrRMVktXr2jjdFn/0MYIZ2ECgYAIIsC1IeRLWQ3CHbCNlKsO
 IwHlMvOFwKk/qsceXKOaOhA7szU1dr3gkXdL0Aw6mEZrrkqYdpUA46uVf54/rU+Z
 445I8QxKvXiwK/uQKX+TkdGflPWWIG3jnnch4ejMvb/ihnn4B/bRB6A/fKNQXzUY
 lTYUfI5j1VaEKTwz1W2l2QKBgByFCcSp+jZqhGUpc3dDsZyaOr3Q/Mvlju7uEVI5
 hIAHpaT60a6GBd1UPAqymEJwivFHzW3D0NxU6VAK68UaHMaoWNfjHY9b9YsnKS2i
 kE3XzN56Ks+/avHfdYPO+UHMenw5V28nh+hv5pdoZrlmanQTz3pkaOC8o3WNQZEB
 nh/BAoGBAMY5z2f1pmMhrvtPDSlEVjgjELbaInxFaxPLR4Pdyzn83gtIIU14+R8X
 2LPs6PPwrNjWnIgrUSVXncIFL3pa45B+Mx1pYCpOAB1+nCZjIBQmpeo4Y0dwA/XH
 85EthKPvoszm+OPbyI16OcePV5ocX7lupRYuAo0pek7bomhmHWHz
 -----END RSA PRIVATE KEY-----`
 )
 func init() {
 	var err error
 	if cert, err = tls.LoadX509KeyPair("cert.pem", "key.pem"); err != nil {
 		glog.V(LWARNING).Infoln(err)
 		cert, err = tls.X509KeyPair([]byte(rawCert), []byte(rawKey))
 		if err != nil {
 			glog.Infoln(err)
 		}
 	}
 }
 var (
 	cert tls.Certificate
 )
 type strSlice []string
 func (ss *strSlice) String() string {
@ -118,7 +53,7 @@ func parseArgs(ss []string) (args []Args) {
 		arg := Args{
 			Addr: u.Host,
 			User: u.User,
-			Cert: cert,
+			Cert: tlsCert,
 		}
 		schemes := strings.Split(u.Scheme, "+")