dnomd343
/
shadowsocksr
mirror of https://github.com/dnomd343/shadowsocksr
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

sendback param of server_post_decrypt 

details of errors
dev
BreakWa11 8 years ago
parent
f58d76da47
commit
bd43069bcf
4 changed files with 62 additions and 55 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 63
      shadowsocks/obfsplugin/auth.py
  2. 2
      shadowsocks/obfsplugin/plain.py
  3. 26
      shadowsocks/obfsplugin/verify.py
  4. 26
      shadowsocks/tcprelay.py

63
shadowsocks/obfsplugin/auth.py
View File

@ -277,7 +277,7 @@ class auth_simple(verify_base):
def server_post_decrypt(self, buf):
if self.raw_trans:
return buf
return (buf, False)
self.recv_buf += buf
out_buf = b''
while len(self.recv_buf) > 2:
@ -287,7 +287,7 @@ class auth_simple(verify_base):
self.recv_buf = b''
if self.decrypt_packet_num == 0:
logging.info('auth_simple: over size')
return b'E'
return (b'E', False)
else:
raise Exception('server_post_decrype data error')
if length > len(self.recv_buf):
@ -298,7 +298,7 @@ class auth_simple(verify_base):
self.raw_trans = True
self.recv_buf = b''
if self.decrypt_packet_num == 0:
return b'E'
return (b'E', False)
else:
raise Exception('server_post_decrype data uncorrect CRC32')
@ -309,7 +309,7 @@ class auth_simple(verify_base):
self.raw_trans = True
self.recv_buf = b''
logging.info('auth_simple: too short')
return b'E'
return (b'E', False)
utc_time = struct.unpack('<I', out_buf[:4])[0]
client_id = struct.unpack('<I', out_buf[4:8])[0]
connection_id = struct.unpack('<I', out_buf[8:12])[0]
@ -319,7 +319,7 @@ class auth_simple(verify_base):
self.raw_trans = True
self.recv_buf = b''
logging.info('auth_simple: wrong timestamp, time_dif %d, data %s' % (time_dif, binascii.hexlify(out_buf),))
return b'E'
return (b'E', False)
elif self.server_info.data.insert(client_id, connection_id):
self.has_recv_header = True
out_buf = out_buf[12:]
@ -329,13 +329,13 @@ class auth_simple(verify_base):
self.raw_trans = True
self.recv_buf = b''
logging.info('auth_simple: auth fail, data %s' % (binascii.hexlify(out_buf),))
return b'E'
return (b'E', False)
self.recv_buf = self.recv_buf[length:]
if out_buf:
self.server_info.data.update(self.client_id, self.connection_id)
self.decrypt_packet_num += 1
return out_buf
return (out_buf, False)
class auth_sha1(verify_base):
def __init__(self, method):
@ -446,33 +446,33 @@ class auth_sha1(verify_base):
def server_post_decrypt(self, buf):
if self.raw_trans:
return buf
return (buf, False)
self.recv_buf += buf
out_buf = b''
if not self.has_recv_header:
if len(self.recv_buf) < 4:
return b''
return (b'', False)
crc = struct.pack('<I', binascii.crc32(self.server_info.key) & 0xFFFFFFFF)
if crc != self.recv_buf[:4]:
if self.method == 'auth_sha1':
return b'E'
return (b'E', False)
else:
self.raw_trans = True
return self.recv_buf
return (self.recv_buf, False)
length = struct.unpack('>H', self.recv_buf[4:6])[0]
if length > len(self.recv_buf):
return b''
return (b'', False)
sha1data = hmac.new(self.server_info.recv_iv + self.server_info.key, self.recv_buf[:length - 10], hashlib.sha1).digest()[:10]
if sha1data != self.recv_buf[length - 10:length]:
logging.error('auth_sha1 data uncorrect auth HMAC-SHA1')
return b'E'
return (b'E', False)
pos = common.ord(self.recv_buf[6]) + 6
out_buf = self.recv_buf[pos:length - 10]
if len(out_buf) < 12:
self.raw_trans = True
self.recv_buf = b''
logging.info('auth_sha1: too short')
return b'E'
return (b'E', False)
utc_time = struct.unpack('<I', out_buf[:4])[0]
client_id = struct.unpack('<I', out_buf[4:8])[0]
connection_id = struct.unpack('<I', out_buf[8:12])[0]
@ -482,7 +482,7 @@ class auth_sha1(verify_base):
self.raw_trans = True
self.recv_buf = b''
logging.info('auth_sha1: wrong timestamp, time_dif %d, data %s' % (time_dif, binascii.hexlify(out_buf),))
return b'E'
return (b'E', False)
elif self.server_info.data.insert(client_id, connection_id):
self.has_recv_header = True
out_buf = out_buf[12:]
@ -492,7 +492,7 @@ class auth_sha1(verify_base):
self.raw_trans = True
self.recv_buf = b''
logging.info('auth_sha1: auth fail, data %s' % (binascii.hexlify(out_buf),))
return b'E'
return (b'E', False)
self.recv_buf = self.recv_buf[length:]
self.has_recv_header = True
@ -503,7 +503,7 @@ class auth_sha1(verify_base):
self.recv_buf = b''
if self.decrypt_packet_num == 0:
logging.info('auth_sha1: over size')
return b'E'
return (b'E', False)
else:
raise Exception('server_post_decrype data error')
if length > len(self.recv_buf):
@ -514,7 +514,7 @@ class auth_sha1(verify_base):
self.raw_trans = True
self.recv_buf = b''
if self.decrypt_packet_num == 0:
return b'E'
return (b'E', False)
else:
raise Exception('server_post_decrype data uncorrect checksum')
@ -525,7 +525,7 @@ class auth_sha1(verify_base):
if out_buf:
self.server_info.data.update(self.client_id, self.connection_id)
self.decrypt_packet_num += 1
return out_buf
return (out_buf, False)
class obfs_auth_v2_data(object):
def __init__(self):
@ -686,26 +686,26 @@ class auth_sha1_v2(verify_base):
def server_post_decrypt(self, buf):
if self.raw_trans:
return buf
return (buf, False)
self.recv_buf += buf
out_buf = b''
if not self.has_recv_header:
if len(self.recv_buf) < 4:
return b''
return (b'', False)
crc = struct.pack('<I', binascii.crc32(self.salt + self.server_info.key) & 0xFFFFFFFF)
if crc != self.recv_buf[:4]:
if self.method == 'auth_sha1_v2':
return b'E'
return (b'E', False)
else:
self.raw_trans = True
return self.recv_buf
return (self.recv_buf, False)
length = struct.unpack('>H', self.recv_buf[4:6])[0]
if length > len(self.recv_buf):
return b''
return (b'', False)
sha1data = hmac.new(self.server_info.recv_iv + self.server_info.key, self.recv_buf[:length - 10], hashlib.sha1).digest()[:10]
if sha1data != self.recv_buf[length - 10:length]:
logging.error('auth_sha1_v2 data uncorrect auth HMAC-SHA1')
return b'E'
return (b'E', False)
pos = common.ord(self.recv_buf[6])
if pos < 255:
pos += 6
@ -716,7 +716,7 @@ class auth_sha1_v2(verify_base):
self.raw_trans = True
self.recv_buf = b''
logging.info('auth_sha1_v2: too short')
return b'E'
return (b'E', False)
client_id = struct.unpack('<Q', out_buf[:8])[0]
connection_id = struct.unpack('<I', out_buf[8:12])[0]
if self.server_info.data.insert(client_id, connection_id):
@ -728,10 +728,11 @@ class auth_sha1_v2(verify_base):
self.raw_trans = True
self.recv_buf = b''
logging.info('auth_sha1_v2: auth fail, data %s' % (binascii.hexlify(out_buf),))
return b'E'
return (b'E', False)
self.recv_buf = self.recv_buf[length:]
self.has_recv_header = True
sendback = False
while len(self.recv_buf) > 2:
length = struct.unpack('>H', self.recv_buf[:2])[0]
if length >= 8192 or length < 7:
@ -739,7 +740,7 @@ class auth_sha1_v2(verify_base):
self.recv_buf = b''
if self.decrypt_packet_num == 0:
logging.info('auth_sha1_v2: over size')
return b'E'
return (b'E', False)
else:
raise Exception('server_post_decrype data error')
if length > len(self.recv_buf):
@ -750,7 +751,7 @@ class auth_sha1_v2(verify_base):
self.raw_trans = True
self.recv_buf = b''
if self.decrypt_packet_num == 0:
return b'E'
return (b'E', False)
else:
raise Exception('server_post_decrype data uncorrect checksum')
@ -761,9 +762,11 @@ class auth_sha1_v2(verify_base):
pos = struct.unpack('>H', self.recv_buf[3:5])[0] + 2
out_buf += self.recv_buf[pos:length - 4]
self.recv_buf = self.recv_buf[length:]
if pos == length - 4:
sendback = True
if out_buf:
self.server_info.data.update(self.client_id, self.connection_id)
self.decrypt_packet_num += 1
return out_buf
return (out_buf, sendback)

2
shadowsocks/obfsplugin/plain.py
View File

@ -67,7 +67,7 @@ class plain(object):
return (buf, True, False)
def server_post_decrypt(self, buf):
return buf
return (buf, False)
def client_udp_pre_encrypt(self, buf):
return buf

26
shadowsocks/obfsplugin/verify.py
View File

@ -151,7 +151,7 @@ class verify_simple(verify_base):
def server_post_decrypt(self, buf):
if self.raw_trans:
return buf
return (buf, False)
self.recv_buf += buf
out_buf = b''
while len(self.recv_buf) > 2:
@ -160,7 +160,7 @@ class verify_simple(verify_base):
self.raw_trans = True
self.recv_buf = b''
if self.decrypt_packet_num == 0:
return b'E'
return (b'E', False)
else:
raise Exception('server_post_decrype data error')
if length > len(self.recv_buf):
@ -170,7 +170,7 @@ class verify_simple(verify_base):
self.raw_trans = True
self.recv_buf = b''
if self.decrypt_packet_num == 0:
return b'E'
return (b'E', False)
else:
raise Exception('server_post_decrype data uncorrect CRC32')
@ -180,7 +180,7 @@ class verify_simple(verify_base):
if out_buf:
self.decrypt_packet_num += 1
return out_buf
return (out_buf, False)
class verify_deflate(verify_base):
def __init__(self, method):
@ -236,7 +236,7 @@ class verify_deflate(verify_base):
def server_post_decrypt(self, buf):
if self.raw_trans:
return buf
return (buf, False)
self.recv_buf += buf
out_buf = b''
while len(self.recv_buf) > 2:
@ -256,7 +256,7 @@ class verify_deflate(verify_base):
if out_buf:
self.decrypt_packet_num += 1
return out_buf
return (out_buf, False)
class verify_sha1(verify_base):
def __init__(self, method):
@ -303,26 +303,26 @@ class verify_sha1(verify_base):
def server_post_decrypt(self, buf):
if self.raw_trans:
return buf
return (buf, False)
self.recv_buf += buf
out_buf = b''
if not self.has_recv_header:
if len(self.recv_buf) < 2:
return b''
return (b'', False)
if (ord(self.recv_buf[0]) & 0x10) != 0x10:
if self.method == 'verify_sha1':
logging.error('Not One-time authentication header')
return b'E'
return (b'E', False)
else:
self.raw_trans = True
return self.recv_buf
return (self.recv_buf, False)
head_size = self.get_head_size(self.recv_buf, 30)
if len(self.recv_buf) < head_size + 10:
return b''
return (b'', False)
sha1data = hmac.new(self.server_info.recv_iv + self.server_info.key, self.recv_buf[:head_size], hashlib.sha1).digest()[:10]
if sha1data != self.recv_buf[head_size:head_size + 10]:
logging.error('server_post_decrype data uncorrect auth HMAC-SHA1')
return b'E'
return (b'E', False)
out_buf = to_bytes(chr(ord(self.recv_buf[0]) & 0xEF)) + self.recv_buf[1:head_size]
self.recv_buf = self.recv_buf[head_size + 10:]
self.has_recv_header = True
@ -340,7 +340,7 @@ class verify_sha1(verify_base):
out_buf += data
self.recv_buf = self.recv_buf[length:]
return out_buf
return (out_buf, False)
def client_udp_pre_encrypt(self, buf):
ret = self.pack_auth_data(buf)

26
shadowsocks/tcprelay.py
View File

@ -364,7 +364,7 @@ class TCPRelayHandler(object):
return (host_post, 80)
def _handel_protocol_error(self, client_address, ogn_data):
logging.warn("Protocol ERROR, TCP ogn data %s from %s:%d" % (binascii.hexlify(ogn_data), client_address[0], client_address[1]))
logging.warn("Protocol ERROR, TCP ogn data %s from %s:%d via port %d" % (binascii.hexlify(ogn_data), client_address[0], client_address[1], self._server._listen_port))
self._encrypt_correct = False
#create redirect or disconnect by hash code
host, port = self._get_redirect_host(client_address, ogn_data)
@ -518,12 +518,17 @@ class TCPRelayHandler(object):
if not self._remote_udp:
if self._forbidden_iplist:
if common.to_str(sa[0]) in self._forbidden_iplist:
if self._remote_address:
raise Exception('IP %s is in forbidden list, when connect to %s:%d via port %d' %
(common.to_str(sa[0]), self._remote_address[0], self._remote_address[1], self._server._listen_port))
raise Exception('IP %s is in forbidden list, reject' %
common.to_str(sa[0]))
if self._forbidden_portset:
if sa[1] in self._forbidden_portset:
raise Exception('Port %d is in forbidden list, reject' %
sa[1])
if self._remote_address:
raise Exception('Port %d is in forbidden list, when connect to %s:%d via port %d' %
(sa[1], self._remote_address[0], self._remote_address[1], self._server._listen_port))
raise Exception('Port %d is in forbidden list, reject' % sa[1])
remote_sock = socket.socket(af, socktype, proto)
self._remote_sock = remote_sock
self._fd_to_handlers[remote_sock.fileno()] = self
@ -661,21 +666,20 @@ class TCPRelayHandler(object):
else:
data = obfs_decode[0]
try:
newdata = self._protocol.server_post_decrypt(data)
'''if data and not newdata:
data = self._protocol.server_pre_encrypt(data)
data = self._encryptor.encrypt(data)
data = self._obfs.server_encode(data)
data, sendback = self._protocol.server_post_decrypt(data)
if sendback:
backdata = self._protocol.server_pre_encrypt('')
backdata = self._encryptor.encrypt(backdata)
backdata = self._obfs.server_encode(backdata)
try:
self._write_to_sock(data, self._local_sock)
self._write_to_sock(backdata, self._local_sock)
except Exception as e:
shell.print_exception(e)
if self._config['verbose']:
traceback.print_exc()
logging.error("exception from %s:%d" % (self._client_address[0], self._client_address[1]))
self.destroy()
return'''
data = newdata
return
except Exception as e:
shell.print_exception(e)
logging.error("exception from %s:%d" % (self._client_address[0], self._client_address[1]))

Write Preview
Loading…
Cancel
Save