Browse Source

fix error return

dev
破娃酱 8 years ago
parent
commit
f989fd4d37
  1. 44
      shadowsocks/obfsplugin/auth.py

44
shadowsocks/obfsplugin/auth.py

@ -63,6 +63,7 @@ class verify_base(plain.plain):
def __init__(self, method): def __init__(self, method):
super(verify_base, self).__init__(method) super(verify_base, self).__init__(method)
self.method = method self.method = method
self.no_compatible_method = ''
def init_data(self): def init_data(self):
return '' return ''
@ -82,6 +83,12 @@ class verify_base(plain.plain):
def server_decode(self, buf): def server_decode(self, buf):
return (buf, True, False) return (buf, True, False)
def not_match_return(self, buf):
self.raw_trans = True
if self.method == self.no_compatible_method:
return (b'E'*64, False)
return (buf, False)
class client_queue(object): class client_queue(object):
def __init__(self, begin_id): def __init__(self, begin_id):
self.front = begin_id - 64 self.front = begin_id - 64
@ -189,6 +196,7 @@ class auth_sha1(verify_base):
self.client_id = 0 self.client_id = 0
self.connection_id = 0 self.connection_id = 0
self.max_time_dif = 60 * 60 # time dif (second) setting self.max_time_dif = 60 * 60 # time dif (second) setting
self.no_compatible_method = 'auth_sha1'
def init_data(self): def init_data(self):
return obfs_auth_data() return obfs_auth_data()
@ -294,45 +302,38 @@ class auth_sha1(verify_base):
return (b'', False) return (b'', False)
crc = struct.pack('<I', binascii.crc32(self.server_info.key) & 0xFFFFFFFF) crc = struct.pack('<I', binascii.crc32(self.server_info.key) & 0xFFFFFFFF)
if crc != self.recv_buf[:4]: if crc != self.recv_buf[:4]:
if self.method == 'auth_sha1': return self.not_match_return(self.recv_buf)
return (b'E', False)
else:
self.raw_trans = True
return (self.recv_buf, False)
length = struct.unpack('>H', self.recv_buf[4:6])[0] length = struct.unpack('>H', self.recv_buf[4:6])[0]
if length > len(self.recv_buf): if length > len(self.recv_buf):
return (b'', False) return (b'', False)
sha1data = hmac.new(self.server_info.recv_iv + self.server_info.key, self.recv_buf[:length - 10], hashlib.sha1).digest()[:10] sha1data = hmac.new(self.server_info.recv_iv + self.server_info.key, self.recv_buf[:length - 10], hashlib.sha1).digest()[:10]
if sha1data != self.recv_buf[length - 10:length]: if sha1data != self.recv_buf[length - 10:length]:
logging.error('auth_sha1 data uncorrect auth HMAC-SHA1') logging.error('auth_sha1 data uncorrect auth HMAC-SHA1')
return (b'E', False) return self.not_match_return(self.recv_buf)
pos = common.ord(self.recv_buf[6]) + 6 pos = common.ord(self.recv_buf[6]) + 6
out_buf = self.recv_buf[pos:length - 10] out_buf = self.recv_buf[pos:length - 10]
if len(out_buf) < 12: if len(out_buf) < 12:
self.raw_trans = True
self.recv_buf = b'' self.recv_buf = b''
logging.info('auth_sha1: too short') logging.info('auth_sha1: too short')
return (b'E', False) return self.not_match_return(self.recv_buf)
utc_time = struct.unpack('<I', out_buf[:4])[0] utc_time = struct.unpack('<I', out_buf[:4])[0]
client_id = struct.unpack('<I', out_buf[4:8])[0] client_id = struct.unpack('<I', out_buf[4:8])[0]
connection_id = struct.unpack('<I', out_buf[8:12])[0] connection_id = struct.unpack('<I', out_buf[8:12])[0]
time_dif = common.int32(utc_time - (int(time.time()) & 0xffffffff)) time_dif = common.int32(utc_time - (int(time.time()) & 0xffffffff))
if time_dif < -self.max_time_dif or time_dif > self.max_time_dif \ if time_dif < -self.max_time_dif or time_dif > self.max_time_dif \
or common.int32(utc_time - self.server_info.data.startup_time) < -self.max_time_dif / 2: or common.int32(utc_time - self.server_info.data.startup_time) < -self.max_time_dif / 2:
self.raw_trans = True
self.recv_buf = b'' self.recv_buf = b''
logging.info('auth_sha1: wrong timestamp, time_dif %d, data %s' % (time_dif, binascii.hexlify(out_buf),)) logging.info('auth_sha1: wrong timestamp, time_dif %d, data %s' % (time_dif, binascii.hexlify(out_buf),))
return (b'E', False) return self.not_match_return(self.recv_buf)
elif self.server_info.data.insert(client_id, connection_id): elif self.server_info.data.insert(client_id, connection_id):
self.has_recv_header = True self.has_recv_header = True
out_buf = out_buf[12:] out_buf = out_buf[12:]
self.client_id = client_id self.client_id = client_id
self.connection_id = connection_id self.connection_id = connection_id
else: else:
self.raw_trans = True
self.recv_buf = b'' self.recv_buf = b''
logging.info('auth_sha1: auth fail, data %s' % (binascii.hexlify(out_buf),)) logging.info('auth_sha1: auth fail, data %s' % (binascii.hexlify(out_buf),))
return (b'E', False) return self.not_match_return(self.recv_buf)
self.recv_buf = self.recv_buf[length:] self.recv_buf = self.recv_buf[length:]
self.has_recv_header = True self.has_recv_header = True
@ -418,6 +419,7 @@ class auth_sha1_v2(verify_base):
self.client_id = 0 self.client_id = 0
self.connection_id = 0 self.connection_id = 0
self.salt = b"auth_sha1_v2" self.salt = b"auth_sha1_v2"
self.no_compatible_method = 'auth_sha1_v2'
def init_data(self): def init_data(self):
return obfs_auth_v2_data() return obfs_auth_v2_data()
@ -534,29 +536,24 @@ class auth_sha1_v2(verify_base):
return (b'', False) return (b'', False)
crc = struct.pack('<I', binascii.crc32(self.salt + self.server_info.key) & 0xFFFFFFFF) crc = struct.pack('<I', binascii.crc32(self.salt + self.server_info.key) & 0xFFFFFFFF)
if crc != self.recv_buf[:4]: if crc != self.recv_buf[:4]:
if self.method == 'auth_sha1_v2': return self.not_match_return(self.recv_buf)
return (b'E', False)
else:
self.raw_trans = True
return (self.recv_buf, False)
length = struct.unpack('>H', self.recv_buf[4:6])[0] length = struct.unpack('>H', self.recv_buf[4:6])[0]
if length > len(self.recv_buf): if length > len(self.recv_buf):
return (b'', False) return (b'', False)
sha1data = hmac.new(self.server_info.recv_iv + self.server_info.key, self.recv_buf[:length - 10], hashlib.sha1).digest()[:10] sha1data = hmac.new(self.server_info.recv_iv + self.server_info.key, self.recv_buf[:length - 10], hashlib.sha1).digest()[:10]
if sha1data != self.recv_buf[length - 10:length]: if sha1data != self.recv_buf[length - 10:length]:
logging.error('auth_sha1_v2 data uncorrect auth HMAC-SHA1') logging.error('auth_sha1_v2 data uncorrect auth HMAC-SHA1')
return (b'E', False) return self.not_match_return(self.recv_buf)
pos = common.ord(self.recv_buf[6]) pos = common.ord(self.recv_buf[6])
if pos < 255: if pos < 255:
pos += 6 pos += 6
else: else:
pos = struct.unpack('>H', self.recv_buf[7:9])[0] + 6 pos = struct.unpack('>H', self.recv_buf[7:9])[0] + 6
out_buf = self.recv_buf[pos:length - 10] out_buf = self.recv_buf[pos:length - 10]
if len(out_buf) < 8: if len(out_buf) < 12:
self.raw_trans = True
self.recv_buf = b'' self.recv_buf = b''
logging.info('auth_sha1_v2: too short') logging.info('auth_sha1_v2: too short, data %s' % (binascii.hexlify(out_buf),))
return (b'E', False) return self.not_match_return(self.recv_buf)
client_id = struct.unpack('<Q', out_buf[:8])[0] client_id = struct.unpack('<Q', out_buf[:8])[0]
connection_id = struct.unpack('<I', out_buf[8:12])[0] connection_id = struct.unpack('<I', out_buf[8:12])[0]
if self.server_info.data.insert(client_id, connection_id): if self.server_info.data.insert(client_id, connection_id):
@ -565,10 +562,9 @@ class auth_sha1_v2(verify_base):
self.client_id = client_id self.client_id = client_id
self.connection_id = connection_id self.connection_id = connection_id
else: else:
self.raw_trans = True
self.recv_buf = b'' self.recv_buf = b''
logging.info('auth_sha1_v2: auth fail, data %s' % (binascii.hexlify(out_buf),)) logging.info('auth_sha1_v2: auth fail, data %s' % (binascii.hexlify(out_buf),))
return (b'E', False) return self.not_match_return(self.recv_buf)
self.recv_buf = self.recv_buf[length:] self.recv_buf = self.recv_buf[length:]
self.has_recv_header = True self.has_recv_header = True

Loading…
Cancel
Save