dnomd343
/
shadowsocksr
mirror of https://github.com/dnomd343/shadowsocksr
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

fix error return

dev
破娃酱 8 years ago
parent
a26019f9e6
commit
f989fd4d37
1 changed files with 20 additions and 24 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 44
      shadowsocks/obfsplugin/auth.py

44
shadowsocks/obfsplugin/auth.py
View File

@ -63,6 +63,7 @@ class verify_base(plain.plain):
def __init__(self, method): def __init__(self, method):
super(verify_base, self).__init__(method) super(verify_base, self).__init__(method)
self.method = method self.method = method
self.no_compatible_method = ''
def init_data(self): def init_data(self):
return '' return ''
@ -82,6 +83,12 @@ class verify_base(plain.plain):
def server_decode(self, buf): def server_decode(self, buf):
return (buf, True, False) return (buf, True, False)
def not_match_return(self, buf):
self.raw_trans = True
if self.method == self.no_compatible_method:
return (b'E'*64, False)
return (buf, False)
class client_queue(object): class client_queue(object):
def __init__(self, begin_id): def __init__(self, begin_id):
self.front = begin_id - 64 self.front = begin_id - 64
@ -189,6 +196,7 @@ class auth_sha1(verify_base):
self.client_id = 0 self.client_id = 0
self.connection_id = 0 self.connection_id = 0
self.max_time_dif = 60 * 60 # time dif (second) setting self.max_time_dif = 60 * 60 # time dif (second) setting
self.no_compatible_method = 'auth_sha1'
def init_data(self): def init_data(self):
return obfs_auth_data() return obfs_auth_data()
@ -294,45 +302,38 @@ class auth_sha1(verify_base):
return (b'', False) return (b'', False)
crc = struct.pack('<I', binascii.crc32(self.server_info.key) & 0xFFFFFFFF) crc = struct.pack('<I', binascii.crc32(self.server_info.key) & 0xFFFFFFFF)
if crc != self.recv_buf[:4]: if crc != self.recv_buf[:4]:
if self.method == 'auth_sha1': return self.not_match_return(self.recv_buf)
return (b'E', False)
else:
self.raw_trans = True
return (self.recv_buf, False)
length = struct.unpack('>H', self.recv_buf[4:6])[0] length = struct.unpack('>H', self.recv_buf[4:6])[0]
if length > len(self.recv_buf): if length > len(self.recv_buf):
return (b'', False) return (b'', False)
sha1data = hmac.new(self.server_info.recv_iv + self.server_info.key, self.recv_buf[:length - 10], hashlib.sha1).digest()[:10] sha1data = hmac.new(self.server_info.recv_iv + self.server_info.key, self.recv_buf[:length - 10], hashlib.sha1).digest()[:10]
if sha1data != self.recv_buf[length - 10:length]: if sha1data != self.recv_buf[length - 10:length]:
logging.error('auth_sha1 data uncorrect auth HMAC-SHA1') logging.error('auth_sha1 data uncorrect auth HMAC-SHA1')
return (b'E', False) return self.not_match_return(self.recv_buf)
pos = common.ord(self.recv_buf[6]) + 6 pos = common.ord(self.recv_buf[6]) + 6
out_buf = self.recv_buf[pos:length - 10] out_buf = self.recv_buf[pos:length - 10]
if len(out_buf) < 12: if len(out_buf) < 12:
self.raw_trans = True
self.recv_buf = b'' self.recv_buf = b''
logging.info('auth_sha1: too short') logging.info('auth_sha1: too short')
return (b'E', False) return self.not_match_return(self.recv_buf)
utc_time = struct.unpack('<I', out_buf[:4])[0] utc_time = struct.unpack('<I', out_buf[:4])[0]
client_id = struct.unpack('<I', out_buf[4:8])[0] client_id = struct.unpack('<I', out_buf[4:8])[0]
connection_id = struct.unpack('<I', out_buf[8:12])[0] connection_id = struct.unpack('<I', out_buf[8:12])[0]
time_dif = common.int32(utc_time - (int(time.time()) & 0xffffffff)) time_dif = common.int32(utc_time - (int(time.time()) & 0xffffffff))
if time_dif < -self.max_time_dif or time_dif > self.max_time_dif \ if time_dif < -self.max_time_dif or time_dif > self.max_time_dif \
or common.int32(utc_time - self.server_info.data.startup_time) < -self.max_time_dif / 2: or common.int32(utc_time - self.server_info.data.startup_time) < -self.max_time_dif / 2:
self.raw_trans = True
self.recv_buf = b'' self.recv_buf = b''
logging.info('auth_sha1: wrong timestamp, time_dif %d, data %s' % (time_dif, binascii.hexlify(out_buf),)) logging.info('auth_sha1: wrong timestamp, time_dif %d, data %s' % (time_dif, binascii.hexlify(out_buf),))
return (b'E', False) return self.not_match_return(self.recv_buf)
elif self.server_info.data.insert(client_id, connection_id): elif self.server_info.data.insert(client_id, connection_id):
self.has_recv_header = True self.has_recv_header = True
out_buf = out_buf[12:] out_buf = out_buf[12:]
self.client_id = client_id self.client_id = client_id
self.connection_id = connection_id self.connection_id = connection_id
else: else:
self.raw_trans = True
self.recv_buf = b'' self.recv_buf = b''
logging.info('auth_sha1: auth fail, data %s' % (binascii.hexlify(out_buf),)) logging.info('auth_sha1: auth fail, data %s' % (binascii.hexlify(out_buf),))
return (b'E', False) return self.not_match_return(self.recv_buf)
self.recv_buf = self.recv_buf[length:] self.recv_buf = self.recv_buf[length:]
self.has_recv_header = True self.has_recv_header = True
@ -418,6 +419,7 @@ class auth_sha1_v2(verify_base):
self.client_id = 0 self.client_id = 0
self.connection_id = 0 self.connection_id = 0
self.salt = b"auth_sha1_v2" self.salt = b"auth_sha1_v2"
self.no_compatible_method = 'auth_sha1_v2'
def init_data(self): def init_data(self):
return obfs_auth_v2_data() return obfs_auth_v2_data()
@ -534,29 +536,24 @@ class auth_sha1_v2(verify_base):
return (b'', False) return (b'', False)
crc = struct.pack('<I', binascii.crc32(self.salt + self.server_info.key) & 0xFFFFFFFF) crc = struct.pack('<I', binascii.crc32(self.salt + self.server_info.key) & 0xFFFFFFFF)
if crc != self.recv_buf[:4]: if crc != self.recv_buf[:4]:
if self.method == 'auth_sha1_v2': return self.not_match_return(self.recv_buf)
return (b'E', False)
else:
self.raw_trans = True
return (self.recv_buf, False)
length = struct.unpack('>H', self.recv_buf[4:6])[0] length = struct.unpack('>H', self.recv_buf[4:6])[0]
if length > len(self.recv_buf): if length > len(self.recv_buf):
return (b'', False) return (b'', False)
sha1data = hmac.new(self.server_info.recv_iv + self.server_info.key, self.recv_buf[:length - 10], hashlib.sha1).digest()[:10] sha1data = hmac.new(self.server_info.recv_iv + self.server_info.key, self.recv_buf[:length - 10], hashlib.sha1).digest()[:10]
if sha1data != self.recv_buf[length - 10:length]: if sha1data != self.recv_buf[length - 10:length]:
logging.error('auth_sha1_v2 data uncorrect auth HMAC-SHA1') logging.error('auth_sha1_v2 data uncorrect auth HMAC-SHA1')
return (b'E', False) return self.not_match_return(self.recv_buf)
pos = common.ord(self.recv_buf[6]) pos = common.ord(self.recv_buf[6])
if pos < 255: if pos < 255:
pos += 6 pos += 6
else: else:
pos = struct.unpack('>H', self.recv_buf[7:9])[0] + 6 pos = struct.unpack('>H', self.recv_buf[7:9])[0] + 6
out_buf = self.recv_buf[pos:length - 10] out_buf = self.recv_buf[pos:length - 10]
if len(out_buf) < 8: if len(out_buf) < 12:
self.raw_trans = True
self.recv_buf = b'' self.recv_buf = b''
logging.info('auth_sha1_v2: too short') logging.info('auth_sha1_v2: too short, data %s' % (binascii.hexlify(out_buf),))
return (b'E', False) return self.not_match_return(self.recv_buf)
client_id = struct.unpack('<Q', out_buf[:8])[0] client_id = struct.unpack('<Q', out_buf[:8])[0]
connection_id = struct.unpack('<I', out_buf[8:12])[0] connection_id = struct.unpack('<I', out_buf[8:12])[0]
if self.server_info.data.insert(client_id, connection_id): if self.server_info.data.insert(client_id, connection_id):
@ -565,10 +562,9 @@ class auth_sha1_v2(verify_base):
self.client_id = client_id self.client_id = client_id
self.connection_id = connection_id self.connection_id = connection_id
else: else:
self.raw_trans = True
self.recv_buf = b'' self.recv_buf = b''
logging.info('auth_sha1_v2: auth fail, data %s' % (binascii.hexlify(out_buf),)) logging.info('auth_sha1_v2: auth fail, data %s' % (binascii.hexlify(out_buf),))
return (b'E', False) return self.not_match_return(self.recv_buf)
self.recv_buf = self.recv_buf[length:] self.recv_buf = self.recv_buf[length:]
self.has_recv_header = True self.has_recv_header = True

Write Preview
Loading…
Cancel
Save