mirror of
https://gitclone.com/github.com/MetaCubeX/Clash.Meta
synced 2024-11-15 13:41:23 +08:00
b0e062dc7c
* Feature: socks5 auth support * Chore: make code unified * Fix: auth buffer length
159 lines
3.3 KiB
Go
159 lines
3.3 KiB
Go
package adapters
|
|
|
|
import (
|
|
"bytes"
|
|
"crypto/tls"
|
|
"errors"
|
|
"fmt"
|
|
"io"
|
|
"net"
|
|
"strconv"
|
|
|
|
C "github.com/Dreamacro/clash/constant"
|
|
|
|
"github.com/Dreamacro/go-shadowsocks2/socks"
|
|
)
|
|
|
|
// Socks5Adapter is a shadowsocks adapter
|
|
type Socks5Adapter struct {
|
|
conn net.Conn
|
|
}
|
|
|
|
// Close is used to close connection
|
|
func (ss *Socks5Adapter) Close() {
|
|
ss.conn.Close()
|
|
}
|
|
|
|
func (ss *Socks5Adapter) Conn() net.Conn {
|
|
return ss.conn
|
|
}
|
|
|
|
type Socks5 struct {
|
|
addr string
|
|
name string
|
|
user string
|
|
pass string
|
|
tls bool
|
|
skipCertVerify bool
|
|
tlsConfig *tls.Config
|
|
}
|
|
|
|
type Socks5Option struct {
|
|
Name string `proxy:"name"`
|
|
Server string `proxy:"server"`
|
|
Port int `proxy:"port"`
|
|
UserName string `proxy:"username,omitempty"`
|
|
Password string `proxy:"password,omitempty"`
|
|
TLS bool `proxy:"tls,omitempty"`
|
|
SkipCertVerify bool `proxy:"skip-cert-verify,omitempty"`
|
|
}
|
|
|
|
func (ss *Socks5) Name() string {
|
|
return ss.name
|
|
}
|
|
|
|
func (ss *Socks5) Type() C.AdapterType {
|
|
return C.Socks5
|
|
}
|
|
|
|
func (ss *Socks5) Generator(metadata *C.Metadata) (adapter C.ProxyAdapter, err error) {
|
|
c, err := net.DialTimeout("tcp", ss.addr, tcpTimeout)
|
|
|
|
if err == nil && ss.tls {
|
|
cc := tls.Client(c, ss.tlsConfig)
|
|
err = cc.Handshake()
|
|
c = cc
|
|
}
|
|
|
|
if err != nil {
|
|
return nil, fmt.Errorf("%s connect error", ss.addr)
|
|
}
|
|
tcpKeepAlive(c)
|
|
if err := ss.shakeHand(metadata, c); err != nil {
|
|
return nil, err
|
|
}
|
|
return &Socks5Adapter{conn: c}, nil
|
|
}
|
|
|
|
func (ss *Socks5) shakeHand(metadata *C.Metadata, rw io.ReadWriter) error {
|
|
buf := make([]byte, socks.MaxAddrLen)
|
|
var err error
|
|
|
|
// VER, NMETHODS, METHODS
|
|
if len(ss.user) > 0 {
|
|
_, err = rw.Write([]byte{5, 1, 2})
|
|
} else {
|
|
_, err = rw.Write([]byte{5, 1, 0})
|
|
}
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
// VER, METHOD
|
|
if _, err := io.ReadFull(rw, buf[:2]); err != nil {
|
|
return err
|
|
}
|
|
|
|
if buf[0] != 5 {
|
|
return errors.New("SOCKS version error")
|
|
}
|
|
|
|
if buf[1] == 2 {
|
|
// password protocol version
|
|
authMsg := &bytes.Buffer{}
|
|
authMsg.WriteByte(1)
|
|
authMsg.WriteByte(uint8(len(ss.user)))
|
|
authMsg.WriteString(ss.user)
|
|
authMsg.WriteByte(uint8(len(ss.pass)))
|
|
authMsg.WriteString(ss.pass)
|
|
|
|
if _, err := rw.Write(authMsg.Bytes()); err != nil {
|
|
return err
|
|
}
|
|
|
|
if _, err := io.ReadFull(rw, buf[:2]); err != nil {
|
|
return err
|
|
}
|
|
|
|
if buf[1] != 0 {
|
|
return errors.New("rejected username/password")
|
|
}
|
|
} else if buf[1] != 0 {
|
|
return errors.New("SOCKS need auth")
|
|
}
|
|
|
|
// VER, CMD, RSV, ADDR
|
|
if _, err := rw.Write(bytes.Join([][]byte{{5, 1, 0}, serializesSocksAddr(metadata)}, []byte(""))); err != nil {
|
|
return err
|
|
}
|
|
|
|
if _, err := io.ReadFull(rw, buf[:10]); err != nil {
|
|
return err
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func NewSocks5(option Socks5Option) *Socks5 {
|
|
var tlsConfig *tls.Config
|
|
if option.TLS {
|
|
tlsConfig = &tls.Config{
|
|
InsecureSkipVerify: option.SkipCertVerify,
|
|
ClientSessionCache: getClientSessionCache(),
|
|
MinVersion: tls.VersionTLS11,
|
|
MaxVersion: tls.VersionTLS12,
|
|
ServerName: option.Server,
|
|
}
|
|
}
|
|
|
|
return &Socks5{
|
|
addr: net.JoinHostPort(option.Server, strconv.Itoa(option.Port)),
|
|
name: option.Name,
|
|
user: option.UserName,
|
|
pass: option.Password,
|
|
tls: option.TLS,
|
|
skipCertVerify: option.SkipCertVerify,
|
|
tlsConfig: tlsConfig,
|
|
}
|
|
}
|