diff --git a/core/handler.go b/core/handler.go index d5cbb6c2..65eb1666 100644 --- a/core/handler.go +++ b/core/handler.go @@ -3,7 +3,6 @@ package core import ( "kubevpn/tun" "net" - "net/url" ) // Handler is a proxy server handler @@ -14,11 +13,9 @@ type Handler interface { // HandlerOptions describes the options for Handler. type HandlerOptions struct { - Chain *Chain - Users []*url.Userinfo - Authenticator Authenticator - Node Node - IPRoutes []tun.IPRoute + Chain *Chain + Node Node + IPRoutes []tun.IPRoute } // HandlerOption allows a common way to set handler options. @@ -31,13 +28,6 @@ func ChainHandlerOption(chain *Chain) HandlerOption { } } -// AuthenticatorHandlerOption set the authenticator of HandlerOptions -func AuthenticatorHandlerOption(authenticator Authenticator) HandlerOption { - return func(opts *HandlerOptions) { - opts.Authenticator = authenticator - } -} - // NodeHandlerOption set the server node for server handler. func NodeHandlerOption(node Node) HandlerOption { return func(opts *HandlerOptions) { diff --git a/core/socks.go b/core/socks.go index 6d78c3b2..fab6ad9f 100644 --- a/core/socks.go +++ b/core/socks.go @@ -17,7 +17,6 @@ import ( type clientSelector struct { methods []uint8 - User *url.Userinfo } func (selector *clientSelector) Methods() []uint8 { @@ -40,34 +39,9 @@ func (selector *clientSelector) OnSelected(method uint8, conn net.Conn) (net.Con log.Debug("[socks5] method selected:", method) } switch method { - case gosocks5.MethodUserPass: - var username, password string - if selector.User != nil { - username = selector.User.Username() - password, _ = selector.User.Password() - } - - req := gosocks5.NewUserPassRequest(gosocks5.UserPassVer, username, password) - if err := req.Write(conn); err != nil { - log.Debug("[socks5]", err) - return nil, err - } - if util.Debug { - log.Debug("[socks5]", req) - } - resp, err := gosocks5.ReadUserPassResponse(conn) - if err != nil { - log.Debug("[socks5]", err) - return nil, err - } - if util.Debug { - log.Debug("[socks5]", resp) - } - if resp.Status != gosocks5.Succeeded { - return nil, gosocks5.ErrAuthFailure - } - case gosocks5.MethodNoAcceptable: - return nil, gosocks5.ErrBadMethod + case gosocks5.MethodNoAuth: + log.Debug("[socks5] client", "no auth") + return conn, nil } return conn, nil @@ -75,8 +49,6 @@ func (selector *clientSelector) OnSelected(method uint8, conn net.Conn) (net.Con type serverSelector struct { methods []uint8 - // Users []*url.Userinfo - Authenticator Authenticator } func (selector *serverSelector) Methods() []uint8 { @@ -92,13 +64,6 @@ func (selector *serverSelector) Select(methods ...uint8) (method uint8) { log.Debugf("[socks5] %d %d %v", gosocks5.Ver5, len(methods), methods) } method = gosocks5.MethodNoAuth - // when Authenticator is set, auth is mandatory - if selector.Authenticator != nil { - if method == gosocks5.MethodNoAuth { - method = gosocks5.MethodUserPass - } - } - return } @@ -107,37 +72,9 @@ func (selector *serverSelector) OnSelected(method uint8, conn net.Conn) (net.Con log.Debugf("[socks5] %d %d", gosocks5.Ver5, method) } switch method { - case gosocks5.MethodUserPass: - req, err := gosocks5.ReadUserPassRequest(conn) - if err != nil { - log.Debugf("[socks5] %s - %s: %s", conn.RemoteAddr(), conn.LocalAddr(), err) - return nil, err - } - if util.Debug { - log.Debugf("[socks5] %s - %s: %s", conn.RemoteAddr(), conn.LocalAddr(), req.String()) - } - - if selector.Authenticator != nil && !selector.Authenticator.Authenticate(req.Username, req.Password) { - resp := gosocks5.NewUserPassResponse(gosocks5.UserPassVer, gosocks5.Failure) - if err := resp.Write(conn); err != nil { - log.Debugf("[socks5] %s - %s: %s", conn.RemoteAddr(), conn.LocalAddr(), err) - return nil, err - } - if util.Debug { - log.Debugf("[socks5] %s - %s: %s", conn.RemoteAddr(), conn.LocalAddr(), resp) - } - log.Debugf("[socks5] %s - %s: proxy authentication required", conn.RemoteAddr(), conn.LocalAddr()) - return nil, gosocks5.ErrAuthFailure - } - - resp := gosocks5.NewUserPassResponse(gosocks5.UserPassVer, gosocks5.Succeeded) - if err := resp.Write(conn); err != nil { - log.Debugf("[socks5] %s - %s: %s", conn.RemoteAddr(), conn.LocalAddr(), err) - return nil, err - } - if util.Debug { - log.Debugf("[socks5] %s - %s: %s", conn.RemoteAddr(), conn.LocalAddr(), resp) - } + case gosocks5.MethodNoAuth: + log.Debugf("[socks5] server, no auth") + return conn, nil case gosocks5.MethodNoAcceptable: return nil, gosocks5.ErrBadMethod } @@ -145,72 +82,6 @@ func (selector *serverSelector) OnSelected(method uint8, conn net.Conn) (net.Con return conn, nil } -type socks5Connector struct { - User *url.Userinfo -} - -// SOCKS5Connector creates a connector for SOCKS5 proxy client. -// It accepts an optional auth info for SOCKS5 Username/Password Authentication. -func SOCKS5Connector(user *url.Userinfo) Connector { - return &socks5Connector{User: user} -} - -func (c *socks5Connector) Connect(conn net.Conn, address string) (net.Conn, error) { - return c.ConnectContext(context.Background(), conn, "tcp", address) -} - -func (c *socks5Connector) ConnectContext(ctx context.Context, conn net.Conn, network, address string) (net.Conn, error) { - switch network { - case "udp", "udp4", "udp6": - cnr := &socks5UDPTunConnector{User: c.User} - return cnr.ConnectContext(ctx, conn, network, address) - } - - conn.SetDeadline(time.Now().Add(util.ConnectTimeout)) - defer conn.SetDeadline(time.Time{}) - - cc, err := socks5Handshake(conn, - userSocks5HandshakeOption(c.User), - ) - if err != nil { - return nil, err - } - conn = cc - - host, port, err := net.SplitHostPort(address) - if err != nil { - return nil, err - } - p, _ := strconv.Atoi(port) - req := gosocks5.NewRequest(gosocks5.CmdConnect, &gosocks5.Addr{ - Type: gosocks5.AddrDomain, - Host: host, - Port: uint16(p), - }) - if err := req.Write(conn); err != nil { - return nil, err - } - - if util.Debug { - log.Debug("[socks5]", req) - } - - reply, err := gosocks5.ReadReply(conn) - if err != nil { - return nil, err - } - - if util.Debug { - log.Debug("[socks5]", reply) - } - - if reply.Rep != gosocks5.Succeeded { - return nil, errors.New("service unavailable") - } - - return conn, nil -} - type socks5UDPTunConnector struct { User *url.Userinfo } @@ -230,7 +101,7 @@ func (c *socks5UDPTunConnector) ConnectContext(ctx context.Context, conn net.Con defer conn.SetDeadline(time.Time{}) taddr, _ := net.ResolveUDPAddr("udp", address) - return newSocks5UDPTunnelConn(conn, nil, taddr, userSocks5HandshakeOption(c.User)) + return newSocks5UDPTunnelConn(conn, nil, taddr) } type socks5Handler struct { @@ -255,14 +126,9 @@ func (h *socks5Handler) Init(options ...HandlerOption) { opt(h.options) } - h.selector = &serverSelector{ // socks5 server selector - // Users: h.options.Users, - Authenticator: h.options.Authenticator, - } - // methods that socks5 server supported + h.selector = &serverSelector{} h.selector.AddMethod( gosocks5.MethodNoAuth, - gosocks5.MethodUserPass, ) } @@ -678,7 +544,7 @@ func (h *socks5Handler) handleUDPTunnel(conn net.Conn, req *gosocks5.Request) { } defer cc.Close() - cc, err = socks5Handshake(cc, userSocks5HandshakeOption(h.options.Chain.LastNode().User)) + cc, err = socks5Handshake(cc) if err != nil { log.Debugf("[socks5] udp-tun %s -> %s : %s", conn.RemoteAddr(), req.Addr, err) return @@ -789,24 +655,13 @@ func userSocks5HandshakeOption(user *url.Userinfo) socks5HandshakeOption { } } -func socks5Handshake(conn net.Conn, opts ...socks5HandshakeOption) (net.Conn, error) { - options := socks5HandshakeOptions{} - for _, opt := range opts { - opt(&options) - } - selector := options.selector - if selector == nil { - cs := &clientSelector{ - User: options.user, - } - cs.AddMethod( - gosocks5.MethodNoAuth, - gosocks5.MethodUserPass, - ) - selector = cs - } +func socks5Handshake(conn net.Conn) (net.Conn, error) { + cs := &clientSelector{} + cs.AddMethod( + gosocks5.MethodNoAuth, + ) - cc := gosocks5.ClientConn(conn, selector) + cc := gosocks5.ClientConn(conn, cs) if err := cc.Handleshake(); err != nil { return nil, err } @@ -818,8 +673,8 @@ type socks5UDPTunnelConn struct { taddr net.Addr } -func newSocks5UDPTunnelConn(conn net.Conn, raddr, taddr net.Addr, opts ...socks5HandshakeOption) (net.Conn, error) { - cc, err := socks5Handshake(conn, opts...) +func newSocks5UDPTunnelConn(conn net.Conn, raddr, taddr net.Addr) (net.Conn, error) { + cc, err := socks5Handshake(conn) if err != nil { return nil, err } @@ -883,49 +738,3 @@ func (c *socks5UDPTunnelConn) WriteTo(b []byte, addr net.Addr) (n int, err error } return len(b), nil } - -type socks5UDPConn struct { - *net.UDPConn - taddr net.Addr -} - -func (c *socks5UDPConn) Read(b []byte) (n int, err error) { - n, _, err = c.ReadFrom(b) - return -} - -func (c *socks5UDPConn) ReadFrom(b []byte) (n int, addr net.Addr, err error) { - data := util.MPool.Get().([]byte) - defer util.MPool.Put(data) - - n, err = c.UDPConn.Read(data) - if err != nil { - return - } - dg, err := gosocks5.ReadUDPDatagram(bytes.NewReader(data[:n])) - if err != nil { - return - } - - n = copy(b, dg.Data) - addr, err = net.ResolveUDPAddr("udp", dg.Header.Addr.String()) - - return -} - -func (c *socks5UDPConn) Write(b []byte) (int, error) { - return c.WriteTo(b, c.taddr) -} - -func (c *socks5UDPConn) WriteTo(b []byte, addr net.Addr) (int, error) { - adr, err := gosocks5.NewAddr(addr.String()) - if err != nil { - return 0, err - } - h := gosocks5.NewUDPHeader(0, 0, adr) - dg := gosocks5.NewUDPDatagram(h, b) - if err = dg.Write(c.UDPConn); err != nil { - return 0, err - } - return len(b), nil -} diff --git a/core/tunhandler.go b/core/tunhandler.go index 5ca758a9..2dda7d8e 100644 --- a/core/tunhandler.go +++ b/core/tunhandler.go @@ -11,7 +11,6 @@ import ( "sync" "time" - "github.com/shadowsocks/go-shadowsocks2/core" "github.com/shadowsocks/go-shadowsocks2/shadowaead" log "github.com/sirupsen/logrus" "github.com/songgao/water/waterutil" @@ -113,11 +112,6 @@ func (h *tunHandler) Handle(conn net.Conn) { return err } - pc, err = h.initTunnelConn(pc) - if err != nil { - return err - } - return h.transportTun(conn, pc, raddr) }() if err != nil { @@ -146,18 +140,6 @@ func (h *tunHandler) Handle(conn net.Conn) { } } -func (h *tunHandler) initTunnelConn(pc net.PacketConn) (net.PacketConn, error) { - if len(h.options.Users) > 0 && h.options.Users[0] != nil { - passwd, _ := h.options.Users[0].Password() - cipher, err := core.PickCipher(h.options.Users[0].Username(), nil, passwd) - if err != nil { - return nil, err - } - pc = cipher.PacketConn(pc) - } - return pc, nil -} - func (h *tunHandler) findRouteFor(dst net.IP) net.Addr { if v, ok := h.routes.Load(ipToTunRouteKey(dst)); ok { return v.(net.Addr) diff --git a/pkg/route.go b/pkg/route.go index 7390eb87..35b461c7 100644 --- a/pkg/route.go +++ b/pkg/route.go @@ -120,7 +120,6 @@ func (r *route) GenRouters() ([]router, error) { handler.Init( core.ChainHandlerOption(chain), - core.AuthenticatorHandlerOption(core.DefaultAuthenticator), core.NodeHandlerOption(node), core.IPRoutesHandlerOption(tunRoutes...), )