From 642dac9aa0b90dd2f17df5dddd0e7914a7d306d3 Mon Sep 17 00:00:00 2001 From: hrxi Date: Sat, 20 Jul 2019 23:14:40 +0200 Subject: Add support for Jingle SOCKS5 bytestreams (XEP-0260) --- .../module/xep/0260_jingle_socks5_bytestreams.vala | 505 +++++++++++++++++++++ 1 file changed, 505 insertions(+) create mode 100644 xmpp-vala/src/module/xep/0260_jingle_socks5_bytestreams.vala (limited to 'xmpp-vala/src/module/xep/0260_jingle_socks5_bytestreams.vala') diff --git a/xmpp-vala/src/module/xep/0260_jingle_socks5_bytestreams.vala b/xmpp-vala/src/module/xep/0260_jingle_socks5_bytestreams.vala new file mode 100644 index 00000000..abe5e0a9 --- /dev/null +++ b/xmpp-vala/src/module/xep/0260_jingle_socks5_bytestreams.vala @@ -0,0 +1,505 @@ +using Gee; +using Xmpp; +using Xmpp.Xep; + +namespace Xmpp.Xep.JingleSocks5Bytestreams { + +private const string NS_URI = "urn:xmpp:jingle:transports:s5b:1"; + +public class Module : Jingle.Transport, XmppStreamModule { + public static Xmpp.ModuleIdentity IDENTITY = new Xmpp.ModuleIdentity(NS_URI, "0260_jingle_socks5_bytestreams"); + + public override void attach(XmppStream stream) { + stream.get_module(Jingle.Module.IDENTITY).register_transport(this); + stream.get_module(ServiceDiscovery.Module.IDENTITY).add_feature(stream, NS_URI); + } + public override void detach(XmppStream stream) { } + + public override string get_ns() { return NS_URI; } + public override string get_id() { return IDENTITY.id; } + + public bool is_transport_available(XmppStream stream, Jid full_jid) { + bool? result = stream.get_flag(ServiceDiscovery.Flag.IDENTITY).has_entity_feature(full_jid, NS_URI); + return result != null && result; + } + + public string transport_ns_uri() { + return NS_URI; + } + public Jingle.TransportType transport_type() { + return Jingle.TransportType.STREAMING; + } + public int transport_priority() { + return 1; + } + private Gee.List get_local_candidates(XmppStream stream) { + Gee.List result = new ArrayList(); + int i = 1 << 15; + foreach (Socks5Bytestreams.Proxy proxy in stream.get_module(Socks5Bytestreams.Module.IDENTITY).get_proxies(stream)) { + result.add(new Candidate.proxy(random_uuid(), proxy, i)); + i -= 1; + } + return result; + } + public Jingle.TransportParameters create_transport_parameters(XmppStream stream, Jid local_full_jid, Jid peer_full_jid) { + Parameters result = new Parameters.create(local_full_jid, peer_full_jid, random_uuid()); + result.local_candidates.add_all(get_local_candidates(stream)); + return result; + } + public Jingle.TransportParameters parse_transport_parameters(XmppStream stream, Jid local_full_jid, Jid peer_full_jid, StanzaNode transport) throws Jingle.IqError { + Parameters result = Parameters.parse(local_full_jid, peer_full_jid, transport); + result.local_candidates.add_all(get_local_candidates(stream)); + return result; + } +} + +public enum CandidateType { + ASSISTED, + DIRECT, + PROXY, + TUNNEL; + + public static CandidateType parse(string type) throws Jingle.IqError { + switch (type) { + case "assisted": return CandidateType.ASSISTED; + case "direct": return CandidateType.DIRECT; + case "proxy": return CandidateType.PROXY; + case "tunnel": return CandidateType.TUNNEL; + } + throw new Jingle.IqError.BAD_REQUEST(@"unknown candidate type $(type)"); + } + + public string to_string() { + switch (this) { + case ASSISTED: return "assisted"; + case DIRECT: return "direct"; + case PROXY: return "proxy"; + case TUNNEL: return "tunnel"; + } + assert_not_reached(); + } + + private int type_preference_impl() { + switch (this) { + case ASSISTED: return 120; + case DIRECT: return 126; + case PROXY: return 10; + case TUNNEL: return 110; + } + assert_not_reached(); + } + public int type_preference() { + return type_preference_impl() << 16; + } +} + +public class Candidate : Socks5Bytestreams.Proxy { + public string cid { get; private set; } + public int priority { get; private set; } + public CandidateType type_ { get; private set; } + + private Candidate(string cid, string host, Jid jid, int port, int priority, CandidateType type) { + base(host, jid, port); + this.cid = cid; + this.priority = priority; + this.type_ = type; + } + + public Candidate.build(string cid, string host, Jid jid, int port, int local_priority, CandidateType type) { + this(cid, host, jid, port, type.type_preference() + local_priority, type); + } + public Candidate.proxy(string cid, Socks5Bytestreams.Proxy proxy, int local_priority) { + this.build(cid, proxy.host, proxy.jid, proxy.port, local_priority, CandidateType.PROXY); + } + + public static Candidate parse(StanzaNode candidate) throws Jingle.IqError { + string? cid = candidate.get_attribute("cid"); + string? host = candidate.get_attribute("host"); + string? jid_str = candidate.get_attribute("jid"); + Jid? jid = jid_str != null ? Jid.parse(jid_str) : null; + int port = candidate.get_attribute("port") != null ? candidate.get_attribute_int("port") : 1080; + int priority = candidate.get_attribute_int("priority"); + string? type_str = candidate.get_attribute("type"); + CandidateType type = type_str != null ? CandidateType.parse(type_str) : CandidateType.DIRECT; + + if (cid == null || host == null || jid == null || port <= 0 || priority <= 0) { + throw new Jingle.IqError.BAD_REQUEST("missing or invalid cid, host, jid or port"); + } + + return new Candidate(cid, host, jid, port, priority, type); + } + public StanzaNode to_xml() { + return new StanzaNode.build("candidate", NS_URI) + .put_attribute("cid", cid) + .put_attribute("host", host) + .put_attribute("jid", jid.to_string()) + .put_attribute("port", port.to_string()) + .put_attribute("priority", priority.to_string()) + .put_attribute("type", type_.to_string()); + } +} + +bool bytes_equal(uint8[] a, uint8[] b) { + if (a.length != b.length) { + return false; + } + for (int i = 0; i < a.length; i++) { + if (a[i] != b[i]) { + return false; + } + } + return true; +} + +class Parameters : Jingle.TransportParameters, Object { + public Jingle.Role role { get; private set; } + public string sid { get; private set; } + public string remote_dstaddr { get; private set; } + public string local_dstaddr { get; private set; } + public Gee.List local_candidates = new ArrayList(); + public Gee.List remote_candidates = new ArrayList(); + + Jid peer_full_jid; + + bool remote_sent_selected_candidate = false; + Candidate? remote_selected_candidate = null; + bool local_determined_selected_candidate = false; + Candidate? local_selected_candidate = null; + SocketConnection? local_selected_candidate_conn = null; + weak Jingle.Session? session = null; + XmppStream? hack = null; + + string? waiting_for_activation_cid = null; + SourceFunc waiting_for_activation_callback; + + private static string calculate_dstaddr(string sid, Jid first_jid, Jid second_jid) { + string hashed = sid + first_jid.to_string() + second_jid.to_string(); + return Checksum.compute_for_string(ChecksumType.SHA1, hashed); + } + private Parameters(Jingle.Role role, string sid, Jid local_full_jid, Jid peer_full_jid, string? remote_dstaddr) { + this.role = role; + this.sid = sid; + this.local_dstaddr = calculate_dstaddr(sid, local_full_jid, peer_full_jid); + this.remote_dstaddr = remote_dstaddr ?? calculate_dstaddr(sid, peer_full_jid, local_full_jid); + + this.peer_full_jid = peer_full_jid; + } + public Parameters.create(Jid local_full_jid, Jid peer_full_jid, string sid) { + this(Jingle.Role.INITIATOR, sid, local_full_jid, peer_full_jid, null); + } + public static Parameters parse(Jid local_full_jid, Jid peer_full_jid, StanzaNode transport) throws Jingle.IqError { + string? dstaddr = transport.get_attribute("dstaddr"); + string? mode = transport.get_attribute("mode"); + string? sid = transport.get_attribute("sid"); + if (mode != null && mode != "tcp") { + throw new Jingle.IqError.BAD_REQUEST(@"unknown transport method $(mode)"); + } + if (dstaddr != null && dstaddr.length > 255) { + throw new Jingle.IqError.BAD_REQUEST("too long dstaddr"); + } + Parameters result = new Parameters(Jingle.Role.RESPONDER, sid, local_full_jid, peer_full_jid, dstaddr); + //result.remote_candidates.add(new Candidate("b", "0.0.0.0", new Jid("a@b/c"), 1234, 2000000000, CandidateType.PROXY)); + foreach (StanzaNode candidate in transport.get_subnodes("candidate", NS_URI)) { + result.remote_candidates.add(Candidate.parse(candidate)); + } + return result; + } + public string transport_ns_uri() { + return NS_URI; + } + public StanzaNode to_transport_stanza_node() { + StanzaNode transport = new StanzaNode.build("transport", NS_URI) + .add_self_xmlns() + .put_attribute("dstaddr", local_dstaddr); + + if (role == Jingle.Role.INITIATOR) { + // Must not be included by the responder according to XEP-0260. + transport.put_attribute("mode", "tcp"); + } + + transport.put_attribute("sid", sid); + foreach (Candidate candidate in local_candidates) { + transport.put_node(candidate.to_xml()); + } + return transport; + } + public void on_transport_accept(StanzaNode transport) throws Jingle.IqError { + throw new Jingle.IqError.BAD_REQUEST("blurb"); + } + public void on_transport_info(StanzaNode transport) throws Jingle.IqError { + StanzaNode? candidate_error = transport.get_subnode("candidate-error", NS_URI); + StanzaNode? candidate_used = transport.get_subnode("candidate-used", NS_URI); + StanzaNode? activated = transport.get_subnode("activated", NS_URI); + int num_children = 0; + if (candidate_error != null) { num_children += 1; } + if (candidate_used != null) { num_children += 1; } + if (activated != null) { num_children += 1; } + if (num_children == 0) { + throw new Jingle.IqError.UNSUPPORTED_INFO("unknown transport-info"); + } else if (num_children > 1) { + throw new Jingle.IqError.BAD_REQUEST("transport-info with more than one child"); + } + if (candidate_error != null) { + handle_remote_candidate(null); + } + if (candidate_used != null) { + string? cid = candidate_used.get_attribute("cid"); + if (cid == null) { + throw new Jingle.IqError.BAD_REQUEST("missing cid"); + } + handle_remote_candidate(cid); + } + if (activated != null) { + string? cid = activated.get_attribute("cid"); + if (cid == null) { + throw new Jingle.IqError.BAD_REQUEST("missing cid"); + } + handle_activated(cid); + } + } + private void handle_remote_candidate(string? cid) throws Jingle.IqError { + if (remote_sent_selected_candidate) { + throw new Jingle.IqError.BAD_REQUEST("remote candidate already specified"); + } + Candidate? candidate = null; + if (cid != null) { + foreach (Candidate c in local_candidates) { + if (c.cid == cid) { + candidate = c; + break; + } + } + if (candidate == null) { + throw new Jingle.IqError.BAD_REQUEST("unknown cid"); + } + } + remote_sent_selected_candidate = true; + remote_selected_candidate = candidate; + try_completing_negotiation(); + } + private void handle_activated(string cid) throws Jingle.IqError { + if (waiting_for_activation_cid == null || cid != waiting_for_activation_cid) { + throw new Jingle.IqError.BAD_REQUEST("unexpected proxy activation message"); + } + Idle.add((owned)waiting_for_activation_callback); + waiting_for_activation_cid = null; + } + private void try_completing_negotiation() { + if (!remote_sent_selected_candidate || !local_determined_selected_candidate) { + return; + } + + Candidate? remote = remote_selected_candidate; + Candidate? local = local_selected_candidate; + + int num_candidates = 0; + if (remote != null) { num_candidates += 1; } + if (local != null) { num_candidates += 1; } + + if (num_candidates == 0) { + // Notify Jingle of the failed transport. + session.set_transport_connection(hack, null); + return; + } + + bool remote_wins; + if (num_candidates == 1) { + remote_wins = remote != null; + } else { + if (local.priority < remote.priority) { + remote_wins = true; + } else if (local.priority > remote.priority) { + remote_wins = false; + } else { + // equal priority -> XEP-0260 says that the initiator wins + remote_wins = role != Jingle.Role.INITIATOR; + } + } + + if (!remote_wins) { + if (local_selected_candidate.type_ != CandidateType.PROXY) { + Jingle.Session? strong = session; + if (strong == null) { + return; + } + strong.set_transport_connection(hack, local_selected_candidate_conn); + } else { + wait_for_remote_activation.begin(local_selected_candidate, local_selected_candidate_conn); + } + } else { + connect_to_local_candidate.begin(remote_selected_candidate); + } + } + public async void wait_for_remote_activation(Candidate candidate, SocketConnection conn) { + waiting_for_activation_cid = candidate.cid; + waiting_for_activation_callback = wait_for_remote_activation.callback; + yield; + + Jingle.Session? strong = session; + if (strong == null) { + return; + } + strong.set_transport_connection(hack, conn); + } + public async void connect_to_local_candidate(Candidate candidate) { + try { + SocketConnection conn = yield connect_to_socks5(candidate, local_dstaddr); + + bool activation_error = false; + SourceFunc callback = connect_to_local_candidate.callback; + StanzaNode query = new StanzaNode.build("query", Socks5Bytestreams.NS_URI) + .add_self_xmlns() + .put_attribute("sid", sid) + .put_node(new StanzaNode.build("activate", Socks5Bytestreams.NS_URI) + .put_node(new StanzaNode.text(peer_full_jid.to_string())) + ); + Iq.Stanza iq = new Iq.Stanza.set(query) { to=candidate.jid }; + hack.get_module(Iq.Module.IDENTITY).send_iq(hack, iq, (stream, iq) => { + activation_error = iq.is_error(); + Idle.add((owned)callback); + }); + yield; + + if (activation_error) { + throw new IOError.PROXY_FAILED("activation iq error"); + } + + Jingle.Session? strong = session; + if (strong == null) { + return; + } + strong.send_transport_info(hack, new StanzaNode.build("transport", NS_URI) + .add_self_xmlns() + .put_attribute("sid", sid) + .put_node(new StanzaNode.build("activated", NS_URI) + .put_attribute("cid", candidate.cid) + ) + ); + + strong.set_transport_connection(hack, conn); + } catch (Error e) { + Jingle.Session? strong = session; + if (strong == null) { + return; + } + strong.send_transport_info(hack, new StanzaNode.build("transport", NS_URI) + .add_self_xmlns() + .put_attribute("sid", sid) + .put_node(new StanzaNode.build("proxy-error", NS_URI)) + ); + strong.set_transport_connection(hack, null); + } + } + public async SocketConnection connect_to_socks5(Candidate candidate, string dstaddr) throws Error { + SocketClient socket_client = new SocketClient() { timeout=3 }; + + string address = @"[$(candidate.host)]:$(candidate.port)"; + + size_t written; + size_t read; + uint8[] read_buffer = new uint8[1024]; + ByteArray write_buffer = new ByteArray(); + + SocketConnection conn = yield socket_client.connect_to_host_async(address, 0); + + // 05 SOCKS version 5 + // 01 number of authentication methods: 1 + // 00 nop authentication + yield conn.output_stream.write_all_async({0x05, 0x01, 0x00}, GLib.Priority.DEFAULT, null, out written); + + yield conn.input_stream.read_all_async(read_buffer[0:2], GLib.Priority.DEFAULT, null, out read); + // 05 SOCKS version 5 + // 01 success + if (read_buffer[0] != 0x05 || read_buffer[1] != 0x00) { + throw new IOError.PROXY_FAILED("wanted 05 00, got %02x %02x".printf(read_buffer[0], read_buffer[1])); + } + + // 05 SOCKS version 5 + // 01 connect + // 00 reserved + // 03 address type: domain name + // ?? length of the domain + // .. domain + // 00 port 0 (upper half) + // 00 port 0 (lower half) + write_buffer.append({0x05, 0x01, 0x00, 0x03}); + write_buffer.append({(uint8)dstaddr.length}); + write_buffer.append(dstaddr.data); + write_buffer.append({0x00, 0x00}); + yield conn.output_stream.write_all_async(write_buffer.data, GLib.Priority.DEFAULT, null, out written); + + yield conn.input_stream.read_all_async(read_buffer[0:write_buffer.len], GLib.Priority.DEFAULT, null, out read); + // 05 SOCKS version 5 + // 00 success + // 00 reserved + // 03 address type: domain name + // ?? length of the domain + // .. domain + // 00 port 0 (upper half) + // 00 port 0 (lower half) + if (read_buffer[0] != 0x05 || read_buffer[1] != 0x00 || read_buffer[3] != 0x03) { + throw new IOError.PROXY_FAILED("wanted 05 00 ?? 03, got %02x %02x %02x %02x".printf(read_buffer[0], read_buffer[1], read_buffer[2], read_buffer[3])); + } + if (read_buffer[4] != (uint8)dstaddr.length) { + throw new IOError.PROXY_FAILED("wanted %02x for length, got %02x".printf(dstaddr.length, read_buffer[4])); + } + if (!bytes_equal(read_buffer[5:5+dstaddr.length], dstaddr.data)) { + string repr = ((string)read_buffer[5:5+dstaddr.length]).make_valid().escape(); + throw new IOError.PROXY_FAILED(@"wanted dstaddr $(dstaddr), got $(repr)"); + } + if (read_buffer[5+dstaddr.length] != 0x00 || read_buffer[5+dstaddr.length+1] != 0x00) { + throw new IOError.PROXY_FAILED("wanted port 00 00, got %02x %02x".printf(read_buffer[5+dstaddr.length], read_buffer[5+dstaddr.length+1])); + } + + return conn; + } + public async void try_connecting_to_candidates(XmppStream stream, Jingle.Session session) throws Error { + remote_candidates.sort((c1, c2) => { + // sort from priorities from high to low + if (c1.priority < c2.priority) { return 1; } + if (c1.priority > c2.priority) { return -1; } + return 0; + }); + foreach (Candidate candidate in remote_candidates) { + if (remote_selected_candidate != null && remote_selected_candidate.priority > candidate.priority) { + // Don't try candidates with lower priority than the one the + // peer already selected. + break; + } + try { + SocketConnection conn = yield connect_to_socks5(candidate, remote_dstaddr); + + local_determined_selected_candidate = true; + local_selected_candidate = candidate; + local_selected_candidate_conn = conn; + session.send_transport_info(stream, new StanzaNode.build("transport", NS_URI) + .add_self_xmlns() + .put_attribute("sid", sid) + .put_node(new StanzaNode.build("candidate-used", NS_URI) + .put_attribute("cid", candidate.cid) + ) + ); + try_completing_negotiation(); + return; + } catch (Error e) { + // An error in the connection establishment isn't fatal, just + // try the next candidate or respond that none of the + // candidates work. + } + } + local_determined_selected_candidate = true; + local_selected_candidate = null; + session.send_transport_info(stream, new StanzaNode.build("transport", NS_URI) + .add_self_xmlns() + .put_attribute("sid", sid) + .put_node(new StanzaNode.build("candidate-error", NS_URI)) + ); + } + public void create_transport_connection(XmppStream stream, Jingle.Session session) { + this.session = session; + this.hack = stream; + try_connecting_to_candidates.begin(stream, session); + } +} + +} -- cgit v1.2.3-54-g00ecf