socks_handler 0.1.0

data/lib/socks_handler/tcp.rb

@@ -0,0 +1,106 @@
+# frozen_string_literal: true
+require "socks_handler"
+require "socks_handler/command"
+require "socks_handler/direct_access_rule"
+require "socks_handler/proxy_access_rule"
+require "socks_handler/socket_socksify"
+require "socks_handler/tcpsocket_socksify"
+
+module SocksHandler
+  class TCP
+    class << self
+      include SocksHandler
+
+      # Socksifies all TCP connections created by TCPSocket.new or Socket.tcp
+      #
+      # @param rules [Array<DirectAccessRule, ProxyAccessRule>] socksify a
+      #   socket according to the first rule whose remote host patterns match
+      #   the remote host
+      # @return [nil]
+      #
+      # @example
+      #   SocksHandler::TCP.socksify([
+      #     # Access 127.0.0.1, ::1 or hosts that end in ".local" directly
+      #     SocksHandler::DirectAccessRule.new(host_patterns: %w[127.0.0.1 ::1] + [/\.local\z/]),
+      #
+      #     # Access hosts that end in ".ap-northeast-1.compute.internal" through 127.0.0.1:1080
+      #     SocksHandler::ProxyAccessRule.new(
+      #       host_patterns: [/\.ap-northeast-1\.compute\.internal\z/],
+      #       socks_server: "127.0.0.1:1080",
+      #     ),
+      #
+      #     # Access hosts that end in ".ec2.internal" through 127.0.0.1:1081
+      #     SocksHandler::ProxyAccessRule.new(
+      #       host_patterns: [/\.ec2\.internal\z/],
+      #       socks_server: "127.0.0.1:1081",
+      #     ),
+      #
+      #     # Access others hosts through 127.0.0.1:1082 with username/password auth
+      #     SocksHandler::ProxyAccessRule.new(
+      #       host_patterns: [//],
+      #       socks_server: "127.0.0.1:1082",
+      #       username: "user",
+      #       password: ENV["SOCKS_SERVER_PASSWORD"],
+      #     ),
+      #   ])
+      def socksify(rules)
+        @rules = rules
+
+        unless TCPSocket.ancestors.include?(SocksHandler::TCPSocketSocksify)
+          TCPSocket.prepend(SocksHandler::TCPSocketSocksify)
+        end
+
+        unless Socket.singleton_class.ancestors.include?(SocksHandler::SocketSocksify)
+          Socket.singleton_class.prepend(SocksHandler::SocketSocksify)
+        end
+
+        nil
+      end
+
+      # @return [nil]
+      def desocksify
+        @rules = []
+        nil
+      end
+
+      # @param host [String] a domain name or IP address of a remote host
+      # @return [DirectAccessRule, ProxyAccessRule, nil]
+      def find_rule(host)
+        rules.find { |r| r.match?(host) }
+      end
+
+      # Connects a host through a socks server
+      #
+      # @param socket [Socket, TCPSocket] a socket that has connected to a socks server
+      # @param remote_host [String]
+      # @param remote_port [Integer, String] a port number or service name such as "http"
+      # @param username [String, nil]
+      # @param password [String, nil]
+      # @return [nil]
+      #
+      # @example
+      #   socket = TCPSocket.new("127.0.0.1", 1080) # or Socket.tcp("127.0.0.1", 1080)
+      #   # "nginx" is an HTTP server only the socks server can access
+      #   SocksHandler::TCP.establish_connection(socket, "nginx", 80)
+      #
+      #   socket.write(<<~REQUEST.gsub("\n", "\r\n"))
+      #     HEAD / HTTP/1.1
+      #     Host: nginx
+      #
+      #   REQUEST
+      #   puts socket.gets #=> HTTP/1.1 200 OK
+      def establish_connection(socket, remote_host, remote_port, username = nil, password = nil)
+        negotiate(socket, username, password)
+        send_details(socket,  Command::CONNECT, remote_host, remote_port)
+        nil
+      end
+
+      private
+
+      # @return [Array<DirectAccessRule, ProxyAccessRule>]
+      def rules
+        @rules ||= []
+      end
+    end
+  end
+end

data/lib/socks_handler/tcpsocket_socksify.rb

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+module SocksHandler
+  module TCPSocketSocksify
+    # @param remote_host [String]
+    # @param remote_port [Integer, String]
+    # @param local_host [String, nil]
+    # @param local_port [Integer, String]
+    # @param connect_timeout [Integer, Float, nil]
+    def initialize(remote_host, remote_port, local_host = nil, local_port = nil, connect_timeout: nil)
+      rule = SocksHandler::TCP.find_rule(remote_host)
+      return super if rule.nil? || rule.direct
+
+      super(rule.host, rule.port, local_host, local_port, connect_timeout: connect_timeout)
+      begin
+        SocksHandler::TCP.establish_connection(self, remote_host, remote_port, rule.username, rule.password)
+      rescue
+        close
+        raise
+      end
+    end
+  end
+end

data/lib/socks_handler/udp.rb

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+require "socks_handler"
+require "socks_handler/command"
+require "socks_handler/udpsocket"
+
+module SocksHandler
+  class UDP
+    class << self
+      include SocksHandler
+
+      # Associates a TCP socket with a UDP connection
+      #
+      # @param socket [Socket, TCPSocket] a socket that has connected to a socks server
+      # @param bind_host [String] host for UDPSocket#bind
+      # @param bind_port [Integer, String] port for UDPSocket#bind
+      # @param username [String, nil]
+      # @param password [String, nil]
+      # @return [SocksHandler::UDPSocket]
+      #
+      # @example
+      #   tcp_socket = TCPSocket.new("127.0.0.1", 1080) # or Socket.tcp("127.0.0.1", 1080)
+      #   udp_socket = SocksHandler::UDP.associate_udp(tcp_socket, "0.0.0.0", 0)
+      #
+      #   "echo" is a UDP echo server that only the socks server can access
+      #   udp_socket.send("hello", 0, "echo", 7)
+      #   puts udp_socket.gets #=> hello
+      def associate_udp(socket, bind_host, bind_port, username = nil, password = nil)
+        negotiate(socket, username, password)
+        address, port = send_details(socket,  Command::UDP_ASSOCIATE, bind_host, bind_port)
+        SocksHandler::UDPSocket.new.tap do |s|
+          # Use peeraddr instead of address
+          # because we might not be able to access the address directly
+          s.bind(bind_host, bind_port)
+          s.connect_socks_server(socket.peeraddr[3], port)
+        end
+      end
+    end
+  end
+end

data/lib/socks_handler/udpsocket.rb

@@ -0,0 +1,108 @@
+require "socket"
+require "stringio"
+
+require "socks_handler"
+
+module SocksHandler
+  class UDPSocket < ::UDPSocket
+    include SocksHandler
+
+    # @return [Integer]
+    MAX_REPLY_SIZE = 262 # When the length of the domain name is 255
+
+    # @!method connect_socks_server(host, port)
+    # @param host [String]
+    # @param port [Integer]
+    # @return [Integer]
+    alias_method :connect_socks_server, :connect
+
+
+    # @param host [String]
+    # @param port [Integer]
+    # @return [Integer]
+    # @see UDPSocket#connect
+    def connect(host, port)
+      @host = host
+      @port = port
+      0
+    end
+
+    # @param maxlen [Integer]
+    # @param flags [Integer]
+    # @return [String]
+    # @see UDPSocket#recv
+    def recv(maxlen, flags = 0)
+      resp, _ = recvfrom(maxlen, flags)
+      resp
+    end
+
+    # @!method recvfrom_socks_server(maxlen, flags = 0)
+    # @param maxlen [Integer]
+    # @param maxlen [Integer]
+    # @param flags [Integer]
+    # @return [Array(String, Array(String, Integer, String, String))]
+    alias_method :recvfrom_socks_server, :recvfrom
+
+    # @param maxlen [Integer]
+    # @param flags [Integer]
+    # @return [Array(String, Array(String, Integer, String, String))]
+    # @see UDPSocket#recvfrom)
+    def recvfrom(maxlen, flags = 0)
+      recvfrom_via(method(:recvfrom_socks_server), maxlen + MAX_REPLY_SIZE, flags)
+    end
+
+    # @!method recvfrom_socks_server_nonblock(maxlen, flags = 0)
+    # @param maxlen [Integer]
+    # @param flags [Integer]
+    # @return [Array(String, Array(String, Integer, String, String))]
+    alias_method :recvfrom_socks_server_nonblock, :recvfrom_nonblock
+
+    # @param maxlen [Integer]
+    # @param flags [Integer]
+    # @return [Array(String, Array(String, Integer, String, String))]
+    # @see UDPSocket#recvfrom_nonblock
+    def recvfrom_nonblock( maxlen, flags = 0)
+      recvfrom_via(method(:recvfrom_socks_server_nonblock), maxlen + MAX_REPLY_SIZE, flags)
+    end
+
+    # @param mesg [String]
+    # @param flags [Integer]
+    # @param host [String]
+    # @param port [Integer, String]
+    # @return [Integer]
+    # @see UDPSocket#send
+    def send(mesg, flags, host = nil, port = nil)
+      if @host &&  @port && (host || port)
+        raise Errno::EISCONN, "Socket is already connected"
+      end
+
+      host ||= @host
+      port ||= @port
+      if port.nil?
+        if host.nil?
+          raise Errno::EDESTADDRREQ, "Destination address required"
+        else
+          host, port = (host.is_a?(String) ? Addrinfo.new(host) : host).getnameinfo
+        end
+      end
+
+      request = [0x00, 0x00, 0x00].pack("C*") # Currently, the fragment number is fixed to 0
+      request << build_destination_packets(host, port)
+      request << [mesg].pack("a*")
+      super(request, flags)
+    end
+
+    private
+
+    # @param method [Method]
+    # @param maxlen [Integer]
+    # @param flags [Integer]
+    # @return [Array(String, Array(String, Integer, String, String))]
+    def recvfrom_via(method, maxlen, flags)
+      data, inet_addr = method.call(maxlen + MAX_REPLY_SIZE, flags)
+      response = StringIO.new(data)
+      process_reply(response)
+      [response.read, inet_addr]
+    end
+  end
+end

data/lib/socks_handler/udpsocket_socksify.rb

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+module SocksHandler
+  module UDPSocketSocksify
+    # @param host [String]
+    # @param port [Integer]
+    # @return [Integer]
+    def connect(host, port)
+      @socks_handler_host = host
+      @socks_handler_port = port
+
+      rule = SocksHandler::UDP.find_rule(remote_host)
+      return super if rule.nil? || rule.direct
+
+      socket = TCPSocket.new(rule.host, rule.port)
+      begin
+        SocksHandler::UDP.associate_udp(socket, "0.0.0.0", 0, rule.username, rule.password)
+      rescue
+        socket.close
+        raise
+      end
+
+      0
+    end
+
+    def send()
+  end
+end

data/lib/socks_handler/username_password_authenticator.rb

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+require "socks_handler/errors"
+
+module SocksHandler
+  # An implementation of https://www.ietf.org/rfc/rfc1929.txt
+  class UsernamePasswordAuthenticator
+    # @return [Integer]
+    SUBNEGOTIATION_VERSION = 0x01
+
+    # @param username [String]
+    # @param password [String]
+    def initialize(username, password)
+      raise ArgumentError, "Username is too long" if username.bytesize > 256
+      raise ArgumentError, "Password is too long" if password.bytesize > 256
+
+      @username = username
+      @password = password
+    end
+
+    # @param socket [Socket, TCPSocket]
+    # @return [nil]
+    def authenticate(socket)
+      socket.write([SUBNEGOTIATION_VERSION, @username.bytesize, @username, @password.bytesize, @password].pack("CCa*Ca*"))
+      _version, status = socket.recv(2).unpack("C*")
+      if status != 0x00
+        raise AuthenticationFailure, "username: #{@username}, status: #{status}"
+      end
+      nil
+    end
+  end
+end

data/lib/socks_handler/version.rb

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+
+module SocksHandler
+  # @return [String]
+  VERSION = "0.1.0"
+end

data/lib/socks_handler.rb

@@ -0,0 +1,114 @@
+# frozen_string_literal: true
+require "ipaddr"
+require "socket"
+
+require "socks_handler/address_type"
+require "socks_handler/authentication_method"
+require "socks_handler/errors"
+require "socks_handler/tcp"
+require "socks_handler/udp"
+require "socks_handler/username_password_authenticator"
+require "socks_handler/version"
+
+# An implementation of https://www.ietf.org/rfc/rfc1928.txt
+# @private
+module SocksHandler
+  # @return [Integer]
+  PROTOCOL_VERSION = 0x05
+
+    private
+
+    # @param socket [Socket, TCPSocket]
+    # @param username [String, nil]
+    # @param password [String, nil]
+    # @return [nil]
+    def negotiate(socket, username, password)
+      case choose_auth_method(socket, username)
+      when AuthenticationMethod::NONE
+        # Do nothing
+      when AuthenticationMethod::USERNAME_PASSWORD
+        UsernamePasswordAuthenticator.new(username, password).authenticate(socket)
+      else
+        raise NoAcceptableMethods
+      end
+      nil
+    end
+
+    # @param socket [Socket, TCPSocket]
+    # @param username [String, nil]
+    # @return [Integer] code of authentication method
+    def choose_auth_method(socket, username)
+      methods = [AuthenticationMethod::NONE]
+      methods << AuthenticationMethod::USERNAME_PASSWORD if username
+      socket.write([PROTOCOL_VERSION, methods.size, *methods].pack("C*"))
+
+      version, method = socket.recv(2).unpack("C2")
+      if version != PROTOCOL_VERSION
+        raise UnsupportedProtocol, "SOCKS5 is not supported"
+      end
+
+      method
+    end
+
+    # @param socket [Socket, TCPSocket]
+    # @param command [Integer]
+    # @param remote_host [String]
+    # @param remote_port [Integer, String] a port number or service name such as "http"
+    # @return [Array(String, Integer)] an array of [bound_address, bound_port]
+    def send_details(socket, command, remote_host, remote_port)
+      request = [PROTOCOL_VERSION, command, 0x00].pack("C*")
+      request << build_destination_packets(remote_host, remote_port)
+      socket.write(request)
+
+      process_reply(socket)
+    end
+
+    # @param remote_host [String]
+    # @param remote_port [Integer, String]
+    # @return [String]
+    def build_destination_packets(remote_host, remote_port)
+      begin
+        ipaddr = IPAddr.new(remote_host)
+      rescue IPAddr::InvalidAddressError
+        # Just ignore the error because remote_host must be a domain name
+      end
+
+      packets = +""
+      case
+      when ipaddr.nil?
+        packets << [AddressType::DOMAINNAME, remote_host.size, remote_host].pack("CCa*")
+      when ipaddr.ipv4?
+        packets << [AddressType::IPV4, ipaddr.hton].pack("Ca*")
+      when ipaddr.ipv6?
+        packets << [AddressType::IPV6, ipaddr.hton].pack("Ca*")
+      else
+        raise "Unknown type of IPAddr: #{ipaddr.inspect}"
+      end
+      packets << [remote_port.is_a?(String) ? Socket.getservbyname(remote_port) : remote_port].pack("n")
+
+      packets
+    end
+
+    # @param io [TCPSocket, Socket, StringIO]
+    # @return [Array(String, Integer)] an array of [bound_address, bound_port]
+    def process_reply(io)
+      _, rep, _, atyp = io.read(4).unpack("C*")
+      raise RelayRequestFailure.new(rep) if rep != 0x00
+
+      case atyp
+      when AddressType::IPV4
+        bound_address = IPAddr.ntop(io.read(4))
+      when AddressType::DOMAINNAME
+        len = io.read(1).unpack("C").first
+        bound_address = io.read(len).unpack("a*").first
+      when AddressType::IPV6
+        bound_address = IPAddr.ntop(io.read(16))
+      else
+        raise "Unknown atyp #{atyp}"
+      end
+
+      bound_port = io.read(2).unpack("n").first
+
+      [bound_address, bound_port]
+  end
+end