Merge pull request #71 from clue-labs/sockss

clue · web-flow · commit 595310346014 · 2017-12-16T18:35:47.000+01:00
Report socks5s:// remote URI scheme for SOCKS over TLS during auth
diff --git a/README.md b/README.md
@@ -738,6 +738,7 @@ $server->setAuth(function ($username, $password, $remote) {
     // or use promises for delayed authentication
 
     // $remote is a full URI à la socks5://user:pass@192.168.1.1:1234
+    // or socks5s://user:pass@192.168.1.1:1234 for SOCKS over TLS
     // useful for logging or extracting parts, such as the remote IP
     $ip = parse_url($remote, PHP_URL_HOST);
 
diff --git a/src/Server.php b/src/Server.php
@@ -194,10 +194,11 @@ public function handleSocks4(ConnectionInterface $stream, $protocolVersion, Stre
         $remote = $stream->getRemoteAddress();
         if ($remote !== null) {
             // remove transport scheme and prefix socks4:// instead
+            $secure = strpos($remote, 'tls://') === 0;
             if (($pos = strpos($remote, '://')) !== false) {
                 $remote = substr($remote, $pos + 3);
             }
-            $remote = 'socks4://' . $remote;
+            $remote = 'socks4' . ($secure ? 's' : '') . '://' . $remote;
         }
 
         $that = $this;
@@ -246,10 +247,11 @@ public function handleSocks5(ConnectionInterface $stream, $auth=null, StreamRead
         $remote = $stream->getRemoteAddress();
         if ($remote !== null) {
             // remove transport scheme and prefix socks5:// instead
+            $secure = strpos($remote, 'tls://') === 0;
             if (($pos = strpos($remote, '://')) !== false) {
                 $remote = substr($remote, $pos + 3);
             }
-            $remote = 'socks5://' . $remote;
+            $remote = 'socks5' . ($secure ? 's' : '') . '://' . $remote;
         }
 
         $that = $this;
diff --git a/tests/ServerTest.php b/tests/ServerTest.php
@@ -271,6 +271,20 @@ public function testHandleSocks4aConnectionWithHostnameAndSourceAddressWillEstab
         $connection->emit('data', array("\x04\x01" . "\x00\x50" . "\x00\x00\x00\x01" . "\x00" . "example.com" . "\x00"));
     }
 
+    public function testHandleSocks4aConnectionWithSecureTlsSourceAddressWillEstablishOutgoingConnection()
+    {
+        $connection = $this->getMockBuilder('React\Socket\Connection')->disableOriginalConstructor()->setMethods(array('pause', 'end', 'getRemoteAddress'))->getMock();
+        $connection->expects($this->once())->method('getRemoteAddress')->willReturn('tls://10.20.30.40:5060');
+
+        $promise = new Promise(function () { });
+
+        $this->connector->expects($this->once())->method('connect')->with('example.com:80?source=socks4s%3A%2F%2F10.20.30.40%3A5060')->willReturn($promise);
+
+        $this->server->onConnection($connection);
+
+        $connection->emit('data', array("\x04\x01" . "\x00\x50" . "\x00\x00\x00\x01" . "\x00" . "example.com" . "\x00"));
+    }
+
     public function testHandleSocks4aConnectionWithInvalidHostnameWillNotEstablishOutgoingConnection()
     {
         $connection = $this->getMockBuilder('React\Socket\Connection')->disableOriginalConstructor()->setMethods(array('pause', 'end'))->getMock();
@@ -309,6 +323,20 @@ public function testHandleSocks5ConnectionWithIpv4AndSourceAddressWillEstablishO
         $connection->emit('data', array("\x05\x01\x00" . "\x05\x01\x00\x01" . pack('N', ip2long('127.0.0.1')) . "\x00\x50"));
     }
 
+    public function testHandleSocks5ConnectionWithSecureTlsIpv4AndSourceAddressWillEstablishOutgoingConnection()
+    {
+        $connection = $this->getMockBuilder('React\Socket\Connection')->disableOriginalConstructor()->setMethods(array('pause', 'end', 'write', 'getRemoteAddress'))->getMock();
+        $connection->expects($this->once())->method('getRemoteAddress')->willReturn('tls://10.20.30.40:5060');
+
+        $promise = new Promise(function () { });
+
+        $this->connector->expects($this->once())->method('connect')->with('127.0.0.1:80?source=socks5s%3A%2F%2F10.20.30.40%3A5060')->willReturn($promise);
+
+        $this->server->onConnection($connection);
+
+        $connection->emit('data', array("\x05\x01\x00" . "\x05\x01\x00\x01" . pack('N', ip2long('127.0.0.1')) . "\x00\x50"));
+    }
+
     public function testHandleSocks5ConnectionWithIpv6WillEstablishOutgoingConnection()
     {
         $connection = $this->getMockBuilder('React\Socket\Connection')->disableOriginalConstructor()->setMethods(array('pause', 'end', 'write'))->getMock();

Original file line number	Diff line number	Diff line change
`@@ -194,10 +194,11 @@ public function handleSocks4(ConnectionInterface $stream, $protocolVersion, Stre`
`194`	`194`	`$remote = $stream->getRemoteAddress();`
`195`	`195`	`if ($remote !== null) {`
`196`	`196`	`// remove transport scheme and prefix socks4:// instead`
	`197`	`+ $secure = strpos($remote, 'tls://') === 0;`
`197`	`198`	`if (($pos = strpos($remote, '://')) !== false) {`
`198`	`199`	`$remote = substr($remote, $pos + 3);`
`199`	`200`	`}`
`200`		`- $remote = 'socks4://' . $remote;`
	`201`	`+ $remote = 'socks4' . ($secure ? 's' : '') . '://' . $remote;`
`201`	`202`	`}`
`202`	`203`
`203`	`204`	`$that = $this;`
`@@ -246,10 +247,11 @@ public function handleSocks5(ConnectionInterface $stream, $auth=null, StreamRead`
`246`	`247`	`$remote = $stream->getRemoteAddress();`
`247`	`248`	`if ($remote !== null) {`
`248`	`249`	`// remove transport scheme and prefix socks5:// instead`
	`250`	`+ $secure = strpos($remote, 'tls://') === 0;`
`249`	`251`	`if (($pos = strpos($remote, '://')) !== false) {`
`250`	`252`	`$remote = substr($remote, $pos + 3);`
`251`	`253`	`}`
`252`		`- $remote = 'socks5://' . $remote;`
	`254`	`+ $remote = 'socks5' . ($secure ? 's' : '') . '://' . $remote;`
`253`	`255`	`}`
`254`	`256`
`255`	`257`	`$that = $this;`