Home Explore Help
Sign In
cloudflare
/
cloudflared
mirror of https://github.com/cloudflare/cloudflared
Watch 1
Star 0
Fork 0
Files Issues
Tree: d779394748
Branches Tags
cloudflared
/
socks
/
authenticator.go

authenticator.go 2.3 KB
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788 
  1. package socks
    2. 

  2. 

  3. import (
    4. 

  4. 	"fmt"
    5. 

  5. 	"io"
    6. 

  6. )
    7. 

  7. 

  8. // Authenticator is the connection passed in as a reader/writer to support different authentication types
    9. 

  9. type Authenticator interface {
    10. 

  10. 	Handle(io.Reader, io.Writer) error
    11. 

  11. }
    12. 

  12. 

  13. // NoAuthAuthenticator is used to handle the No Authentication mode
    14. 

  14. type NoAuthAuthenticator struct{}
    15. 

  15. 

  16. // NewNoAuthAuthenticator creates a authless Authenticator
    17. 

  17. func NewNoAuthAuthenticator() Authenticator {
    18. 

  18. 	return &NoAuthAuthenticator{}
    19. 

  19. }
    20. 

  20. 

  21. // Handle writes back the version and NoAuth
    22. 

  22. func (a *NoAuthAuthenticator) Handle(reader io.Reader, writer io.Writer) error {
    23. 

  23. 	_, err := writer.Write([]byte{socks5Version, NoAuth})
    24. 

  24. 	return err
    25. 

  25. }
    26. 

  26. 

  27. // UserPassAuthAuthenticator is used to handle the user/password mode
    28. 

  28. type UserPassAuthAuthenticator struct {
    29. 

  29. 	IsValid func(string, string) bool
    30. 

  30. }
    31. 

  31. 

  32. // NewUserPassAuthAuthenticator creates a new username/password validator Authenticator
    33. 

  33. func NewUserPassAuthAuthenticator(isValid func(string, string) bool) Authenticator {
    34. 

  34. 	return &UserPassAuthAuthenticator{
    35. 

  35. 		IsValid: isValid,
    36. 

  36. 	}
    37. 

  37. }
    38. 

  38. 

  39. // Handle writes back the version and NoAuth
    40. 

  40. func (a *UserPassAuthAuthenticator) Handle(reader io.Reader, writer io.Writer) error {
    41. 

  41. 	if _, err := writer.Write([]byte{socks5Version, UserPassAuth}); err != nil {
    42. 

  42. 		return err
    43. 

  43. 	}
    44. 

  44. 

  45. 	// Get the version and username length
    46. 

  46. 	header := []byte{0, 0}
    47. 

  47. 	if _, err := io.ReadAtLeast(reader, header, 2); err != nil {
    48. 

  48. 		return err
    49. 

  49. 	}
    50. 

  50. 

  51. 	// Ensure compatibility. Someone call E-harmony
    52. 

  52. 	if header[0] != userAuthVersion {
    53. 

  53. 		return fmt.Errorf("Unsupported auth version: %v", header[0])
    54. 

  54. 	}
    55. 

  55. 

  56. 	// Get the user name
    57. 

  57. 	userLen := int(header[1])
    58. 

  58. 	user := make([]byte, userLen)
    59. 

  59. 	if _, err := io.ReadAtLeast(reader, user, userLen); err != nil {
    60. 

  60. 		return err
    61. 

  61. 	}
    62. 

  62. 

  63. 	// Get the password length
    64. 

  64. 	if _, err := reader.Read(header[:1]); err != nil {
    65. 

  65. 		return err
    66. 

  66. 	}
    67. 

  67. 

  68. 	// Get the password
    69. 

  69. 	passLen := int(header[0])
    70. 

  70. 	pass := make([]byte, passLen)
    71. 

  71. 	if _, err := io.ReadAtLeast(reader, pass, passLen); err != nil {
    72. 

  72. 		return err
    73. 

  73. 	}
    74. 

  74. 

  75. 	// Verify the password
    76. 

  76. 	if a.IsValid(string(user), string(pass)) {
    77. 

  77. 		_, err := writer.Write([]byte{userAuthVersion, authSuccess})
    78. 

  78. 		return err
    79. 

  79. 	}
    80. 

  80. 

  81. 	// password failed. Write back failure
    82. 

  82. 	if _, err := writer.Write([]byte{userAuthVersion, authFailure}); err != nil {
    83. 

  83. 		return err
    84. 

  84. 	}
    85. 

  85. 

  86. 	return fmt.Errorf("User authentication failed")
    87. 

  87. }
    88. 

  88.