added username/password authentication according to RFC 1929

This commit is contained in:
Marek Rost 2018-06-19 17:55:14 +02:00
parent 88c62c8a31
commit 8a317800ef
2 changed files with 55 additions and 11 deletions

3
config.php Normal file
View File

@ -0,0 +1,3 @@
$AUTH_ENABLED = 0;
$USERNAME = 'changeme';
$PASSWORD = '1234';

View File

@ -1,4 +1,4 @@
<?php <?php
use \Workerman\Worker; use \Workerman\Worker;
use \Workerman\WebServer; use \Workerman\WebServer;
use \Workerman\Connection\TcpConnection; use \Workerman\Connection\TcpConnection;
@ -7,14 +7,16 @@ use \Workerman\Connection\AsyncTcpConnection;
// 自动加载类 // 自动加载类
require_once __DIR__ . '/vendor/autoload.php'; require_once __DIR__ . '/vendor/autoload.php';
define('STAGE_INIT', 0); require_once __DIR__ . '/config.php';
define('STAGE_ADDR', 1);
define('STAGE_UDP_ASSOC', 2);
define('STAGE_DNS', 3);
define('STAGE_CONNECTING', 4);
define('STAGE_STREAM', 5);
define('STAGE_DESTROYED', -1);
define('STAGE_INIT', 0);
define('STAGE_AUTH', 1);
define('STAGE_ADDR', 2);
define('STAGE_UDP_ASSOC', 3);
define('STAGE_DNS', 4);
define('STAGE_CONNECTING', 5);
define('STAGE_STREAM', 6);
define('STAGE_DESTROYED', -1);
define('CMD_CONNECT', 1); define('CMD_CONNECT', 1);
define('CMD_BIND', 2); define('CMD_BIND', 2);
@ -24,6 +26,9 @@ define('ADDRTYPE_IPV4', 1);
define('ADDRTYPE_IPV6', 4); define('ADDRTYPE_IPV6', 4);
define('ADDRTYPE_HOST', 3); define('ADDRTYPE_HOST', 3);
define('METHOD_NO_AUTH', 0);
define('METHOD_GSSAPI', 1);
define('METHOD_USER_PASS', 2);
$worker = new Worker('tcp://0.0.0.0:1080'); $worker = new Worker('tcp://0.0.0.0:1080');
$worker->onConnect = function($connection) $worker->onConnect = function($connection)
@ -35,16 +40,52 @@ $worker->onMessage = function($connection, $buffer)
switch($connection->stage) switch($connection->stage)
{ {
case STAGE_INIT: case STAGE_INIT:
if ($AUTH_ENABLED)
{
$methodslen = ord($buffer[1]);
$methods = array();
for ($i = 0; $i < strlen($buffer)-3; $i++)
{
array_push($methods, ord($buffer[$i+3]));
}
if (in_array(METHOD_USER_PASS, $methods))
{
$connection->send("\x05\x02");
$connection->stage = STAGE_AUTH;
return;
}
echo "client does not support user/pass auth\n";
$connection->send("\x05\xff");
$connection->stage = STAGE_DESTROYED;
$connection->close();
return;
}
$connection->send("\x05\x00"); $connection->send("\x05\x00");
$connection->stage = STAGE_ADDR; $connection->stage = STAGE_ADDR;
return; return;
case STAGE_AUTH:
$userlen = ord($buffer[1]);
$user = substr($buffer, 2, $userlen);
$passlen = ord($buffer[2 + $userlen]);
$pass = substr($buffer, 3 + $userlen, $passlen);
if ($user == $USERNAME && $pass == $PASSWORD)
{
$connection->send("\x05\x00");
$connection->stage = STAGE_ADDR;
return;
}
echo "auth failed\n";
$connection->send("\x05\x01");
$connection->stage = STAGE_DESTROYED;
$connection->close();
return;
case STAGE_ADDR: case STAGE_ADDR:
$cmd = ord($buffer[1]); $cmd = ord($buffer[1]);
if($cmd != CMD_CONNECT) if($cmd != CMD_CONNECT)
{ {
echo "bad cmd $cmd\n"; echo "bad cmd $cmd\n";
$connection->close(); $connection->close();
return; return;
} }
$header_data = parse_socket5_header($buffer); $header_data = parse_socket5_header($buffer);
if(!$header_data) if(!$header_data)