o zqf*yã@sfdZddlZddlZddlZddlZddlZddlZddlZddlZddl Z ddl Z ddl Z ddl m Z ddlmZddlZddlmZddlmZddlmZmZGdd „d ejƒZGd d „d ejƒZd d „Ze je je jBe j Be j!Be je jBe j Be j!Be j"Be je jBe j Be j!Be j"Be j#BdœZ$dd„Z%dd„Z&Gdd„de eƒZ'e(dkr±e&ƒdSdS)aV A WebSocket to TCP socket proxy with support for "wss://" encryption. Copyright 2011 Joel Martin Licensed under LGPL version 3 (see docs/LICENSE.LGPL-3) You can make a cert/key with openssl using: openssl req -new -x509 -days 365 -nodes -out self.pem -keyout self.pem as taken from http://docs.python.org/dev/library/ssl.html#certificates éN)ÚThreadingMixIn)Ú HTTPServer)Úwebsockifyserver)Ú auth_plugins)Úparse_qsÚurlparsec@sDeZdZdZdZdd„Zdd„Zdd„Zd d „Zd d „Z d d„Z dS)ÚProxyRequestHandlerézÆ Traffic Legend: } - Client receive }. - Client receive partial { - Target receive > - Target send >. - Target send partial < - Client send <. - Client send partial cCsH| |j|j¡| dd¡|j ¡D] \}}| ||¡q| ¡dS)Nz Content-Typez text/html)Ú send_responseÚcodeÚmsgÚ send_headerÚheadersÚitemsÚ end_headers)ÚselfÚexÚnameÚval©rúX/root/parts/websockify/install/lib/python3.10/site-packages/websockify/websocketproxy.pyÚsend_auth_error's   z#ProxyRequestHandler.send_auth_errorcCsF|jjsdS| |jj¡\}}|dkr||j_dS||j_||j_dS)NÚ unix_socket)ÚserverÚ token_pluginÚ get_targetÚ unix_targetÚ target_hostÚ target_port)rÚhostÚportrrrÚvalidate_connection/s  z'ProxyRequestHandler.validate_connectionc Csª|jjsdSz|j ¡}|d}tdd„|Dƒƒ}|d|jd<Wn tttfy-Ynwz|jjj |j|jj |jj dWdSt j yTt ¡d}| |¡‚w)NÚsubjectcSsg|]}|d‘qS)rr)Ú.0ÚxrrrÚ Esz7ProxyRequestHandler.auth_connection..Ú commonNameÚSSL_CLIENT_S_DN_CN)rrré)rÚ auth_pluginÚrequestÚ getpeercertÚdictrÚ TypeErrorÚAttributeErrorÚKeyErrorÚ authenticaterrÚauthÚAuthenticationErrorÚsysÚexc_infor)rÚclient_cert_dataÚclient_cert_subjectrrrrÚauth_connection;s( þ  þ  ýz#ProxyRequestHandler.auth_connectionc Cs¢|jjrdd |jj¡|jjf}n|jjrd|jj}n d|jj|jjf}|jjr/|d7}| |¡ztj j |jj|jjd|jj|jjd}Wnt yg}z| d|jj|jj|¡|  d d ¡‚d }~ww|jj sv|j t jt jd ¡|jjs‡|jjs‡| t jt jd ¡| |j¡z&| |¡W|r°| t j¡| ¡|jr²| d |jj|jj¡d Sd Sd S|rÏ| t j¡| ¡|jrÐ| d |jj|jj¡www)zO Called after a new WebSocket connection has been established. z%connecting to command: '%s' (port %s)ú zconnecting to unix socket: %szconnecting to: %s:%sú (using SSL)T)ÚconnectÚuse_sslrzFailed to connect to %s:%s: %sióz&Failed to connect to downstream serverNr(z%s:%s: Closed target)rÚwrap_cmdÚjoinrrrÚ ssl_targetÚ log_messagerÚWebSockifyServerÚsocketÚ ExceptionÚCCloseÚ unix_listenr*Ú setsockoptÚSOL_TCPÚ TCP_NODELAYÚ print_trafficÚtraffic_legendÚdo_proxyÚshutdownÚ SHUT_RDWRÚcloseÚverbose)rr ÚtsockÚerrrÚnew_websocket_clientUsb ÿ   üÿ €ý    ÿüý  ÿüz(ProxyRequestHandler.new_websocket_clientcCsž|jr|j d¡}|r| d¡d}ntt|jƒdƒ}d|vr0t|dƒr0|dd d¡}nd}|dur<|j   d¡‚|  |¡}|durG|S|j   d |¡‚) zò Gets a token from either the path or the host, depending on --host-token, and looks up a target for that token using the token plugin. Used by validate_connection() to set target_host and target_port. ÚHostú:réÚtokenÚ NzToken not presentzToken '%s' not found) Ú host_tokenrÚgetÚ partitionrrÚpathÚlenÚrstriprÚECloseÚlookup)rÚ target_pluginrUÚargsÚ result_pairrrrr†s €  zProxyRequestHandler.get_targetc Cs¼g}d}g}|j|g}|jjrt ¡}||jj|_nd|_ g}|jdur:t ¡}||jkr:||jj|_| ¡|rA| |¡|sE|rK| |j¡z t ||gd¡\}} } Wn%tjtfy}t   ¡d} t | dƒrq| j } n| d} | t j kr{‚Yqw| r„tdƒ‚|j| vr| |¡}g}|j|vrë| ¡\} }| | ¡|rët|ƒdkrÓ| d¡}| |¡}|t|ƒkr¾| d¡n| d||d…¡| d¡t|ƒdks¨|jrá| d |jj|jj¡| |d |d ¡‚|| vr| d¡}| |¡}|t|ƒkr| d¡n| d||d…¡| d¡||vr]| |j¡}t|ƒdkrSt|ƒdkr>d}|r<| |¡}|s4g}|jrM| d |jj|jj¡| d d¡‚| |¡| d¡q)zA Proxy client WebSocket to normal target socket. rNTr(ÚerrnozSocket exceptionú>z.>z%s:%s: Client closed connectionr Úreasonz%s:%s: Target closed connectionièz Target closedÚ{)r*rÚ heartbeatÚtimeÚ send_pingÚappendÚselectÚerrorÚOSErrorr3r4ÚhasattrrbÚEINTRrBÚ send_framesÚ recv_framesÚextendr[ÚpopÚsendrHÚinsertrNr?rrrCÚrecvÚ buffer_size)rÚtargetÚcqueueÚc_pendÚtqueueÚrlistÚnowÚwlistÚinsÚoutsÚexceptsÚexcÚerrÚbufsÚclosedÚdatÚsentÚbufrrrrJ­s’      ö            ÷  ÿ        ÿ ÿ   ¦zProxyRequestHandler.do_proxyN) Ú__name__Ú __module__Ú __qualname__rvrIrr!r7rQrrJrrrrrs  1 'rcs@eZdZdZdZef‡fdd„ Zdd„Zdd„Zd d „Z ‡Z S) ÚWebSocketProxyza Proxy traffic to and from a WebSockets client to a normal TCP socket server target. r c sÈ| dd¡|_| dd¡|_| dd¡|_| dd¡|_| dd¡|_| dd¡|_| dd¡|_| dd¡|_| d d¡|_ | d d¡|_ gd ¢|_ |jrÕt j  tjd ¡}t j  |d d¡t j  |d dd¡t j  |d ¡|g}d|_|D]}t j  |d¡}t j  |¡rˆ||_nqt|jstdƒ‚t j  |j¡|_d|_t tjtj¡}| d¡| ¡d|_| ¡td|jt j dd¡gƒ} t j t j  | ¡t!|dƒt!|jƒdœ¡t"ƒj#|g|¢Ri|¤ŽdS)Nrrr<Ú wrap_moderr>rfrrWr))rrrrz..ÚlibÚ websockifyz rebind.soz1rebind.so not found, perhaps you need to run makez 127.0.0.1)Úrr(Ú LD_PRELOADÚ listen_port)rÚREBIND_OLD_PORTÚREBIND_NEW_PORT)$rrrrr<rŒrr>rfrrWr)Ú wrap_timesÚosrZÚdirnamer3Úargvr=ÚrebinderÚexistsrBÚabspathrAÚAF_INETÚ SOCK_STREAMÚbindÚ getsocknamerMÚfilterÚenvironrXÚupdateÚpathsepÚstrÚsuperÚ__init__) rÚRequestHandlerClassr`ÚkwargsÚwsdirÚ rebinder_pathÚrdirÚrpathÚsockÚ ld_preloads©Ú __class__rrr¥ sP  ý þ   ýzWebSocketProxy.__init__cCsP| dd |j¡¡|j t ¡¡|j d¡tj|jt j t d|_ d|_ dS)Nz Starting '%s'r8r)ÚenvÚ preexec_fnT)r r=r<r”rirgrrÚ subprocessÚPopenr•r Ú_subprocess_setupÚcmdÚ spawn_message)rrrrÚ run_wrap_cmdTs  ÿ zWebSocketProxy.run_wrap_cmdcCs´|jrdd |j¡|jf}n|jr|j}nd|j|jf}|jdkr&d}nd|j|jf}|jrr r·)rÚ dst_stringÚ src_stringr rrrÚstarted\s*  ÿÿ  ÿzWebSocketProxy.startedcCsÐ|jr|jr|j ¡}|dkr| d|¡d|_|jrb|jdkrd|jdkr(dS|jdkr4t |¡dS|jdkrft ¡}t|j ƒt |j ƒ}||dkr\|j rZ|  d¡d|_ dSdS|  ¡dSdSdSdS)Nz/Wrapped command exited (or daemon). Returned %sÚignoreÚexitÚrespawné zCommand respawning too fastF)r<rµÚpollÚvmsgrŒr3rÀrgÚsumr”r[r¶Úwarnr·)rÚretr|ÚavgrrrrÃ}s*        þ ñzWebSocketProxy.poll) rˆr‰rŠÚ__doc__rvrr¥r·r¾rÃÚ __classcell__rrr®rr‹s4!r‹cCst tjtj¡dS)N)ÚsignalÚSIGPIPEÚSIG_DFLrrrrr´˜sr´©ÚdefaultÚtlsv1_1Útlsv1_2Útlsv1_3cCsN|tvrt|Stt ¡ƒ}| ¡|d}t tj¡}| d||¡t|S)zXReturns SSL options for the most secure TSL version available on this Python versionéÿÿÿÿz.TLS version %s unsupported. Falling back to %s) Ú SSL_OPTIONSÚlistÚkeysÚsortÚloggingÚ getLoggerr‹Ú log_prefixrÆ)ÚversionrÖÚfallbackÚloggerrrrÚselect_ssl_version¨s  ÿrÞcCsnt ¡}| tj¡t d¡}| |¡t ¡}| |¡| tj¡d}|d7}|d7}|d7}|d7}|d7}|d7}|d7}t j |d}|j dd d d d |j d d dd |j dddd|j dddd dd|j dd dd |j dt ddd|j dt ddd|j d d!d"d#|j d$dd%d#|j d&dd'd#|j d(d d)d |j d*d d+d |j d,d d-d |j d.dd/d0|j d1d2d3gd4¢d5d6d7|j d8d5d9d |j d:d;ddd<|j d=dd>d#|j d?d@dd|j dAdBd dC|j dDddEdFdG|j dHd dId |j dJdKdLgdM¢dNdO|j dPdQd dRdSdT|j dUd dVd |j dWddXdYdZ|j d[dd\d]dG|j d^dd_d`dG|j dad dbd |j dcdd\dddG|j dedd_dfdG|j dgt ddhdidj|j dkddldmdZ|j dnddodpdG|j dqd drd |j dsd dtd |  ¡\}}|jr•|js•| du¡|jr¢|js¢| dv¡|jr¯|js¯| dw¡|jr¼|js¼| dx¡|jrÉ|jsÉ| dy¡|jrÖ|jsÖ| dz¡t|jƒ|_|`|jrtj |j¡|_t |j¡}| tj¡| |¡t ¡}| |¡|`|jrj|j  d{¡r5|j !d{d|¡\}} zt | ƒ} Wnt"y/| d}¡Ynw|| f} ntj |j¡} dd~l#m$} |j%rJ| j&} n| j'} | | | d|jd€} |  tj¡|  |¡t ¡}| | ¡|`|`|j(r|t ¡}| tj¡|j)rˆtj |j)¡|_)|j)r“d|_|j)|_|`)t*j+  d‚¡r¤|d|d…|_,nd|_,t-j.s´|j/r´| dƒ¡|j0rÈtj 1|j2¡sÈ| d„|j2¡|j3rÓt*j4 5¡|_6ns|j7rü|j8rôz t |j8d…ƒ|_8Wnat"yó| d†¡YnSwt9j:t9j;B|_8nJt<|ƒd|kr| d‡¡| =d¡}|  d{¡dkr'| !d{d|¡\|_>|_?|j> @dˆ¡|_>nd‰||_>|_?zt |j?ƒ|_?Wnt"yE| dŠ¡Ynw|`3|j,sT|jAsT|jr[d|_Bd|_CnHt<|ƒd|krg| d‡¡| =d¡}|  d{¡dkr†| !d{d|¡\|_B|_C|jB @dˆ¡|_Bn| d‹¡zt |jCƒ|_CWnt"y¢| dŒ¡Ynwt<|ƒdkrµ|j,dkrµ| d¡|jdurâdŽ|jvrÇd|j|_|j !dŽd|¡\}}tD|ƒtEt*jF||ƒ}||jƒ|_|`|jdurdŽ|jvröd|j|_|j !dŽd|¡\}}tD|ƒtEt*jF||ƒ}||jƒ|_|`|jG}|`G|r)tHd‘i|jI¤Ž}| J¡dStKd‘i|jI¤Ž}| L¡dS)’Nz %(message)sz %prog [options]z2 [source_addr:]source_port target_addr:target_portz/ --token-plugin=CLASS [source_addr:]source_portz- --unix-target=FILE [source_addr:]source_portz/ [source_addr:]source_port -- WRAP_COMMAND_LINE)Úusagez --verbosez-vÚ store_truezverbose messages)ÚactionÚhelpz --trafficzper frame trafficz--recordz(record sessions to FILE.[session_number]ÚFILE)râÚmetavarz--daemonz-DÚdaemonz$become a daemon (background process))Údestrárâz --run-oncez-handle a single WebSocket connection and exitz --timeoutrz-after TIMEOUT seconds exit when not connected)r»rÏrâz--idle-timeoutzEserver exits after TIMEOUT seconds if there are no active connectionsz--certzself.pemzSSL certificate file)rÏrâz--keyz$SSL key file (if separate from cert)z--key-passwordzSSL key passwordz --ssl-onlyz)disallow non-encrypted client connectionsz --ssl-targetz#connect to SSL target as SSL clientz--verify-clientzlrequire encrypted client to present a valid certificate (needs Python 2.7.9 or newer or Python 3.4 or newer)z--cafilez¦file of concatenated certificates of authorities trusted for validating clients (only effective with --verify-client). If omitted, system default list of CAs is used.)rärâz --ssl-versionÚchoicerÏrÎÚstorez?minimum TLS version to use (default, tlsv1_1, tlsv1_2, tlsv1_3))r»rÏÚchoicesrárâz --ssl-ciphersz]list of ciphers allowed for connection. For a list of supported ciphers run `openssl ciphers`z --unix-listenzlisten to unix socket)rârärÏz--unix-listen-modez/specify mode for unix socket (defaults to 0600)z --unix-targetzconnect to unix socket targetz--inetdz/inetd mode, receive listening socket from stdin)râráz--webÚDIRz1run webserver on same port. Serve files from DIR.)rÏrärâz --web-authz+require authentication to access webserver.z --wrap-moderÀÚMODE)rÀr¿rÁz\action to take when the wrapped program exits or daemonizes: exit (default), ignore, respawn)rÏrärérâz --prefer-ipv6z-6Úsource_is_ipv6z&prefer IPv6 when resolving source_addr)rárærâz --libserverz&use Python library SocketServer enginez--target-configÚ target_cfgzíConfiguration file containing valid targets in the form 'token: host:port' or, alternatively, a directory containing configuration files of this form (DEPRECATED: use `--token-plugin TokenFile --token-source path/to/token/file` instead))rärærâz--token-pluginÚCLASSzxuse a Python class, usually one from websockify.token_plugins, such as TokenFile, to process tokens into host:port pairsz--token-sourceÚARGz=an argument to be passed to the token plugin on instantiationz --host-tokenzJuse the host HTTP header as token instead of the token URL query parameterz --auth-pluginz|use a Python class, usually one from websockify.auth_plugins, such as BasicHTTPAuth, to determine if a connection is allowedz --auth-sourcezÚssl_onlyr™Úcertr¸ÚstdinÚfilenor¹rDÚunix_listen_modeÚstatÚS_IREADÚS_IWRITEr[rrrºr‘ÚstriprrrÚ __import__ÚgetattrÚmodulesÚ libserverÚLibProxyServerÚ__dict__Ú serve_foreverr‹Ú start_server)Ústderr_handlerÚ log_formatterÚrootrßÚparserÚoptsr`Úlog_file_handlerÚ syslog_hostÚ syslog_portÚ syslog_destróÚsyslog_facilityÚsyslog_handlerÚargÚtoken_plugin_moduleÚtoken_plugin_clsÚauth_plugin_moduleÚauth_plugin_clsr#rrrrÚwebsockify_init¹s       ÿÿÿþÿ ÿ ÿÿÿÿÿÿÿÿ þÿÿÿÿÿ ÿÿ þþÿþ ÿ ÿÿ ÿ ÿ ÿþ ÿÿÿ             ÿ  ý     ÿ  ÿ   ÿ   ÿ       r8cs0eZdZdZef‡fdd„ Z‡fdd„Z‡ZS)r$zX Just like WebSocketProxy, but uses standard Python SocketServer framework. c s:| dd¡|_| dd¡|_| dd¡|_| dd¡|_| dd¡|_| dd¡|_| dd¡|_| dd¡|_| d d¡|_ d|_d|_d |_ | d d ¡}| d d¡}| dd ¡}| |_ | dd ¡|_ | dd ¡}|rtt j |¡|_| dd ¡|_d|_| ¡D]}td|ƒq‚|r’t  |¡tƒ ||f|¡dS)Nrrr<rŒrr>rr)rfFrºrr‘r rNÚrecordÚrun_oncerz1warning: option %s ignored when using --libserver)rrrrr<rŒrr>rr)rfråÚ only_upgraderNr•rZršr9r:Ú handler_idrÖÚprintÚchdirr¤r¥)rr¦r§rºr‘r r9r3r®rrr¥òs6      zLibProxyServer.__init__cs |jd7_tƒ ||¡dS)z/Override process_request to implement a counterr(N)r<r¤Úprocess_request)rr*Úclient_addressr®rrr?szLibProxyServer.process_request)rˆr‰rŠrÉrr¥r?rÊrrr®rr$ìs'r$Ú__main__))rÉrËrArrgr•r3r²rØrbrrÚ socketserverrÚ http.serverrrjrŽrrr1Ú urllib.parserrÚWebSockifyRequestHandlerrr@r‹r´ÚOP_ALLÚPROTOCOL_SSLv23Ú OP_NO_SSLv2Ú OP_NO_SSLv3Ú OP_NO_TLSv1Ú OP_NO_TLSv1_1Ú OP_NO_TLSv1_2rÔrÞr8r$rˆrrrrÚsNX    ÿÿÿÿÿÿú 53 ÿ