o &æÑgzã@sfdZddlZddlZddlZddlZddlZddlZddlZddlZddl Z ddl Z ddl Z ddl m Z ddlmZddlZddlmZddlmZddlmZmZGdd „d ejƒZGd d „d ejƒZd d „Ze je je jBe j Be j!Be je jBe j Be j!Be j"Be je jBe j Be j!Be j"Be j#BdœZ$dd„Z%dd„Z&Gdd„de eƒZ'e(dkr±e&ƒdSdS)aV A WebSocket to TCP socket proxy with support for "wss://" encryption. Copyright 2011 Joel Martin Licensed under LGPL version 3 (see docs/LICENSE.LGPL-3) You can make a cert/key with openssl using: openssl req -new -x509 -days 365 -nodes -out self.pem -keyout self.pem as taken from http://docs.python.org/dev/library/ssl.html#certificates éN)ÚThreadingMixIn)Ú HTTPServer)Úwebsockifyserver)Ú auth_plugins)Úparse_qsÚurlparsec@sDeZdZdZdZdd„Zdd„Zdd„Zd d „Zd d „Z d d„Z dS)ÚProxyRequestHandlerézÆ Traffic Legend: } - Client receive }. - Client receive partial { - Target receive > - Target send >. - Target send partial < - Client send <. - Client send partial cCsH| |j|j¡| dd¡|j ¡D] \}}| ||¡q| ¡dS)Nz Content-Typez text/html)Ú send_responseÚcodeÚmsgÚ send_headerÚheadersÚitemsÚ end_headers)ÚselfÚexÚnameÚval©rúX/root/parts/websockify/install/lib/python3.10/site-packages/websockify/websocketproxy.pyÚsend_auth_error's   z#ProxyRequestHandler.send_auth_errorcCsF|jjsdS| |jj¡\}}|dkr||j_dS||j_||j_dS)NÚ unix_socket)ÚserverÚ token_pluginÚ get_targetÚ unix_targetÚ target_hostÚ target_port)rÚhostÚportrrrÚvalidate_connection/s  z'ProxyRequestHandler.validate_connectionc CsÌ|jjsdSdd„|jDƒ}|D]}|j|=qz|j ¡}|d}tdd„|Dƒƒ}|d|jd<Wn tttfy>Ynwz|jjj |j|jj |jj dWdSt j yet ¡d}| |¡‚w) NcSsg|] }| d¡r|‘qS)ÚSSL_)Ú startswith)Ú.0ÚhrrrÚ Asz7ProxyRequestHandler.auth_connection..ÚsubjectcSsg|]}|d‘qS)rr)r$Úxrrrr&KsÚ commonNameÚSSL_CLIENT_S_DN_CN)rrré)rÚ auth_pluginrÚrequestÚ getpeercertÚdictÚ TypeErrorÚAttributeErrorÚKeyErrorÚ authenticaterrÚauthÚAuthenticationErrorÚsysÚexc_infor)rÚ ssl_headersr%Úclient_cert_dataÚclient_cert_subjectrrrrÚauth_connection;s.  þ  þ  ýz#ProxyRequestHandler.auth_connectionc Cs¢|jjrdd |jj¡|jjf}n|jjrd|jj}n d|jj|jjf}|jjr/|d7}| |¡ztj j |jj|jjd|jj|jjd}Wnt yg}z| d|jj|jj|¡|  d d ¡‚d }~ww|jj sv|j t jt jd ¡|jjs‡|jjs‡| t jt jd ¡| |j¡z&| |¡W|r°| t j¡| ¡|jr²| d |jj|jj¡d Sd Sd S|rÏ| t j¡| ¡|jrÐ| d |jj|jj¡www)zO Called after a new WebSocket connection has been established. z%connecting to command: '%s' (port %s)ú zconnecting to unix socket: %szconnecting to: %s:%sú (using SSL)T)ÚconnectÚuse_sslrzFailed to connect to %s:%s: %sióz&Failed to connect to downstream serverNr+z%s:%s: Closed target)rÚwrap_cmdÚjoinrrrÚ ssl_targetÚ log_messagerÚWebSockifyServerÚsocketÚ ExceptionÚCCloseÚ unix_listenr-Ú setsockoptÚSOL_TCPÚ TCP_NODELAYÚ print_trafficÚtraffic_legendÚdo_proxyÚshutdownÚ SHUT_RDWRÚcloseÚverbose)rr ÚtsockÚerrrÚnew_websocket_client[sb ÿ   üÿ €ý    ÿüý  ÿüz(ProxyRequestHandler.new_websocket_clientcCsž|jr|j d¡}|r| d¡d}ntt|jƒdƒ}d|vr0t|dƒr0|dd d¡}nd}|dur<|j   d¡‚|  |¡}|durG|S|j   d |¡‚) zò Gets a token from either the path or the host, depending on --host-token, and looks up a target for that token using the token plugin. Used by validate_connection() to set target_host and target_port. ÚHostú:réÚtokenÚ NzToken not presentzToken '%s' not found) Ú host_tokenrÚgetÚ partitionrrÚpathÚlenÚrstriprÚECloseÚlookup)rÚ target_pluginrYÚargsÚ result_pairrrrrŒs €  zProxyRequestHandler.get_targetcCs¶g}d}g}|j|g}|jjrt ¡}||jj|_nd|_ g}|jdur:t ¡}||jkr:||jj|_| ¡|rA| |¡|sE|rK| |j¡z t ||gd¡\}} } Wn"tyzt  ¡d} t | dƒrn| j } n| d} | t j krx‚Yqw| rt dƒ‚|j| vr| |¡}g}|j|vrè| ¡\} }| | ¡|rèt|ƒdkrÐ| d¡}| |¡}|t|ƒkr»| d¡n| d||d…¡| d¡t|ƒdks¥|jrÞ| d |jj|jj¡| |d |d ¡‚|| vr| d¡}| |¡}|t|ƒkr| d¡n| d||d…¡| d¡||vrZ| |j¡}t|ƒdkrPt|ƒdkr;d}|r9| |¡}|s1g}|jrJ| d |jj|jj¡| d d¡‚| |¡| d¡q)zA Proxy client WebSocket to normal target socket. rNTr+ÚerrnozSocket exceptionú>z.>z%s:%s: Client closed connectionr Úreasonz%s:%s: Target closed connectionièz Target closedÚ{)r-rÚ heartbeatÚtimeÚ send_pingÚappendÚselectÚOSErrorr6r7ÚhasattrrfÚEINTRrFÚ send_framesÚ recv_framesÚextendr_ÚpopÚsendrLÚinsertrRrCrrrGÚrecvÚ buffer_size)rÚtargetÚcqueueÚc_pendÚtqueueÚrlistÚnowÚwlistÚinsÚoutsÚexceptsÚexcÚerrÚbufsÚclosedÚdatÚsentÚbufrrrrN³s’       ö            ÷  ÿ        ÿ ÿ   ¦zProxyRequestHandler.do_proxyN) Ú__name__Ú __module__Ú __qualname__ryrMrr!r;rUrrNrrrrrs   1 'rcs@eZdZdZdZef‡fdd„ Zdd„Zdd„Zd d „Z ‡Z S) ÚWebSocketProxyza Proxy traffic to and from a WebSockets client to a normal TCP socket server target. r c sÈ| dd¡|_| dd¡|_| dd¡|_| dd¡|_| dd¡|_| dd¡|_| dd¡|_| dd¡|_| d d¡|_ | d d¡|_ gd ¢|_ |jrÕt j  tjd ¡}t j  |d d¡t j  |d dd¡t j  |d ¡|g}d|_|D]}t j  |d¡}t j  |¡rˆ||_nqt|jstdƒ‚t j  |j¡|_d|_t tjtj¡}| d¡| ¡d|_| ¡td|jt j dd¡gƒ} t j t j  | ¡t!|dƒt!|jƒdœ¡t"ƒj#|g|¢Ri|¤ŽdS)Nrrr@Ú wrap_moderrBrjrr[r,)rrrrz..ÚlibÚ websockifyz rebind.soz1rebind.so not found, perhaps you need to run makez 127.0.0.1)Úrr+Ú LD_PRELOADÚ listen_port)r“ÚREBIND_OLD_PORTÚREBIND_NEW_PORT)$rurrr@rrrBrjrr[r,Ú wrap_timesÚosr^Údirnamer6ÚargvrAÚrebinderÚexistsrFÚabspathrEÚAF_INETÚ SOCK_STREAMÚbindÚ getsocknamerQÚfilterÚenvironr\ÚupdateÚpathsepÚstrÚsuperÚ__init__) rÚRequestHandlerClassrdÚkwargsÚwsdirÚ rebinder_pathÚrdirÚrpathÚsockÚ ld_preloads©Ú __class__rrr¨&sP  ý þ   ýzWebSocketProxy.__init__cCsP| dd |j¡¡|j t ¡¡|j d¡tj|jt j t d|_ d|_ dS)Nz Starting '%s'r<r)ÚenvÚ preexec_fnT)r rAr@r—rmrkruÚ subprocessÚPopenr˜r£Ú_subprocess_setupÚcmdÚ spawn_message)rrrrÚ run_wrap_cmdZs  ÿ zWebSocketProxy.run_wrap_cmdcCs´|jrdd |j¡|jf}n|jr|j}nd|j|jf}|jdkr&d}nd|j|jf}|jrd#|j d?d@dd|j dAdBd dC|j dDddEdFdG|j dHd dId |j dJdKdLgdM¢dNdO|j dPdQd dRdSdT|j dUd dVd |j dWddXdYdZ|j d[dd\d]dG|j d^dd_d`dG|j dad dbd |j dcdd\dddG|j dedd_dfdG|j dgt ddhdidj|j dkddldmdZ|j dnddodpdG|j dqd drd |j dsd dtd |  ¡\}}|jr•|js•| du¡|jr¢|js¢| dv¡|jr¯|js¯| dw¡|jr¼|js¼| dx¡|jrÉ|jsÉ| dy¡|jrÖ|jsÖ| dz¡t|jƒ|_|`|jrtj |j¡|_t |j¡}| tj¡| |¡t ¡}| |¡|`|jrj|j  d{¡r5|j !d{d|¡\}} zt | ƒ} Wnt"y/| d}¡Ynw|| f} ntj |j¡} dd~l#m$} |j%rJ| j&} n| j'} | | | d|jd€} |  tj¡|  |¡t ¡}| | ¡|`|`|j(r|t ¡}| tj¡|j)rˆtj |j)¡|_)|j)r“d|_|j)|_|`)t*j+  d‚¡r¤|d|d…|_,nd|_,t-j.s´|j/r´| dƒ¡|j0rÈtj 1|j2¡sÈ| d„|j2¡|j3rÓt*j4 5¡|_6ns|j7rü|j8rôz t |j8d…ƒ|_8Wnat"yó| d†¡YnSwt9j:t9j;B|_8nJt<|ƒd|kr| d‡¡| =d¡}|  d{¡dkr'| !d{d|¡\|_>|_?|j> @dˆ¡|_>nd‰||_>|_?zt |j?ƒ|_?Wnt"yE| dŠ¡Ynw|`3|j,sT|jAsT|jr[d|_Bd|_CnHt<|ƒd|krg| d‡¡| =d¡}|  d{¡dkr†| !d{d|¡\|_B|_C|jB @dˆ¡|_Bn| d‹¡zt |jCƒ|_CWnt"y¢| dŒ¡Ynwt<|ƒdkrµ|j,dkrµ| d¡|jdurâdŽ|jvrÇd|j|_|j !dŽd|¡\}}tD|ƒtEt*jF||ƒ}||jƒ|_|`|jdurdŽ|jvröd|j|_|j !dŽd|¡\}}tD|ƒtEt*jF||ƒ}||jƒ|_|`|jG}|`G|r)tHd‘i|jI¤Ž}| J¡dStKd‘i|jI¤Ž}| L¡dS)’Nz %(message)sz %prog [options]z2 [source_addr:]source_port target_addr:target_portz/ --token-plugin=CLASS [source_addr:]source_portz- --unix-target=FILE [source_addr:]source_portz/ [source_addr:]source_port -- WRAP_COMMAND_LINE)Úusagez --verbosez-vÚ store_truezverbose messages)ÚactionÚhelpz --trafficzper frame trafficz--recordz(record sessions to FILE.[session_number]ÚFILE)råÚmetavarz--daemonz-DÚdaemonz$become a daemon (background process))Údesträråz --run-oncez-handle a single WebSocket connection and exitz --timeoutrz-after TIMEOUT seconds exit when not connected)r¾rÒråz--idle-timeoutzEserver exits after TIMEOUT seconds if there are no active connectionsz--certzself.pemzSSL certificate file)rÒråz--keyz$SSL key file (if separate from cert)z--key-passwordzSSL key passwordz --ssl-onlyz)disallow non-encrypted client connectionsz --ssl-targetz#connect to SSL target as SSL clientz--verify-clientzlrequire encrypted client to present a valid certificate (needs Python 2.7.9 or newer or Python 3.4 or newer)z--cafilez¦file of concatenated certificates of authorities trusted for validating clients (only effective with --verify-client). If omitted, system default list of CAs is used.)rçråz --ssl-versionÚchoicerÒrÑÚstorez?minimum TLS version to use (default, tlsv1_1, tlsv1_2, tlsv1_3))r¾rÒÚchoicesräråz --ssl-ciphersz]list of ciphers allowed for connection. For a list of supported ciphers run `openssl ciphers`z --unix-listenzlisten to unix socket)rårçrÒz--unix-listen-modez/specify mode for unix socket (defaults to 0600)z --unix-targetzconnect to unix socket targetz--inetdz/inetd mode, receive listening socket from stdin)råräz--webÚDIRz1run webserver on same port. Serve files from DIR.)rÒrçråz --web-authz+require authentication to access webserver.z --wrap-moderÃÚMODE)rÃrÂrÄz\action to take when the wrapped program exits or daemonizes: exit (default), ignore, respawn)rÒrçrìråz --prefer-ipv6z-6Úsource_is_ipv6z&prefer IPv6 when resolving source_addr)räréråz --libserverz&use Python library SocketServer enginez--target-configÚ target_cfgzíConfiguration file containing valid targets in the form 'token: host:port' or, alternatively, a directory containing configuration files of this form (DEPRECATED: use `--token-plugin TokenFile --token-source path/to/token/file` instead))rçréråz--token-pluginÚCLASSzxuse a Python class, usually one from websockify.token_plugins, such as TokenFile, to process tokens into host:port pairsz--token-sourceÚARGz=an argument to be passed to the token plugin on instantiationz --host-tokenzJuse the host HTTP header as token instead of the token URL query parameterz --auth-pluginz|use a Python class, usually one from websockify.auth_plugins, such as BasicHTTPAuth, to determine if a connection is allowedz --auth-sourcezÚ handler_idrÙÚprintÚchdirr§r¨)rr©rªr½r”rr=r7r±rrr¨øs6      zLibProxyServer.__init__cs |jd7_tƒ ||¡dS)z/Override process_request to implement a counterr+N)r@r§Úprocess_request)rr-Úclient_addressr±rrrCszLibProxyServer.process_request)r‹rŒrrÌrr¨rCrÍrrr±rr(òs'r(Ú__main__))rÌrÎrErrkr˜r6rµrÛrfrr Ú socketserverrÚ http.serverrrnr‘rrr4Ú urllib.parserrÚWebSockifyRequestHandlerrrDrŽr·ÚOP_ALLÚPROTOCOL_SSLv23Ú OP_NO_SSLv2Ú OP_NO_SSLv3Ú OP_NO_TLSv1Ú OP_NO_TLSv1_1Ú OP_NO_TLSv1_2r×rár<r(r‹rrrrÚsNX     ÿÿÿÿÿÿú 53 ÿ