tuxmain/sslrelay
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Library code organized and restructured

Browse source
This commit is contained in:
PinkP4nther 2021-09-28 18:21:02 -07:00
commit 89557a711f
5 changed files with 568 additions and 479 deletions
Download patch file Download diff file Expand all files Collapse all files

293
src/lib.rs
View file

@ -1,15 +1,71 @@
use openssl::ssl::{SslAcceptor, SslFiletype, SslMethod};
use std::net::{TcpListener};
use std::sync::Arc;
use std::{process, thread};
use std::env;
use std::fs;
use std::path::Path;
use openssl::ssl::{
SslVerifyMode,
SslConnector,
SslAcceptor,
SslStream,
SslFiletype,
SslMethod
};
use std::net::{
TcpListener,
TcpStream,
Shutdown
};
use std::sync::{
Arc,
Mutex
};
use std::{
process,
thread
};
use std::{
env,
fs,
path::Path,
time::Duration,
};
use std::io::{
self,
Read,
Write
};
use std::sync::mpsc::{
self,
Receiver,
Sender
};
use toml::Value as TValue;
mod data;
use data::{FullDuplexTcp, DataStreamType};
mod tcp;
mod relay;
#[derive(Debug)]
enum FullDuplexTcpState {
DownStreamWrite(Vec<u8>),
UpStreamWrite(Vec<u8>),
DownStreamShutDown,
UpStreamShutDown,
}
#[derive(Debug)]
enum DataPipe {
DataWrite(Vec<u8>),
Shutdown,
}
enum DataStreamType {
RAW(TcpStream),
TLS(SslStream<TcpStream>),
}
#[derive(Copy, Clone)]
pub enum TCPDataType {
@ -17,6 +73,13 @@ pub enum TCPDataType {
RAW,
}
pub enum ConfigType<T> {
Env,
Path(T),
Conf(RelayConfig),
Default,
}
#[derive(Clone)]
pub struct RelayConfig {
pub downstream_data_type: TCPDataType,
@ -29,20 +92,6 @@ pub struct RelayConfig {
pub ssl_cert_path: String,
}
pub trait HandlerCallbacks {
fn ds_b_callback(&self, _in_data: Vec<u8>) -> CallbackRet {CallbackRet::Relay(_in_data)}
fn ds_nb_callback(&self, _in_data: Vec<u8>){}
fn us_b_callback(&self, _in_data: Vec<u8>) -> CallbackRet {CallbackRet::Relay(_in_data)}
fn us_nb_callback(&self, _in_data: Vec<u8>){}
}
pub enum ConfigType<T> {
Env,
Path(T),
Conf(RelayConfig),
Default,
}
#[derive(Debug)]
pub enum CallbackRet {
Relay(Vec<u8>),// Relay data
@ -51,6 +100,14 @@ pub enum CallbackRet {
Freeze,// Dont send data (pretend as if stream never was recieved)
}
pub trait HandlerCallbacks {
fn ds_b_callback(&self, _in_data: Vec<u8>) -> CallbackRet {CallbackRet::Relay(_in_data)}
fn ds_nb_callback(&self, _in_data: Vec<u8>){}
fn us_b_callback(&self, _in_data: Vec<u8>) -> CallbackRet {CallbackRet::Relay(_in_data)}
fn us_nb_callback(&self, _in_data: Vec<u8>){}
}
#[derive(Clone)]
pub struct SSLRelay<H>
where
@ -60,180 +117,34 @@ where
handlers: Option<InnerHandlers<H>>,
}
#[allow(dead_code)]
struct FullDuplexTcp<H>
where
H: HandlerCallbacks + std::marker::Sync + std::marker::Send + Clone + 'static,
{
remote_host: String,
remote_port: String,
ds_inner_m: Arc<Mutex<Option<DownStreamInner>>>,
us_inner_m: Arc<Mutex<Option<UpStreamInner>>>,
inner_handlers: InnerHandlers<H>,
}
#[derive(Clone)]
pub struct InnerHandlers<H>
struct InnerHandlers<H>
where
H: HandlerCallbacks + std::marker::Sync + std::marker::Send + Clone + 'static,
{
cb: H
}
impl<H: HandlerCallbacks + std::marker::Sync + std::marker::Send + Clone + 'static> SSLRelay<H> {
struct DownStreamInner
{
ds_stream: DataStreamType,
internal_data_buffer: Vec<u8>,
}
pub fn new(handlers: H, config_path: ConfigType<String>) -> Self {
SSLRelay {
config: Self::load_relay_config(config_path),
handlers: Some(InnerHandlers{cb: handlers}),
}
}
pub fn start(&mut self) {
let rhost = self.config.remote_host.clone();
let rport = self.config.remote_port.clone();
let listener = TcpListener::bind(format!("{}:{}", self.config.bind_host.clone(), self.config.bind_port.clone())).unwrap();
let upstream_data_stream_type = self.config.upstream_data_type;
match self.config.downstream_data_type {
TCPDataType::TLS => {
let acceptor = self.setup_ssl_config(self.config.ssl_private_key_path.clone(), self.config.ssl_cert_path.clone());
for stream in listener.incoming() {
match stream {
Ok(stream) => {
let acceptor = acceptor.clone();
let handler_clone = self.handlers.as_ref().unwrap().clone();
let r_host = rhost.clone();
let r_port = rport.clone();
thread::spawn(move || {
match acceptor.accept(stream) {
Ok(stream) => {
// FULL DUPLEX OBJECT CREATION HERE
match FullDuplexTcp::new(DataStreamType::TLS(stream), upstream_data_stream_type, r_host, r_port, handler_clone) {
Ok(mut fdtcp) => fdtcp.handle(),
Err(_ec) => {}
}
},
Err(e) => {
println!("[Error] {}", e);
}
}
});
},
Err(e) => {println!("[Error] Tcp Connection Failed: {}", e)}
}
}
},
TCPDataType::RAW => {
for stream in listener.incoming() {
match stream {
Ok(stream) => {
let handler_clone = self.handlers.as_ref().unwrap().clone();
let r_host = rhost.clone();
let r_port = rport.clone();
thread::spawn(move || {
// FULL DUPLEX OBJECT CREATION HERE
match FullDuplexTcp::new(DataStreamType::RAW(stream), upstream_data_stream_type, r_host, r_port, handler_clone) {
Ok(mut fdtcp) => fdtcp.handle(),
Err(_ec) => {},
}
});
},
Err(e) => {println!("[Error] Tcp Connection Failed: {}", e)}
}
}
}
}
}
fn load_relay_config(config_path: ConfigType<String>) -> RelayConfig {
let mut resolved_path = String::from("./relay_config.toml");
match config_path {
ConfigType::Path(path) => {
resolved_path = path.clone();
},
ConfigType::Env => {
resolved_path = match env::var("SSLRELAY_CONFIG") {
Ok(p) => p.clone(),
Err(_e) => {
println!("[-] Environmental variable SSLRELAY_CONFIG does not exist.");
std::process::exit(-1);
}
};
},
ConfigType::Conf(conf) => {
return conf;
}
ConfigType::Default => {}
}
let bytes = fs::read(resolved_path).unwrap();
let config_file = String::from_utf8_lossy(&bytes);
let config_parsed = config_file.parse::<TValue>().unwrap();
let bind_host = config_parsed["bind_host"].to_string().replace("\"", "");
let bind_port = config_parsed["bind_port"].to_string().replace("\"", "");
let ssl_private_key_path = config_parsed["ssl_private_key_path"].to_string().replace("\"", "");
let ssl_cert_path = config_parsed["ssl_cert_path"].to_string().replace("\"", "");
let remote_host = config_parsed["remote_host"].to_string().replace("\"", "");
let remote_port = config_parsed["remote_port"].to_string().replace("\"", "");
let upstream_tls_conf = config_parsed["upstream_data_type"].to_string().replace("\"", "").to_lowercase();
let downstream_tls_conf = config_parsed["downstream_data_type"].to_string().replace("\"", "").to_lowercase();
let upstream_data_type: TCPDataType;
let downstream_data_type: TCPDataType;
if upstream_tls_conf == "tls" {
upstream_data_type = TCPDataType::TLS;
} else if upstream_tls_conf == "raw" {
upstream_data_type = TCPDataType::RAW;
} else {
println!("[SSLRelay Error] Unrecognized TCPDataType for upstream_data_type. Data type received was not 'tcp' or 'tls'!");
process::exit(1); // Create error handling for load_relay_config()
}
if downstream_tls_conf == "tls" {
downstream_data_type = TCPDataType::TLS;
} else if downstream_tls_conf == "raw" {
downstream_data_type = TCPDataType::RAW;
} else {
println!("[SSLRelay Error] Unrecognized TCPDataType for downstream_data_type. Data type received was not 'tcp' or 'tls'!");
process::exit(1); // Create error handling for load_relay_config()
}
RelayConfig {
upstream_data_type,
downstream_data_type,
bind_host: bind_host.clone(),
bind_port: bind_port.clone(),
ssl_private_key_path: ssl_private_key_path.clone(),
ssl_cert_path: ssl_cert_path.clone(),
remote_host: remote_host.clone(),
remote_port: remote_port.clone(),
}
}
fn setup_ssl_config(&self, priv_key: String, cert: String) -> Arc<SslAcceptor> {
if !Path::new(priv_key.as_str()).exists() {
println!("[-] [{}] does not exist!", priv_key);
process::exit(-1);
} else if !Path::new(cert.as_str()).exists() {
println!("[-] [{}] does not exist!", cert);
process::exit(-1);
}
let mut acceptor = SslAcceptor::mozilla_intermediate(SslMethod::tls()).unwrap();
acceptor.set_private_key_file(priv_key, SslFiletype::PEM).unwrap();
acceptor.set_certificate_chain_file(cert).unwrap();
acceptor.check_private_key().unwrap();
Arc::new(acceptor.build())
}
}// SSLRelay
struct UpStreamInner
{
us_stream: DataStreamType,
internal_data_buffer: Vec<u8>
}