From ba74934a1f3c520112aa630e13eab24e8ff2c846 Mon Sep 17 00:00:00 2001 From: fatedier Date: Tue, 28 Jun 2016 00:21:13 +0800 Subject: [PATCH] all: privilege mode update --- conf/frpc.ini | 2 +- conf/frps.ini | 4 ++-- src/frp/cmd/frpc/control.go | 7 +++++-- src/frp/cmd/frps/control.go | 5 ++--- src/frp/models/client/client.go | 9 +++++++-- src/frp/models/client/config.go | 19 +++++++++++-------- src/frp/models/config/config.go | 13 +++++++------ src/frp/models/msg/msg.go | 1 + src/frp/models/msg/process.go | 12 ++++++++++-- src/frp/models/server/config.go | 11 +++++++---- src/frp/models/server/server.go | 2 +- 11 files changed, 54 insertions(+), 31 deletions(-) diff --git a/conf/frpc.ini b/conf/frpc.ini index 3e4d36f9..bbab6d09 100644 --- a/conf/frpc.ini +++ b/conf/frpc.ini @@ -10,7 +10,7 @@ log_max_days = 3 # for authentication auth_token = 123 # for privilege mode -privilege_key = 12345678 +privilege_token = 12345678 # ssh is the proxy name same as server's configuration [ssh] diff --git a/conf/frps.ini b/conf/frps.ini index 5c96939d..aada47bf 100644 --- a/conf/frps.ini +++ b/conf/frps.ini @@ -12,9 +12,9 @@ log_file = ./frps.log # debug, info, warn, error log_level = info log_max_days = 3 -# if you enable privilege mode, frpc can create a proxy without pre-configure in frps when privilege_key is correct +# if you enable privilege mode, frpc can create a proxy without pre-configure in frps when privilege_token is correct privilege_mode = true -privilege_key = 12345678 +privilege_token = 12345678 # ssh is the proxy name, client will use this name and auth_token to connect to server [ssh] diff --git a/src/frp/cmd/frpc/control.go b/src/frp/cmd/frpc/control.go index fe22fc53..9e8c3e62 100644 --- a/src/frp/cmd/frpc/control.go +++ b/src/frp/cmd/frpc/control.go @@ -137,11 +137,9 @@ func loginToServer(cli *client.ProxyClient) (c *conn.Conn, err error) { } nowTime := time.Now().Unix() - authKey := pcrypto.GetAuthKey(cli.Name + cli.AuthToken + fmt.Sprintf("%d", nowTime)) req := &msg.ControlReq{ Type: consts.NewCtlConn, ProxyName: cli.Name, - AuthKey: authKey, UseEncryption: cli.UseEncryption, UseGzip: cli.UseGzip, PrivilegeMode: cli.PrivilegeMode, @@ -149,8 +147,13 @@ func loginToServer(cli *client.ProxyClient) (c *conn.Conn, err error) { Timestamp: nowTime, } if cli.PrivilegeMode { + privilegeKey := pcrypto.GetAuthKey(cli.Name + client.PrivilegeToken + fmt.Sprintf("%d", nowTime)) req.RemotePort = cli.RemotePort req.CustomDomains = cli.CustomDomains + req.PrivilegeKey = privilegeKey + } else { + authKey := pcrypto.GetAuthKey(cli.Name + cli.AuthToken + fmt.Sprintf("%d", nowTime)) + req.AuthKey = authKey } buf, _ := json.Marshal(req) diff --git a/src/frp/cmd/frps/control.go b/src/frp/cmd/frps/control.go index 53a976a8..0e46088c 100644 --- a/src/frp/cmd/frps/control.go +++ b/src/frp/cmd/frps/control.go @@ -218,14 +218,13 @@ func doLogin(req *msg.ControlReq, c *conn.Conn) (ret int64, info string) { // check authKey or privilegeKey nowTime := time.Now().Unix() if req.PrivilegeMode { - privilegeKey := pcrypto.GetAuthKey(req.ProxyName + server.PrivilegeKey + fmt.Sprintf("%d", req.Timestamp)) + privilegeKey := pcrypto.GetAuthKey(req.ProxyName + server.PrivilegeToken + fmt.Sprintf("%d", req.Timestamp)) // privilegeKey avaiable in 15 minutes if nowTime-req.Timestamp > 15*60 { info = fmt.Sprintf("ProxyName [%s], privilege mode authorization timeout", req.ProxyName) log.Warn(info) return - } else if req.AuthKey != privilegeKey { - log.Debug("%s %s", req.AuthKey, privilegeKey) + } else if req.PrivilegeKey != privilegeKey { info = fmt.Sprintf("ProxyName [%s], privilege mode authorization failed", req.ProxyName) log.Warn(info) return diff --git a/src/frp/models/client/client.go b/src/frp/models/client/client.go index d59c5ec9..bdd42793 100644 --- a/src/frp/models/client/client.go +++ b/src/frp/models/client/client.go @@ -58,14 +58,19 @@ func (p *ProxyClient) GetRemoteConn(addr string, port int64) (c *conn.Conn, err } nowTime := time.Now().Unix() - authKey := pcrypto.GetAuthKey(p.Name + p.AuthToken + fmt.Sprintf("%d", nowTime)) req := &msg.ControlReq{ Type: consts.NewWorkConn, ProxyName: p.Name, - AuthKey: authKey, PrivilegeMode: p.PrivilegeMode, Timestamp: nowTime, } + if p.PrivilegeMode == true { + privilegeKey := pcrypto.GetAuthKey(p.Name + PrivilegeToken + fmt.Sprintf("%d", nowTime)) + req.PrivilegeKey = privilegeKey + } else { + authKey := pcrypto.GetAuthKey(p.Name + p.AuthToken + fmt.Sprintf("%d", nowTime)) + req.AuthKey = authKey + } buf, _ := json.Marshal(req) err = c.Write(string(buf) + "\n") diff --git a/src/frp/models/client/config.go b/src/frp/models/client/config.go index accdf1e3..0d942e95 100644 --- a/src/frp/models/client/config.go +++ b/src/frp/models/client/config.go @@ -30,7 +30,7 @@ var ( LogWay string = "console" LogLevel string = "info" LogMaxDays int64 = 3 - PrivilegeKey string = "" + PrivilegeToken string = "" HeartBeatInterval int64 = 20 HeartBeatTimeout int64 = 90 ) @@ -77,9 +77,9 @@ func LoadConf(confFile string) (err error) { LogMaxDays, _ = strconv.ParseInt(tmpStr, 10, 64) } - tmpStr, ok = conf.Get("common", "privilege_key") + tmpStr, ok = conf.Get("common", "privilege_token") if ok { - PrivilegeKey = tmpStr + PrivilegeToken = tmpStr } var authToken string @@ -95,6 +95,9 @@ func LoadConf(confFile string) (err error) { // name proxyClient.Name = name + // auth_token + proxyClient.AuthToken = authToken + // local_ip proxyClient.LocalIp, ok = section["local_ip"] if !ok { @@ -146,8 +149,11 @@ func LoadConf(confFile string) (err error) { // configures used in privilege mode if proxyClient.PrivilegeMode == true { - // auth_token - proxyClient.AuthToken = PrivilegeKey + if PrivilegeToken == "" { + return fmt.Errorf("Parse conf error: proxy [%s] privilege_key must be set when privilege_mode = true", proxyClient.Name) + } else { + proxyClient.PrivilegeToken = PrivilegeToken + } if proxyClient.Type == "tcp" { // remote_port @@ -187,9 +193,6 @@ func LoadConf(confFile string) (err error) { return fmt.Errorf("Parse conf error: proxy [%s] custom_domains must be set when type equals http", proxyClient.Name) } } - } else /* proxyClient.PrivilegeMode == false */ { - // authToken - proxyClient.AuthToken = authToken } ProxyClients[proxyClient.Name] = proxyClient diff --git a/src/frp/models/config/config.go b/src/frp/models/config/config.go index 1e281ca4..14200eb4 100644 --- a/src/frp/models/config/config.go +++ b/src/frp/models/config/config.go @@ -15,10 +15,11 @@ package config type BaseConf struct { - Name string - AuthToken string - Type string - UseEncryption bool - UseGzip bool - PrivilegeMode bool + Name string + AuthToken string + Type string + UseEncryption bool + UseGzip bool + PrivilegeMode bool + PrivilegeToken string } diff --git a/src/frp/models/msg/msg.go b/src/frp/models/msg/msg.go index d6590075..e89bce1c 100644 --- a/src/frp/models/msg/msg.go +++ b/src/frp/models/msg/msg.go @@ -29,6 +29,7 @@ type ControlReq struct { // configures used if privilege_mode is enabled PrivilegeMode bool `json:"privilege_mode"` + PrivilegeKey string `json:"privilege_key"` ProxyType string `json:"proxy_type"` RemotePort int64 `json:"remote_port"` CustomDomains []string `json:"custom_domains, omitempty"` diff --git a/src/frp/models/msg/process.go b/src/frp/models/msg/process.go index 19a1d40a..cfc782bc 100644 --- a/src/frp/models/msg/process.go +++ b/src/frp/models/msg/process.go @@ -104,7 +104,11 @@ func unpkgMsg(data []byte) (int, []byte, []byte) { // decrypt msg from reader, then write into writer func pipeDecrypt(r net.Conn, w net.Conn, conf config.BaseConf) (err error) { laes := new(pcrypto.Pcrypto) - if err := laes.Init([]byte(conf.AuthToken)); err != nil { + key := conf.AuthToken + if conf.PrivilegeMode { + key = conf.PrivilegeToken + } + if err := laes.Init([]byte(key)); err != nil { log.Warn("ProxyName [%s], Pcrypto Init error: %v", conf.Name, err) return fmt.Errorf("Pcrypto Init error: %v", err) } @@ -159,7 +163,11 @@ func pipeDecrypt(r net.Conn, w net.Conn, conf config.BaseConf) (err error) { // recvive msg from reader, then encrypt msg into writer func pipeEncrypt(r net.Conn, w net.Conn, conf config.BaseConf) (err error) { laes := new(pcrypto.Pcrypto) - if err := laes.Init([]byte(conf.AuthToken)); err != nil { + key := conf.AuthToken + if conf.PrivilegeMode { + key = conf.PrivilegeToken + } + if err := laes.Init([]byte(key)); err != nil { log.Warn("ProxyName [%s], Pcrypto Init error: %v", conf.Name, err) return fmt.Errorf("Pcrypto Init error: %v", err) } diff --git a/src/frp/models/server/config.go b/src/frp/models/server/config.go index d586cd0e..8657ec6d 100644 --- a/src/frp/models/server/config.go +++ b/src/frp/models/server/config.go @@ -40,7 +40,7 @@ var ( LogLevel string = "info" LogMaxDays int64 = 3 PrivilegeMode bool = false - PrivilegeKey string = "" + PrivilegeToken string = "" HeartBeatTimeout int64 = 90 UserConnTimeout int64 = 10 @@ -144,11 +144,14 @@ func loadCommonConf(confFile string) error { } if PrivilegeMode == true { - tmpStr, ok = conf.Get("common", "privilege_key") + tmpStr, ok = conf.Get("common", "privilege_token") if ok { - PrivilegeKey = tmpStr + if tmpStr == "" { + return fmt.Errorf("Parse conf error: privilege_token can not be null") + } + PrivilegeToken = tmpStr } else { - return fmt.Errorf("Parse conf error: privilege_key must be set if privilege_mode is enabled") + return fmt.Errorf("Parse conf error: privilege_token must be set if privilege_mode is enabled") } } return nil diff --git a/src/frp/models/server/server.go b/src/frp/models/server/server.go index 9e14e038..ad855146 100644 --- a/src/frp/models/server/server.go +++ b/src/frp/models/server/server.go @@ -59,10 +59,10 @@ func NewProxyServerFromCtlMsg(req *msg.ControlReq) (p *ProxyServer) { p.UseEncryption = req.UseEncryption p.UseGzip = req.UseGzip p.PrivilegeMode = req.PrivilegeMode + p.PrivilegeToken = PrivilegeToken p.BindAddr = BindAddr p.ListenPort = req.RemotePort p.CustomDomains = req.CustomDomains - p.AuthToken = PrivilegeKey return }