all: privilege mode update

This commit is contained in:
fatedier 2016-06-28 00:21:13 +08:00
parent 1bad5c6561
commit ba74934a1f
11 changed files with 54 additions and 31 deletions

View File

@ -10,7 +10,7 @@ log_max_days = 3
# for authentication # for authentication
auth_token = 123 auth_token = 123
# for privilege mode # for privilege mode
privilege_key = 12345678 privilege_token = 12345678
# ssh is the proxy name same as server's configuration # ssh is the proxy name same as server's configuration
[ssh] [ssh]

View File

@ -12,9 +12,9 @@ log_file = ./frps.log
# debug, info, warn, error # debug, info, warn, error
log_level = info log_level = info
log_max_days = 3 log_max_days = 3
# if you enable privilege mode, frpc can create a proxy without pre-configure in frps when privilege_key is correct # if you enable privilege mode, frpc can create a proxy without pre-configure in frps when privilege_token is correct
privilege_mode = true privilege_mode = true
privilege_key = 12345678 privilege_token = 12345678
# ssh is the proxy name, client will use this name and auth_token to connect to server # ssh is the proxy name, client will use this name and auth_token to connect to server
[ssh] [ssh]

View File

@ -137,11 +137,9 @@ func loginToServer(cli *client.ProxyClient) (c *conn.Conn, err error) {
} }
nowTime := time.Now().Unix() nowTime := time.Now().Unix()
authKey := pcrypto.GetAuthKey(cli.Name + cli.AuthToken + fmt.Sprintf("%d", nowTime))
req := &msg.ControlReq{ req := &msg.ControlReq{
Type: consts.NewCtlConn, Type: consts.NewCtlConn,
ProxyName: cli.Name, ProxyName: cli.Name,
AuthKey: authKey,
UseEncryption: cli.UseEncryption, UseEncryption: cli.UseEncryption,
UseGzip: cli.UseGzip, UseGzip: cli.UseGzip,
PrivilegeMode: cli.PrivilegeMode, PrivilegeMode: cli.PrivilegeMode,
@ -149,8 +147,13 @@ func loginToServer(cli *client.ProxyClient) (c *conn.Conn, err error) {
Timestamp: nowTime, Timestamp: nowTime,
} }
if cli.PrivilegeMode { if cli.PrivilegeMode {
privilegeKey := pcrypto.GetAuthKey(cli.Name + client.PrivilegeToken + fmt.Sprintf("%d", nowTime))
req.RemotePort = cli.RemotePort req.RemotePort = cli.RemotePort
req.CustomDomains = cli.CustomDomains req.CustomDomains = cli.CustomDomains
req.PrivilegeKey = privilegeKey
} else {
authKey := pcrypto.GetAuthKey(cli.Name + cli.AuthToken + fmt.Sprintf("%d", nowTime))
req.AuthKey = authKey
} }
buf, _ := json.Marshal(req) buf, _ := json.Marshal(req)

View File

@ -218,14 +218,13 @@ func doLogin(req *msg.ControlReq, c *conn.Conn) (ret int64, info string) {
// check authKey or privilegeKey // check authKey or privilegeKey
nowTime := time.Now().Unix() nowTime := time.Now().Unix()
if req.PrivilegeMode { if req.PrivilegeMode {
privilegeKey := pcrypto.GetAuthKey(req.ProxyName + server.PrivilegeKey + fmt.Sprintf("%d", req.Timestamp)) privilegeKey := pcrypto.GetAuthKey(req.ProxyName + server.PrivilegeToken + fmt.Sprintf("%d", req.Timestamp))
// privilegeKey avaiable in 15 minutes // privilegeKey avaiable in 15 minutes
if nowTime-req.Timestamp > 15*60 { if nowTime-req.Timestamp > 15*60 {
info = fmt.Sprintf("ProxyName [%s], privilege mode authorization timeout", req.ProxyName) info = fmt.Sprintf("ProxyName [%s], privilege mode authorization timeout", req.ProxyName)
log.Warn(info) log.Warn(info)
return return
} else if req.AuthKey != privilegeKey { } else if req.PrivilegeKey != privilegeKey {
log.Debug("%s %s", req.AuthKey, privilegeKey)
info = fmt.Sprintf("ProxyName [%s], privilege mode authorization failed", req.ProxyName) info = fmt.Sprintf("ProxyName [%s], privilege mode authorization failed", req.ProxyName)
log.Warn(info) log.Warn(info)
return return

View File

@ -58,14 +58,19 @@ func (p *ProxyClient) GetRemoteConn(addr string, port int64) (c *conn.Conn, err
} }
nowTime := time.Now().Unix() nowTime := time.Now().Unix()
authKey := pcrypto.GetAuthKey(p.Name + p.AuthToken + fmt.Sprintf("%d", nowTime))
req := &msg.ControlReq{ req := &msg.ControlReq{
Type: consts.NewWorkConn, Type: consts.NewWorkConn,
ProxyName: p.Name, ProxyName: p.Name,
AuthKey: authKey,
PrivilegeMode: p.PrivilegeMode, PrivilegeMode: p.PrivilegeMode,
Timestamp: nowTime, Timestamp: nowTime,
} }
if p.PrivilegeMode == true {
privilegeKey := pcrypto.GetAuthKey(p.Name + PrivilegeToken + fmt.Sprintf("%d", nowTime))
req.PrivilegeKey = privilegeKey
} else {
authKey := pcrypto.GetAuthKey(p.Name + p.AuthToken + fmt.Sprintf("%d", nowTime))
req.AuthKey = authKey
}
buf, _ := json.Marshal(req) buf, _ := json.Marshal(req)
err = c.Write(string(buf) + "\n") err = c.Write(string(buf) + "\n")

View File

@ -30,7 +30,7 @@ var (
LogWay string = "console" LogWay string = "console"
LogLevel string = "info" LogLevel string = "info"
LogMaxDays int64 = 3 LogMaxDays int64 = 3
PrivilegeKey string = "" PrivilegeToken string = ""
HeartBeatInterval int64 = 20 HeartBeatInterval int64 = 20
HeartBeatTimeout int64 = 90 HeartBeatTimeout int64 = 90
) )
@ -77,9 +77,9 @@ func LoadConf(confFile string) (err error) {
LogMaxDays, _ = strconv.ParseInt(tmpStr, 10, 64) LogMaxDays, _ = strconv.ParseInt(tmpStr, 10, 64)
} }
tmpStr, ok = conf.Get("common", "privilege_key") tmpStr, ok = conf.Get("common", "privilege_token")
if ok { if ok {
PrivilegeKey = tmpStr PrivilegeToken = tmpStr
} }
var authToken string var authToken string
@ -95,6 +95,9 @@ func LoadConf(confFile string) (err error) {
// name // name
proxyClient.Name = name proxyClient.Name = name
// auth_token
proxyClient.AuthToken = authToken
// local_ip // local_ip
proxyClient.LocalIp, ok = section["local_ip"] proxyClient.LocalIp, ok = section["local_ip"]
if !ok { if !ok {
@ -146,8 +149,11 @@ func LoadConf(confFile string) (err error) {
// configures used in privilege mode // configures used in privilege mode
if proxyClient.PrivilegeMode == true { if proxyClient.PrivilegeMode == true {
// auth_token if PrivilegeToken == "" {
proxyClient.AuthToken = PrivilegeKey return fmt.Errorf("Parse conf error: proxy [%s] privilege_key must be set when privilege_mode = true", proxyClient.Name)
} else {
proxyClient.PrivilegeToken = PrivilegeToken
}
if proxyClient.Type == "tcp" { if proxyClient.Type == "tcp" {
// remote_port // remote_port
@ -187,9 +193,6 @@ func LoadConf(confFile string) (err error) {
return fmt.Errorf("Parse conf error: proxy [%s] custom_domains must be set when type equals http", proxyClient.Name) return fmt.Errorf("Parse conf error: proxy [%s] custom_domains must be set when type equals http", proxyClient.Name)
} }
} }
} else /* proxyClient.PrivilegeMode == false */ {
// authToken
proxyClient.AuthToken = authToken
} }
ProxyClients[proxyClient.Name] = proxyClient ProxyClients[proxyClient.Name] = proxyClient

View File

@ -21,4 +21,5 @@ type BaseConf struct {
UseEncryption bool UseEncryption bool
UseGzip bool UseGzip bool
PrivilegeMode bool PrivilegeMode bool
PrivilegeToken string
} }

View File

@ -29,6 +29,7 @@ type ControlReq struct {
// configures used if privilege_mode is enabled // configures used if privilege_mode is enabled
PrivilegeMode bool `json:"privilege_mode"` PrivilegeMode bool `json:"privilege_mode"`
PrivilegeKey string `json:"privilege_key"`
ProxyType string `json:"proxy_type"` ProxyType string `json:"proxy_type"`
RemotePort int64 `json:"remote_port"` RemotePort int64 `json:"remote_port"`
CustomDomains []string `json:"custom_domains, omitempty"` CustomDomains []string `json:"custom_domains, omitempty"`

View File

@ -104,7 +104,11 @@ func unpkgMsg(data []byte) (int, []byte, []byte) {
// decrypt msg from reader, then write into writer // decrypt msg from reader, then write into writer
func pipeDecrypt(r net.Conn, w net.Conn, conf config.BaseConf) (err error) { func pipeDecrypt(r net.Conn, w net.Conn, conf config.BaseConf) (err error) {
laes := new(pcrypto.Pcrypto) laes := new(pcrypto.Pcrypto)
if err := laes.Init([]byte(conf.AuthToken)); err != nil { key := conf.AuthToken
if conf.PrivilegeMode {
key = conf.PrivilegeToken
}
if err := laes.Init([]byte(key)); err != nil {
log.Warn("ProxyName [%s], Pcrypto Init error: %v", conf.Name, err) log.Warn("ProxyName [%s], Pcrypto Init error: %v", conf.Name, err)
return fmt.Errorf("Pcrypto Init error: %v", err) return fmt.Errorf("Pcrypto Init error: %v", err)
} }
@ -159,7 +163,11 @@ func pipeDecrypt(r net.Conn, w net.Conn, conf config.BaseConf) (err error) {
// recvive msg from reader, then encrypt msg into writer // recvive msg from reader, then encrypt msg into writer
func pipeEncrypt(r net.Conn, w net.Conn, conf config.BaseConf) (err error) { func pipeEncrypt(r net.Conn, w net.Conn, conf config.BaseConf) (err error) {
laes := new(pcrypto.Pcrypto) laes := new(pcrypto.Pcrypto)
if err := laes.Init([]byte(conf.AuthToken)); err != nil { key := conf.AuthToken
if conf.PrivilegeMode {
key = conf.PrivilegeToken
}
if err := laes.Init([]byte(key)); err != nil {
log.Warn("ProxyName [%s], Pcrypto Init error: %v", conf.Name, err) log.Warn("ProxyName [%s], Pcrypto Init error: %v", conf.Name, err)
return fmt.Errorf("Pcrypto Init error: %v", err) return fmt.Errorf("Pcrypto Init error: %v", err)
} }

View File

@ -40,7 +40,7 @@ var (
LogLevel string = "info" LogLevel string = "info"
LogMaxDays int64 = 3 LogMaxDays int64 = 3
PrivilegeMode bool = false PrivilegeMode bool = false
PrivilegeKey string = "" PrivilegeToken string = ""
HeartBeatTimeout int64 = 90 HeartBeatTimeout int64 = 90
UserConnTimeout int64 = 10 UserConnTimeout int64 = 10
@ -144,11 +144,14 @@ func loadCommonConf(confFile string) error {
} }
if PrivilegeMode == true { if PrivilegeMode == true {
tmpStr, ok = conf.Get("common", "privilege_key") tmpStr, ok = conf.Get("common", "privilege_token")
if ok { if ok {
PrivilegeKey = tmpStr if tmpStr == "" {
return fmt.Errorf("Parse conf error: privilege_token can not be null")
}
PrivilegeToken = tmpStr
} else { } else {
return fmt.Errorf("Parse conf error: privilege_key must be set if privilege_mode is enabled") return fmt.Errorf("Parse conf error: privilege_token must be set if privilege_mode is enabled")
} }
} }
return nil return nil

View File

@ -59,10 +59,10 @@ func NewProxyServerFromCtlMsg(req *msg.ControlReq) (p *ProxyServer) {
p.UseEncryption = req.UseEncryption p.UseEncryption = req.UseEncryption
p.UseGzip = req.UseGzip p.UseGzip = req.UseGzip
p.PrivilegeMode = req.PrivilegeMode p.PrivilegeMode = req.PrivilegeMode
p.PrivilegeToken = PrivilegeToken
p.BindAddr = BindAddr p.BindAddr = BindAddr
p.ListenPort = req.RemotePort p.ListenPort = req.RemotePort
p.CustomDomains = req.CustomDomains p.CustomDomains = req.CustomDomains
p.AuthToken = PrivilegeKey
return return
} }