mirror of
https://github.com/fatedier/frp.git
synced 2024-12-14 02:31:21 +01:00
all: privilege mode update
This commit is contained in:
parent
1bad5c6561
commit
ba74934a1f
@ -10,7 +10,7 @@ log_max_days = 3
|
|||||||
# for authentication
|
# for authentication
|
||||||
auth_token = 123
|
auth_token = 123
|
||||||
# for privilege mode
|
# for privilege mode
|
||||||
privilege_key = 12345678
|
privilege_token = 12345678
|
||||||
|
|
||||||
# ssh is the proxy name same as server's configuration
|
# ssh is the proxy name same as server's configuration
|
||||||
[ssh]
|
[ssh]
|
||||||
|
@ -12,9 +12,9 @@ log_file = ./frps.log
|
|||||||
# debug, info, warn, error
|
# debug, info, warn, error
|
||||||
log_level = info
|
log_level = info
|
||||||
log_max_days = 3
|
log_max_days = 3
|
||||||
# if you enable privilege mode, frpc can create a proxy without pre-configure in frps when privilege_key is correct
|
# if you enable privilege mode, frpc can create a proxy without pre-configure in frps when privilege_token is correct
|
||||||
privilege_mode = true
|
privilege_mode = true
|
||||||
privilege_key = 12345678
|
privilege_token = 12345678
|
||||||
|
|
||||||
# ssh is the proxy name, client will use this name and auth_token to connect to server
|
# ssh is the proxy name, client will use this name and auth_token to connect to server
|
||||||
[ssh]
|
[ssh]
|
||||||
|
@ -137,11 +137,9 @@ func loginToServer(cli *client.ProxyClient) (c *conn.Conn, err error) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
nowTime := time.Now().Unix()
|
nowTime := time.Now().Unix()
|
||||||
authKey := pcrypto.GetAuthKey(cli.Name + cli.AuthToken + fmt.Sprintf("%d", nowTime))
|
|
||||||
req := &msg.ControlReq{
|
req := &msg.ControlReq{
|
||||||
Type: consts.NewCtlConn,
|
Type: consts.NewCtlConn,
|
||||||
ProxyName: cli.Name,
|
ProxyName: cli.Name,
|
||||||
AuthKey: authKey,
|
|
||||||
UseEncryption: cli.UseEncryption,
|
UseEncryption: cli.UseEncryption,
|
||||||
UseGzip: cli.UseGzip,
|
UseGzip: cli.UseGzip,
|
||||||
PrivilegeMode: cli.PrivilegeMode,
|
PrivilegeMode: cli.PrivilegeMode,
|
||||||
@ -149,8 +147,13 @@ func loginToServer(cli *client.ProxyClient) (c *conn.Conn, err error) {
|
|||||||
Timestamp: nowTime,
|
Timestamp: nowTime,
|
||||||
}
|
}
|
||||||
if cli.PrivilegeMode {
|
if cli.PrivilegeMode {
|
||||||
|
privilegeKey := pcrypto.GetAuthKey(cli.Name + client.PrivilegeToken + fmt.Sprintf("%d", nowTime))
|
||||||
req.RemotePort = cli.RemotePort
|
req.RemotePort = cli.RemotePort
|
||||||
req.CustomDomains = cli.CustomDomains
|
req.CustomDomains = cli.CustomDomains
|
||||||
|
req.PrivilegeKey = privilegeKey
|
||||||
|
} else {
|
||||||
|
authKey := pcrypto.GetAuthKey(cli.Name + cli.AuthToken + fmt.Sprintf("%d", nowTime))
|
||||||
|
req.AuthKey = authKey
|
||||||
}
|
}
|
||||||
|
|
||||||
buf, _ := json.Marshal(req)
|
buf, _ := json.Marshal(req)
|
||||||
|
@ -218,14 +218,13 @@ func doLogin(req *msg.ControlReq, c *conn.Conn) (ret int64, info string) {
|
|||||||
// check authKey or privilegeKey
|
// check authKey or privilegeKey
|
||||||
nowTime := time.Now().Unix()
|
nowTime := time.Now().Unix()
|
||||||
if req.PrivilegeMode {
|
if req.PrivilegeMode {
|
||||||
privilegeKey := pcrypto.GetAuthKey(req.ProxyName + server.PrivilegeKey + fmt.Sprintf("%d", req.Timestamp))
|
privilegeKey := pcrypto.GetAuthKey(req.ProxyName + server.PrivilegeToken + fmt.Sprintf("%d", req.Timestamp))
|
||||||
// privilegeKey avaiable in 15 minutes
|
// privilegeKey avaiable in 15 minutes
|
||||||
if nowTime-req.Timestamp > 15*60 {
|
if nowTime-req.Timestamp > 15*60 {
|
||||||
info = fmt.Sprintf("ProxyName [%s], privilege mode authorization timeout", req.ProxyName)
|
info = fmt.Sprintf("ProxyName [%s], privilege mode authorization timeout", req.ProxyName)
|
||||||
log.Warn(info)
|
log.Warn(info)
|
||||||
return
|
return
|
||||||
} else if req.AuthKey != privilegeKey {
|
} else if req.PrivilegeKey != privilegeKey {
|
||||||
log.Debug("%s %s", req.AuthKey, privilegeKey)
|
|
||||||
info = fmt.Sprintf("ProxyName [%s], privilege mode authorization failed", req.ProxyName)
|
info = fmt.Sprintf("ProxyName [%s], privilege mode authorization failed", req.ProxyName)
|
||||||
log.Warn(info)
|
log.Warn(info)
|
||||||
return
|
return
|
||||||
|
@ -58,14 +58,19 @@ func (p *ProxyClient) GetRemoteConn(addr string, port int64) (c *conn.Conn, err
|
|||||||
}
|
}
|
||||||
|
|
||||||
nowTime := time.Now().Unix()
|
nowTime := time.Now().Unix()
|
||||||
authKey := pcrypto.GetAuthKey(p.Name + p.AuthToken + fmt.Sprintf("%d", nowTime))
|
|
||||||
req := &msg.ControlReq{
|
req := &msg.ControlReq{
|
||||||
Type: consts.NewWorkConn,
|
Type: consts.NewWorkConn,
|
||||||
ProxyName: p.Name,
|
ProxyName: p.Name,
|
||||||
AuthKey: authKey,
|
|
||||||
PrivilegeMode: p.PrivilegeMode,
|
PrivilegeMode: p.PrivilegeMode,
|
||||||
Timestamp: nowTime,
|
Timestamp: nowTime,
|
||||||
}
|
}
|
||||||
|
if p.PrivilegeMode == true {
|
||||||
|
privilegeKey := pcrypto.GetAuthKey(p.Name + PrivilegeToken + fmt.Sprintf("%d", nowTime))
|
||||||
|
req.PrivilegeKey = privilegeKey
|
||||||
|
} else {
|
||||||
|
authKey := pcrypto.GetAuthKey(p.Name + p.AuthToken + fmt.Sprintf("%d", nowTime))
|
||||||
|
req.AuthKey = authKey
|
||||||
|
}
|
||||||
|
|
||||||
buf, _ := json.Marshal(req)
|
buf, _ := json.Marshal(req)
|
||||||
err = c.Write(string(buf) + "\n")
|
err = c.Write(string(buf) + "\n")
|
||||||
|
@ -30,7 +30,7 @@ var (
|
|||||||
LogWay string = "console"
|
LogWay string = "console"
|
||||||
LogLevel string = "info"
|
LogLevel string = "info"
|
||||||
LogMaxDays int64 = 3
|
LogMaxDays int64 = 3
|
||||||
PrivilegeKey string = ""
|
PrivilegeToken string = ""
|
||||||
HeartBeatInterval int64 = 20
|
HeartBeatInterval int64 = 20
|
||||||
HeartBeatTimeout int64 = 90
|
HeartBeatTimeout int64 = 90
|
||||||
)
|
)
|
||||||
@ -77,9 +77,9 @@ func LoadConf(confFile string) (err error) {
|
|||||||
LogMaxDays, _ = strconv.ParseInt(tmpStr, 10, 64)
|
LogMaxDays, _ = strconv.ParseInt(tmpStr, 10, 64)
|
||||||
}
|
}
|
||||||
|
|
||||||
tmpStr, ok = conf.Get("common", "privilege_key")
|
tmpStr, ok = conf.Get("common", "privilege_token")
|
||||||
if ok {
|
if ok {
|
||||||
PrivilegeKey = tmpStr
|
PrivilegeToken = tmpStr
|
||||||
}
|
}
|
||||||
|
|
||||||
var authToken string
|
var authToken string
|
||||||
@ -95,6 +95,9 @@ func LoadConf(confFile string) (err error) {
|
|||||||
// name
|
// name
|
||||||
proxyClient.Name = name
|
proxyClient.Name = name
|
||||||
|
|
||||||
|
// auth_token
|
||||||
|
proxyClient.AuthToken = authToken
|
||||||
|
|
||||||
// local_ip
|
// local_ip
|
||||||
proxyClient.LocalIp, ok = section["local_ip"]
|
proxyClient.LocalIp, ok = section["local_ip"]
|
||||||
if !ok {
|
if !ok {
|
||||||
@ -146,8 +149,11 @@ func LoadConf(confFile string) (err error) {
|
|||||||
|
|
||||||
// configures used in privilege mode
|
// configures used in privilege mode
|
||||||
if proxyClient.PrivilegeMode == true {
|
if proxyClient.PrivilegeMode == true {
|
||||||
// auth_token
|
if PrivilegeToken == "" {
|
||||||
proxyClient.AuthToken = PrivilegeKey
|
return fmt.Errorf("Parse conf error: proxy [%s] privilege_key must be set when privilege_mode = true", proxyClient.Name)
|
||||||
|
} else {
|
||||||
|
proxyClient.PrivilegeToken = PrivilegeToken
|
||||||
|
}
|
||||||
|
|
||||||
if proxyClient.Type == "tcp" {
|
if proxyClient.Type == "tcp" {
|
||||||
// remote_port
|
// remote_port
|
||||||
@ -187,9 +193,6 @@ func LoadConf(confFile string) (err error) {
|
|||||||
return fmt.Errorf("Parse conf error: proxy [%s] custom_domains must be set when type equals http", proxyClient.Name)
|
return fmt.Errorf("Parse conf error: proxy [%s] custom_domains must be set when type equals http", proxyClient.Name)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
} else /* proxyClient.PrivilegeMode == false */ {
|
|
||||||
// authToken
|
|
||||||
proxyClient.AuthToken = authToken
|
|
||||||
}
|
}
|
||||||
|
|
||||||
ProxyClients[proxyClient.Name] = proxyClient
|
ProxyClients[proxyClient.Name] = proxyClient
|
||||||
|
@ -15,10 +15,11 @@
|
|||||||
package config
|
package config
|
||||||
|
|
||||||
type BaseConf struct {
|
type BaseConf struct {
|
||||||
Name string
|
Name string
|
||||||
AuthToken string
|
AuthToken string
|
||||||
Type string
|
Type string
|
||||||
UseEncryption bool
|
UseEncryption bool
|
||||||
UseGzip bool
|
UseGzip bool
|
||||||
PrivilegeMode bool
|
PrivilegeMode bool
|
||||||
|
PrivilegeToken string
|
||||||
}
|
}
|
||||||
|
@ -29,6 +29,7 @@ type ControlReq struct {
|
|||||||
|
|
||||||
// configures used if privilege_mode is enabled
|
// configures used if privilege_mode is enabled
|
||||||
PrivilegeMode bool `json:"privilege_mode"`
|
PrivilegeMode bool `json:"privilege_mode"`
|
||||||
|
PrivilegeKey string `json:"privilege_key"`
|
||||||
ProxyType string `json:"proxy_type"`
|
ProxyType string `json:"proxy_type"`
|
||||||
RemotePort int64 `json:"remote_port"`
|
RemotePort int64 `json:"remote_port"`
|
||||||
CustomDomains []string `json:"custom_domains, omitempty"`
|
CustomDomains []string `json:"custom_domains, omitempty"`
|
||||||
|
@ -104,7 +104,11 @@ func unpkgMsg(data []byte) (int, []byte, []byte) {
|
|||||||
// decrypt msg from reader, then write into writer
|
// decrypt msg from reader, then write into writer
|
||||||
func pipeDecrypt(r net.Conn, w net.Conn, conf config.BaseConf) (err error) {
|
func pipeDecrypt(r net.Conn, w net.Conn, conf config.BaseConf) (err error) {
|
||||||
laes := new(pcrypto.Pcrypto)
|
laes := new(pcrypto.Pcrypto)
|
||||||
if err := laes.Init([]byte(conf.AuthToken)); err != nil {
|
key := conf.AuthToken
|
||||||
|
if conf.PrivilegeMode {
|
||||||
|
key = conf.PrivilegeToken
|
||||||
|
}
|
||||||
|
if err := laes.Init([]byte(key)); err != nil {
|
||||||
log.Warn("ProxyName [%s], Pcrypto Init error: %v", conf.Name, err)
|
log.Warn("ProxyName [%s], Pcrypto Init error: %v", conf.Name, err)
|
||||||
return fmt.Errorf("Pcrypto Init error: %v", err)
|
return fmt.Errorf("Pcrypto Init error: %v", err)
|
||||||
}
|
}
|
||||||
@ -159,7 +163,11 @@ func pipeDecrypt(r net.Conn, w net.Conn, conf config.BaseConf) (err error) {
|
|||||||
// recvive msg from reader, then encrypt msg into writer
|
// recvive msg from reader, then encrypt msg into writer
|
||||||
func pipeEncrypt(r net.Conn, w net.Conn, conf config.BaseConf) (err error) {
|
func pipeEncrypt(r net.Conn, w net.Conn, conf config.BaseConf) (err error) {
|
||||||
laes := new(pcrypto.Pcrypto)
|
laes := new(pcrypto.Pcrypto)
|
||||||
if err := laes.Init([]byte(conf.AuthToken)); err != nil {
|
key := conf.AuthToken
|
||||||
|
if conf.PrivilegeMode {
|
||||||
|
key = conf.PrivilegeToken
|
||||||
|
}
|
||||||
|
if err := laes.Init([]byte(key)); err != nil {
|
||||||
log.Warn("ProxyName [%s], Pcrypto Init error: %v", conf.Name, err)
|
log.Warn("ProxyName [%s], Pcrypto Init error: %v", conf.Name, err)
|
||||||
return fmt.Errorf("Pcrypto Init error: %v", err)
|
return fmt.Errorf("Pcrypto Init error: %v", err)
|
||||||
}
|
}
|
||||||
|
@ -40,7 +40,7 @@ var (
|
|||||||
LogLevel string = "info"
|
LogLevel string = "info"
|
||||||
LogMaxDays int64 = 3
|
LogMaxDays int64 = 3
|
||||||
PrivilegeMode bool = false
|
PrivilegeMode bool = false
|
||||||
PrivilegeKey string = ""
|
PrivilegeToken string = ""
|
||||||
HeartBeatTimeout int64 = 90
|
HeartBeatTimeout int64 = 90
|
||||||
UserConnTimeout int64 = 10
|
UserConnTimeout int64 = 10
|
||||||
|
|
||||||
@ -144,11 +144,14 @@ func loadCommonConf(confFile string) error {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if PrivilegeMode == true {
|
if PrivilegeMode == true {
|
||||||
tmpStr, ok = conf.Get("common", "privilege_key")
|
tmpStr, ok = conf.Get("common", "privilege_token")
|
||||||
if ok {
|
if ok {
|
||||||
PrivilegeKey = tmpStr
|
if tmpStr == "" {
|
||||||
|
return fmt.Errorf("Parse conf error: privilege_token can not be null")
|
||||||
|
}
|
||||||
|
PrivilegeToken = tmpStr
|
||||||
} else {
|
} else {
|
||||||
return fmt.Errorf("Parse conf error: privilege_key must be set if privilege_mode is enabled")
|
return fmt.Errorf("Parse conf error: privilege_token must be set if privilege_mode is enabled")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return nil
|
return nil
|
||||||
|
@ -59,10 +59,10 @@ func NewProxyServerFromCtlMsg(req *msg.ControlReq) (p *ProxyServer) {
|
|||||||
p.UseEncryption = req.UseEncryption
|
p.UseEncryption = req.UseEncryption
|
||||||
p.UseGzip = req.UseGzip
|
p.UseGzip = req.UseGzip
|
||||||
p.PrivilegeMode = req.PrivilegeMode
|
p.PrivilegeMode = req.PrivilegeMode
|
||||||
|
p.PrivilegeToken = PrivilegeToken
|
||||||
p.BindAddr = BindAddr
|
p.BindAddr = BindAddr
|
||||||
p.ListenPort = req.RemotePort
|
p.ListenPort = req.RemotePort
|
||||||
p.CustomDomains = req.CustomDomains
|
p.CustomDomains = req.CustomDomains
|
||||||
p.AuthToken = PrivilegeKey
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user