mirror of
https://github.com/fatedier/frp.git
synced 2024-12-13 10:11:04 +01:00
all: privilege mode update
This commit is contained in:
parent
1bad5c6561
commit
ba74934a1f
@ -10,7 +10,7 @@ log_max_days = 3
|
||||
# for authentication
|
||||
auth_token = 123
|
||||
# for privilege mode
|
||||
privilege_key = 12345678
|
||||
privilege_token = 12345678
|
||||
|
||||
# ssh is the proxy name same as server's configuration
|
||||
[ssh]
|
||||
|
@ -12,9 +12,9 @@ log_file = ./frps.log
|
||||
# debug, info, warn, error
|
||||
log_level = info
|
||||
log_max_days = 3
|
||||
# if you enable privilege mode, frpc can create a proxy without pre-configure in frps when privilege_key is correct
|
||||
# if you enable privilege mode, frpc can create a proxy without pre-configure in frps when privilege_token is correct
|
||||
privilege_mode = true
|
||||
privilege_key = 12345678
|
||||
privilege_token = 12345678
|
||||
|
||||
# ssh is the proxy name, client will use this name and auth_token to connect to server
|
||||
[ssh]
|
||||
|
@ -137,11 +137,9 @@ func loginToServer(cli *client.ProxyClient) (c *conn.Conn, err error) {
|
||||
}
|
||||
|
||||
nowTime := time.Now().Unix()
|
||||
authKey := pcrypto.GetAuthKey(cli.Name + cli.AuthToken + fmt.Sprintf("%d", nowTime))
|
||||
req := &msg.ControlReq{
|
||||
Type: consts.NewCtlConn,
|
||||
ProxyName: cli.Name,
|
||||
AuthKey: authKey,
|
||||
UseEncryption: cli.UseEncryption,
|
||||
UseGzip: cli.UseGzip,
|
||||
PrivilegeMode: cli.PrivilegeMode,
|
||||
@ -149,8 +147,13 @@ func loginToServer(cli *client.ProxyClient) (c *conn.Conn, err error) {
|
||||
Timestamp: nowTime,
|
||||
}
|
||||
if cli.PrivilegeMode {
|
||||
privilegeKey := pcrypto.GetAuthKey(cli.Name + client.PrivilegeToken + fmt.Sprintf("%d", nowTime))
|
||||
req.RemotePort = cli.RemotePort
|
||||
req.CustomDomains = cli.CustomDomains
|
||||
req.PrivilegeKey = privilegeKey
|
||||
} else {
|
||||
authKey := pcrypto.GetAuthKey(cli.Name + cli.AuthToken + fmt.Sprintf("%d", nowTime))
|
||||
req.AuthKey = authKey
|
||||
}
|
||||
|
||||
buf, _ := json.Marshal(req)
|
||||
|
@ -218,14 +218,13 @@ func doLogin(req *msg.ControlReq, c *conn.Conn) (ret int64, info string) {
|
||||
// check authKey or privilegeKey
|
||||
nowTime := time.Now().Unix()
|
||||
if req.PrivilegeMode {
|
||||
privilegeKey := pcrypto.GetAuthKey(req.ProxyName + server.PrivilegeKey + fmt.Sprintf("%d", req.Timestamp))
|
||||
privilegeKey := pcrypto.GetAuthKey(req.ProxyName + server.PrivilegeToken + fmt.Sprintf("%d", req.Timestamp))
|
||||
// privilegeKey avaiable in 15 minutes
|
||||
if nowTime-req.Timestamp > 15*60 {
|
||||
info = fmt.Sprintf("ProxyName [%s], privilege mode authorization timeout", req.ProxyName)
|
||||
log.Warn(info)
|
||||
return
|
||||
} else if req.AuthKey != privilegeKey {
|
||||
log.Debug("%s %s", req.AuthKey, privilegeKey)
|
||||
} else if req.PrivilegeKey != privilegeKey {
|
||||
info = fmt.Sprintf("ProxyName [%s], privilege mode authorization failed", req.ProxyName)
|
||||
log.Warn(info)
|
||||
return
|
||||
|
@ -58,14 +58,19 @@ func (p *ProxyClient) GetRemoteConn(addr string, port int64) (c *conn.Conn, err
|
||||
}
|
||||
|
||||
nowTime := time.Now().Unix()
|
||||
authKey := pcrypto.GetAuthKey(p.Name + p.AuthToken + fmt.Sprintf("%d", nowTime))
|
||||
req := &msg.ControlReq{
|
||||
Type: consts.NewWorkConn,
|
||||
ProxyName: p.Name,
|
||||
AuthKey: authKey,
|
||||
PrivilegeMode: p.PrivilegeMode,
|
||||
Timestamp: nowTime,
|
||||
}
|
||||
if p.PrivilegeMode == true {
|
||||
privilegeKey := pcrypto.GetAuthKey(p.Name + PrivilegeToken + fmt.Sprintf("%d", nowTime))
|
||||
req.PrivilegeKey = privilegeKey
|
||||
} else {
|
||||
authKey := pcrypto.GetAuthKey(p.Name + p.AuthToken + fmt.Sprintf("%d", nowTime))
|
||||
req.AuthKey = authKey
|
||||
}
|
||||
|
||||
buf, _ := json.Marshal(req)
|
||||
err = c.Write(string(buf) + "\n")
|
||||
|
@ -30,7 +30,7 @@ var (
|
||||
LogWay string = "console"
|
||||
LogLevel string = "info"
|
||||
LogMaxDays int64 = 3
|
||||
PrivilegeKey string = ""
|
||||
PrivilegeToken string = ""
|
||||
HeartBeatInterval int64 = 20
|
||||
HeartBeatTimeout int64 = 90
|
||||
)
|
||||
@ -77,9 +77,9 @@ func LoadConf(confFile string) (err error) {
|
||||
LogMaxDays, _ = strconv.ParseInt(tmpStr, 10, 64)
|
||||
}
|
||||
|
||||
tmpStr, ok = conf.Get("common", "privilege_key")
|
||||
tmpStr, ok = conf.Get("common", "privilege_token")
|
||||
if ok {
|
||||
PrivilegeKey = tmpStr
|
||||
PrivilegeToken = tmpStr
|
||||
}
|
||||
|
||||
var authToken string
|
||||
@ -95,6 +95,9 @@ func LoadConf(confFile string) (err error) {
|
||||
// name
|
||||
proxyClient.Name = name
|
||||
|
||||
// auth_token
|
||||
proxyClient.AuthToken = authToken
|
||||
|
||||
// local_ip
|
||||
proxyClient.LocalIp, ok = section["local_ip"]
|
||||
if !ok {
|
||||
@ -146,8 +149,11 @@ func LoadConf(confFile string) (err error) {
|
||||
|
||||
// configures used in privilege mode
|
||||
if proxyClient.PrivilegeMode == true {
|
||||
// auth_token
|
||||
proxyClient.AuthToken = PrivilegeKey
|
||||
if PrivilegeToken == "" {
|
||||
return fmt.Errorf("Parse conf error: proxy [%s] privilege_key must be set when privilege_mode = true", proxyClient.Name)
|
||||
} else {
|
||||
proxyClient.PrivilegeToken = PrivilegeToken
|
||||
}
|
||||
|
||||
if proxyClient.Type == "tcp" {
|
||||
// remote_port
|
||||
@ -187,9 +193,6 @@ func LoadConf(confFile string) (err error) {
|
||||
return fmt.Errorf("Parse conf error: proxy [%s] custom_domains must be set when type equals http", proxyClient.Name)
|
||||
}
|
||||
}
|
||||
} else /* proxyClient.PrivilegeMode == false */ {
|
||||
// authToken
|
||||
proxyClient.AuthToken = authToken
|
||||
}
|
||||
|
||||
ProxyClients[proxyClient.Name] = proxyClient
|
||||
|
@ -21,4 +21,5 @@ type BaseConf struct {
|
||||
UseEncryption bool
|
||||
UseGzip bool
|
||||
PrivilegeMode bool
|
||||
PrivilegeToken string
|
||||
}
|
||||
|
@ -29,6 +29,7 @@ type ControlReq struct {
|
||||
|
||||
// configures used if privilege_mode is enabled
|
||||
PrivilegeMode bool `json:"privilege_mode"`
|
||||
PrivilegeKey string `json:"privilege_key"`
|
||||
ProxyType string `json:"proxy_type"`
|
||||
RemotePort int64 `json:"remote_port"`
|
||||
CustomDomains []string `json:"custom_domains, omitempty"`
|
||||
|
@ -104,7 +104,11 @@ func unpkgMsg(data []byte) (int, []byte, []byte) {
|
||||
// decrypt msg from reader, then write into writer
|
||||
func pipeDecrypt(r net.Conn, w net.Conn, conf config.BaseConf) (err error) {
|
||||
laes := new(pcrypto.Pcrypto)
|
||||
if err := laes.Init([]byte(conf.AuthToken)); err != nil {
|
||||
key := conf.AuthToken
|
||||
if conf.PrivilegeMode {
|
||||
key = conf.PrivilegeToken
|
||||
}
|
||||
if err := laes.Init([]byte(key)); err != nil {
|
||||
log.Warn("ProxyName [%s], Pcrypto Init error: %v", conf.Name, err)
|
||||
return fmt.Errorf("Pcrypto Init error: %v", err)
|
||||
}
|
||||
@ -159,7 +163,11 @@ func pipeDecrypt(r net.Conn, w net.Conn, conf config.BaseConf) (err error) {
|
||||
// recvive msg from reader, then encrypt msg into writer
|
||||
func pipeEncrypt(r net.Conn, w net.Conn, conf config.BaseConf) (err error) {
|
||||
laes := new(pcrypto.Pcrypto)
|
||||
if err := laes.Init([]byte(conf.AuthToken)); err != nil {
|
||||
key := conf.AuthToken
|
||||
if conf.PrivilegeMode {
|
||||
key = conf.PrivilegeToken
|
||||
}
|
||||
if err := laes.Init([]byte(key)); err != nil {
|
||||
log.Warn("ProxyName [%s], Pcrypto Init error: %v", conf.Name, err)
|
||||
return fmt.Errorf("Pcrypto Init error: %v", err)
|
||||
}
|
||||
|
@ -40,7 +40,7 @@ var (
|
||||
LogLevel string = "info"
|
||||
LogMaxDays int64 = 3
|
||||
PrivilegeMode bool = false
|
||||
PrivilegeKey string = ""
|
||||
PrivilegeToken string = ""
|
||||
HeartBeatTimeout int64 = 90
|
||||
UserConnTimeout int64 = 10
|
||||
|
||||
@ -144,11 +144,14 @@ func loadCommonConf(confFile string) error {
|
||||
}
|
||||
|
||||
if PrivilegeMode == true {
|
||||
tmpStr, ok = conf.Get("common", "privilege_key")
|
||||
tmpStr, ok = conf.Get("common", "privilege_token")
|
||||
if ok {
|
||||
PrivilegeKey = tmpStr
|
||||
if tmpStr == "" {
|
||||
return fmt.Errorf("Parse conf error: privilege_token can not be null")
|
||||
}
|
||||
PrivilegeToken = tmpStr
|
||||
} else {
|
||||
return fmt.Errorf("Parse conf error: privilege_key must be set if privilege_mode is enabled")
|
||||
return fmt.Errorf("Parse conf error: privilege_token must be set if privilege_mode is enabled")
|
||||
}
|
||||
}
|
||||
return nil
|
||||
|
@ -59,10 +59,10 @@ func NewProxyServerFromCtlMsg(req *msg.ControlReq) (p *ProxyServer) {
|
||||
p.UseEncryption = req.UseEncryption
|
||||
p.UseGzip = req.UseGzip
|
||||
p.PrivilegeMode = req.PrivilegeMode
|
||||
p.PrivilegeToken = PrivilegeToken
|
||||
p.BindAddr = BindAddr
|
||||
p.ListenPort = req.RemotePort
|
||||
p.CustomDomains = req.CustomDomains
|
||||
p.AuthToken = PrivilegeKey
|
||||
return
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user