před 8 roky · ba74934a1f
--- a/conf/frpc.ini
+++ b/conf/frpc.ini
@@ -10,7 +10,7 @@ log_max_days = 3
 
				 # for authentication
			
 
				 auth_token = 123
			
 
				 # for privilege mode
			
 
				-privilege_key = 12345678
			
 
				+privilege_token = 12345678
			
 
				 
			
 
				 # ssh is the proxy name same as server's configuration
			
 
				 [ssh]
			
--- a/conf/frps.ini
+++ b/conf/frps.ini
@@ -12,9 +12,9 @@ log_file = ./frps.log
 
				 # debug, info, warn, error
			
 
				 log_level = info
			
 
				 log_max_days = 3
			
 
				-# if you enable privilege mode, frpc can create a proxy without pre-configure in frps when privilege_key is correct
			
 
				+# if you enable privilege mode, frpc can create a proxy without pre-configure in frps when privilege_token is correct
			
 
				 privilege_mode = true
			
 
				-privilege_key = 12345678
			
 
				+privilege_token = 12345678
			
 
				 
			
 
				 # ssh is the proxy name, client will use this name and auth_token to connect to server
			
 
				 [ssh]
			
--- a/src/frp/cmd/frpc/control.go
+++ b/src/frp/cmd/frpc/control.go
@@ -137,11 +137,9 @@ func loginToServer(cli *client.ProxyClient) (c *conn.Conn, err error) {
 
				 	}
			
 
				 
			
 
				 	nowTime := time.Now().Unix()
			
 
				-	authKey := pcrypto.GetAuthKey(cli.Name + cli.AuthToken + fmt.Sprintf("%d", nowTime))
			
 
				 	req := &msg.ControlReq{
			
 
				 		Type:          consts.NewCtlConn,
			
 
				 		ProxyName:     cli.Name,
			
 
				-		AuthKey:       authKey,
			
 
				 		UseEncryption: cli.UseEncryption,
			
 
				 		UseGzip:       cli.UseGzip,
			
 
				 		PrivilegeMode: cli.PrivilegeMode,
			
@@ -149,8 +147,13 @@ func loginToServer(cli *client.ProxyClient) (c *conn.Conn, err error) {
 
				 		Timestamp:     nowTime,
			
 
				 	}
			
 
				 	if cli.PrivilegeMode {
			
 
				+		privilegeKey := pcrypto.GetAuthKey(cli.Name + client.PrivilegeToken + fmt.Sprintf("%d", nowTime))
			
 
				 		req.RemotePort = cli.RemotePort
			
 
				 		req.CustomDomains = cli.CustomDomains
			
 
				+		req.PrivilegeKey = privilegeKey
			
 
				+	} else {
			
 
				+		authKey := pcrypto.GetAuthKey(cli.Name + cli.AuthToken + fmt.Sprintf("%d", nowTime))
			
 
				+		req.AuthKey = authKey
			
 
				 	}
			
 
				 
			
 
				 	buf, _ := json.Marshal(req)
			
--- a/src/frp/cmd/frps/control.go
+++ b/src/frp/cmd/frps/control.go
@@ -218,14 +218,13 @@ func doLogin(req *msg.ControlReq, c *conn.Conn) (ret int64, info string) {
 
				 	// check authKey or privilegeKey
			
 
				 	nowTime := time.Now().Unix()
			
 
				 	if req.PrivilegeMode {
			
 
				-		privilegeKey := pcrypto.GetAuthKey(req.ProxyName + server.PrivilegeKey + fmt.Sprintf("%d", req.Timestamp))
			
 
				+		privilegeKey := pcrypto.GetAuthKey(req.ProxyName + server.PrivilegeToken + fmt.Sprintf("%d", req.Timestamp))
			
 
				 		// privilegeKey avaiable in 15 minutes
			
 
				 		if nowTime-req.Timestamp > 15*60 {
			
 
				 			info = fmt.Sprintf("ProxyName [%s], privilege mode authorization timeout", req.ProxyName)
			
 
				 			log.Warn(info)
			
 
				 			return
			
 
				-		} else if req.AuthKey != privilegeKey {
			
 
				-			log.Debug("%s  %s", req.AuthKey, privilegeKey)
			
 
				+		} else if req.PrivilegeKey != privilegeKey {
			
 
				 			info = fmt.Sprintf("ProxyName [%s], privilege mode authorization failed", req.ProxyName)
			
 
				 			log.Warn(info)
			
 
				 			return
			
--- a/src/frp/models/client/client.go
+++ b/src/frp/models/client/client.go
@@ -58,14 +58,19 @@ func (p *ProxyClient) GetRemoteConn(addr string, port int64) (c *conn.Conn, err
 
				 	}
			
 
				 
			
 
				 	nowTime := time.Now().Unix()
			
 
				-	authKey := pcrypto.GetAuthKey(p.Name + p.AuthToken + fmt.Sprintf("%d", nowTime))
			
 
				 	req := &msg.ControlReq{
			
 
				 		Type:          consts.NewWorkConn,
			
 
				 		ProxyName:     p.Name,
			
 
				-		AuthKey:       authKey,
			
 
				 		PrivilegeMode: p.PrivilegeMode,
			
 
				 		Timestamp:     nowTime,
			
 
				 	}
			
 
				+	if p.PrivilegeMode == true {
			
 
				+		privilegeKey := pcrypto.GetAuthKey(p.Name + PrivilegeToken + fmt.Sprintf("%d", nowTime))
			
 
				+		req.PrivilegeKey = privilegeKey
			
 
				+	} else {
			
 
				+		authKey := pcrypto.GetAuthKey(p.Name + p.AuthToken + fmt.Sprintf("%d", nowTime))
			
 
				+		req.AuthKey = authKey
			
 
				+	}
			
 
				 
			
 
				 	buf, _ := json.Marshal(req)
			
 
				 	err = c.Write(string(buf) + "\n")
			
--- a/src/frp/models/client/config.go
+++ b/src/frp/models/client/config.go
@@ -30,7 +30,7 @@ var (
 
				 	LogWay            string = "console"
			
 
				 	LogLevel          string = "info"
			
 
				 	LogMaxDays        int64  = 3
			
 
				-	PrivilegeKey      string = ""
			
 
				+	PrivilegeToken    string = ""
			
 
				 	HeartBeatInterval int64  = 20
			
 
				 	HeartBeatTimeout  int64  = 90
			
 
				 )
			
@@ -77,9 +77,9 @@ func LoadConf(confFile string) (err error) {
 
				 		LogMaxDays, _ = strconv.ParseInt(tmpStr, 10, 64)
			
 
				 	}
			
 
				 
			
 
				-	tmpStr, ok = conf.Get("common", "privilege_key")
			
 
				+	tmpStr, ok = conf.Get("common", "privilege_token")
			
 
				 	if ok {
			
 
				-		PrivilegeKey = tmpStr
			
 
				+		PrivilegeToken = tmpStr
			
 
				 	}
			
 
				 
			
 
				 	var authToken string
			
@@ -95,6 +95,9 @@ func LoadConf(confFile string) (err error) {
 
				 			// name
			
 
				 			proxyClient.Name = name
			
 
				 
			
 
				+			// auth_token
			
 
				+			proxyClient.AuthToken = authToken
			
 
				+
			
 
				 			// local_ip
			
 
				 			proxyClient.LocalIp, ok = section["local_ip"]
			
 
				 			if !ok {
			
@@ -146,8 +149,11 @@ func LoadConf(confFile string) (err error) {
 
				 
			
 
				 			// configures used in privilege mode
			
 
				 			if proxyClient.PrivilegeMode == true {
			
 
				-				// auth_token
			
 
				-				proxyClient.AuthToken = PrivilegeKey
			
 
				+				if PrivilegeToken == "" {
			
 
				+					return fmt.Errorf("Parse conf error: proxy [%s] privilege_key must be set when privilege_mode = true", proxyClient.Name)
			
 
				+				} else {
			
 
				+					proxyClient.PrivilegeToken = PrivilegeToken
			
 
				+				}
			
 
				 
			
 
				 				if proxyClient.Type == "tcp" {
			
 
				 					// remote_port
			
@@ -187,9 +193,6 @@ func LoadConf(confFile string) (err error) {
 
				 						return fmt.Errorf("Parse conf error: proxy [%s] custom_domains must be set when type equals http", proxyClient.Name)
			
 
				 					}
			
 
				 				}
			
 
				-			} else /* proxyClient.PrivilegeMode == false */ {
			
 
				-				// authToken
			
 
				-				proxyClient.AuthToken = authToken
			
 
				 			}
			
 
				 
			
 
				 			ProxyClients[proxyClient.Name] = proxyClient
			
--- a/src/frp/models/config/config.go
+++ b/src/frp/models/config/config.go
@@ -15,10 +15,11 @@
 
				 package config
			
 
				 
			
 
				 type BaseConf struct {
			
 
				-	Name          string
			
 
				-	AuthToken     string
			
 
				-	Type          string
			
 
				-	UseEncryption bool
			
 
				-	UseGzip       bool
			
 
				-	PrivilegeMode bool
			
 
				+	Name           string
			
 
				+	AuthToken      string
			
 
				+	Type           string
			
 
				+	UseEncryption  bool
			
 
				+	UseGzip        bool
			
 
				+	PrivilegeMode  bool
			
 
				+	PrivilegeToken string
			
 
				 }
			
--- a/src/frp/models/msg/msg.go
+++ b/src/frp/models/msg/msg.go
@@ -29,6 +29,7 @@ type ControlReq struct {
 
				 
			
 
				 	// configures used if privilege_mode is enabled
			
 
				 	PrivilegeMode bool     `json:"privilege_mode"`
			
 
				+	PrivilegeKey  string   `json:"privilege_key"`
			
 
				 	ProxyType     string   `json:"proxy_type"`
			
 
				 	RemotePort    int64    `json:"remote_port"`
			
 
				 	CustomDomains []string `json:"custom_domains, omitempty"`
			
--- a/src/frp/models/msg/process.go
+++ b/src/frp/models/msg/process.go
@@ -104,7 +104,11 @@ func unpkgMsg(data []byte) (int, []byte, []byte) {
 
				 // decrypt msg from reader, then write into writer
			
 
				 func pipeDecrypt(r net.Conn, w net.Conn, conf config.BaseConf) (err error) {
			
 
				 	laes := new(pcrypto.Pcrypto)
			
 
				-	if err := laes.Init([]byte(conf.AuthToken)); err != nil {
			
 
				+	key := conf.AuthToken
			
 
				+	if conf.PrivilegeMode {
			
 
				+		key = conf.PrivilegeToken
			
 
				+	}
			
 
				+	if err := laes.Init([]byte(key)); err != nil {
			
 
				 		log.Warn("ProxyName [%s], Pcrypto Init error: %v", conf.Name, err)
			
 
				 		return fmt.Errorf("Pcrypto Init error: %v", err)
			
 
				 	}
			
@@ -159,7 +163,11 @@ func pipeDecrypt(r net.Conn, w net.Conn, conf config.BaseConf) (err error) {
 
				 // recvive msg from reader, then encrypt msg into writer
			
 
				 func pipeEncrypt(r net.Conn, w net.Conn, conf config.BaseConf) (err error) {
			
 
				 	laes := new(pcrypto.Pcrypto)
			
 
				-	if err := laes.Init([]byte(conf.AuthToken)); err != nil {
			
 
				+	key := conf.AuthToken
			
 
				+	if conf.PrivilegeMode {
			
 
				+		key = conf.PrivilegeToken
			
 
				+	}
			
 
				+	if err := laes.Init([]byte(key)); err != nil {
			
 
				 		log.Warn("ProxyName [%s], Pcrypto Init error: %v", conf.Name, err)
			
 
				 		return fmt.Errorf("Pcrypto Init error: %v", err)
			
 
				 	}
			
--- a/src/frp/models/server/config.go
+++ b/src/frp/models/server/config.go
@@ -40,7 +40,7 @@ var (
 
				 	LogLevel         string = "info"
			
 
				 	LogMaxDays       int64  = 3
			
 
				 	PrivilegeMode    bool   = false
			
 
				-	PrivilegeKey     string = ""
			
 
				+	PrivilegeToken   string = ""
			
 
				 	HeartBeatTimeout int64  = 90
			
 
				 	UserConnTimeout  int64  = 10
			
 
				 
			
@@ -144,11 +144,14 @@ func loadCommonConf(confFile string) error {
 
				 	}
			
 
				 
			
 
				 	if PrivilegeMode == true {
			
 
				-		tmpStr, ok = conf.Get("common", "privilege_key")
			
 
				+		tmpStr, ok = conf.Get("common", "privilege_token")
			
 
				 		if ok {
			
 
				-			PrivilegeKey = tmpStr
			
 
				+			if tmpStr == "" {
			
 
				+				return fmt.Errorf("Parse conf error: privilege_token can not be null")
			
 
				+			}
			
 
				+			PrivilegeToken = tmpStr
			
 
				 		} else {
			
 
				-			return fmt.Errorf("Parse conf error: privilege_key must be set if privilege_mode is enabled")
			
 
				+			return fmt.Errorf("Parse conf error: privilege_token must be set if privilege_mode is enabled")
			
 
				 		}
			
 
				 	}
			
 
				 	return nil
			
--- a/src/frp/models/server/server.go
+++ b/src/frp/models/server/server.go
@@ -59,10 +59,10 @@ func NewProxyServerFromCtlMsg(req *msg.ControlReq) (p *ProxyServer) {
 
				 	p.UseEncryption = req.UseEncryption
			
 
				 	p.UseGzip = req.UseGzip
			
 
				 	p.PrivilegeMode = req.PrivilegeMode
			
 
				+	p.PrivilegeToken = PrivilegeToken
			
 
				 	p.BindAddr = BindAddr
			
 
				 	p.ListenPort = req.RemotePort
			
 
				 	p.CustomDomains = req.CustomDomains
			
 
				-	p.AuthToken = PrivilegeKey
			
 
				 	return
			
 
				 }