all: privilege mode update

conf/frpc.ini

@@ -10,7 +10,7 @@ log_max_days = 3
 # for authentication
 auth_token = 123
 # for privilege mode
-privilege_key = 12345678
+privilege_token = 12345678
 
 # ssh is the proxy name same as server's configuration
 [ssh]

conf/frps.ini

@@ -12,9 +12,9 @@ log_file = ./frps.log
 # debug, info, warn, error
 log_level = info
 log_max_days = 3
-# if you enable privilege mode, frpc can create a proxy without pre-configure in frps when privilege_key is correct
+# if you enable privilege mode, frpc can create a proxy without pre-configure in frps when privilege_token is correct
 privilege_mode = true
-privilege_key = 12345678
+privilege_token = 12345678
 
 # ssh is the proxy name, client will use this name and auth_token to connect to server
 [ssh]

src/frp/cmd/frpc/control.go

@@ -137,11 +137,9 @@ func loginToServer(cli *client.ProxyClient) (c *conn.Conn, err error) {
 	}
 
 	nowTime := time.Now().Unix()
-	authKey := pcrypto.GetAuthKey(cli.Name + cli.AuthToken + fmt.Sprintf("%d", nowTime))
 	req := &msg.ControlReq{
 		Type:          consts.NewCtlConn,
 		ProxyName:     cli.Name,
-		AuthKey:       authKey,
 		UseEncryption: cli.UseEncryption,
 		UseGzip:       cli.UseGzip,
 		PrivilegeMode: cli.PrivilegeMode,
@@ -149,8 +147,13 @@ func loginToServer(cli *client.ProxyClient) (c *conn.Conn, err error) {
 		Timestamp:     nowTime,
 	}
 	if cli.PrivilegeMode {
+		privilegeKey := pcrypto.GetAuthKey(cli.Name + client.PrivilegeToken + fmt.Sprintf("%d", nowTime))
 		req.RemotePort = cli.RemotePort
 		req.CustomDomains = cli.CustomDomains
+		req.PrivilegeKey = privilegeKey
+	} else {
+		authKey := pcrypto.GetAuthKey(cli.Name + cli.AuthToken + fmt.Sprintf("%d", nowTime))
+		req.AuthKey = authKey
 	}
 
 	buf, _ := json.Marshal(req)

src/frp/cmd/frps/control.go

@@ -218,14 +218,13 @@ func doLogin(req *msg.ControlReq, c *conn.Conn) (ret int64, info string) {
 	// check authKey or privilegeKey
 	nowTime := time.Now().Unix()
 	if req.PrivilegeMode {
-		privilegeKey := pcrypto.GetAuthKey(req.ProxyName + server.PrivilegeKey + fmt.Sprintf("%d", req.Timestamp))
+		privilegeKey := pcrypto.GetAuthKey(req.ProxyName + server.PrivilegeToken + fmt.Sprintf("%d", req.Timestamp))
 		// privilegeKey avaiable in 15 minutes
 		if nowTime-req.Timestamp > 15*60 {
 			info = fmt.Sprintf("ProxyName [%s], privilege mode authorization timeout", req.ProxyName)
 			log.Warn(info)
 			return
-		} else if req.AuthKey != privilegeKey {
-			log.Debug("%s  %s", req.AuthKey, privilegeKey)
+		} else if req.PrivilegeKey != privilegeKey {
 			info = fmt.Sprintf("ProxyName [%s], privilege mode authorization failed", req.ProxyName)
 			log.Warn(info)
 			return

src/frp/models/client/client.go

@@ -58,14 +58,19 @@ func (p *ProxyClient) GetRemoteConn(addr string, port int64) (c *conn.Conn, err
 	}
 
 	nowTime := time.Now().Unix()
-	authKey := pcrypto.GetAuthKey(p.Name + p.AuthToken + fmt.Sprintf("%d", nowTime))
 	req := &msg.ControlReq{
 		Type:          consts.NewWorkConn,
 		ProxyName:     p.Name,
-		AuthKey:       authKey,
 		PrivilegeMode: p.PrivilegeMode,
 		Timestamp:     nowTime,
 	}
+	if p.PrivilegeMode == true {
+		privilegeKey := pcrypto.GetAuthKey(p.Name + PrivilegeToken + fmt.Sprintf("%d", nowTime))
+		req.PrivilegeKey = privilegeKey
+	} else {
+		authKey := pcrypto.GetAuthKey(p.Name + p.AuthToken + fmt.Sprintf("%d", nowTime))
+		req.AuthKey = authKey
+	}
 
 	buf, _ := json.Marshal(req)
 	err = c.Write(string(buf) + "\n")

src/frp/models/client/config.go

@@ -30,7 +30,7 @@ var (
 	LogWay            string = "console"
 	LogLevel          string = "info"
 	LogMaxDays        int64  = 3
-	PrivilegeKey      string = ""
+	PrivilegeToken    string = ""
 	HeartBeatInterval int64  = 20
 	HeartBeatTimeout  int64  = 90
 )
@@ -77,9 +77,9 @@ func LoadConf(confFile string) (err error) {
 		LogMaxDays, _ = strconv.ParseInt(tmpStr, 10, 64)
 	}
 
-	tmpStr, ok = conf.Get("common", "privilege_key")
+	tmpStr, ok = conf.Get("common", "privilege_token")
 	if ok {
-		PrivilegeKey = tmpStr
+		PrivilegeToken = tmpStr
 	}
 
 	var authToken string
@@ -95,6 +95,9 @@ func LoadConf(confFile string) (err error) {
 			// name
 			proxyClient.Name = name
 
+			// auth_token
+			proxyClient.AuthToken = authToken
+
 			// local_ip
 			proxyClient.LocalIp, ok = section["local_ip"]
 			if !ok {
@@ -146,8 +149,11 @@ func LoadConf(confFile string) (err error) {
 
 			// configures used in privilege mode
 			if proxyClient.PrivilegeMode == true {
-				// auth_token
-				proxyClient.AuthToken = PrivilegeKey
+				if PrivilegeToken == "" {
+					return fmt.Errorf("Parse conf error: proxy [%s] privilege_key must be set when privilege_mode = true", proxyClient.Name)
+				} else {
+					proxyClient.PrivilegeToken = PrivilegeToken
+				}
 
 				if proxyClient.Type == "tcp" {
 					// remote_port
@@ -187,9 +193,6 @@ func LoadConf(confFile string) (err error) {
 						return fmt.Errorf("Parse conf error: proxy [%s] custom_domains must be set when type equals http", proxyClient.Name)
 					}
 				}
-			} else /* proxyClient.PrivilegeMode == false */ {
-				// authToken
-				proxyClient.AuthToken = authToken
 			}
 
 			ProxyClients[proxyClient.Name] = proxyClient

src/frp/models/config/config.go

@@ -15,10 +15,11 @@
 package config
 
 type BaseConf struct {
-	Name          string
-	AuthToken     string
-	Type          string
-	UseEncryption bool
-	UseGzip       bool
-	PrivilegeMode bool
+	Name           string
+	AuthToken      string
+	Type           string
+	UseEncryption  bool
+	UseGzip        bool
+	PrivilegeMode  bool
+	PrivilegeToken string
 }

src/frp/models/msg/msg.go

@@ -29,6 +29,7 @@ type ControlReq struct {
 
 	// configures used if privilege_mode is enabled
 	PrivilegeMode bool     `json:"privilege_mode"`
+	PrivilegeKey  string   `json:"privilege_key"`
 	ProxyType     string   `json:"proxy_type"`
 	RemotePort    int64    `json:"remote_port"`
 	CustomDomains []string `json:"custom_domains, omitempty"`

src/frp/models/msg/process.go

@@ -104,7 +104,11 @@ func unpkgMsg(data []byte) (int, []byte, []byte) {
 // decrypt msg from reader, then write into writer
 func pipeDecrypt(r net.Conn, w net.Conn, conf config.BaseConf) (err error) {
 	laes := new(pcrypto.Pcrypto)
-	if err := laes.Init([]byte(conf.AuthToken)); err != nil {
+	key := conf.AuthToken
+	if conf.PrivilegeMode {
+		key = conf.PrivilegeToken
+	}
+	if err := laes.Init([]byte(key)); err != nil {
 		log.Warn("ProxyName [%s], Pcrypto Init error: %v", conf.Name, err)
 		return fmt.Errorf("Pcrypto Init error: %v", err)
 	}
@@ -159,7 +163,11 @@ func pipeDecrypt(r net.Conn, w net.Conn, conf config.BaseConf) (err error) {
 // recvive msg from reader, then encrypt msg into writer
 func pipeEncrypt(r net.Conn, w net.Conn, conf config.BaseConf) (err error) {
 	laes := new(pcrypto.Pcrypto)
-	if err := laes.Init([]byte(conf.AuthToken)); err != nil {
+	key := conf.AuthToken
+	if conf.PrivilegeMode {
+		key = conf.PrivilegeToken
+	}
+	if err := laes.Init([]byte(key)); err != nil {
 		log.Warn("ProxyName [%s], Pcrypto Init error: %v", conf.Name, err)
 		return fmt.Errorf("Pcrypto Init error: %v", err)
 	}

src/frp/models/server/config.go

@@ -40,7 +40,7 @@ var (
 	LogLevel         string = "info"
 	LogMaxDays       int64  = 3
 	PrivilegeMode    bool   = false
-	PrivilegeKey     string = ""
+	PrivilegeToken   string = ""
 	HeartBeatTimeout int64  = 90
 	UserConnTimeout  int64  = 10
 
@@ -144,11 +144,14 @@ func loadCommonConf(confFile string) error {
 	}
 
 	if PrivilegeMode == true {
-		tmpStr, ok = conf.Get("common", "privilege_key")
+		tmpStr, ok = conf.Get("common", "privilege_token")
 		if ok {
-			PrivilegeKey = tmpStr
+			if tmpStr == "" {
+				return fmt.Errorf("Parse conf error: privilege_token can not be null")
+			}
+			PrivilegeToken = tmpStr
 		} else {
-			return fmt.Errorf("Parse conf error: privilege_key must be set if privilege_mode is enabled")
+			return fmt.Errorf("Parse conf error: privilege_token must be set if privilege_mode is enabled")
 		}
 	}
 	return nil

src/frp/models/server/server.go

@@ -59,10 +59,10 @@ func NewProxyServerFromCtlMsg(req *msg.ControlReq) (p *ProxyServer) {
 	p.UseEncryption = req.UseEncryption
 	p.UseGzip = req.UseGzip
 	p.PrivilegeMode = req.PrivilegeMode
+	p.PrivilegeToken = PrivilegeToken
 	p.BindAddr = BindAddr
 	p.ListenPort = req.RemotePort
 	p.CustomDomains = req.CustomDomains
-	p.AuthToken = PrivilegeKey
 	return
 }