mirror of https://github.com/cbeuw/Cloak
Fix admin session
This commit is contained in:
Qian Wang
parent
9fa37e327f
commit
550c298bc2
|
|
@ -78,17 +78,6 @@ func dispatchConnection(conn net.Conn, sta *server.State) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
user, err := sta.Panel.GetUser(UID)
|
|
||||||
if err != nil {
|
|
||||||
log.WithFields(log.Fields{
|
|
||||||
"UID": b64(UID),
|
|
||||||
"remoteAddr": remoteAddr,
|
|
||||||
"error": err,
|
|
||||||
}).Warn("+1 unauthorised UID")
|
|
||||||
goWeb()
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
finishHandshake := func(sessionKey []byte) error {
|
finishHandshake := func(sessionKey []byte) error {
|
||||||
reply := server.ComposeReply(ch, sharedSecret, sessionKey)
|
reply := server.ComposeReply(ch, sharedSecret, sessionKey)
|
||||||
_, err = conn.Write(reply)
|
_, err = conn.Write(reply)
|
||||||
|
|
@ -107,6 +96,37 @@ func dispatchConnection(conn net.Conn, sta *server.State) {
|
||||||
goWeb()
|
goWeb()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// adminUID can use the server as normal with unlimited QoS credits. The adminUID is not
|
||||||
|
// added to the userinfo database. The distinction between going into the admin mode
|
||||||
|
// and normal proxy mode is that sessionID needs == 0 for admin mode
|
||||||
|
if bytes.Equal(UID, sta.AdminUID) && sessionID == 0 {
|
||||||
|
err = finishHandshake(sessionKey)
|
||||||
|
if err != nil {
|
||||||
|
log.Error(err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
sesh := mux.MakeSession(0, mux.UNLIMITED_VALVE, obfuscator, util.ReadTLS)
|
||||||
|
sesh.AddConnection(conn)
|
||||||
|
//TODO: Router could be nil in cnc mode
|
||||||
|
log.WithField("remoteAddr", conn.RemoteAddr()).Info("New admin session")
|
||||||
|
err = http.Serve(sesh, sta.LocalAPIRouter)
|
||||||
|
if err != nil {
|
||||||
|
log.Error(err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
user, err := sta.Panel.GetUser(UID)
|
||||||
|
if err != nil {
|
||||||
|
log.WithFields(log.Fields{
|
||||||
|
"UID": b64(UID),
|
||||||
|
"remoteAddr": remoteAddr,
|
||||||
|
"error": err,
|
||||||
|
}).Warn("+1 unauthorised UID")
|
||||||
|
goWeb()
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
sesh, existing, err := user.GetSession(sessionID, obfuscator, util.ReadTLS)
|
sesh, existing, err := user.GetSession(sessionID, obfuscator, util.ReadTLS)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
user.DelSession(sessionID)
|
user.DelSession(sessionID)
|
||||||
|
|
@ -124,25 +144,6 @@ func dispatchConnection(conn net.Conn, sta *server.State) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
// adminUID can use the server as normal with unlimited QoS credits. The adminUID is not
|
|
||||||
// added to the userinfo database. The distinction between going into the admin mode
|
|
||||||
// and normal proxy mode is that sessionID needs == 0 for admin mode
|
|
||||||
if bytes.Equal(UID, sta.AdminUID) && sessionID == 0 {
|
|
||||||
err = finishHandshake(sessionKey)
|
|
||||||
if err != nil {
|
|
||||||
log.Error(err)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
sesh := mux.MakeSession(0, mux.UNLIMITED_VALVE, obfuscator, util.ReadTLS)
|
|
||||||
sesh.AddConnection(conn)
|
|
||||||
//TODO: Router could be nil in cnc mode
|
|
||||||
err = http.Serve(sesh, sta.LocalAPIRouter)
|
|
||||||
if err != nil {
|
|
||||||
log.Error(err)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
err = finishHandshake(sessionKey)
|
err = finishHandshake(sessionKey)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Error(err)
|
log.Error(err)
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue