From 470e35849f33d02de1e25e0fce570388daeb728f Mon Sep 17 00:00:00 2001 From: Darien Raymond Date: Fri, 25 Nov 2016 16:46:59 +0100 Subject: [PATCH] Server side OTA settings in shadowsocks --- proxy/shadowsocks/protocol.go | 18 +++++++++++++++++- tools/conf/shadowsocks.go | 8 ++++++++ 2 files changed, 25 insertions(+), 1 deletion(-) diff --git a/proxy/shadowsocks/protocol.go b/proxy/shadowsocks/protocol.go index e41f1cbd..e868800f 100644 --- a/proxy/shadowsocks/protocol.go +++ b/proxy/shadowsocks/protocol.go @@ -56,7 +56,7 @@ func ReadTCPSession(user *protocol.User, reader io.Reader) (*protocol.RequestHea lenBuffer := 1 _, err = io.ReadFull(reader, buffer.Value[:1]) if err != nil { - return nil, nil, errors.New("Sahdowsocks|TCP: Failed to read address type: " + err.Error()) + return nil, nil, errors.New("Shadowsocks|TCP: Failed to read address type: " + err.Error()) } addrType := (buffer.Value[0] & 0x0F) @@ -64,6 +64,14 @@ func ReadTCPSession(user *protocol.User, reader io.Reader) (*protocol.RequestHea request.Option |= RequestOptionOneTimeAuth } + if request.Option.Has(RequestOptionOneTimeAuth) && account.OneTimeAuth == Account_Disabled { + return nil, nil, errors.New("Shadowsocks|TCP: Rejecting connection with OTA enabled, while server disables OTA.") + } + + if !request.Option.Has(RequestOptionOneTimeAuth) && account.OneTimeAuth == Account_Enabled { + return nil, nil, errors.New("Shadowsocks|TCP: Rejecting connection with OTA disabled, while server enables OTA.") + } + switch addrType { case AddrTypeIPv4: _, err := io.ReadFull(reader, buffer.Value[lenBuffer:lenBuffer+4]) @@ -308,6 +316,14 @@ func DecodeUDPPacket(user *protocol.User, payload *alloc.Buffer) (*protocol.Requ request.Option |= RequestOptionOneTimeAuth } + if request.Option.Has(RequestOptionOneTimeAuth) && account.OneTimeAuth == Account_Disabled { + return nil, nil, errors.New("Shadowsocks|UDP: Rejecting packet with OTA enabled, while server disables OTA.") + } + + if !request.Option.Has(RequestOptionOneTimeAuth) && account.OneTimeAuth == Account_Enabled { + return nil, nil, errors.New("Shadowsocks|UDP: Rejecting packet with OTA disabled, while server enables OTA.") + } + if request.Option.Has(RequestOptionOneTimeAuth) { payloadLen := payload.Len() - AuthSize authBytes := payload.Value[payloadLen:] diff --git a/tools/conf/shadowsocks.go b/tools/conf/shadowsocks.go index b32eeee0..b1f66151 100644 --- a/tools/conf/shadowsocks.go +++ b/tools/conf/shadowsocks.go @@ -15,6 +15,7 @@ type ShadowsocksServerConfig struct { UDP bool `json:"udp"` Level byte `json:"level"` Email string `json:"email"` + OTA *bool `json:"ota"` } func (this *ShadowsocksServerConfig) Build() (*loader.TypedSettings, error) { @@ -28,6 +29,13 @@ func (this *ShadowsocksServerConfig) Build() (*loader.TypedSettings, error) { Password: this.Password, Ota: shadowsocks.Account_Auto, } + if this.OTA != nil { + if *this.OTA { + account.Ota = shadowsocks.Account_Enabled + } else { + account.Ota = shadowsocks.Account_Disabled + } + } cipher := strings.ToLower(this.Cipher) switch cipher { case "aes-256-cfb":