yuanyuanxiang/SimpleRemoter
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 4 Wiki Activity

Improve master authorization logs and web remote desktop cursor

Browse Source
This commit is contained in:
yuanyuanxiang
2026-05-04 14:02:35 +02:00
parent 92f3df8464
commit 773c78ac0f
16 changed files with 248 additions and 122 deletions
Download Patch File Download Diff File Expand all files Collapse all files

73
server/2015Remote/2015RemoteDlg.cpp
View File

@@ -176,9 +176,9 @@ bool SupportsFileTransferV2(context* ctx) {
}
// 授权日志频率控制:首次必须记录,状态变化必须记录,相同状态每小时记录一次
static bool ShouldLogAuth(const std::string& sn, bool success) {
static bool ShouldLogAuth(const std::string& sn, int success) {
struct AuthLogState {
bool lastStatus;
int lastStatus;
time_t lastLogTime;
};
static std::map<std::string, AuthLogState> s_cache;
@@ -4526,12 +4526,12 @@ bool IsDateInRange(const std::string& startDate, const std::string& endDate)
return (today >= startDate && today <= endDate);
}
BOOL CMy2015RemoteDlg::AuthorizeClient(context* ctx, const std::string& sn, const std::string& passcode, uint64_t hmac, bool* outExpired)
int CMy2015RemoteDlg::AuthorizeClient(context* ctx, const std::string& sn, const std::string& passcode, uint64_t hmac, bool* outExpired)
{
if (outExpired) *outExpired = false;
if (sn.empty() || passcode.empty() || hmac == 0) {
return FALSE;
return 1;
}
auto v = splitString(passcode, '-');
if (v.size() == 6 || v.size() == 7) {
@@ -4541,7 +4541,7 @@ BOOL CMy2015RemoteDlg::AuthorizeClient(context* ctx, const std::string& sn, cons
std::string hash256 = joinString(subvector, '-');
std::string fixedKey = getFixedLengthID(finalKey);
if (hash256 != fixedKey)
return FALSE;
return 2;
}
static const char* superAdmin = getenv(BRAND_ENV_VAR);
@@ -4550,14 +4550,13 @@ BOOL CMy2015RemoteDlg::AuthorizeClient(context* ctx, const std::string& sn, cons
Mprintf("请设置环境变量 " BRAND_ENV_VAR " 来给下级授权!\n");
}
BOOL b = VerifyMessage(pwd, (BYTE*)passcode.c_str(), passcode.length(), hmac);
if (!b) return FALSE;
if (!b) return 3;
auto list = StringToVector(passcode, '-', 2);
BOOL valid = IsDateInRange(list[0], list[1]);
std::string hmacStr = std::to_string(hmac);
// 授权过期,更新或创建记录并标记为过期
if (!valid) {
Mprintf("授权已过期: %s\n", sn.c_str());
if (outExpired) *outExpired = true; // 签名有效但已过期
if (ctx != nullptr) {
std::string ip = ctx->GetClientData(ONLINELIST_IP);
@@ -4568,13 +4567,12 @@ BOOL CMy2015RemoteDlg::AuthorizeClient(context* ctx, const std::string& sn, cons
UpdateLicenseActivity(sn, passcode, hmacStr);
}
SetLicenseStatus(sn, LICENSE_STATUS_EXPIRED);
return FALSE;
return 4;
}
// 检查授权是否已被撤销
if (IsLicenseRevoked(sn)) {
Mprintf("授权已被撤销: %s\n", sn.c_str());
return FALSE;
return 5;
}
// 授权成功时更新 license 活跃信息
@@ -4587,21 +4585,20 @@ BOOL CMy2015RemoteDlg::AuthorizeClient(context* ctx, const std::string& sn, cons
UpdateLicenseActivity(sn, passcode, hmacStr);
}
return TRUE;
return 0;
}
BOOL CMy2015RemoteDlg::AuthorizeClientV2(context* ctx, const std::string& sn, const std::string& passcode, const std::string& hmacV2, bool* outExpired)
int CMy2015RemoteDlg::AuthorizeClientV2(context* ctx, const std::string& sn, const std::string& passcode, const std::string& hmacV2, bool* outExpired)
{
if (outExpired) *outExpired = false;
if (sn.empty() || passcode.empty() || hmacV2.empty()) {
return FALSE;
return 1;
}
// 检查 V2 前缀
if (hmacV2.substr(0, 3) != "v2:") {
Mprintf("V2 HMAC 格式错误: %s\n", hmacV2.c_str());
return FALSE;
return 2;
}
// 检查公钥是否已配置(全零表示未配置)
@@ -4613,15 +4610,13 @@ BOOL CMy2015RemoteDlg::AuthorizeClientV2(context* ctx, const std::string& sn, co
}
}
if (!keyConfigured) {
Mprintf("V2 公钥未配置,无法验证 V2 授权\n");
return FALSE;
return 3;
}
// 使用 V2 验证
BOOL b = verifyPasswordV2(sn, passcode, hmacV2, g_LicensePublicKey);
if (!b) {
Mprintf("V2 签名验证失败: %s\n", sn.c_str());
return FALSE;
return 4;
}
auto list = StringToVector(passcode, '-', 2);
@@ -4629,7 +4624,6 @@ BOOL CMy2015RemoteDlg::AuthorizeClientV2(context* ctx, const std::string& sn, co
// 授权过期
if (!valid) {
Mprintf("V2 授权已过期: %s\n", sn.c_str());
if (outExpired) *outExpired = true; // 签名有效但已过期
if (ctx != nullptr) {
std::string ip = ctx->GetClientData(ONLINELIST_IP);
@@ -4640,13 +4634,12 @@ BOOL CMy2015RemoteDlg::AuthorizeClientV2(context* ctx, const std::string& sn, co
UpdateLicenseActivity(sn, passcode, hmacV2);
}
SetLicenseStatus(sn, LICENSE_STATUS_EXPIRED);
return FALSE;
return 5;
}
// 检查授权是否已被撤销
if (IsLicenseRevoked(sn)) {
Mprintf("V2 授权已被撤销: %s\n", sn.c_str());
return FALSE;
return 6;
}
// 授权成功时更新 license 活跃信息
@@ -4659,7 +4652,7 @@ BOOL CMy2015RemoteDlg::AuthorizeClientV2(context* ctx, const std::string& sn, co
UpdateLicenseActivity(sn, passcode, hmacV2);
}
return TRUE;
return 0;
}
BOOL IsTrail(const std::string& passcode)
@@ -5785,7 +5778,7 @@ std::tuple<bool, bool, bool, bool> CMy2015RemoteDlg::VerifyClientAuth(context* h
const std::string& sn, const std::string& passcode, uint64_t hmac,
const std::string& hmacV2, const std::string& ip, const char* source)
{
bool authorized = false;
BOOL authorized = -1;
bool isV2 = false;
bool isTrail = false;
bool expired = false;
@@ -5794,19 +5787,19 @@ std::tuple<bool, bool, bool, bool> CMy2015RemoteDlg::VerifyClientAuth(context* h
// V2 授权验证
isV2 = true;
authorized = AuthorizeClientV2(host, sn, passcode, hmacV2, &expired);
if (authorized) {
if (authorized == 0) {
if (host) {
m_ClientMap->SetClientMapInteger(host->GetClientID(), MAP_AUTH, TRUE);
}
isTrail = IsTrail(passcode.c_str());
}
if (ShouldLogAuth(sn, authorized)) {
if (authorized) {
if (authorized == 0) {
Mprintf("[%s] %s V2 授权成功: %s [%s]\n", source, passcode.c_str(), sn.c_str(), ip.c_str());
std::string tip = passcode + std::string(_L(" V2 授权成功: ")) + sn + "[" + ip + "]";
PostMessageA(WM_SHOWMESSAGE, (WPARAM)new CharMsg(tip.c_str()), NULL);
} else {
Mprintf("[%s] %s V2 授权失败: %s [%s]\n", source, passcode.c_str(), sn.c_str(), ip.c_str());
Mprintf("[%s] %s V2 授权失败 %d: %s [%s]\n", source, passcode.c_str(), authorized, sn.c_str(), ip.c_str());
std::string tip = passcode + std::string(_L(" V2 授权失败: ")) + sn + "[" + ip + "]";
PostMessageA(WM_SHOWMESSAGE, (WPARAM)new CharMsg(tip.c_str()), NULL);
}
@@ -5815,26 +5808,26 @@ std::tuple<bool, bool, bool, bool> CMy2015RemoteDlg::VerifyClientAuth(context* h
// V1 授权验证
isV2 = false;
authorized = AuthorizeClient(host, sn, passcode, hmac, &expired);
if (authorized) {
if (authorized == 0) {
if (host) {
m_ClientMap->SetClientMapInteger(host->GetClientID(), MAP_AUTH, TRUE);
}
isTrail = IsTrail(passcode.c_str());
}
if (ShouldLogAuth(sn, authorized)) {
if (authorized) {
if (authorized == 0) {
Mprintf("[%s] %s V1 授权成功: %s [%s]\n", source, passcode.c_str(), sn.c_str(), ip.c_str());
std::string tip = passcode + std::string(_L(" V1 授权成功: ")) + sn + "[" + ip + "]";
PostMessageA(WM_SHOWMESSAGE, (WPARAM)new CharMsg(tip.c_str()), NULL);
} else {
Mprintf("[%s] %s V1 授权失败: %s [%s]\n", source, passcode.c_str(), sn.c_str(), ip.c_str());
Mprintf("[%s] %s V1 授权失败 %d: %s [%s]\n", source, passcode.c_str(), authorized, sn.c_str(), ip.c_str());
std::string tip = passcode + std::string(_L(" V1 授权失败: ")) + sn + "[" + ip + "]";
PostMessageA(WM_SHOWMESSAGE, (WPARAM)new CharMsg(tip.c_str()), NULL);
}
}
}
return std::make_tuple(authorized, isV2, isTrail, expired);
return std::make_tuple(authorized==0, isV2, isTrail, expired);
}
// 检查并发送预设续期(多点验证)
@@ -8609,6 +8602,22 @@ context* CMy2015RemoteDlg::FindHostByIP(const std::string& ip)
return NULL;
}
uint64_t CMy2015RemoteDlg::FindClientIDByIP(const std::string& ip)
{
CString clientIP(ip.c_str());
uint64_t clientID = 0;
EnterCriticalSection(&m_cs);
for (auto i = m_HostList.begin(); i != m_HostList.end(); ++i) {
context* ContextObject = *i;
if (ContextObject->GetClientData(ONLINELIST_IP) == clientIP || ContextObject->GetAdditionalData(RES_CLIENT_PUBIP) == clientIP) {
clientID = ContextObject->GetClientID();
break;
}
}
LeaveCriticalSection(&m_cs);
return clientID;
}
LRESULT CMy2015RemoteDlg::InjectShellcode(WPARAM wParam, LPARAM lParam)
{
std::string* ip = (std::string*)wParam;