yuanyuanxiang/SimpleRemoter
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 4 Wiki Activity

Feature: sub-connection auth (TOKEN_CONN_AUTH) with HMAC + clientID binding

Browse Source 
Client first packet on every sub-connection signs (clientID || timestamp ||
nonce) and waits for server ack. Server verifies signature and pins clientID
on the sub-connection ctx, eliminating IP-reverse-lookup unreliability for
NAT/localhost scenarios. Sub-conn coverage: Win 12 sites, Linux/macOS 3-4
each. Main connection keeps existing TOKEN_LOGIN flow unchanged.

Includes:
- Protocol structs sized to 512/256 bytes with reserved space for future
  extensions (locale, OS info, session token, etc.)
- 5-min timestamp tolerance (Kerberos-grade replay window)
- 10-sec client wait for cross-pacific / weak-network tolerance
- Fix RemoveFromHostList side-effect ordering: MarkDeviceOffline and
  m_ActiveWndW.erase now only fire when ctx is actually removed from
  m_HostList, preventing sub-conn disconnects from misreporting main as
  offline (regression introduced by auth-set clientID on sub ctx)
- Fix latent bug: IOCPClient::m_conn was never assigned in ctor, leaving
  GetConnectionAddress() always NULL and FileManager V2 transfer's
  srcClientID always 0

Breaking change: new client cannot use sub-features against old server.
New server tolerates legacy clients (no auth). Future tightening can reject
unauthenticated sub-connections via IsAuthenticated() flag.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
yuanyuanxiang
2026-05-06 23:55:34 +02:00
parent 2c5b5ad628
commit ef8165c3b4
11 changed files with 363 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
server/2015Remote/FileManagerDlg.cpp
View File

@@ -30,17 +30,15 @@ CString CFileManagerDlg::s_strLocalHistoryPath;
std::map<uint64_t, CString> CFileManagerDlg::s_mapRemoteHistoryPath;
CLock CFileManagerDlg::s_lockHistory;
// 获取有效的客户端ID优先用 m_ClientID,否则通过 IP 找主连接
// 获取有效的客户端ID基类已经覆盖 m_ClientID + ctx->GetClientID()(含 auth 后钉的值),
// 这里仅在它们都拿不到时(老客户端没走 auth通过 IP 反查主连接做兜底。
uint64_t CFileManagerDlg::GetClientID() const
{
// 优先使用已设置的 m_ClientID未来 TOKEN_CLIENTID 会设置这个)
if (m_ClientID != 0) {
return m_ClientID;
}
// 回退:通过 IP 找主连接获取 ClientID线程安全
uint64_t id = CDialogBase::GetClientID();
if (id != 0) return id;
// 老客户端兜底:通过 IP 找主连接获取 ClientID线程安全
if (g_2015RemoteDlg && m_ContextObject) {
std::string peerIP = m_ContextObject->GetPeerName();
return g_2015RemoteDlg->FindClientIDByIP(peerIP);
return g_2015RemoteDlg->FindClientIDByIP(m_ContextObject->GetPeerName());
}
return 0;
}