From 2e36627a121676504fb1633957358685e65899d4 Mon Sep 17 00:00:00 2001 From: Andy Wang Date: Sat, 19 Dec 2020 15:34:17 +0000 Subject: [PATCH] Make AdminUID optional and implement better validation on empty config fields --- README.md | 2 +- example_config/ckserver.json | 2 +- internal/server/dispatcher.go | 2 +- internal/server/state.go | 10 ++++++++-- 4 files changed, 11 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 044c144..6571453 100644 --- a/README.md +++ b/README.md @@ -166,7 +166,7 @@ is established. 0. Install at least one underlying proxy server (e.g. OpenVPN, Shadowsocks). 1. Download [the latest release](https://github.com/cbeuw/Cloak/releases) or clone and build this repo. 2. Run `ck-server -key`. The **public** should be given to users, the **private** key should be kept secret. -3. Run `ck-server -uid`. The new UID will be used as `AdminUID`. +3. (Skip if you only want to add unrestricted users) Run `ck-server -uid`. The new UID will be used as `AdminUID`. 4. Copy example_config/ckserver.json into a desired location. Change `PrivateKey` to the private key you just obtained; change `AdminUID` to the UID you just obtained. 5. Configure your underlying proxy server so that they all listen on localhost. Edit `ProxyBook` in the configuration diff --git a/example_config/ckserver.json b/example_config/ckserver.json index c7a977c..589868b 100644 --- a/example_config/ckserver.json +++ b/example_config/ckserver.json @@ -22,6 +22,6 @@ ], "RedirAddr": "cloudflare.com", "PrivateKey": "---Private key here---", - "AdminUID": "---Admin UID here---", + "AdminUID": "---Admin UID here (optional)---", "DatabasePath": "userinfo.db" } diff --git a/internal/server/dispatcher.go b/internal/server/dispatcher.go index 4fa0698..80ee28c 100644 --- a/internal/server/dispatcher.go +++ b/internal/server/dispatcher.go @@ -190,7 +190,7 @@ func dispatchConnection(conn net.Conn, sta *State) { // adminUID can use the server as normal with unlimited QoS credits. The adminUID is not // added to the userinfo database. The distinction between going into the admin mode // and normal proxy mode is that sessionID needs == 0 for admin mode - if bytes.Equal(ci.UID, sta.AdminUID) && ci.SessionId == 0 { + if len(sta.AdminUID) != 0 && bytes.Equal(ci.UID, sta.AdminUID) && ci.SessionId == 0 { sesh := mux.MakeSession(0, seshConfig) preparedConn, err := finishHandshake(conn, sessionKey, sta.WorldState.Rand) if err != nil { diff --git a/internal/server/state.go b/internal/server/state.go index 66541f5..576e326 100644 --- a/internal/server/state.go +++ b/internal/server/state.go @@ -168,6 +168,10 @@ func InitState(preParse RawConfig, worldState common.WorldState) (sta *State, er return } + if len(preParse.PrivateKey) == 0 { + err = fmt.Errorf("must have a valid private key. Run `ck-server -key` to generate one") + return + } var pv [32]byte copy(pv[:], preParse.PrivateKey) sta.StaticPv = &pv @@ -179,8 +183,10 @@ func InitState(preParse RawConfig, worldState common.WorldState) (sta *State, er copy(arrUID[:], UID) sta.BypassUID[arrUID] = struct{}{} } - copy(arrUID[:], sta.AdminUID) - sta.BypassUID[arrUID] = struct{}{} + if len(sta.AdminUID) != 0 { + copy(arrUID[:], sta.AdminUID) + sta.BypassUID[arrUID] = struct{}{} + } go sta.UsedRandomCleaner() return sta, nil