fix ota (#609)(#610) (#610)

dafeixia · Sep 4, 2016 · 56bf81f · 56bf81f
1 parent f35590b
commit 56bf81f
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 13 deletions.
diff --git a/shadowsocks/tcprelay.py b/shadowsocks/tcprelay.py
@@ -126,6 +126,7 @@ def __init__(self, server, fd_to_handlers, loop, local_sock, config,
             self._ota_enable = True
         else:
             self._ota_enable = False
+        self._ota_enable_session = self._ota_enable
         self._ota_buff_head = b''
         self._ota_buff_data = b''
         self._ota_len = 0
@@ -247,12 +248,12 @@ def _write_to_sock(self, data, sock):
 
     def _handle_stage_connecting(self, data):
         if self._is_local:
-            if self._ota_enable:
+            if self._ota_enable_session:
                 data = self._ota_chunk_data_gen(data)
             data = self._encryptor.encrypt(data)
             self._data_to_write_to_remote.append(data)
         else:
-            if self._ota_enable:
+            if self._ota_enable_session:
                 self._ota_chunk_data(data,
                                      self._data_to_write_to_remote.append)
             else:
@@ -327,8 +328,11 @@ def _handle_stage_addr(self, data):
                           self._client_address[0], self._client_address[1]))
             if self._is_local is False:
                 # spec https://shadowsocks.org/en/spec/one-time-auth.html
-                if self._ota_enable or addrtype & ADDRTYPE_AUTH:
-                    self._ota_enable = True
+                self._ota_enable_session = addrtype & ADDRTYPE_AUTH
+                if self._ota_enable and not self._ota_enable_session:
+                    logging.warn('client one time auth is required')
+                    return
+                if self._ota_enable_session:
                     if len(data) < header_length + ONETIMEAUTH_BYTES:
                         logging.warn('one time auth header is too short')
                         return None
@@ -352,7 +356,7 @@ def _handle_stage_addr(self, data):
                                     self._local_sock)
                 # spec https://shadowsocks.org/en/spec/one-time-auth.html
                 # ATYP & 0x10 == 1, then OTA is enabled.
-                if self._ota_enable:
+                if self._ota_enable_session:
                     data = common.chr(addrtype | ADDRTYPE_AUTH) + data[1:]
                     key = self._encryptor.cipher_iv + self._encryptor.key
                     data += onetimeauth_gen(data, key)
@@ -362,7 +366,7 @@ def _handle_stage_addr(self, data):
                 self._dns_resolver.resolve(self._chosen_server[0],
                                            self._handle_dns_resolved)
             else:
-                if self._ota_enable:
+                if self._ota_enable_session:
                     data = data[header_length:]
                     self._ota_chunk_data(data,
                                          self._data_to_write_to_remote.append)
@@ -485,12 +489,12 @@ def _ota_chunk_data_gen(self, data):
 
     def _handle_stage_stream(self, data):
         if self._is_local:
-            if self._ota_enable:
+            if self._ota_enable_session:
                 data = self._ota_chunk_data_gen(data)
             data = self._encryptor.encrypt(data)
             self._write_to_sock(data, self._remote_sock)
         else:
-            if self._ota_enable:
+            if self._ota_enable_session:
                 self._ota_chunk_data(data, self._write_to_sock_remote)
             else:
                 self._write_to_sock(data, self._remote_sock)

diff --git a/shadowsocks/udprelay.py b/shadowsocks/udprelay.py
@@ -99,9 +99,10 @@ def __init__(self, config, dns_resolver, is_local, stat_callback=None):
         self._method = config['method']
         self._timeout = config['timeout']
         if 'one_time_auth' in config and config['one_time_auth']:
-            self._one_time_auth_enable = True
+            self._ota_enable = True
         else:
-            self._one_time_auth_enable = False
+            self._ota_enable = False
+        self._ota_enable_session = self._ota_enable
         self._is_local = is_local
         self._cache = lru_cache.LRUCache(timeout=config['timeout'],
                                          close_callback=self._close_client)
@@ -183,8 +184,11 @@ def _handle_server(self):
         else:
             server_addr, server_port = dest_addr, dest_port
             # spec https://shadowsocks.org/en/spec/one-time-auth.html
-            if self._one_time_auth_enable or addrtype & ADDRTYPE_AUTH:
-                self._one_time_auth_enable = True
+            self._ota_enable_session = addrtype & ADDRTYPE_AUTH
+            if self._ota_enable and not self._ota_enable_session:
+                logging.warn('client one time auth is required')
+                return
+            if self._ota_enable_session:
                 if len(data) < header_length + ONETIMEAUTH_BYTES:
                     logging.warn('UDP one time auth header is too short')
                     return
@@ -226,7 +230,7 @@ def _handle_server(self):
         if self._is_local:
             key, iv, m = encrypt.gen_key_iv(self._password, self._method)
             # spec https://shadowsocks.org/en/spec/one-time-auth.html
-            if self._one_time_auth_enable:
+            if self._ota_enable_session:
                 data = self._ota_chunk_data_gen(key, iv, data)
             data = encrypt.encrypt_all_m(key, iv, m, self._method, data)
             if not data: