|
|
@@ -56,7 +56,7 @@ func ReadTCPSession(user *protocol.User, reader io.Reader) (*protocol.RequestHea
|
|
|
lenBuffer := 1
|
|
|
_, err = io.ReadFull(reader, buffer.Value[:1])
|
|
|
if err != nil {
|
|
|
- return nil, nil, errors.New("Sahdowsocks|TCP: Failed to read address type: " + err.Error())
|
|
|
+ return nil, nil, errors.New("Shadowsocks|TCP: Failed to read address type: " + err.Error())
|
|
|
}
|
|
|
|
|
|
addrType := (buffer.Value[0] & 0x0F)
|
|
|
@@ -64,6 +64,14 @@ func ReadTCPSession(user *protocol.User, reader io.Reader) (*protocol.RequestHea
|
|
|
request.Option |= RequestOptionOneTimeAuth
|
|
|
}
|
|
|
|
|
|
+ if request.Option.Has(RequestOptionOneTimeAuth) && account.OneTimeAuth == Account_Disabled {
|
|
|
+ return nil, nil, errors.New("Shadowsocks|TCP: Rejecting connection with OTA enabled, while server disables OTA.")
|
|
|
+ }
|
|
|
+
|
|
|
+ if !request.Option.Has(RequestOptionOneTimeAuth) && account.OneTimeAuth == Account_Enabled {
|
|
|
+ return nil, nil, errors.New("Shadowsocks|TCP: Rejecting connection with OTA disabled, while server enables OTA.")
|
|
|
+ }
|
|
|
+
|
|
|
switch addrType {
|
|
|
case AddrTypeIPv4:
|
|
|
_, err := io.ReadFull(reader, buffer.Value[lenBuffer:lenBuffer+4])
|
|
|
@@ -308,6 +316,14 @@ func DecodeUDPPacket(user *protocol.User, payload *alloc.Buffer) (*protocol.Requ
|
|
|
request.Option |= RequestOptionOneTimeAuth
|
|
|
}
|
|
|
|
|
|
+ if request.Option.Has(RequestOptionOneTimeAuth) && account.OneTimeAuth == Account_Disabled {
|
|
|
+ return nil, nil, errors.New("Shadowsocks|UDP: Rejecting packet with OTA enabled, while server disables OTA.")
|
|
|
+ }
|
|
|
+
|
|
|
+ if !request.Option.Has(RequestOptionOneTimeAuth) && account.OneTimeAuth == Account_Enabled {
|
|
|
+ return nil, nil, errors.New("Shadowsocks|UDP: Rejecting packet with OTA disabled, while server enables OTA.")
|
|
|
+ }
|
|
|
+
|
|
|
if request.Option.Has(RequestOptionOneTimeAuth) {
|
|
|
payloadLen := payload.Len() - AuthSize
|
|
|
authBytes := payload.Value[payloadLen:]
|
Darien Raymond