weyne/rustdesk
1
0
Fork 0
mirror of https://github.com/weyne85/rustdesk.git synced 2025-10-29 17:00:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

password: safe/random personal password

Browse Source 
Signed-off-by: 21pages <pages21@163.com>
This commit is contained in:
21pages
2022-06-20 10:41:46 +08:00
parent 2851d71290
commit e46019a171
31 changed files with 1060 additions and 94 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
libs/hbb_common/Cargo.toml
View File

@@ -34,6 +34,7 @@ tokio-socks = { git = "https://github.com/open-trade/tokio-socks" }
[target.'cfg(not(any(target_os = "android", target_os = "ios")))'.dependencies]
mac_address = "1.1"
machine-uid = "0.2"
[features]
quic = []

30
libs/hbb_common/src/config.rs
View File

@@ -1,4 +1,8 @@
use crate::log;
use crate::{
log,
password_security::config::{decrypt_str_or_original, encrypt_str_or_original},
};
use anyhow::Result;
use directories_next::ProjectDirs;
use rand::Rng;
use serde_derive::{Deserialize, Serialize};
@@ -17,6 +21,7 @@ pub const CONNECT_TIMEOUT: u64 = 18_000;
pub const REG_INTERVAL: i64 = 12_000;
pub const COMPRESS_LEVEL: i32 = 3;
const SERIAL: i32 = 3;
const PASSWORD_ENC_VERSION: &'static str = "00";
// 128x128
#[cfg(target_os = "macos")] // 128x128 on 160x160 canvas, then shrink to 128, mac looks better with padding
pub const ICON: &str = "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAIAAAACACAMAAAD04JH5AAAAyVBMVEUAAAAAcf8Acf8Acf8Acv8Acf8Acf8Acf8Acf8AcP8Acf8Ab/8AcP8Acf////8AaP/z+f/o8v/k7v/5/v/T5f8AYP/u9v/X6f+hx/+Kuv95pP8Aef/B1/+TwP9xoP8BdP/g6P+Irv9ZmP8Bgf/E3f98q/9sn/+01f+Es/9nm/9Jif8hhv8off/M4P+syP+avP86iP/c7f+xy/9yqf9Om/9hk/9Rjv+60P99tv9fpf88lv8yjf8Tgf8deP+kvP8BiP8NeP8hkP80gP8oj2VLAAAADXRSTlMA7o7qLvnaxZ1FOxYPjH9HWgAABHJJREFUeNrtm+tW4jAQgBfwuu7MtIUWsOUiCCioIIgLiqvr+z/UHq/LJKVkmwTcc/r9E2nzlU4mSTP9lpGRkZGR8VX5cZjfL+yCEXYL+/nDH//U/Pd8DgyTy39Xbv7oIAcWyB0cqbW/sweW2NtRaj8H1sgpGOwUIAH7Bkd7YJW9dXFwAJY5WNP/cmCZQnJvzIN18on5LwfWySXlxEPYAIcad8D6PdiHDbCfIFCADVBIENiFDbCbIACKPPXrZ+cP8E6/0znvP4EymgIEravIRcTxu8HxNSJ60a8W0AYECKrlAN+YwAthCd9wm1Ug6wKzIn5SgRduXfwkqDasCjx0XFzi9PV6zwNcIuhcWBOg+ikySq8C9UD4dEKWBCoOcspvAuLHTo9sCDQiFPHotRM48j8G5gVur1FdAN2uaYEuiz7xFsgEJ2RUoMUakXuBTHHoGxQYOBhHjeUBAefEnMAowFhaLBOKuOemBBbxLRQrH2PBCgMvNCPQGMeevTb9zLrPxz2Mo+QbEaijzPUcOOHMQZkKGRAIPem39+bypREMPTkQW/oCfk866zAkiIFG4yIKRE/aAnfiSd0WrORY6pFdXQEqi9mvAQm0RIOSnoCcZ8vJoz3diCnjRk+g8VP4/fuQDJ2Lxr6WwG0gXs9aTpDzW0vgDBlVUpixR8gYk44AD8FrUKHr8JQJGgIDnoDqoALxmWPQSi9AVVzm8gKUuEPGr/QCvptwJkbSYT/TC4S8C96DGjTj86aHtAI0x2WaBIq0eSYYpRa4EsdWVVwWu9O0Aj6f6dyBMnwEraeOgSYu0wZlauzA47QCbT7DgAQSE+hZWoEBF/BBmWOewNMK3BsSqKUW4MGcWqCSVmDkbvkXGKQOwg6PAUO9oL3xXhA20yaiCjuwYygRVQlUOTWTCf2SuNJTxeFjgaHByGuAIvd8ItdPLTDhS7IuqEE1YSKVOgbayLhSFQhMzYh8hwfBs1r7c505YVIQYEdNoKwxK06MJiyrpUFHiF0NAfCQUVHoiRclIXJIR6C2fqG37pBHvcWpgwzvAtYwkR5UGV2e42UISdBJETl3mg8ouo54Rcnti1/vaT+iuUQBt500Cgo4U10BeHSkk57FB0JjWkKRMWgLUA0lLodtImAQdaMiiri3+gIAPZQoutHNsgKF1aaDMhMyIdBf8Th+Bh8MTjGWCpl5Wv43tDmnF+IUVMrcZgRoiAxhtrloYizNkZaAnF5leglbNhj0wYCAbCDvGb0mP4nib7O7ZlcYQ2m1gPtIZgVgGNNMeaVAaWR+57TrqgtUnm3sHQ+kYeE6fufUubG1ez50FXbPnWgBlgSABmN3TTcsRl2yWkHRrwbiunvk/W2+Mg1hPZplPDeXRbZzStFH15s1QIVd3UImP5z/bHpeeQLvRJ7XLFUffQIlCvqlXETQbgN9/rlYABGosv+Vi9m2Xs639YLGrZd0br+odetlvdsvbN56abfd4vbCzv9Q3v/ygoOV21A4OPpfXvH4Ai+5ZGRkZGRkbJA/t/I0QMzoMiEAAAAASUVORK5CYII=
@@ -267,11 +272,19 @@ impl Config {
}
fn load() -> Config {
Config::load_::<Config>("")
let mut config = Config::load_::<Config>("");
let (password, store) = decrypt_str_or_original(&config.password, PASSWORD_ENC_VERSION);
config.password = password;
if store {
config.store();
}
config
}
fn store(&self) {
Config::store_(self, "");
let mut config = self.clone();
config.password = encrypt_str_or_original(&config.password, PASSWORD_ENC_VERSION);
Config::store_(&config, "");
}
pub fn file() -> PathBuf {
@@ -627,7 +640,7 @@ impl Config {
log::info!("id updated from {} to {}", id, new_id);
}
pub fn set_password(password: &str) {
pub fn set_security_password(password: &str) {
let mut config = CONFIG.write().unwrap();
if password == config.password {
return;
@@ -636,13 +649,8 @@ impl Config {
config.store();
}
pub fn get_password() -> String {
let mut password = CONFIG.read().unwrap().password.clone();
if password.is_empty() {
password = Config::get_auto_password();
Config::set_password(&password);
}
password
pub fn get_security_password() -> String {
CONFIG.read().unwrap().password.clone()
}
pub fn set_salt(salt: &str) {

12
libs/hbb_common/src/lib.rs
View File

@@ -3,6 +3,7 @@ pub mod protos;
pub use protos::message as message_proto;
pub use protos::rendezvous as rendezvous_proto;
pub use bytes;
use config::Config;
pub use futures;
pub use protobuf;
use std::{
@@ -26,6 +27,7 @@ pub use anyhow::{self, bail};
pub use futures_util;
pub mod config;
pub mod fs;
pub use lazy_static;
#[cfg(not(any(target_os = "android", target_os = "ios")))]
pub use mac_address;
pub use rand;
@@ -34,7 +36,7 @@ pub use sodiumoxide;
pub use tokio_socks;
pub use tokio_socks::IntoTargetAddr;
pub use tokio_socks::TargetAddr;
pub use lazy_static;
pub mod password_security;
#[cfg(feature = "quic")]
pub type Stream = quic::Connection;
@@ -199,6 +201,14 @@ pub fn get_modified_time(path: &std::path::Path) -> SystemTime {
.unwrap_or(UNIX_EPOCH)
}
pub fn get_uuid() -> Vec<u8> {
#[cfg(not(any(target_os = "android", target_os = "ios")))]
if let Ok(id) = machine_uid::get() {
return id.into();
}
Config::get_key_pair().1
}
#[cfg(test)]
mod tests {
use super::*;

330
libs/hbb_common/src/password_security.rs Normal file
View File

@@ -0,0 +1,330 @@
pub mod password {
use crate::config::Config;
use std::{
fmt::Display,
str::FromStr,
sync::{Arc, RwLock},
};
lazy_static::lazy_static! {
pub static ref RANDOM_PASSWORD:Arc<RwLock<String>> = Arc::new(RwLock::new(Config::get_auto_password()));
}
const SECURITY_ENABLED: &'static str = "security-password-enabled";
const RANDOM_ENABLED: &'static str = "random-password-enabled";
const ONETIME_ENABLED: &'static str = "onetime-password-enabled";
const ONETIME_ACTIVATED: &'static str = "onetime-password-activated";
const UPDATE_METHOD: &'static str = "random-password-update-method";
#[derive(Debug, Clone, PartialEq, Eq)]
pub enum UpdateMethod {
KEEP,
UPDATE,
DISABLE,
}
impl FromStr for UpdateMethod {
type Err = ();
fn from_str(s: &str) -> Result<Self, Self::Err> {
if s == "KEEP" {
Ok(Self::KEEP)
} else if s == "UPDATE" {
Ok(Self::UPDATE)
} else if s == "DISABLE" {
Ok(Self::DISABLE)
} else {
Err(())
}
}
}
impl Display for UpdateMethod {
fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
match self {
UpdateMethod::KEEP => write!(f, "KEEP"),
UpdateMethod::UPDATE => write!(f, "UPDATE"),
UpdateMethod::DISABLE => write!(f, "DISABLE"),
}
}
}
pub fn set_random_password(password: &str) {
*RANDOM_PASSWORD.write().unwrap() = password.to_owned();
}
pub fn random_password() -> String {
let mut password = RANDOM_PASSWORD.read().unwrap().clone();
if password.is_empty() {
password = Config::get_auto_password();
set_random_password(&password);
}
password
}
pub fn random_password_valid() -> bool {
if random_enabled() {
onetime_password_activated() || !onetime_password_enabled()
} else {
false
}
}
pub fn passwords() -> Vec<String> {
let mut v = vec![];
if random_password_valid() {
v.push(random_password());
}
if security_enabled() {
v.push(Config::get_security_password());
}
v
}
pub fn after_session(authorized: bool) {
if authorized && random_enabled() {
UpdateMethod::from_str(&update_method())
.map(|method| match method {
UpdateMethod::KEEP => {}
UpdateMethod::UPDATE => set_random_password(&Config::get_auto_password()),
UpdateMethod::DISABLE => set_random_enabled(false),
})
.ok();
}
}
pub fn update_method() -> String {
let mut method = Config::get_option(UPDATE_METHOD);
if UpdateMethod::from_str(&method).is_err() {
method = UpdateMethod::KEEP.to_string(); // default is keep
set_update_method(&method);
}
method
}
pub fn set_update_method(method: &str) {
Config::set_option(UPDATE_METHOD.to_owned(), method.to_owned());
}
pub fn random_enabled() -> bool {
str2bool(RANDOM_ENABLED, true, || {
set_onetime_password_activated(false);
set_random_password(&Config::get_auto_password());
})
}
pub fn set_random_enabled(enabled: bool) {
if enabled != random_enabled() {
Config::set_option(RANDOM_ENABLED.to_owned(), bool2str(enabled));
set_onetime_password_activated(false);
if enabled {
set_random_password(&Config::get_auto_password());
}
}
}
pub fn security_enabled() -> bool {
str2bool(SECURITY_ENABLED, true, || {})
}
pub fn set_security_enabled(enabled: bool) {
if enabled != security_enabled() {
Config::set_option(SECURITY_ENABLED.to_owned(), bool2str(enabled));
}
}
pub fn onetime_password_enabled() -> bool {
str2bool(ONETIME_ENABLED, false, || {
set_onetime_password_activated(false);
set_random_password(&Config::get_auto_password());
})
}
pub fn set_onetime_password_enabled(enabled: bool) {
if enabled != onetime_password_enabled() {
Config::set_option(ONETIME_ENABLED.to_owned(), bool2str(enabled));
set_onetime_password_activated(false);
set_random_password(&Config::get_auto_password());
}
}
pub fn onetime_password_activated() -> bool {
str2bool(ONETIME_ACTIVATED, false, || {})
}
pub fn set_onetime_password_activated(activated: bool) {
if activated != onetime_password_activated() {
Config::set_option(ONETIME_ACTIVATED.to_owned(), bool2str(activated));
if activated {
set_random_password(&Config::get_auto_password());
}
}
}
// notice: Function nesting
fn str2bool(key: &str, default: bool, default_set: impl Fn()) -> bool {
let option = Config::get_option(key);
if option == "Y" {
true
} else if option == "N" {
false
} else {
Config::set_option(key.to_owned(), bool2str(default));
default_set();
default
}
}
fn bool2str(option: bool) -> String {
if option { "Y" } else { "N" }.to_owned()
}
}
pub mod config {
use super::base64::decrypt as decrypt00;
use super::base64::encrypt as encrypt00;
const VERSION_LEN: usize = 2;
pub fn encrypt_str_or_original(s: &str, version: &str) -> String {
if version.len() == VERSION_LEN {
if version == "00" {
if let Ok(s) = encrypt00(s.as_bytes()) {
return version.to_owned() + &s;
}
}
}
s.to_owned()
}
// bool: whether should store to re-encrypt when load
pub fn decrypt_str_or_original(s: &str, current_version: &str) -> (String, bool) {
if s.len() > VERSION_LEN {
let version = &s[..VERSION_LEN];
if version == "00" {
if let Ok(v) = decrypt00(&s[VERSION_LEN..].as_bytes()) {
return (
String::from_utf8_lossy(&v).to_string(),
version != current_version,
);
}
}
}
(s.to_owned(), !s.is_empty())
}
pub fn encrypt_vec_or_original(v: &[u8], version: &str) -> Vec<u8> {
if version.len() == VERSION_LEN {
if version == "00" {
if let Ok(s) = encrypt00(v) {
let mut version = version.to_owned().into_bytes();
version.append(&mut s.into_bytes());
return version;
}
}
}
v.to_owned()
}
// bool: whether should store to re-encrypt when load
pub fn decrypt_vec_or_original(v: &[u8], current_version: &str) -> (Vec<u8>, bool) {
if v.len() > VERSION_LEN {
let version = String::from_utf8_lossy(&v[..VERSION_LEN]);
if version == "00" {
if let Ok(v) = decrypt00(&v[VERSION_LEN..]) {
return (v, version != current_version);
}
}
}
(v.to_owned(), !v.is_empty())
}
mod test {
#[test]
fn test() {
use crate::password_security::config::*;
println!("test str");
let data = "Hello World";
let encrypted = encrypt_str_or_original(data, "00");
let (decrypted, store) = decrypt_str_or_original(&encrypted, "00");
println!("data: {}", data);
println!("encrypted: {}", encrypted);
println!("decrypted: {}", decrypted);
assert_eq!(data, decrypted);
assert_eq!("00", &encrypted[..2]);
assert_eq!(store, false);
let (_, store2) = decrypt_str_or_original(&encrypted, "01");
assert_eq!(store2, true);
println!("test vec");
let data: Vec<u8> = vec![1, 2, 3, 4];
let encrypted = encrypt_vec_or_original(&data, "00");
let (decrypted, store) = decrypt_vec_or_original(&encrypted, "00");
println!("data: {:?}", data);
println!("encrypted: {:?}", encrypted);
println!("decrypted: {:?}", decrypted);
assert_eq!(data, decrypted);
assert_eq!("00".as_bytes(), &encrypted[..2]);
assert_eq!(store, false);
let (_, store2) = decrypt_vec_or_original(&encrypted, "01");
assert_eq!(store2, true);
println!("test old");
let data = "00Hello World";
let (decrypted, store) = decrypt_str_or_original(&data, "00");
assert_eq!(data, decrypted);
assert_eq!(store, true);
let data: Vec<u8> = vec!['0' as u8, '0' as u8, 1, 2, 3, 4];
let (decrypted, store) = decrypt_vec_or_original(&data, "00");
assert_eq!(data, decrypted);
assert_eq!(store, true);
let (_, store) = decrypt_str_or_original("", "00");
assert_eq!(store, false);
let (_, store) = decrypt_vec_or_original(&vec![], "00");
assert_eq!(store, false);
}
}
}
mod base64 {
use super::symmetric_crypt;
use sodiumoxide::base64;
pub fn encrypt(v: &[u8]) -> Result<String, ()> {
if v.len() > 0 {
symmetric_crypt(v, true).map(|v| base64::encode(v, base64::Variant::Original))
} else {
Err(())
}
}
pub fn decrypt(v: &[u8]) -> Result<Vec<u8>, ()> {
if v.len() > 0 {
base64::decode(v, base64::Variant::Original).and_then(|v| symmetric_crypt(&v, false))
} else {
Err(())
}
}
}
fn symmetric_crypt(data: &[u8], encrypt: bool) -> Result<Vec<u8>, ()> {
use sodiumoxide::crypto::secretbox;
use std::convert::TryInto;
let mut keybuf = crate::get_uuid();
keybuf.resize(secretbox::KEYBYTES, 0);
let key = secretbox::Key(keybuf.try_into().map_err(|_| ())?);
let nonce = secretbox::Nonce([0; secretbox::NONCEBYTES]);
if encrypt {
Ok(secretbox::seal(data, &nonce, &key))
} else {
secretbox::open(data, &nonce, &key)
}
}