1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
|
package main
import (
"errors"
"fmt"
"log"
"net"
"time"
"github.com/HimbeerserverDE/srp"
"github.com/anon55555/mt"
)
type serverConn struct {
mt.Peer
clt *clientConn
state clientState
name string
initCh chan struct{}
auth struct {
method mt.AuthMethods
salt, srpA, a, srpK []byte
}
}
func (sc *serverConn) client() *clientConn { return sc.clt }
func (sc *serverConn) init() <-chan struct{} { return sc.initCh }
func (sc *serverConn) log(dir, msg string) {
log.Printf("{←|⇶} %s {%s} %s", dir, sc.name, msg)
}
func handleSrv(sc *serverConn) {
if sc.client() == nil {
sc.log("-->", "no associated client")
}
go func() {
for sc.state == csCreated {
sc.SendCmd(&mt.ToSrvInit{
SerializeVer: latestSerializeVer,
MinProtoVer: latestProtoVer,
MaxProtoVer: latestProtoVer,
PlayerName: sc.client().name,
})
time.Sleep(500 * time.Millisecond)
}
}()
for {
pkt, err := sc.Recv()
if err != nil {
if errors.Is(err, net.ErrClosed) {
sc.log("<->", "disconnect")
break
}
sc.log("-->", err.Error())
continue
}
switch cmd := pkt.Cmd.(type) {
case *mt.ToCltHello:
if sc.auth.method != 0 {
sc.log("<--", "unexpected authentication")
sc.Close()
break
}
sc.state++
if cmd.AuthMethods&mt.FirstSRP == mt.FirstSRP {
sc.auth.method = mt.FirstSRP
} else {
sc.auth.method = mt.SRP
}
if cmd.SerializeVer != latestSerializeVer {
sc.log("<--", "invalid serializeVer")
break
}
switch sc.auth.method {
case mt.SRP:
sc.auth.srpA, sc.auth.a, err = srp.InitiateHandshake()
if err != nil {
sc.log("-->", err.Error())
break
}
sc.SendCmd(&mt.ToSrvSRPBytesA{
A: sc.auth.srpA,
NoSHA1: true,
})
case mt.FirstSRP:
salt, verifier, err := srp.NewClient([]byte(sc.client().name), []byte{})
if err != nil {
sc.log("-->", err.Error())
break
}
sc.SendCmd(&mt.ToSrvFirstSRP{
Salt: salt,
Verifier: verifier,
EmptyPasswd: true,
})
default:
sc.log("<->", "invalid auth method")
sc.Close()
}
case *mt.ToCltSRPBytesSaltB:
if sc.auth.method != mt.SRP {
sc.log("<--", "multiple authentication attempts")
break
}
sc.auth.srpK, err = srp.CompleteHandshake(sc.auth.srpA, sc.auth.a, []byte(sc.client().name), []byte{}, cmd.Salt, cmd.B)
if err != nil {
sc.log("-->", err.Error())
break
}
M := srp.ClientProof([]byte(sc.client().name), cmd.Salt, sc.auth.srpA, cmd.B, sc.auth.srpK)
if M == nil {
sc.log("<--", "SRP safety check fail")
break
}
sc.SendCmd(&mt.ToSrvSRPBytesM{
M: M,
})
case *mt.ToCltDisco:
sc.log("<--", fmt.Sprintf("deny access %+v", cmd))
case *mt.ToCltAcceptAuth:
sc.auth.method = 0
sc.SendCmd(&mt.ToSrvInit2{Lang: sc.client().lang})
}
}
}
|
