7x31
/
anylink
mirror of https://github.com/bjdgyc/anylink.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

修改profile.xml自动获取hash

This commit is contained in:
bjdgyc 2021-12-31 16:35:33 +08:00
parent e780afe18c
commit 6c5969c5ea
7 changed files with 31 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
server/base/cfg.go
View File

@ -32,6 +32,7 @@ var (
type ServerConfig struct {
// LinkAddr string `json:"link_addr"`
Conf string `json:"conf"`
Profile string `json:"profile"`
ServerAddr string `json:"server_addr"`
ServerDTLSAddr string `json:"server_dtls_addr"`
ServerDTLS bool `json:"server_dtls"`

1
server/base/config.go
View File

@ -21,6 +21,7 @@ type config struct {
var configs = []config{
{Typ: cfgStr, Name: "conf", Usage: "config file", ValStr: "./conf/server.toml", Short: "c"},
{Typ: cfgStr, Name: "profile", Usage: "profile.xml file", ValStr: "./conf/profile.xml"},
{Typ: cfgStr, Name: "server_addr", Usage: "服务监听地址", ValStr: ":443"},
{Typ: cfgBool, Name: "server_dtls", Usage: "开启DTLS", ValBool: false},
{Typ: cfgStr, Name: "server_dtls_addr", Usage: "DTLS监听地址", ValStr: ":4433"},

34
server/conf/files/profile.xml
View File

@ -1,34 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<AnyConnectProfile xmlns="http://schemas.xmlsoap.org/encoding/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://schemas.xmlsoap.org/encoding/ AnyConnectProfile.xsd">
<ClientInitialization>
<UseStartBeforeLogon UserControllable="false">false</UseStartBeforeLogon>
<StrictCertificateTrust>false</StrictCertificateTrust>
<RestrictPreferenceCaching>false</RestrictPreferenceCaching>
<RestrictTunnelProtocols>IPSec</RestrictTunnelProtocols>
<BypassDownloader>true</BypassDownloader>
<WindowsVPNEstablishment>AllowRemoteUsers</WindowsVPNEstablishment>
<LinuxVPNEstablishment>AllowRemoteUsers</LinuxVPNEstablishment>
<CertEnrollmentPin>pinAllowed</CertEnrollmentPin>
<CertificateMatch>
<KeyUsage>
<MatchKey>Digital_Signature</MatchKey>
</KeyUsage>
<ExtendedKeyUsage>
<ExtendedMatchKey>ClientAuth</ExtendedMatchKey>
</ExtendedKeyUsage>
</CertificateMatch>
<BackupServerList>
<HostAddress>localhost</HostAddress>
</BackupServerList>
</ClientInitialization>
<ServerList>
<HostEntry>
<HostName>VPN Server</HostName>
<HostAddress>localhost</HostAddress>
</HostEntry>
</ServerList>
</AnyConnectProfile>

3
server/conf/server-sample.toml
View File

@ -6,10 +6,11 @@
#数据文件
db_type = "sqlite3"
db_source = "./conf/anylink.db"
#证书文件
#证书文件 使用跟nginx一样的证书即可
cert_file = "./conf/vpn_cert.pem"
cert_key = "./conf/vpn_cert.key"
files_path = "./conf/files"
profile = "./conf/profile.xml"
#日志目录,为空写入标准输出
#log_path = "./log"
log_path = ""

9
server/handler/link_auth.go
View File

@ -14,6 +14,8 @@ import (
"github.com/bjdgyc/anylink/sessdata"
)
var profileHash = ""
func LinkAuth(w http.ResponseWriter, r *http.Request) {
// 判断anyconnect客户端
userAgent := strings.ToLower(r.UserAgent())
@ -89,7 +91,7 @@ func LinkAuth(w http.ResponseWriter, r *http.Request) {
other := &dbdata.SettingOther{}
_ = dbdata.SettingGet(other)
rd := RequestData{SessionId: sess.Sid, SessionToken: sess.Sid + "@" + sess.Token,
Banner: other.Banner}
Banner: other.Banner, ProfileHash: profileHash}
w.WriteHeader(http.StatusOK)
tplRequest(tpl_complete, w, rd)
base.Debug("login", cr.Auth.Username)
@ -125,6 +127,7 @@ type RequestData struct {
SessionId string
SessionToken string
Banner string
ProfileHash string
}
var auth_request = `<?xml version="1.0" encoding="UTF-8"?>
@ -176,8 +179,8 @@ var auth_complete = `<?xml version="1.0" encoding="UTF-8"?>
<vpn-profile-manifest>
<vpn rev="1.0">
<file type="profile" service-type="user">
<uri>/files/profile.xml</uri>
<hash type="sha1">A8B0B07FBA93D06E8501E40AB807AEE2464E73B7</hash>
<uri>/profile.xml</uri>
<hash type="sha1">{{.ProfileHash}}</hash>
</file>
</vpn>
</vpn-profile-manifest>

16
server/handler/server.go
View File

@ -6,6 +6,7 @@ import (
"log"
"net"
"net/http"
"os"
"time"
"github.com/bjdgyc/anylink/base"
@ -26,14 +27,14 @@ func startTls() {
)
// 判断证书文件
//_, err = os.Stat(certFile)
//if errors.Is(err, os.ErrNotExist) {
// _, err = os.Stat(certFile)
// if errors.Is(err, os.ErrNotExist) {
// // 自动生成证书
// certs[0], err = selfsign.GenerateSelfSignedWithDNS("vpn.anylink")
//} else {
// } else {
// // 使用自定义证书
// certs[0], err = tls.LoadX509KeyPair(certFile, keyFile)
//}
// }
certs[0], err = tls.LoadX509KeyPair(certFile, keyFile)
if err != nil {
@ -77,9 +78,10 @@ func initRoute() http.Handler {
r.HandleFunc("/", LinkAuth).Methods(http.MethodPost)
r.HandleFunc("/CSCOSSLC/tunnel", LinkTunnel).Methods(http.MethodConnect)
r.HandleFunc("/otp_qr", LinkOtpQr).Methods(http.MethodGet)
// r.HandleFunc("/profile.xml", func(w http.ResponseWriter, r *http.Request) {
// w.Write([]byte(auth_profile))
// }).Methods(http.MethodGet)
r.HandleFunc("/profile.xml", func(w http.ResponseWriter, r *http.Request) {
b, _ := os.ReadFile(base.Cfg.Profile)
w.Write(b)
}).Methods(http.MethodGet)
r.PathPrefix("/files/").Handler(
http.StripPrefix("/files/",
http.FileServer(http.Dir(base.Cfg.FilesPath)),

12
server/handler/start.go
View File

@ -1,6 +1,10 @@
package handler
import (
"crypto/sha1"
"encoding/hex"
"os"
"github.com/bjdgyc/anylink/admin"
"github.com/bjdgyc/anylink/base"
"github.com/bjdgyc/anylink/dbdata"
@ -22,6 +26,14 @@ func Start() {
base.Fatal("LinkMode is err")
}
// 计算profile.xml的hash
b, err := os.ReadFile(base.Cfg.Profile)
if err != nil {
panic(err)
}
ha := sha1.Sum(b)
profileHash = hex.EncodeToString(ha[:])
go admin.StartAdmin()
go startTls()
go startDtls()