Merge pull request #20 from jonnyhyman/develop

Develop to main, version 0.1.2
jonnyhyman · May 21, 2021 · 5a8fbf1 · 5a8fbf1
2 parents d07cb67 + a051d42
commit 5a8fbf1
Show file tree

Hide file tree

Showing 16 changed files with 537 additions and 93 deletions.
diff --git a/.DS_Store b/.DS_Store
diff --git a/images/.DS_Store b/images/.DS_Store
diff --git a/rmc/.DS_Store b/rmc/.DS_Store
diff --git a/rmc/auth/client.py b/rmc/auth/client.py
@@ -20,9 +20,11 @@ async def tcp_authenticate_request(QUEUE, S_IP, S_PORT, SPASS, encrypted):
     auth_reply = await reader.read(1024)
 
     try:
+
         auth_reply = Fernet(str(SPASS,'utf-8')).decrypt(auth_reply)
         auth_reply = auth_reply.decode()
         QUEUE.put(f"Server Authentication Reply: {auth_reply}")
+        print(f"Server Authentication Reply: {auth_reply}")
 
         auth_reply = auth_reply.split(',')
         QUEUE.put(auth_reply)

diff --git a/rmc/auth/server.py b/rmc/auth/server.py
@@ -1,23 +1,27 @@
 from auth.crypt import passkey, Fernet, InvalidToken
 import asyncio
 
+from datetime import datetime
+
 async def handle_authentication(reader, writer, QUEUE,
-                                                userlist, server_pass, wg_port):
+                    userlist, server_pass, wg_port, wg_only, subnet):
+
     auth_request = await reader.read(1024)
     fail_cause = "UNKNOWN ERROR"
 
     for user in userlist: # skip server
         # loop through usernames, see if one properly decrpyts message
         # hash key to decrypt message with:
-        key = str(passkey(user['name']), 'utf-8')
+
+        auth_key = passkey(user['name'] + str(datetime.utcnow().minute))
 
         try:
 
             addr = writer.get_extra_info('peername')
             # QUEUE.put(f">>> Received {message} from {addr}")
 
             # decrypt message
-            message = Fernet(key).decrypt(auth_request)
+            message = Fernet(auth_key).decrypt(auth_request)
             message = message.decode()
 
             PASS_CHECK, PKEYU = message.split(',')
@@ -33,9 +37,10 @@ async def handle_authentication(reader, writer, QUEUE,
             PKEYS = userlist[0]['Pk']
             SERVER_IP = userlist[0]['ip']
             ASSIGN_IP = user['ip']
-            WG_PORT = wg_port
 
-            auth_reply = f"{PKEYS},{SERVER_IP},{ASSIGN_IP},{WG_PORT}"
+            auth_reply = (f"{PKEYS},{SERVER_IP},{ASSIGN_IP},"
+                            f"{wg_port},{wg_only},{subnet}")
+
             auth_reply = Fernet(server_pass).encrypt(auth_reply.encode())
             writer.write(auth_reply)
             await writer.drain()
@@ -55,7 +60,7 @@ async def handle_authentication(reader, writer, QUEUE,
 
     writer.close()
 
-def tcp_server(QUEUE, S_IP, S_PORT, userlist, server_pass, wg_port):
+def tcp_server(S_IP, S_PORT, QUEUE, DETAILS):
     """ QUEUE: multiprocessing.Queue for output and updates
         when latest QUEUE item type is list, the request is complete!
     """
@@ -64,20 +69,16 @@ def tcp_server(QUEUE, S_IP, S_PORT, userlist, server_pass, wg_port):
     authentication = loop.create_future()
     asyncio.set_event_loop(loop)
 
-    handle_authentication_ = lambda r,w: handle_authentication(r,w,
-                                                            QUEUE,
-                                                            userlist,
-                                                            server_pass,
-                                                            wg_port
-                                                            )
+    handle_authentication_ = lambda r,w: handle_authentication(r,w,QUEUE,*DETAILS)
 
     coro = asyncio.start_server(handle_authentication_, S_IP, S_PORT, loop=loop)
 
     try:
         async_server = loop.run_until_complete(coro)
     except OSError as e:
         # The port is already in use
-        QUEUE.put(e)
+        print(e)
+        QUEUE.put(str(e))
         return
 
     # Serve requests until Ctrl+C is pressed

diff --git a/rmc/rmc_client.py b/rmc/rmc_client.py
@@ -11,11 +11,13 @@
 from pathlib import Path
 import sys
 
-import datetime
 from multiprocessing import Process, Queue
 import multiprocessing
 import platform
 
+from datetime import datetime
+import time
+
 import validators
 import webbrowser
 import os
@@ -77,12 +79,8 @@ def __init__(self, app, parent=None):
             if self.config['auth']['client_username'] != "":
                 self.update_header()
 
-        update_function = lambda: self.users.update(self.config['userlist'])
-
-        update_function()
-        # self.user_timer = QTimer(self)
-        # self.user_timer.timeout.connect(update_function)
-        # self.user_timer.start(60_000)
+        self.update_userview = lambda: self.users.update(self.config['userlist'])
+        self.update_userview()
 
     def update_header(self):
         header  = f"""## {self.config['auth']['client_username']}\n"""
@@ -145,7 +143,14 @@ def auth_client(self):
             if auth_tcp.tcp_authentic:
 
                 # Create Wireguard tunnel config file
-                PKEYS, S_IP, IP_ASSIGNED, WG_PORT = auth_tcp.tcp_authentic
+                PKEYS, S_IP, IP_ASSIGNED, WG_PORT, WG_ONLY, SUBNET = auth_tcp.tcp_authentic
+
+                if WG_ONLY == "True":
+                    allowed_ips = SUBNET
+                else:
+                    allowed_ips = "0.0.0.0/0, ::/0" # all ipv4, all ipv6
+
+                # TODO: Add subnet to tcp autentic and
 
                 client_config = (f"""
 [Interface]
@@ -165,7 +170,7 @@ def auth_client(self):
 # port here to match.
 Endpoint = {auth_request['S_IP']}:{WG_PORT}
 # Informs Wireguard to forward ALL traffic through the VPN.
-AllowedIPs = 0.0.0.0/0, ::/0
+AllowedIPs = {allowed_ips}
 # If you're be behind a NAT, this will keep the connection alive.
 PersistentKeepalive = 25
                 """)
@@ -174,8 +179,8 @@ def auth_client(self):
                 self.config['userlist'][0]['Pk'] = PKEYS
                 self.config.save()
 
-                # new in 0.1.1
                 self.update_header()
+                self.update_userview()
 
                 # Save config to conf file
                 saveto = FileDialog(forOpen=False, fmt='conf',
@@ -413,7 +418,14 @@ def __init__(self, parent = None):
         MESSG = f"{SPASS.decode()},{Pk}"
 
         # Authentication request
-        encrypted = Fernet(passkey(UNAME)).encrypt(MESSG.encode())
+        # username + utc minute (time based salt)
+
+        # wait for next minute if we're literally in the last 1 second
+        if datetime.utcnow().second == 59:
+            time.sleep(1)
+
+        auth_key = passkey(UNAME + str(datetime.utcnow().minute))
+        encrypted = Fernet(auth_key).encrypt(MESSG.encode())
 
         self.tcp_queue = Queue()
         self.tcp_proc = Process(target = tcp_client,
@@ -440,7 +452,7 @@ def update_status(self):
 
         elif type(update) == list:
             # This marks the end of the request, a list of
-            # [PKEYS, SERVER_IP, IP_ASSIGNED, WG_PORT]
+            # [PKEY SERVER, SERVER_IP, etc...]
             self.tcp_authentic = update
 
     def closeEvent(self, event):
@@ -455,7 +467,7 @@ def closeEvent(self, event):
     app = QApplication(sys.argv)
     app.setApplicationName("Resolve Mission Control Client")
 
-    icon = QIcon(link('ui/icons/icon.ico'))
+    icon = QIcon(link('ui/icons/icon_v1.ico'))
     app.setWindowIcon(icon)
 
     w = Client(app)

diff --git a/rmc/rmc_common.py b/rmc/rmc_common.py
@@ -42,7 +42,7 @@
 from pathlib import Path
 
 
-__version__ = "0.1.1"
+__version__ = "0.1.2"
 
 
 def link(relpath):