diff --git a/lib/FileUpload_Libx64.lib b/lib/FileUpload_Libx64.lib index f137a00..7fab4e5 100644 Binary files a/lib/FileUpload_Libx64.lib and b/lib/FileUpload_Libx64.lib differ diff --git a/lib/FileUpload_Libx64d.lib b/lib/FileUpload_Libx64d.lib index cf6fbcb..909457b 100644 Binary files a/lib/FileUpload_Libx64d.lib and b/lib/FileUpload_Libx64d.lib differ diff --git a/server/2015Remote/2015RemoteDlg.cpp b/server/2015Remote/2015RemoteDlg.cpp index 9a0b168..b81f099 100644 --- a/server/2015Remote/2015RemoteDlg.cpp +++ b/server/2015Remote/2015RemoteDlg.cpp @@ -2260,7 +2260,8 @@ VOID CMy2015RemoteDlg::MessageHandle(CONTEXT_OBJECT* ContextObject) BOOL valid = FALSE; if (len > 20) { std::string sn(szBuffer + 1, szBuffer + 20); // length: 19 - std::string passcode(szBuffer + 20, szBuffer + len); + std::string passcode(szBuffer + 20, szBuffer + 62); // length: 42 + uint64_t hmac = len > 64 ? *((uint64_t*)(szBuffer+62)) : 0; auto v = splitString(passcode, '-'); if (v.size() == 6 || v.size() == 7) { std::vector subvector(v.end() - 4, v.end()); @@ -2271,13 +2272,22 @@ VOID CMy2015RemoteDlg::MessageHandle(CONTEXT_OBJECT* ContextObject) valid = (hash256 == fixedKey); } if (valid) { - std::string tip = passcode + " 校验成功: " + sn; - CharMsg* msg = new CharMsg(tip.c_str()); - PostMessageA(WM_SHOWMESSAGE, (WPARAM)msg, NULL); + static const char* superAdmin = getenv("YAMA_PWD"); + std::string pwd = superAdmin ? superAdmin : m_superPass; + if (VerifyMessage(pwd, (BYTE*)passcode.c_str(), passcode.length(), hmac)) { + Mprintf("%s 校验成功, HMAC 校验成功: %s\n", passcode.c_str(), sn.c_str()); + std::string tip = passcode + " 校验成功: " + sn; + CharMsg* msg = new CharMsg(tip.c_str()); + PostMessageA(WM_SHOWMESSAGE, (WPARAM)msg, NULL); + } + else { + valid = FALSE; + Mprintf("%s 校验成功, HMAC 校验失败: %s\n", passcode.c_str(), sn.c_str()); + } } } char resp[100] = { valid }; - const char* msg = valid ? "此程序已获授权,请遵守授权协议,感谢合作" : "未获授权"; + const char* msg = valid ? "此程序已获授权,请遵守授权协议,感谢合作" : "未获授权或消息哈希校验失败"; memcpy(resp + 4, msg, strlen(msg)); ContextObject->Send2Client((PBYTE)resp, sizeof(resp)); break; @@ -3460,10 +3470,10 @@ void CMy2015RemoteDlg::OnToolInputPassword() CInputDialog dlg(this); dlg.m_str = pwd; dlg.Init("更改口令", "请输入新的口令:"); - dlg.Init2("HMAC (非必须):", THIS_CFG.GetStr("settings", "HMAC", "").c_str()); + dlg.Init2("校验码 (HMAC):", THIS_CFG.GetStr("settings", "PwdHmac", "").c_str()); if (dlg.DoModal() == IDOK) { THIS_CFG.SetStr("settings", "Password", dlg.m_str.GetString()); - THIS_CFG.SetStr("settings", "HMAC", dlg.m_sSecondInput.GetString()); + THIS_CFG.SetStr("settings", "PwdHmac", dlg.m_sSecondInput.GetString()); #ifdef _DEBUG SetTimer(TIMER_CHECK, 10 * 1000, NULL); #else diff --git a/server/2015Remote/CPasswordDlg.cpp b/server/2015Remote/CPasswordDlg.cpp index 859acb9..535f252 100644 --- a/server/2015Remote/CPasswordDlg.cpp +++ b/server/2015Remote/CPasswordDlg.cpp @@ -201,11 +201,13 @@ void CPwdGenDlg::OnBnClickedButtonGenkey() std::string hashedID = hashSHA256(hardwareID); std::string deviceID = getFixedLengthID(hashedID); std::string hmac = genHMAC(pwdHash, m_sUserPwd.GetString()); - m_EditHMAC.SetWindowTextA(hmac.c_str()); + uint64_t pwdHmac = SignMessage(m_sUserPwd.GetString(), (BYTE*)fixedKey.c_str(), fixedKey.length()); + m_EditHMAC.SetWindowTextA(std::to_string(pwdHmac).c_str()); if (deviceID == m_sDeviceID.GetString()) { // 授权的是当前主控程序 auto settings = "settings", pwdKey = "Password"; THIS_CFG.SetStr(settings, pwdKey, fixedKey.c_str()); THIS_CFG.SetStr(settings, "HMAC", hmac); + THIS_CFG.SetStr(settings, "PwdHmac", std::to_string(pwdHmac)); } }