From 72f1d68a05a43024d678f7d3d71b64563a4473d6 Mon Sep 17 00:00:00 2001
From: loggerhead <longfangzheng@qq.com>
Date: Sun, 20 Nov 2016 14:59:32 +0800
Subject: [PATCH] Fixed #675 (#676)

* fix a OTA bug

* correct a wrong comment

* ignore emacs autosave files

* keep consistence with the defensive style

* a little refractor

* fix daemon stop failed (#675)

* fix test failed
---
 .gitignore              |  3 +++
 shadowsocks/shell.py    | 31 ++++++++++++++++---------------
 shadowsocks/tcprelay.py | 14 +++++---------
 shadowsocks/udprelay.py | 11 ++---------
 tests/test_command.sh   |  4 ++--
 5 files changed, 28 insertions(+), 35 deletions(-)

diff --git a/.gitignore b/.gitignore
index 6c1b61e..4907974 100644
--- a/.gitignore
+++ b/.gitignore
@@ -29,3 +29,6 @@ htmlcov
 
 .DS_Store
 .idea
+
+#Emacs
+.#*
diff --git a/shadowsocks/shell.py b/shadowsocks/shell.py
index 041086a..3c6676f 100644
--- a/shadowsocks/shell.py
+++ b/shadowsocks/shell.py
@@ -125,6 +125,22 @@ def check_config(config, is_local):
         # no need to specify configuration for daemon stop
         return
 
+    if is_local:
+        if config.get('server', None) is None:
+            logging.error('server addr not specified')
+            print_local_help()
+            sys.exit(2)
+        else:
+            config['server'] = to_str(config['server'])
+    else:
+        config['server'] = to_str(config.get('server', '0.0.0.0'))
+        try:
+            config['forbidden_ip'] = \
+                IPNetwork(config.get('forbidden_ip', '127.0.0.0/8,::1/128'))
+        except Exception as e:
+            logging.error(e)
+            sys.exit(2)
+
     if is_local and not config.get('password', None):
         logging.error('password not specified')
         print_help(is_local)
@@ -280,21 +296,6 @@ def get_config(is_local):
     config['local_port'] = config.get('local_port', 1080)
     config['one_time_auth'] = config.get('one_time_auth', False)
     config['prefer_ipv6'] = config.get('prefer_ipv6', False)
-    if is_local:
-        if config.get('server', None) is None:
-            logging.error('server addr not specified')
-            print_local_help()
-            sys.exit(2)
-        else:
-            config['server'] = to_str(config['server'])
-    else:
-        config['server'] = to_str(config.get('server', '0.0.0.0'))
-        try:
-            config['forbidden_ip'] = \
-                IPNetwork(config.get('forbidden_ip', '127.0.0.0/8,::1/128'))
-        except Exception as e:
-            logging.error(e)
-            sys.exit(2)
     config['server_port'] = config.get('server_port', 8388)
 
     logging.getLogger('').handlers = []
diff --git a/shadowsocks/tcprelay.py b/shadowsocks/tcprelay.py
index 2ff7b21..207407a 100644
--- a/shadowsocks/tcprelay.py
+++ b/shadowsocks/tcprelay.py
@@ -122,10 +122,7 @@ class TCPRelayHandler(object):
         self._stage = STAGE_INIT
         self._encryptor = encrypt.Encryptor(config['password'],
                                             config['method'])
-        if 'one_time_auth' in config and config['one_time_auth']:
-            self._ota_enable = True
-        else:
-            self._ota_enable = False
+        self._ota_enable = config.get('one_time_auth', False)
         self._ota_enable_session = self._ota_enable
         self._ota_buff_head = b''
         self._ota_buff_data = b''
@@ -138,10 +135,7 @@ class TCPRelayHandler(object):
         self._downstream_status = WAIT_STATUS_INIT
         self._client_address = local_sock.getpeername()[:2]
         self._remote_address = None
-        if 'forbidden_ip' in config:
-            self._forbidden_iplist = config['forbidden_ip']
-        else:
-            self._forbidden_iplist = None
+        self._forbidden_iplist = config.get('forbidden_ip')
         if is_local:
             self._chosen_server = self._get_a_server()
         fd_to_handlers[local_sock.fileno()] = self
@@ -362,7 +356,9 @@ class TCPRelayHandler(object):
             if self._ota_enable_session:
                 data = common.chr(addrtype | ADDRTYPE_AUTH) + data[1:]
                 key = self._encryptor.cipher_iv + self._encryptor.key
-                data += onetimeauth_gen(data, key)
+                _header = data[:header_length]
+                sha110 = onetimeauth_gen(data, key)
+                data = _header + sha110 + data[header_length:]
             data_to_send = self._encryptor.encrypt(data)
             self._data_to_write_to_remote.append(data_to_send)
             # notice here may go into _handle_dns_resolved directly
diff --git a/shadowsocks/udprelay.py b/shadowsocks/udprelay.py
index 41ae5d6..3a36cff 100644
--- a/shadowsocks/udprelay.py
+++ b/shadowsocks/udprelay.py
@@ -98,10 +98,7 @@ class UDPRelay(object):
         self._password = common.to_bytes(config['password'])
         self._method = config['method']
         self._timeout = config['timeout']
-        if 'one_time_auth' in config and config['one_time_auth']:
-            self._ota_enable = True
-        else:
-            self._ota_enable = False
+        self._ota_enable = config.get('one_time_auth', False)
         self._ota_enable_session = self._ota_enable
         self._is_local = is_local
         self._cache = lru_cache.LRUCache(timeout=config['timeout'],
@@ -112,11 +109,7 @@ class UDPRelay(object):
         self._eventloop = None
         self._closed = False
         self._sockets = set()
-        if 'forbidden_ip' in config:
-            self._forbidden_iplist = config['forbidden_ip']
-        else:
-            self._forbidden_iplist = None
-
+        self._forbidden_iplist = config.get('forbidden_ip')
         addrs = socket.getaddrinfo(self._listen_addr, self._listen_port, 0,
                                    socket.SOCK_DGRAM, socket.SOL_UDP)
         if len(addrs) == 0:
diff --git a/tests/test_command.sh b/tests/test_command.sh
index 8225740..9af91c3 100755
--- a/tests/test_command.sh
+++ b/tests/test_command.sh
@@ -30,7 +30,7 @@ $LOCAL 2>/dev/null 1>/dev/null -m rc4-md5 -k testrc4 -s 127.0.0.1 -p 8388 -d sto
 assert "$LOCAL 2>&1 -m rc4-md5 -k mypassword -s 0.0.0.0 -p 8388 -d start | grep ERROR |  awk -F\"ERROR\" '{print \$2}'" "    DON'T USE DEFAULT PASSWORD! Please change it in your config.json!"
 $LOCAL 2>/dev/null 1>/dev/null -m rc4-md5 -k testrc4 -s 127.0.0.1 -p 8388 -d stop
 
-assert "$LOCAL 2>&1 -m rc4-md5 -p 8388 -k testrc4 -d start | grep ERROR |  awk -F\"ERROR\" '{print \$2}'" ": server addr not specified"
+assert "$LOCAL 2>&1 -m rc4-md5 -p 8388 -k testrc4 -d start | grep ERROR |  awk -F\"ERROR\" '{print \$2}'" "    server addr not specified"
 $LOCAL 2>/dev/null 1>/dev/null -m rc4-md5 -k testrc4 -s 127.0.0.1 -p 8388 -d stop
 
 assert "$LOCAL 2>&1 -m rc4-md5 -p 8388 -s 0.0.0.0 -d start | grep ERROR |  awk -F\"ERROR\" '{print \$2}'" "    password not specified"
@@ -39,7 +39,7 @@ $LOCAL 2>/dev/null 1>/dev/null -m rc4-md5 -k testrc4 -s 127.0.0.1 -p 8388 -d sto
 assert "$SERVER 2>&1 -m rc4-md5 -p 8388 -s 0.0.0.0 -d start | grep ERROR |  awk -F\"ERROR\" '{print \$2}'" "    password or port_password not specified"
 $LOCAL 2>/dev/null 1>/dev/null -m rc4-md5 -k testrc4 -s 127.0.0.1 -p 8388 -d stop
 
-assert "$SERVER 2>&1 --forbidden-ip 127.0.0.1/4a -m rc4-md5 -k 12345 -p 8388 -s 0.0.0.0 -d start | grep ERROR |  awk -F\"ERROR\" '{print \$2}'" ": Not a valid CIDR notation: 127.0.0.1/4a"
+assert "$SERVER 2>&1 --forbidden-ip 127.0.0.1/4a -m rc4-md5 -k 12345 -p 8388 -s 0.0.0.0 -d start | grep ERROR |  awk -F\"ERROR\" '{print \$2}'" "    Not a valid CIDR notation: 127.0.0.1/4a"
 $LOCAL 2>/dev/null 1>/dev/null -m rc4-md5 -k testrc4 -s 127.0.0.1 -p 8388 -d stop
 
 assert_end command