TheLanc3/lan-mouse
1
0
Fork 0
mirror of https://github.com/feschber/lan-mouse.git synced 2026-03-31 17:10:54 +03:00
Code Issues Packages Projects Releases Wiki Activity

unauthorized device accept notification (#282)

Browse Source 
* ask the user to accept unauthorized devices

* only alert on actual error
This commit is contained in:
Ferdinand Schober
2025-03-22 22:50:19 +01:00
committed by GitHub
parent 15296263b2
commit 3ec23d7171
12 changed files with 432 additions and 99 deletions
Download Patch File Download Diff File Expand all files Collapse all files

64
src/emulation.rs
View File

@@ -1,4 +1,4 @@
use crate::listen::{LanMouseListener, ListenerCreationError};
use crate::listen::{LanMouseListener, ListenEvent, ListenerCreationError};
use futures::StreamExt;
use input_emulation::{EmulationHandle, InputEmulation, InputEmulationError};
use input_event::Event;
@@ -24,8 +24,15 @@ pub(crate) struct Emulation {
}
pub(crate) enum EmulationEvent {
/// new connection
Connected {
addr: SocketAddr,
fingerprint: String,
},
ConnectionAttempt {
fingerprint: String,
},
/// new connection
Entered {
/// address of the connection
addr: SocketAddr,
/// position of the connection
@@ -34,7 +41,9 @@ pub(crate) enum EmulationEvent {
fingerprint: String,
},
/// connection closed
Disconnected { addr: SocketAddr },
Disconnected {
addr: SocketAddr,
},
/// the port of the listener has changed
PortChanged(Result<u16, ListenerCreationError>),
/// emulation was disabled
@@ -121,31 +130,36 @@ impl ListenTask {
let mut last_response = HashMap::new();
loop {
select! {
e = self.listener.next() => {
let (event, addr) = match e {
Some(e) => e,
None => break,
};
log::trace!("{event} <-<-<-<-<- {addr}");
last_response.insert(addr, Instant::now());
match event {
ProtoEvent::Enter(pos) => {
if let Some(fingerprint) = self.listener.get_certificate_fingerprint(addr).await {
log::info!("releasing capture: {addr} entered this device");
self.event_tx.send(EmulationEvent::ReleaseNotify).expect("channel closed");
self.listener.reply(addr, ProtoEvent::Ack(0)).await;
self.event_tx.send(EmulationEvent::Connected{addr, pos: to_ipc_pos(pos), fingerprint}).expect("channel closed");
e = self.listener.next() => {match e {
Some(ListenEvent::Msg { event, addr }) => {
log::trace!("{event} <-<-<-<-<- {addr}");
last_response.insert(addr, Instant::now());
match event {
ProtoEvent::Enter(pos) => {
if let Some(fingerprint) = self.listener.get_certificate_fingerprint(addr).await {
log::info!("releasing capture: {addr} entered this device");
self.event_tx.send(EmulationEvent::ReleaseNotify).expect("channel closed");
self.listener.reply(addr, ProtoEvent::Ack(0)).await;
self.event_tx.send(EmulationEvent::Entered{addr, pos: to_ipc_pos(pos), fingerprint}).expect("channel closed");
}
}
ProtoEvent::Leave(_) => {
self.emulation_proxy.remove(addr);
self.listener.reply(addr, ProtoEvent::Ack(0)).await;
}
ProtoEvent::Input(event) => self.emulation_proxy.consume(event, addr),
ProtoEvent::Ping => self.listener.reply(addr, ProtoEvent::Pong(self.emulation_proxy.emulation_active.get())).await,
_ => {}
}
ProtoEvent::Leave(_) => {
self.emulation_proxy.remove(addr);
self.listener.reply(addr, ProtoEvent::Ack(0)).await;
}
ProtoEvent::Input(event) => self.emulation_proxy.consume(event, addr),
ProtoEvent::Ping => self.listener.reply(addr, ProtoEvent::Pong(self.emulation_proxy.emulation_active.get())).await,
_ => {}
}
}
Some(ListenEvent::Accept { addr, fingerprint }) => {
self.event_tx.send(EmulationEvent::Connected { addr, fingerprint }).expect("channel closed");
}
Some(ListenEvent::Rejected { fingerprint }) => {
self.event_tx.send(EmulationEvent::ConnectionAttempt { fingerprint }).expect("channel closed");
}
None => break
}}
event = self.emulation_proxy.event() => {
self.event_tx.send(event).expect("channel closed");
}

173
src/listen.rs
View File

@@ -3,15 +3,15 @@ use lan_mouse_proto::{ProtoEvent, MAX_EVENT_SIZE};
use local_channel::mpsc::{channel, Receiver, Sender};
use rustls::pki_types::CertificateDer;
use std::{
collections::HashMap,
collections::{HashMap, VecDeque},
net::SocketAddr,
rc::Rc,
sync::{Arc, RwLock},
sync::{Arc, Mutex, RwLock},
time::Duration,
};
use thiserror::Error;
use tokio::{
sync::Mutex,
sync::Mutex as AsyncMutex,
task::{spawn_local, JoinHandle},
};
use webrtc_dtls::{
@@ -34,11 +34,25 @@ pub enum ListenerCreationError {
type ArcConn = Arc<dyn Conn + Send + Sync>;
pub(crate) enum ListenEvent {
Msg {
event: ProtoEvent,
addr: SocketAddr,
},
Accept {
addr: SocketAddr,
fingerprint: String,
},
Rejected {
fingerprint: String,
},
}
pub(crate) struct LanMouseListener {
listen_rx: Receiver<(ProtoEvent, SocketAddr)>,
listen_tx: Sender<(ProtoEvent, SocketAddr)>,
listen_rx: Receiver<ListenEvent>,
listen_tx: Sender<ListenEvent>,
listen_task: JoinHandle<()>,
conns: Rc<Mutex<Vec<(SocketAddr, ArcConn)>>>,
conns: Rc<AsyncMutex<Vec<(SocketAddr, ArcConn)>>>,
request_port_change: Sender<u16>,
port_changed: Receiver<Result<u16, ListenerCreationError>>,
}
@@ -58,26 +72,35 @@ impl LanMouseListener {
let (listen_tx, listen_rx) = channel();
let (request_port_change, mut request_port_change_rx) = channel();
let (port_changed_tx, port_changed) = channel();
let connection_attempts: Arc<Mutex<VecDeque<String>>> = Default::default();
let authorized = authorized_keys.clone();
let verify_peer_certificate: Option<VerifyPeerCertificateFn> = Some(Arc::new(
move |certs: &[Vec<u8>], _chains: &[CertificateDer<'static>]| {
assert!(certs.len() == 1);
let fingerprints = certs
.iter()
.map(|c| crypto::generate_fingerprint(c))
.collect::<Vec<_>>();
if authorized
.read()
.expect("lock")
.contains_key(&fingerprints[0])
{
Ok(())
} else {
Err(webrtc_dtls::Error::ErrVerifyDataMismatch)
}
},
));
let verify_peer_certificate: Option<VerifyPeerCertificateFn> = {
let connection_attempts = connection_attempts.clone();
Some(Arc::new(
move |certs: &[Vec<u8>], _chains: &[CertificateDer<'static>]| {
assert!(certs.len() == 1);
let fingerprints = certs
.iter()
.map(|c| crypto::generate_fingerprint(c))
.collect::<Vec<_>>();
if authorized
.read()
.expect("lock")
.contains_key(&fingerprints[0])
{
Ok(())
} else {
let fingerprint = fingerprints.into_iter().next().expect("fingerprint");
connection_attempts
.lock()
.expect("lock")
.push_back(fingerprint);
Err(webrtc_dtls::Error::ErrVerifyDataMismatch)
}
},
))
};
let cfg = Config {
certificates: vec![cert.clone()],
extended_master_secret: ExtendedMasterSecretType::Require,
@@ -89,43 +112,69 @@ impl LanMouseListener {
let listen_addr = SocketAddr::new("0.0.0.0".parse().expect("invalid ip"), port);
let mut listener = listen(listen_addr, cfg.clone()).await?;
let conns: Rc<Mutex<Vec<(SocketAddr, ArcConn)>>> = Rc::new(Mutex::new(Vec::new()));
let conns: Rc<AsyncMutex<Vec<(SocketAddr, ArcConn)>>> =
Rc::new(AsyncMutex::new(Vec::new()));
let conns_clone = conns.clone();
let tx = listen_tx.clone();
let listen_task: JoinHandle<()> = spawn_local(async move {
loop {
let sleep = tokio::time::sleep(Duration::from_secs(2));
tokio::select! {
/* workaround for https://github.com/webrtc-rs/webrtc/issues/614 */
_ = sleep => continue,
c = listener.accept() => match c {
Ok((conn, addr)) => {
log::info!("dtls client connected, ip: {addr}");
let mut conns = conns_clone.lock().await;
conns.push((addr, conn.clone()));
spawn_local(read_loop(conns_clone.clone(), addr, conn, tx.clone()));
},
Err(e) => log::warn!("accept: {e}"),
},
port = request_port_change_rx.recv() => {
let port = port.expect("channel closed");
let listen_addr = SocketAddr::new("0.0.0.0".parse().expect("invalid ip"), port);
match listen(listen_addr, cfg.clone()).await {
Ok(new_listener) => {
let _ = listener.close().await;
listener = new_listener;
port_changed_tx.send(Ok(port)).expect("channel closed");
}
let listen_task: JoinHandle<()> = {
let listen_tx = listen_tx.clone();
let connection_attempts = connection_attempts.clone();
spawn_local(async move {
loop {
let sleep = tokio::time::sleep(Duration::from_secs(2));
tokio::select! {
/* workaround for https://github.com/webrtc-rs/webrtc/issues/614 */
_ = sleep => continue,
c = listener.accept() => match c {
Ok((conn, addr)) => {
log::info!("dtls client connected, ip: {addr}");
let mut conns = conns_clone.lock().await;
conns.push((addr, conn.clone()));
let dtls_conn: &DTLSConn = conn.as_any().downcast_ref().expect("dtls conn");
let certs = dtls_conn.connection_state().await.peer_certificates;
let cert = certs.first().expect("cert");
let fingerprint = crypto::generate_fingerprint(cert);
listen_tx.send(ListenEvent::Accept { addr, fingerprint }).expect("channel closed");
spawn_local(read_loop(conns_clone.clone(), addr, conn, listen_tx.clone()));
},
Err(e) => {
log::warn!("unable to change port: {e}");
port_changed_tx.send(Err(e.into())).expect("channel closed");
if let Error::Std(ref e) = e {
if let Some(e) = e.0.downcast_ref::<webrtc_dtls::Error>() {
match e {
webrtc_dtls::Error::ErrVerifyDataMismatch => {
if let Some(fingerprint) = connection_attempts.lock().expect("lock").pop_front() {
listen_tx.send(ListenEvent::Rejected { fingerprint }).expect("channel closed");
}
}
_ => log::warn!("accept: {e}"),
}
} else {
log::warn!("accept: {e:?}");
}
} else {
log::warn!("accept: {e:?}");
}
}
};
},
};
}
});
},
port = request_port_change_rx.recv() => {
let port = port.expect("channel closed");
let listen_addr = SocketAddr::new("0.0.0.0".parse().expect("invalid ip"), port);
match listen(listen_addr, cfg.clone()).await {
Ok(new_listener) => {
let _ = listener.close().await;
listener = new_listener;
port_changed_tx.send(Ok(port)).expect("channel closed");
}
Err(e) => {
log::warn!("unable to change port: {e}");
port_changed_tx.send(Err(e.into())).expect("channel closed");
}
};
},
};
}
})
};
Ok(Self {
conns,
@@ -186,7 +235,7 @@ impl LanMouseListener {
}
impl Stream for LanMouseListener {
type Item = (ProtoEvent, SocketAddr);
type Item = ListenEvent;
fn poll_next(
mut self: std::pin::Pin<&mut Self>,
@@ -197,16 +246,18 @@ impl Stream for LanMouseListener {
}
async fn read_loop(
conns: Rc<Mutex<Vec<(SocketAddr, ArcConn)>>>,
conns: Rc<AsyncMutex<Vec<(SocketAddr, ArcConn)>>>,
addr: SocketAddr,
conn: ArcConn,
dtls_tx: Sender<(ProtoEvent, SocketAddr)>,
dtls_tx: Sender<ListenEvent>,
) -> Result<(), Error> {
let mut b = [0u8; MAX_EVENT_SIZE];
while conn.recv(&mut b).await.is_ok() {
match b.try_into() {
Ok(event) => dtls_tx.send((event, addr)).expect("channel closed"),
Ok(event) => dtls_tx
.send(ListenEvent::Msg { event, addr })
.expect("channel closed"),
Err(e) => {
log::warn!("error receiving event: {e}");
break;

20
src/service.rs
View File

@@ -211,7 +211,10 @@ impl Service {
fn handle_emulation_event(&mut self, event: EmulationEvent) {
match event {
EmulationEvent::Connected {
EmulationEvent::ConnectionAttempt { fingerprint } => {
self.notify_frontend(FrontendEvent::ConnectionAttempt { fingerprint });
}
EmulationEvent::Entered {
addr,
pos,
fingerprint,
@@ -219,7 +222,11 @@ impl Service {
// check if already registered
if !self.incoming_conns.contains(&addr) {
self.add_incoming(addr, pos, fingerprint.clone());
self.notify_frontend(FrontendEvent::IncomingConnected(fingerprint, addr, pos));
self.notify_frontend(FrontendEvent::DeviceEntered {
fingerprint,
addr,
pos,
});
} else {
self.update_incoming(addr, pos, fingerprint);
}
@@ -246,6 +253,9 @@ impl Service {
self.notify_frontend(FrontendEvent::EmulationStatus(self.emulation_status));
}
EmulationEvent::ReleaseNotify => self.capture.release(),
EmulationEvent::Connected { addr, fingerprint } => {
self.notify_frontend(FrontendEvent::DeviceConnected { addr, fingerprint });
}
}
}
@@ -347,7 +357,11 @@ impl Service {
self.remove_incoming(addr);
self.add_incoming(addr, pos, fingerprint.clone());
self.notify_frontend(FrontendEvent::IncomingDisconnected(addr));
self.notify_frontend(FrontendEvent::IncomingConnected(fingerprint, addr, pos));
self.notify_frontend(FrontendEvent::DeviceEntered {
fingerprint,
addr,
pos,
});
}
}