diff --git a/protos/message.proto b/protos/message.proto index 721af450b..69f60ab86 100644 --- a/protos/message.proto +++ b/protos/message.proto @@ -88,10 +88,11 @@ message LoginRequest { string my_platform = 13; bytes hwid = 14; string avatar = 17; + bytes easy_access_challenge = 18; } message Terminal { - string service_id = 1; // Service ID for reconnecting to existing session + string service_id = 1; // Service ID for reconnecting to existing session } message Auth2FA { @@ -439,7 +440,7 @@ message FileTransferDigest { bool is_upload = 5; bool is_identical = 6; uint64 transferred_size = 7; // For resume. Indicates the size of the file already transferred - bool is_resume = 8; // For resume. Indicates if the transfer is a resume. + bool is_resume = 8; // For resume. Indicates if the transfer is a resume. // `is_resume` can let the controlled side know whether to check the `.digest` file. // When `is_resume` is false, `.digest` exists, the same file does not exist, // the controlled side should not check `.digest`, it should confirm with a new transfer request. @@ -889,7 +890,7 @@ message ScreenshotResponse { // Terminal messages - standalone feature like FileAction message OpenTerminal { - int32 terminal_id = 1; // 0 for default terminal + int32 terminal_id = 1; // 0 for default terminal uint32 rows = 2; uint32 cols = 3; } @@ -924,7 +925,7 @@ message TerminalOpened { bool success = 2; string message = 3; uint32 pid = 4; - string service_id = 5; // Service ID for persistent sessions + string service_id = 5; // Service ID for persistent sessions repeated int32 persistent_sessions = 6; // Used to restore the persistent sessions. } diff --git a/protos/rendezvous.proto b/protos/rendezvous.proto index fb0c75d1a..dd8873890 100644 --- a/protos/rendezvous.proto +++ b/protos/rendezvous.proto @@ -15,6 +15,25 @@ enum ConnType { TERMINAL = 5; } +message EasyAccessTargetBinding { + bytes challenge = 1; // opaque controller challenge + bytes target_uuid = 2; // controlled device uuid + bytes target_pk = 3; // controlled device ed25519 public key + bytes grant_id = 4; // one-time server-issued grant id +} + +message EasyAccessManagerApproval { + EasyAccessTargetBinding target_binding = 1; + bytes manager_signing_pk = 2; // manager ed25519 public key + bytes manager_approval_signature = 3; // signature over serialized EasyAccessTargetBinding +} + +message EasyAccessGrant { + uint32 version = 1; + bytes server_approval_signature = 2; // signature over serialized EasyAccessManagerApproval + bytes device_bound_proof = 3; // box(serialized manager approval, derived nonce, server_box_sk, target_box_pk) +} + message RegisterPeerResponse { bool request_pk = 2; } message PunchHoleRequest { @@ -30,7 +49,8 @@ message PunchHoleRequest { bytes socket_addr_v6 = 10; } -message ControlPermissions { +// Data passed from server to controlled device (via PunchHole / FetchLocalAddr / RequestRelay) +message ControlledConfig { enum Permission { keyboard = 0; remote_printer = 1; @@ -45,7 +65,8 @@ message ControlPermissions { block_input = 10; remote_modify = 11; } - uint64 permissions = 1; + uint64 control_permissions = 1; + EasyAccessGrant easy_access_grant = 2; } message PunchHole { @@ -56,7 +77,8 @@ message PunchHole { bool force_relay = 5; int32 upnp_port = 6; bytes socket_addr_v6 = 7; - ControlPermissions control_permissions = 8; + ControlledConfig controlled_config = 8; + bytes request_id = 9; } message TestNatRequest { @@ -83,6 +105,7 @@ message PunchHoleSent { string version = 5; int32 upnp_port = 6; bytes socket_addr_v6 = 7; + bytes request_id = 8; } message RegisterPk { @@ -107,6 +130,11 @@ message RegisterPkResponse { int32 keep_alive = 2; } +// Data passed from server to controller (via PunchHoleResponse / RelayResponse) +message ControllerConfig { + bytes easy_access_challenge = 1; // encrypted, opaque to both peers +} + message PunchHoleResponse { bytes socket_addr = 1; bytes pk = 2; @@ -127,6 +155,7 @@ message PunchHoleResponse { bool is_udp = 9; int32 upnp_port = 10; bytes socket_addr_v6 = 11; + ControllerConfig controller_config = 12; } message ConfigUpdate { @@ -143,7 +172,8 @@ message RequestRelay { string licence_key = 6; ConnType conn_type = 7; string token = 8; - ControlPermissions control_permissions = 9; + ControlledConfig controlled_config = 9; + bytes request_id = 10; } message RelayResponse { @@ -159,6 +189,8 @@ message RelayResponse { int32 feedback = 9; bytes socket_addr_v6 = 10; int32 upnp_port = 11; + ControllerConfig controller_config = 12; + bytes request_id = 13; } message SoftwareUpdate { string url = 1; } @@ -171,7 +203,8 @@ message FetchLocalAddr { bytes socket_addr = 1; string relay_server = 2; bytes socket_addr_v6 = 3; - ControlPermissions control_permissions = 4; + ControlledConfig controlled_config = 4; + bytes request_id = 5; } message LocalAddr { @@ -181,6 +214,7 @@ message LocalAddr { string id = 4; string version = 5; bytes socket_addr_v6 = 6; + bytes request_id = 7; } message PeerDiscovery { diff --git a/src/config.rs b/src/config.rs index 31811d400..288fe04c9 100644 --- a/src/config.rs +++ b/src/config.rs @@ -2539,6 +2539,11 @@ pub fn is_disable_installation() -> bool { is_some_hard_opton("disable-installation") } +#[inline] +pub fn is_allow_easy_access() -> bool { + is_some_hard_opton("allow-easy-access") +} + // This function must be kept the same as the one in flutter and sciter code. // flutter: flutter/lib/common.dart -> option2bool() // sciter: Does not have the function, but it should be kept the same.