Server side OTA settings in shadowsocks

proxy/shadowsocks/protocol.go

@@ -56,7 +56,7 @@ func ReadTCPSession(user *protocol.User, reader io.Reader) (*protocol.RequestHea
 	lenBuffer := 1
 	_, err = io.ReadFull(reader, buffer.Value[:1])
 	if err != nil {
-		return nil, nil, errors.New("Sahdowsocks|TCP: Failed to read address type: " + err.Error())
+		return nil, nil, errors.New("Shadowsocks|TCP: Failed to read address type: " + err.Error())
 	}
 
 	addrType := (buffer.Value[0] & 0x0F)
@@ -64,6 +64,14 @@ func ReadTCPSession(user *protocol.User, reader io.Reader) (*protocol.RequestHea
 		request.Option |= RequestOptionOneTimeAuth
 	}
 
+	if request.Option.Has(RequestOptionOneTimeAuth) && account.OneTimeAuth == Account_Disabled {
+		return nil, nil, errors.New("Shadowsocks|TCP: Rejecting connection with OTA enabled, while server disables OTA.")
+	}
+
+	if !request.Option.Has(RequestOptionOneTimeAuth) && account.OneTimeAuth == Account_Enabled {
+		return nil, nil, errors.New("Shadowsocks|TCP: Rejecting connection with OTA disabled, while server enables OTA.")
+	}
+
 	switch addrType {
 	case AddrTypeIPv4:
 		_, err := io.ReadFull(reader, buffer.Value[lenBuffer:lenBuffer+4])
@@ -308,6 +316,14 @@ func DecodeUDPPacket(user *protocol.User, payload *alloc.Buffer) (*protocol.Requ
 		request.Option |= RequestOptionOneTimeAuth
 	}
 
+	if request.Option.Has(RequestOptionOneTimeAuth) && account.OneTimeAuth == Account_Disabled {
+		return nil, nil, errors.New("Shadowsocks|UDP: Rejecting packet with OTA enabled, while server disables OTA.")
+	}
+
+	if !request.Option.Has(RequestOptionOneTimeAuth) && account.OneTimeAuth == Account_Enabled {
+		return nil, nil, errors.New("Shadowsocks|UDP: Rejecting packet with OTA disabled, while server enables OTA.")
+	}
+
 	if request.Option.Has(RequestOptionOneTimeAuth) {
 		payloadLen := payload.Len() - AuthSize
 		authBytes := payload.Value[payloadLen:]