fixed a few bugs in ftServer for encrypted tunnel management

This commit is contained in:
mr-alice 2016-10-30 11:36:00 +01:00
parent 9a881619e1
commit 34dcb410b4
5 changed files with 98 additions and 21 deletions

View File

@ -628,6 +628,7 @@ bool p3FileDatabase::findChildPointer(void *ref, int row, void *& result, FileSe
result = NULL ; result = NULL ;
if (ref == NULL) if (ref == NULL)
{
if(flags & RS_FILE_HINTS_LOCAL) if(flags & RS_FILE_HINTS_LOCAL)
{ {
if(row != 0) if(row != 0)
@ -644,6 +645,7 @@ bool p3FileDatabase::findChildPointer(void *ref, int row, void *& result, FileSe
} }
else else
return false; return false;
}
uint32_t fi; uint32_t fi;
DirectoryStorage::EntryIndex e ; DirectoryStorage::EntryIndex e ;

View File

@ -1825,7 +1825,7 @@ const std::string download_dir_ss("DOWN_DIR");
const std::string partial_dir_ss("PART_DIR"); const std::string partial_dir_ss("PART_DIR");
const std::string default_chunk_strategy_ss("DEFAULT_CHUNK_STRATEGY"); const std::string default_chunk_strategy_ss("DEFAULT_CHUNK_STRATEGY");
const std::string free_space_limit_ss("FREE_SPACE_LIMIT"); const std::string free_space_limit_ss("FREE_SPACE_LIMIT");
const std::string default_encryption_policy("DEFAULT_ENCRYPTION_POLICY"); const std::string default_encryption_policy_ss("DEFAULT_ENCRYPTION_POLICY");
/* p3Config Interface */ /* p3Config Interface */
@ -1873,6 +1873,8 @@ bool ftController::saveList(bool &cleanup, std::list<RsItem *>& saveData)
break ; break ;
} }
configMap[default_encryption_policy_ss] = (mDefaultEncryptionPolicy==RS_FILE_CTRL_ENCRYPTION_POLICY_PERMISSIVE)?"PERMISSIVE":"STRICT" ;
rs_sprintf(s, "%lu", RsDiscSpace::freeSpaceLimit()); rs_sprintf(s, "%lu", RsDiscSpace::freeSpaceLimit());
configMap[free_space_limit_ss] = s ; configMap[free_space_limit_ss] = s ;
@ -2115,7 +2117,7 @@ bool ftController::loadConfigMap(std::map<std::string, std::string> &configMap)
setPartialsDirectory(mit->second); setPartialsDirectory(mit->second);
} }
if (configMap.end() != (mit = configMap.find(default_encryption_policy))) if (configMap.end() != (mit = configMap.find(default_encryption_policy_ss)))
{ {
if(mit->second == "STRICT") if(mit->second == "STRICT")
{ {

View File

@ -57,6 +57,11 @@ const int ftserverzone = 29539;
* #define SERVER_DEBUG_CACHE 1 * #define SERVER_DEBUG_CACHE 1
***/ ***/
#define SERVER_DEBUG 1
#define FTSERVER_DEBUG() std::cerr << time(NULL) << " : FILE_SERVER : " << __FUNCTION__ << " : "
#define FTSERVER_ERROR() std::cerr << "(EE) FILE_SERVER ERROR : "
static const time_t FILE_TRANSFER_LOW_PRIORITY_TASKS_PERIOD = 5 ; // low priority tasks handling every 5 seconds static const time_t FILE_TRANSFER_LOW_PRIORITY_TASKS_PERIOD = 5 ; // low priority tasks handling every 5 seconds
/* Setup */ /* Setup */
@ -259,8 +264,18 @@ bool ftServer::activateTunnels(const RsFileHash& hash,TransferRequestFlags flags
if(onoff) if(onoff)
{ {
if(flags & RS_FILE_REQ_ENCRYPTED) mTurtleRouter->monitorTunnels(hash_of_hash,this,true) ; std::cerr << "Activating tunnels for hash " << hash << std::endl;
if(flags & RS_FILE_REQ_UNENCRYPTED) mTurtleRouter->monitorTunnels(hash,this,true) ;
if(flags & RS_FILE_REQ_ENCRYPTED)
{
std::cerr << " flags require end-to-end encryption. Requesting hash of hash " << hash_of_hash << std::endl;
mTurtleRouter->monitorTunnels(hash_of_hash,this,true) ;
}
if(flags & RS_FILE_REQ_UNENCRYPTED)
{
std::cerr << " flags require no end-to-end encryption. Requesting hash " << hash << std::endl;
mTurtleRouter->monitorTunnels(hash,this,true) ;
}
} }
else else
{ {
@ -477,12 +492,42 @@ RsTurtleGenericTunnelItem *ftServer::deserialiseItem(void *data,uint32_t size) c
void ftServer::addVirtualPeer(const TurtleFileHash& hash,const TurtleVirtualPeerId& virtual_peer_id,RsTurtleGenericTunnelItem::Direction dir) void ftServer::addVirtualPeer(const TurtleFileHash& hash,const TurtleVirtualPeerId& virtual_peer_id,RsTurtleGenericTunnelItem::Direction dir)
{ {
#ifdef SERVER_DEBUG
FTSERVER_DEBUG() << "adding virtual peer. Direction=" << dir << ", hash=" << hash << ", vpid=" << virtual_peer_id << std::endl;
#endif
if(dir == RsTurtleGenericTunnelItem::DIRECTION_SERVER) if(dir == RsTurtleGenericTunnelItem::DIRECTION_SERVER)
{
RsFileHash real_hash ;
if(findRealHash(hash,real_hash))
{
#ifdef SERVER_DEBUG
FTSERVER_DEBUG() << " direction is SERVER. Adding file source for end-to-end encrypted tunnel for real hash " << real_hash << ", virtual peer id = " << virtual_peer_id << std::endl;
#endif
{
RS_STACK_MUTEX(srvMutex) ;
mEncryptedPeerIds[virtual_peer_id] = hash ;
}
mFtController->addFileSource(real_hash,virtual_peer_id) ;
}
else
{
#ifdef SERVER_DEBUG
FTSERVER_DEBUG() << " direction is SERVER. Adding file source for unencrypted tunnel" << std::endl;
#endif
mFtController->addFileSource(hash,virtual_peer_id) ; mFtController->addFileSource(hash,virtual_peer_id) ;
}
}
} }
void ftServer::removeVirtualPeer(const TurtleFileHash& hash,const TurtleVirtualPeerId& virtual_peer_id) void ftServer::removeVirtualPeer(const TurtleFileHash& hash,const TurtleVirtualPeerId& virtual_peer_id)
{ {
RsFileHash real_hash ;
if(findRealHash(hash,real_hash))
mFtController->removeFileSource(real_hash,virtual_peer_id) ;
else
mFtController->removeFileSource(hash,virtual_peer_id) ; mFtController->removeFileSource(hash,virtual_peer_id) ;
RS_STACK_MUTEX(srvMutex) ;
mEncryptedPeerIds.erase(virtual_peer_id) ;
} }
bool ftServer::handleTunnelRequest(const RsFileHash& hash,const RsPeerId& peer_id) bool ftServer::handleTunnelRequest(const RsFileHash& hash,const RsPeerId& peer_id)
@ -520,7 +565,7 @@ bool ftServer::handleTunnelRequest(const RsFileHash& hash,const RsPeerId& peer_i
std::cerr << " peer = " << peer_id << std::endl; std::cerr << " peer = " << peer_id << std::endl;
std::cerr << " flags = " << info.storage_permission_flags << std::endl; std::cerr << " flags = " << info.storage_permission_flags << std::endl;
std::cerr << " local = " << rsFiles->FileDetails(hash, RS_FILE_HINTS_NETWORK_WIDE | RS_FILE_HINTS_LOCAL | RS_FILE_HINTS_EXTRA | RS_FILE_HINTS_SPEC_ONLY | RS_FILE_HINTS_DOWNLOAD, info) << std::endl; std::cerr << " local = " << rsFiles->FileDetails(hash, RS_FILE_HINTS_NETWORK_WIDE | RS_FILE_HINTS_LOCAL | RS_FILE_HINTS_EXTRA | RS_FILE_HINTS_SPEC_ONLY | RS_FILE_HINTS_DOWNLOAD, info) << std::endl;
std::cerr << " groups= " ; for(std::list<std::string>::const_iterator it(info.parent_groups.begin());it!=info.parent_groups.end();++it) std::cerr << (*it) << ", " ; std::cerr << std::endl; std::cerr << " groups= " ; for(std::list<RsNodeGroupId>::const_iterator it(info.parent_groups.begin());it!=info.parent_groups.end();++it) std::cerr << (*it) << ", " ; std::cerr << std::endl;
std::cerr << " clear = " << rsPeers->computePeerPermissionFlags(peer_id,info.storage_permission_flags,info.parent_groups) << std::endl; std::cerr << " clear = " << rsPeers->computePeerPermissionFlags(peer_id,info.storage_permission_flags,info.parent_groups) << std::endl;
} }
#endif #endif
@ -766,17 +811,19 @@ bool ftServer::shareDownloadDirectory(bool share)
bool ftServer::sendTurtleItem(const RsPeerId& peerId,const RsFileHash& hash,RsTurtleGenericTunnelItem *item) bool ftServer::sendTurtleItem(const RsPeerId& peerId,const RsFileHash& hash,RsTurtleGenericTunnelItem *item)
{ {
// first, we look for the encrypted hash map // we cannot look in the encrypted hash map, since the same hash--on this side of the FT--can be used with both
#warning code needed here // encrypted and unencrypted peers ids. So the information comes from the virtual peer Id.
if(true)
{ RsFileHash encrypted_hash;
// we don't encrypt
mTurtleRouter->sendTurtleData(peerId,item) ; if(findEncryptedHash(peerId,encrypted_hash))
}
else
{ {
// we encrypt the item // we encrypt the item
#ifdef SERVER_DEBUG
FTSERVER_DEBUG() << "Sending turtle item to peer ID " << peerId << " using encrypted tunnel." << std::endl;
#endif
RsTurtleGenericDataItem *encrypted_item ; RsTurtleGenericDataItem *encrypted_item ;
if(!encryptItem(item, hash, encrypted_item)) if(!encryptItem(item, hash, encrypted_item))
@ -786,6 +833,14 @@ bool ftServer::sendTurtleItem(const RsPeerId& peerId,const RsFileHash& hash,RsTu
mTurtleRouter->sendTurtleData(peerId,encrypted_item) ; mTurtleRouter->sendTurtleData(peerId,encrypted_item) ;
} }
else
{
#ifdef SERVER_DEBUG
FTSERVER_DEBUG() << "Sending turtle item to peer ID " << peerId << " using non uncrypted tunnel." << std::endl;
#endif
mTurtleRouter->sendTurtleData(peerId,item) ;
}
return true ; return true ;
} }
@ -1230,8 +1285,24 @@ bool ftServer::encryptHash(const RsFileHash& hash, RsFileHash& hash_of_hash)
return true ; return true ;
} }
bool ftServer::findEncryptedHash(const RsPeerId& virtual_peer_id, RsFileHash& encrypted_hash)
{
RS_STACK_MUTEX(srvMutex);
std::map<RsPeerId,RsFileHash>::const_iterator it = mEncryptedPeerIds.find(virtual_peer_id) ;
if(it != mEncryptedPeerIds.end())
{
encrypted_hash = it->second ;
return true ;
}
else
return false ;
}
bool ftServer::findRealHash(const RsFileHash& hash, RsFileHash& real_hash) bool ftServer::findRealHash(const RsFileHash& hash, RsFileHash& real_hash)
{ {
RS_STACK_MUTEX(srvMutex);
std::map<RsFileHash,RsFileHash>::const_iterator it = mEncryptedHashes.find(hash) ; std::map<RsFileHash,RsFileHash>::const_iterator it = mEncryptedHashes.find(hash) ;
if(it != mEncryptedHashes.end()) if(it != mEncryptedHashes.end())
@ -1391,9 +1462,6 @@ int ftServer::handleIncoming()
int nhandled = 0 ; int nhandled = 0 ;
RsItem *item = NULL ; RsItem *item = NULL ;
#ifdef SERVER_DEBUG
std::cerr << "ftServer::handleIncoming() " << std::endl;
#endif
while(NULL != (item = recvItem())) while(NULL != (item = recvItem()))
{ {

View File

@ -258,6 +258,7 @@ protected:
// fnds out what is the real hash of encrypted hash hash // fnds out what is the real hash of encrypted hash hash
bool findRealHash(const RsFileHash& hash, RsFileHash& real_hash); bool findRealHash(const RsFileHash& hash, RsFileHash& real_hash);
bool findEncryptedHash(const RsPeerId& virtual_peer_id, RsFileHash& encrypted_hash);
bool encryptHash(const RsFileHash& hash, RsFileHash& hash_of_hash); bool encryptHash(const RsFileHash& hash, RsFileHash& hash_of_hash);
private: private:
@ -286,6 +287,7 @@ private:
std::string mPartialsPath; std::string mPartialsPath;
std::map<RsFileHash,RsFileHash> mEncryptedHashes ; // This map is such that sha1(it->second) = it->first std::map<RsFileHash,RsFileHash> mEncryptedHashes ; // This map is such that sha1(it->second) = it->first
std::map<RsPeerId,RsFileHash> mEncryptedPeerIds ; // This map holds the hash to be used with each peer id
}; };

View File

@ -144,6 +144,9 @@
</item> </item>
<item> <item>
<widget class="QComboBox" name="_e2e_encryption_CB"> <widget class="QComboBox" name="_e2e_encryption_CB">
<property name="toolTip">
<string>&lt;html&gt;&lt;head/&gt;&lt;body&gt;&lt;p&gt;Anonymous tunnels can be end-o-end encrypted. In order to maintain backward compatibility, this can be made optional (choosing &amp;quot;Accepted&amp;quot;), but in the end, all Retroshare nodes will be switched to &amp;quot;Enforced&amp;quot;, meaning that all anonymous transfers will be end-to-end encrypted.&lt;/p&gt;&lt;/body&gt;&lt;/html&gt;</string>
</property>
<item> <item>
<property name="text"> <property name="text">
<string>Accepted</string> <string>Accepted</string>