mirror of
https://github.com/RetroShare/RetroShare.git
synced 2025-01-13 16:39:43 -05:00
fixed a few bugs in ftServer for encrypted tunnel management
This commit is contained in:
parent
9a881619e1
commit
34dcb410b4
@ -628,6 +628,7 @@ bool p3FileDatabase::findChildPointer(void *ref, int row, void *& result, FileSe
|
|||||||
result = NULL ;
|
result = NULL ;
|
||||||
|
|
||||||
if (ref == NULL)
|
if (ref == NULL)
|
||||||
|
{
|
||||||
if(flags & RS_FILE_HINTS_LOCAL)
|
if(flags & RS_FILE_HINTS_LOCAL)
|
||||||
{
|
{
|
||||||
if(row != 0)
|
if(row != 0)
|
||||||
@ -642,8 +643,9 @@ bool p3FileDatabase::findChildPointer(void *ref, int row, void *& result, FileSe
|
|||||||
convertEntryIndexToPointer(mRemoteDirectories[row]->root(),row+1,result);
|
convertEntryIndexToPointer(mRemoteDirectories[row]->root(),row+1,result);
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
return false;
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
uint32_t fi;
|
uint32_t fi;
|
||||||
DirectoryStorage::EntryIndex e ;
|
DirectoryStorage::EntryIndex e ;
|
||||||
|
@ -1825,7 +1825,7 @@ const std::string download_dir_ss("DOWN_DIR");
|
|||||||
const std::string partial_dir_ss("PART_DIR");
|
const std::string partial_dir_ss("PART_DIR");
|
||||||
const std::string default_chunk_strategy_ss("DEFAULT_CHUNK_STRATEGY");
|
const std::string default_chunk_strategy_ss("DEFAULT_CHUNK_STRATEGY");
|
||||||
const std::string free_space_limit_ss("FREE_SPACE_LIMIT");
|
const std::string free_space_limit_ss("FREE_SPACE_LIMIT");
|
||||||
const std::string default_encryption_policy("DEFAULT_ENCRYPTION_POLICY");
|
const std::string default_encryption_policy_ss("DEFAULT_ENCRYPTION_POLICY");
|
||||||
|
|
||||||
|
|
||||||
/* p3Config Interface */
|
/* p3Config Interface */
|
||||||
@ -1873,6 +1873,8 @@ bool ftController::saveList(bool &cleanup, std::list<RsItem *>& saveData)
|
|||||||
break ;
|
break ;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
configMap[default_encryption_policy_ss] = (mDefaultEncryptionPolicy==RS_FILE_CTRL_ENCRYPTION_POLICY_PERMISSIVE)?"PERMISSIVE":"STRICT" ;
|
||||||
|
|
||||||
rs_sprintf(s, "%lu", RsDiscSpace::freeSpaceLimit());
|
rs_sprintf(s, "%lu", RsDiscSpace::freeSpaceLimit());
|
||||||
configMap[free_space_limit_ss] = s ;
|
configMap[free_space_limit_ss] = s ;
|
||||||
|
|
||||||
@ -2115,7 +2117,7 @@ bool ftController::loadConfigMap(std::map<std::string, std::string> &configMap)
|
|||||||
setPartialsDirectory(mit->second);
|
setPartialsDirectory(mit->second);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (configMap.end() != (mit = configMap.find(default_encryption_policy)))
|
if (configMap.end() != (mit = configMap.find(default_encryption_policy_ss)))
|
||||||
{
|
{
|
||||||
if(mit->second == "STRICT")
|
if(mit->second == "STRICT")
|
||||||
{
|
{
|
||||||
|
@ -57,6 +57,11 @@ const int ftserverzone = 29539;
|
|||||||
* #define SERVER_DEBUG_CACHE 1
|
* #define SERVER_DEBUG_CACHE 1
|
||||||
***/
|
***/
|
||||||
|
|
||||||
|
#define SERVER_DEBUG 1
|
||||||
|
|
||||||
|
#define FTSERVER_DEBUG() std::cerr << time(NULL) << " : FILE_SERVER : " << __FUNCTION__ << " : "
|
||||||
|
#define FTSERVER_ERROR() std::cerr << "(EE) FILE_SERVER ERROR : "
|
||||||
|
|
||||||
static const time_t FILE_TRANSFER_LOW_PRIORITY_TASKS_PERIOD = 5 ; // low priority tasks handling every 5 seconds
|
static const time_t FILE_TRANSFER_LOW_PRIORITY_TASKS_PERIOD = 5 ; // low priority tasks handling every 5 seconds
|
||||||
|
|
||||||
/* Setup */
|
/* Setup */
|
||||||
@ -259,8 +264,18 @@ bool ftServer::activateTunnels(const RsFileHash& hash,TransferRequestFlags flags
|
|||||||
|
|
||||||
if(onoff)
|
if(onoff)
|
||||||
{
|
{
|
||||||
if(flags & RS_FILE_REQ_ENCRYPTED) mTurtleRouter->monitorTunnels(hash_of_hash,this,true) ;
|
std::cerr << "Activating tunnels for hash " << hash << std::endl;
|
||||||
if(flags & RS_FILE_REQ_UNENCRYPTED) mTurtleRouter->monitorTunnels(hash,this,true) ;
|
|
||||||
|
if(flags & RS_FILE_REQ_ENCRYPTED)
|
||||||
|
{
|
||||||
|
std::cerr << " flags require end-to-end encryption. Requesting hash of hash " << hash_of_hash << std::endl;
|
||||||
|
mTurtleRouter->monitorTunnels(hash_of_hash,this,true) ;
|
||||||
|
}
|
||||||
|
if(flags & RS_FILE_REQ_UNENCRYPTED)
|
||||||
|
{
|
||||||
|
std::cerr << " flags require no end-to-end encryption. Requesting hash " << hash << std::endl;
|
||||||
|
mTurtleRouter->monitorTunnels(hash,this,true) ;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
@ -477,12 +492,42 @@ RsTurtleGenericTunnelItem *ftServer::deserialiseItem(void *data,uint32_t size) c
|
|||||||
|
|
||||||
void ftServer::addVirtualPeer(const TurtleFileHash& hash,const TurtleVirtualPeerId& virtual_peer_id,RsTurtleGenericTunnelItem::Direction dir)
|
void ftServer::addVirtualPeer(const TurtleFileHash& hash,const TurtleVirtualPeerId& virtual_peer_id,RsTurtleGenericTunnelItem::Direction dir)
|
||||||
{
|
{
|
||||||
if(dir == RsTurtleGenericTunnelItem::DIRECTION_SERVER)
|
#ifdef SERVER_DEBUG
|
||||||
mFtController->addFileSource(hash,virtual_peer_id) ;
|
FTSERVER_DEBUG() << "adding virtual peer. Direction=" << dir << ", hash=" << hash << ", vpid=" << virtual_peer_id << std::endl;
|
||||||
|
#endif
|
||||||
|
if(dir == RsTurtleGenericTunnelItem::DIRECTION_SERVER)
|
||||||
|
{
|
||||||
|
RsFileHash real_hash ;
|
||||||
|
if(findRealHash(hash,real_hash))
|
||||||
|
{
|
||||||
|
#ifdef SERVER_DEBUG
|
||||||
|
FTSERVER_DEBUG() << " direction is SERVER. Adding file source for end-to-end encrypted tunnel for real hash " << real_hash << ", virtual peer id = " << virtual_peer_id << std::endl;
|
||||||
|
#endif
|
||||||
|
{
|
||||||
|
RS_STACK_MUTEX(srvMutex) ;
|
||||||
|
mEncryptedPeerIds[virtual_peer_id] = hash ;
|
||||||
|
}
|
||||||
|
mFtController->addFileSource(real_hash,virtual_peer_id) ;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
#ifdef SERVER_DEBUG
|
||||||
|
FTSERVER_DEBUG() << " direction is SERVER. Adding file source for unencrypted tunnel" << std::endl;
|
||||||
|
#endif
|
||||||
|
mFtController->addFileSource(hash,virtual_peer_id) ;
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
void ftServer::removeVirtualPeer(const TurtleFileHash& hash,const TurtleVirtualPeerId& virtual_peer_id)
|
void ftServer::removeVirtualPeer(const TurtleFileHash& hash,const TurtleVirtualPeerId& virtual_peer_id)
|
||||||
{
|
{
|
||||||
mFtController->removeFileSource(hash,virtual_peer_id) ;
|
RsFileHash real_hash ;
|
||||||
|
if(findRealHash(hash,real_hash))
|
||||||
|
mFtController->removeFileSource(real_hash,virtual_peer_id) ;
|
||||||
|
else
|
||||||
|
mFtController->removeFileSource(hash,virtual_peer_id) ;
|
||||||
|
|
||||||
|
RS_STACK_MUTEX(srvMutex) ;
|
||||||
|
mEncryptedPeerIds.erase(virtual_peer_id) ;
|
||||||
}
|
}
|
||||||
|
|
||||||
bool ftServer::handleTunnelRequest(const RsFileHash& hash,const RsPeerId& peer_id)
|
bool ftServer::handleTunnelRequest(const RsFileHash& hash,const RsPeerId& peer_id)
|
||||||
@ -520,7 +565,7 @@ bool ftServer::handleTunnelRequest(const RsFileHash& hash,const RsPeerId& peer_i
|
|||||||
std::cerr << " peer = " << peer_id << std::endl;
|
std::cerr << " peer = " << peer_id << std::endl;
|
||||||
std::cerr << " flags = " << info.storage_permission_flags << std::endl;
|
std::cerr << " flags = " << info.storage_permission_flags << std::endl;
|
||||||
std::cerr << " local = " << rsFiles->FileDetails(hash, RS_FILE_HINTS_NETWORK_WIDE | RS_FILE_HINTS_LOCAL | RS_FILE_HINTS_EXTRA | RS_FILE_HINTS_SPEC_ONLY | RS_FILE_HINTS_DOWNLOAD, info) << std::endl;
|
std::cerr << " local = " << rsFiles->FileDetails(hash, RS_FILE_HINTS_NETWORK_WIDE | RS_FILE_HINTS_LOCAL | RS_FILE_HINTS_EXTRA | RS_FILE_HINTS_SPEC_ONLY | RS_FILE_HINTS_DOWNLOAD, info) << std::endl;
|
||||||
std::cerr << " groups= " ; for(std::list<std::string>::const_iterator it(info.parent_groups.begin());it!=info.parent_groups.end();++it) std::cerr << (*it) << ", " ; std::cerr << std::endl;
|
std::cerr << " groups= " ; for(std::list<RsNodeGroupId>::const_iterator it(info.parent_groups.begin());it!=info.parent_groups.end();++it) std::cerr << (*it) << ", " ; std::cerr << std::endl;
|
||||||
std::cerr << " clear = " << rsPeers->computePeerPermissionFlags(peer_id,info.storage_permission_flags,info.parent_groups) << std::endl;
|
std::cerr << " clear = " << rsPeers->computePeerPermissionFlags(peer_id,info.storage_permission_flags,info.parent_groups) << std::endl;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
@ -766,17 +811,19 @@ bool ftServer::shareDownloadDirectory(bool share)
|
|||||||
|
|
||||||
bool ftServer::sendTurtleItem(const RsPeerId& peerId,const RsFileHash& hash,RsTurtleGenericTunnelItem *item)
|
bool ftServer::sendTurtleItem(const RsPeerId& peerId,const RsFileHash& hash,RsTurtleGenericTunnelItem *item)
|
||||||
{
|
{
|
||||||
// first, we look for the encrypted hash map
|
// we cannot look in the encrypted hash map, since the same hash--on this side of the FT--can be used with both
|
||||||
#warning code needed here
|
// encrypted and unencrypted peers ids. So the information comes from the virtual peer Id.
|
||||||
if(true)
|
|
||||||
{
|
RsFileHash encrypted_hash;
|
||||||
// we don't encrypt
|
|
||||||
mTurtleRouter->sendTurtleData(peerId,item) ;
|
if(findEncryptedHash(peerId,encrypted_hash))
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
{
|
||||||
// we encrypt the item
|
// we encrypt the item
|
||||||
|
|
||||||
|
#ifdef SERVER_DEBUG
|
||||||
|
FTSERVER_DEBUG() << "Sending turtle item to peer ID " << peerId << " using encrypted tunnel." << std::endl;
|
||||||
|
#endif
|
||||||
|
|
||||||
RsTurtleGenericDataItem *encrypted_item ;
|
RsTurtleGenericDataItem *encrypted_item ;
|
||||||
|
|
||||||
if(!encryptItem(item, hash, encrypted_item))
|
if(!encryptItem(item, hash, encrypted_item))
|
||||||
@ -786,6 +833,14 @@ bool ftServer::sendTurtleItem(const RsPeerId& peerId,const RsFileHash& hash,RsTu
|
|||||||
|
|
||||||
mTurtleRouter->sendTurtleData(peerId,encrypted_item) ;
|
mTurtleRouter->sendTurtleData(peerId,encrypted_item) ;
|
||||||
}
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
#ifdef SERVER_DEBUG
|
||||||
|
FTSERVER_DEBUG() << "Sending turtle item to peer ID " << peerId << " using non uncrypted tunnel." << std::endl;
|
||||||
|
#endif
|
||||||
|
mTurtleRouter->sendTurtleData(peerId,item) ;
|
||||||
|
}
|
||||||
|
|
||||||
return true ;
|
return true ;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1230,8 +1285,24 @@ bool ftServer::encryptHash(const RsFileHash& hash, RsFileHash& hash_of_hash)
|
|||||||
return true ;
|
return true ;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
bool ftServer::findEncryptedHash(const RsPeerId& virtual_peer_id, RsFileHash& encrypted_hash)
|
||||||
|
{
|
||||||
|
RS_STACK_MUTEX(srvMutex);
|
||||||
|
|
||||||
|
std::map<RsPeerId,RsFileHash>::const_iterator it = mEncryptedPeerIds.find(virtual_peer_id) ;
|
||||||
|
|
||||||
|
if(it != mEncryptedPeerIds.end())
|
||||||
|
{
|
||||||
|
encrypted_hash = it->second ;
|
||||||
|
return true ;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
return false ;
|
||||||
|
}
|
||||||
|
|
||||||
bool ftServer::findRealHash(const RsFileHash& hash, RsFileHash& real_hash)
|
bool ftServer::findRealHash(const RsFileHash& hash, RsFileHash& real_hash)
|
||||||
{
|
{
|
||||||
|
RS_STACK_MUTEX(srvMutex);
|
||||||
std::map<RsFileHash,RsFileHash>::const_iterator it = mEncryptedHashes.find(hash) ;
|
std::map<RsFileHash,RsFileHash>::const_iterator it = mEncryptedHashes.find(hash) ;
|
||||||
|
|
||||||
if(it != mEncryptedHashes.end())
|
if(it != mEncryptedHashes.end())
|
||||||
@ -1391,9 +1462,6 @@ int ftServer::handleIncoming()
|
|||||||
int nhandled = 0 ;
|
int nhandled = 0 ;
|
||||||
|
|
||||||
RsItem *item = NULL ;
|
RsItem *item = NULL ;
|
||||||
#ifdef SERVER_DEBUG
|
|
||||||
std::cerr << "ftServer::handleIncoming() " << std::endl;
|
|
||||||
#endif
|
|
||||||
|
|
||||||
while(NULL != (item = recvItem()))
|
while(NULL != (item = recvItem()))
|
||||||
{
|
{
|
||||||
|
@ -258,6 +258,7 @@ protected:
|
|||||||
|
|
||||||
// fnds out what is the real hash of encrypted hash hash
|
// fnds out what is the real hash of encrypted hash hash
|
||||||
bool findRealHash(const RsFileHash& hash, RsFileHash& real_hash);
|
bool findRealHash(const RsFileHash& hash, RsFileHash& real_hash);
|
||||||
|
bool findEncryptedHash(const RsPeerId& virtual_peer_id, RsFileHash& encrypted_hash);
|
||||||
bool encryptHash(const RsFileHash& hash, RsFileHash& hash_of_hash);
|
bool encryptHash(const RsFileHash& hash, RsFileHash& hash_of_hash);
|
||||||
|
|
||||||
private:
|
private:
|
||||||
@ -286,6 +287,7 @@ private:
|
|||||||
std::string mPartialsPath;
|
std::string mPartialsPath;
|
||||||
|
|
||||||
std::map<RsFileHash,RsFileHash> mEncryptedHashes ; // This map is such that sha1(it->second) = it->first
|
std::map<RsFileHash,RsFileHash> mEncryptedHashes ; // This map is such that sha1(it->second) = it->first
|
||||||
|
std::map<RsPeerId,RsFileHash> mEncryptedPeerIds ; // This map holds the hash to be used with each peer id
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
|
@ -144,6 +144,9 @@
|
|||||||
</item>
|
</item>
|
||||||
<item>
|
<item>
|
||||||
<widget class="QComboBox" name="_e2e_encryption_CB">
|
<widget class="QComboBox" name="_e2e_encryption_CB">
|
||||||
|
<property name="toolTip">
|
||||||
|
<string><html><head/><body><p>Anonymous tunnels can be end-o-end encrypted. In order to maintain backward compatibility, this can be made optional (choosing &quot;Accepted&quot;), but in the end, all Retroshare nodes will be switched to &quot;Enforced&quot;, meaning that all anonymous transfers will be end-to-end encrypted.</p></body></html></string>
|
||||||
|
</property>
|
||||||
<item>
|
<item>
|
||||||
<property name="text">
|
<property name="text">
|
||||||
<string>Accepted</string>
|
<string>Accepted</string>
|
||||||
|
Loading…
Reference in New Issue
Block a user