From 57bb31ece62fcbba4a18313fbad7c594e913d70d Mon Sep 17 00:00:00 2001
From: csoler <csoler@users.sourceforge.net>
Date: Wed, 25 Apr 2018 18:52:07 +0200
Subject: [PATCH] added new checks in canSend and canRecv Msg/Grp to work with
 distant peers

---
 libretroshare/src/gxs/rsgxsnetservice.cc | 37 ++++++++++++++++++++++--
 libretroshare/src/gxs/rsgxsnettunnel.cc  | 12 ++++++--
 libretroshare/src/gxs/rsgxsnettunnel.h   |  3 +-
 3 files changed, 47 insertions(+), 5 deletions(-)

diff --git a/libretroshare/src/gxs/rsgxsnetservice.cc b/libretroshare/src/gxs/rsgxsnetservice.cc
index 619adb5f7..33081acd2 100644
--- a/libretroshare/src/gxs/rsgxsnetservice.cc
+++ b/libretroshare/src/gxs/rsgxsnetservice.cc
@@ -668,7 +668,6 @@ void RsGxsNetService::syncWithPeers()
             const RsGxsGroupId& grpId = mmit->first;
             RsGxsCircleId encrypt_to_this_circle_id ;
 
-#warning we should use this call in order to determine wether the peer can be sent group information about a specific group, otherwise we leak which group we are subscribed to
             if(!checkCanRecvMsgFromPeer(peerId, *meta,encrypt_to_this_circle_id))
                 continue;
 
@@ -741,7 +740,9 @@ void RsGxsNetService::generic_sendItem(RsNxsItem *si)
 {
 	// check if the item is to be sent to a distant peer or not
 
-	if(mAllowDistSync && isDistantPeer( static_cast<RsGxsNetTunnelVirtualPeerId>(si->PeerId())))
+	RsGxsGroupId tmp_grpId;
+
+	if(mAllowDistSync && isDistantPeer( static_cast<RsGxsNetTunnelVirtualPeerId>(si->PeerId()),tmp_grpId))
 	{
 		RsNxsSerialiser ser(mServType);
 
@@ -4091,6 +4092,17 @@ bool RsGxsNetService::canSendGrpId(const RsPeerId& sslId, const RsGxsGrpMetaData
 #ifdef NXS_NET_DEBUG_4
 	GXSNETDEBUG_PG(sslId,grpMeta.mGroupId) << "RsGxsNetService::canSendGrpId()"<< std::endl;
 #endif
+	// check if that peer is a virtual peer id, in which case we only send/recv data to/from it items for the group it's requested for
+
+	RsGxsGroupId peer_grp ;
+	if(isDistantPeer(RsGxsNetTunnelVirtualPeerId(sslId),peer_grp) && peer_grp != grpMeta.mGroupId)
+	{
+#ifdef NXS_NET_DEBUG_4
+        GXSNETDEBUG_PG(sslId,grpMeta.mGroupId) << "  Distant peer designed for group " << peer_grp << ": cannot request sync for different group." << std::endl;
+#endif
+		return false ;
+	}
+
 	// first do the simple checks
 	uint8_t circleType = grpMeta.mCircleType;
 
@@ -4144,6 +4156,17 @@ bool RsGxsNetService::checkCanRecvMsgFromPeer(const RsPeerId& sslId, const RsGxs
     GXSNETDEBUG_PG(sslId,grpMeta.mGroupId) << "RsGxsNetService::checkCanRecvMsgFromPeer()";
     GXSNETDEBUG_PG(sslId,grpMeta.mGroupId) << "  peer Id = " << sslId << ", grpId=" << grpMeta.mGroupId <<std::endl;
 #endif
+	// check if that peer is a virtual peer id, in which case we only send/recv data to/from it items for the group it's requested for
+
+	RsGxsGroupId peer_grp ;
+	if(isDistantPeer(RsGxsNetTunnelVirtualPeerId(sslId),peer_grp) && peer_grp != grpMeta.mGroupId)
+	{
+#ifdef NXS_NET_DEBUG_4
+        GXSNETDEBUG_PG(sslId,grpMeta.mGroupId) << "  Distant peer designed for group " << peer_grp << ": cannot request sync for different group." << std::endl;
+#endif
+		return false ;
+	}
+
     // first do the simple checks
     uint8_t circleType = grpMeta.mCircleType;
     should_encrypt_id.clear() ;
@@ -4487,6 +4510,16 @@ bool RsGxsNetService::canSendMsgIds(std::vector<RsGxsMsgMetaData*>& msgMetas, co
 #ifdef NXS_NET_DEBUG_4
     GXSNETDEBUG_PG(sslId,grpMeta.mGroupId) << "RsGxsNetService::canSendMsgIds() CIRCLE VETTING" << std::endl;
 #endif
+	// check if that peer is a virtual peer id, in which case we only send/recv data to/from it items for the group it's requested for
+
+	RsGxsGroupId peer_grp ;
+	if(isDistantPeer(RsGxsNetTunnelVirtualPeerId(sslId),peer_grp) && peer_grp != grpMeta.mGroupId)
+	{
+#ifdef NXS_NET_DEBUG_4
+        GXSNETDEBUG_PG(sslId,grpMeta.mGroupId) << "  Distant peer designed for group " << peer_grp << ": cannot request sync for different group." << std::endl;
+#endif
+		return false ;
+	}
 
     // first do the simple checks
     uint8_t circleType = grpMeta.mCircleType;
diff --git a/libretroshare/src/gxs/rsgxsnettunnel.cc b/libretroshare/src/gxs/rsgxsnettunnel.cc
index e3da0be70..00e3fd852 100644
--- a/libretroshare/src/gxs/rsgxsnettunnel.cc
+++ b/libretroshare/src/gxs/rsgxsnettunnel.cc
@@ -140,11 +140,19 @@ RsGxsNetTunnelService::~RsGxsNetTunnelService()
 	mIncomingData.clear();
 }
 
-bool RsGxsNetTunnelService::isDistantPeer(const RsGxsNetTunnelVirtualPeerId& virtual_peer)
+bool RsGxsNetTunnelService::isDistantPeer(const RsGxsNetTunnelVirtualPeerId& virtual_peer, RsGxsGroupId& group_id)
 {
 	RS_STACK_MUTEX(mGxsNetTunnelMtx);
 
-	return mVirtualPeers.find(virtual_peer) != mVirtualPeers.end();
+	auto it = mVirtualPeers.find(virtual_peer) ;
+
+	if(it != mVirtualPeers.end())
+	{
+		group_id = it->second.group_id ;
+		return true ;
+	}
+	else
+		return false ;
 }
 
 bool RsGxsNetTunnelService::receiveTunnelData(unsigned char *& data,uint32_t& data_len,RsGxsNetTunnelVirtualPeerId& virtual_peer)
diff --git a/libretroshare/src/gxs/rsgxsnettunnel.h b/libretroshare/src/gxs/rsgxsnettunnel.h
index c63ab0135..9448b9508 100644
--- a/libretroshare/src/gxs/rsgxsnettunnel.h
+++ b/libretroshare/src/gxs/rsgxsnettunnel.h
@@ -193,10 +193,11 @@ public:
 	  /*!
 	   * \brief isDistantPeer
 	   *                 returns wether the peer is in the list of available distant peers or not
+	   * \param group_id          returned by the service to indicate which group this peer id is designed for.
 	   * \return    true if the peer is a distant GXS peer.
 	   */
 
-	  bool isDistantPeer(const RsGxsNetTunnelVirtualPeerId& virtual_peer) ;
+	  bool isDistantPeer(const RsGxsNetTunnelVirtualPeerId& virtual_peer,RsGxsGroupId& group_id) ;
 
 	  /*!
 	   * \brief dumps all information about monitored groups.