disallow double tunnels (encrypted+clear) in Accepted mode, since it is not needed

2024-12-25 23:49:35 -05:00 · 2016-11-01 14:13:43 +01:00 · 2016-11-01 14:13:43 +01:00 · 6a3610e6cb
commit 6a3610e6cb
parent ffdac640d8
2 changed files with 16 additions and 7 deletions
--- a/libretroshare/src/ft/ftcontroller.cc
+++ b/libretroshare/src/ft/ftcontroller.cc
@ -979,16 +979,20 @@ bool 	ftController::FileRequest(const std::string& fname, const RsFileHash& hash
 	if(alreadyHaveFile(hash, info))
 		return false ;

+    // the strategy for requesting encryption is the following:
+    //
+    // if policy is STRICT
+    //	- disable clear, enforce encryption
+    // else
+    //  - if not specified, use clear
+    //
    if(mDefaultEncryptionPolicy == RS_FILE_CTRL_ENCRYPTION_POLICY_STRICT)
    {
        flags |=  RS_FILE_REQ_ENCRYPTED ;
        flags &= ~RS_FILE_REQ_UNENCRYPTED ;
    }
-    else
-    {
-        flags |=  RS_FILE_REQ_ENCRYPTED ;
-        flags |=  RS_FILE_REQ_UNENCRYPTED ;
-    }
+    else if(!(flags & ( RS_FILE_REQ_ENCRYPTED |  RS_FILE_REQ_UNENCRYPTED )))
+            flags |= RS_FILE_REQ_UNENCRYPTED ;

 	if(size == 0)	// we treat this special case because
 	{
--- a/libretroshare/src/ft/ftserver.cc
+++ b/libretroshare/src/ft/ftserver.cc
@ -269,7 +269,6 @@ bool ftServer::activateTunnels(const RsFileHash& hash,TransferRequestFlags flags
 #ifdef SERVER_DEBUG
        FTSERVER_DEBUG() << "Activating tunnels for hash " << hash << std::endl;
 #endif
-
        if(flags & RS_FILE_REQ_ENCRYPTED)
        {
 #ifdef SERVER_DEBUG
@ -277,7 +276,7 @@ bool ftServer::activateTunnels(const RsFileHash& hash,TransferRequestFlags flags
 #endif
            mTurtleRouter->monitorTunnels(hash_of_hash,this,true) ;
        }
-        if(flags & RS_FILE_REQ_UNENCRYPTED)
+        if((flags & RS_FILE_REQ_UNENCRYPTED) && (mFtController->defaultEncryptionPolicy() != RS_FILE_CTRL_ENCRYPTION_POLICY_STRICT))
        {
 #ifdef SERVER_DEBUG
            FTSERVER_DEBUG() << "  flags require no end-to-end encryption. Requesting hash " << hash << std::endl;
@ -599,6 +598,12 @@ bool ftServer::handleTunnelRequest(const RsFileHash& hash,const RsPeerId& peer_i
        }
    }

+    if(mFtController->defaultEncryptionPolicy() == RS_FILE_CTRL_ENCRYPTION_POLICY_STRICT && hash == real_hash)
+    {
+        std::cerr << "(WW) rejecting file transfer for hash " << hash << " because the hash is not encrypted and encryption policy requires it." << std::endl;
+        return false ;
+    }
+
 #ifdef SERVER_DEBUG
    FTSERVER_DEBUG() << "ftServer: performing local hash search for hash " << hash << std::endl;