Git-Mirrors/RetroShare
1
0
Fork 0
mirror of https://github.com/RetroShare/RetroShare.git synced 2025-01-13 16:39:43 -05:00
Code Issues Actions Packages Projects Releases Wiki Activity

Used the service permission flag "Require white list clearance" in pqissl

Browse Source 
git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@8351 b45a01b8-16f6-495d-af2f-9b41ad6348cc
This commit is contained in:
thunder2 2015-06-03 14:01:46 +00:00
parent 22a7d2eeeb
commit 82d7ab6052
2 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
libretroshare/src/pqi/pqissl.cc
View File

@ -1314,8 +1314,11 @@ int pqissl::Authorise_SSL_Connection()
bool certCorrect = true; /* WE know it okay already! */
uint32_t check_result ;
uint32_t checking_flags = RSBANLIST_CHECKING_FLAGS_BLACKLIST;
if (rsPeers->servicePermissionFlags(PeerId()) & RS_NODE_PERM_REQUIRE_WL)
checking_flags |= RSBANLIST_CHECKING_FLAGS_WHITELIST;
if(!rsBanList->isAddressAccepted(remote_addr,RSBANLIST_CHECKING_FLAGS_BLACKLIST,&check_result))
if(!rsBanList->isAddressAccepted(remote_addr,checking_flags,&check_result))
{
std::cerr << "(SS) connection attempt from banned IP address. Refusing it. Reason: " << check_result << ". Attack??" << std::endl;
RsServer::notify()->AddFeedItem(RS_FEED_ITEM_SEC_IP_BLACKLISTED, PeerId().toStdString(), sockaddr_storage_iptostring(remote_addr), "", "", check_result);
@ -1357,8 +1360,11 @@ int pqissl::accept(SSL *ssl, int fd, const struct sockaddr_storage &foreign_addr
int pqissl::accept_locked(SSL *ssl, int fd, const struct sockaddr_storage &foreign_addr) // initiate incoming connection.
{
uint32_t check_result;
uint32_t checking_flags = RSBANLIST_CHECKING_FLAGS_BLACKLIST;
if (rsPeers->servicePermissionFlags(PeerId()) & RS_NODE_PERM_REQUIRE_WL)
checking_flags |= RSBANLIST_CHECKING_FLAGS_WHITELIST;
if(!rsBanList->isAddressAccepted(foreign_addr,RSBANLIST_CHECKING_FLAGS_BLACKLIST,&check_result))
if(!rsBanList->isAddressAccepted(foreign_addr,checking_flags,&check_result))
{
std::cerr << "(SS) refusing incoming SSL connection from blacklisted foreign address " << sockaddr_storage_iptostring(foreign_addr)
<< ". Reason: " << check_result << "." << std::endl;

2
retroshare-gui/src/gui/feeds/SecurityIpItem.cpp
View File

@ -135,10 +135,10 @@ void SecurityIpItem::updateItem()
if (!mIsTest) {
switch (mResult) {
case RSBANLIST_CHECK_RESULT_NOCHECK:
case RSBANLIST_CHECK_RESULT_NOT_WHITELISTED:
case RSBANLIST_CHECK_RESULT_ACCEPTED:
ui->rsBanListButton->hide();
break;
case RSBANLIST_CHECK_RESULT_NOT_WHITELISTED:
case RSBANLIST_CHECK_RESULT_BLACKLISTED:
ui->rsBanListButton->setVisible(ui->rsBanListButton->setIpAddress(QString::fromStdString(mIpAddr)));
break;