Git-Mirrors/RetroShare
1
0
Fork 0
mirror of https://github.com/RetroShare/RetroShare.git synced 2024-12-27 00:19:25 -05:00
Code Issues Actions Packages Projects Releases Wiki Activity

Prepare RsBanList for JSON API support

Browse Source
This commit is contained in:
Gioacchino Mazzurco 2019-05-05 14:54:46 +02:00
parent ebd55b2626
commit fb4be22f0e
No known key found for this signature in database
GPG Key ID: A1FBCA3872E87051
6 changed files with 103 additions and 66 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
libretroshare/src/dht/p3bitdht.cc
View File

@ -85,7 +85,10 @@ virtual int dhtInfoCallback(const bdId *id, uint32_t type, uint32_t flags, std::
return 0;
// now check the filter
if(rsBanList->isAddressAccepted(*(const sockaddr_storage*)addr, RSBANLIST_CHECKING_FLAGS_BLACKLIST, NULL)) {
if(rsBanList->isAddressAccepted(
*reinterpret_cast<const sockaddr_storage*>(addr),
RSBANLIST_CHECKING_FLAGS_BLACKLIST ))
{
*isBanned = false;
} else {
#ifdef DEBUG_BITDHT

10
libretroshare/src/pqi/p3peermgr.cc
View File

@ -1476,12 +1476,12 @@ bool p3PeerMgrIMPL::setExtAddress( const RsPeerId &id,
bool changed = false;
uint32_t check_res = 0;
if( rsBanList!=NULL && !rsBanList->isAddressAccepted(
addr, RSBANLIST_CHECKING_FLAGS_BLACKLIST, &check_res) )
if(rsBanList && !rsBanList->isAddressAccepted(
addr, RSBANLIST_CHECKING_FLAGS_BLACKLIST, check_res ))
{
std::cerr << "(SS) trying to set external contact address for peer "
<< id << " to a banned address "
<< sockaddr_storage_iptostring(addr) << std::endl;
RsErr() << __PRETTY_FUNCTION__ << " trying to set external contact "
<< "address for peer: " << id << " to a banned address " << addr
<< std::endl;
return false;
}

5
libretroshare/src/pqi/pqissl.cc
View File

@ -1251,9 +1251,8 @@ int pqissl::accept_locked( SSL *ssl, int fd,
if (rsPeers->servicePermissionFlags(PeerId()) & RS_NODE_PERM_REQUIRE_WL)
checking_flags |= RSBANLIST_CHECKING_FLAGS_WHITELIST;
if( rsBanList && !rsBanList->isAddressAccepted( foreign_addr,
checking_flags,
&check_result ) )
if(rsBanList && !rsBanList->isAddressAccepted(
foreign_addr, checking_flags, check_result ))
{
RsErr() << __PRETTY_FUNCTION__
<< " Refusing incoming SSL connection from blacklisted "

102
libretroshare/src/retroshare/rsbanlist.h
View File

@ -1,9 +1,9 @@
/*******************************************************************************
* libretroshare/src/retroshare: rsbanlist.h *
* IPv4 address filtering interface *
* *
* libretroshare: retroshare core library *
* *
* Copyright 2011-2011 by Robert Fernie <retroshare@lunamutt.com> *
* Copyright (C) 2015 Cyril Soler <retroshare.team@gmail.com> *
* *
* This program is free software: you can redistribute it and/or modify *
* it under the terms of the GNU Lesser General Public License as *
@ -21,12 +21,21 @@
*******************************************************************************/
#pragma once
#include <list>
#include "util/rsnet.h"
#include "util/rstime.h"
#include "util/rsmemory.h"
class RsBanList;
extern RsBanList *rsBanList ;
/**
* Pointer to global instance of RsBanList service implementation
* @jsonapi{development}
*/
extern RsBanList* rsBanList;
// TODO: use enum class instead of defines
#define RSBANLIST_ORIGIN_UNKNOWN 0
#define RSBANLIST_ORIGIN_SELF 1
#define RSBANLIST_ORIGIN_FRIEND 2
@ -55,7 +64,7 @@ extern RsBanList *rsBanList ;
#define RSBANLIST_TYPE_BLACKLIST 2
#define RSBANLIST_TYPE_WHITELIST 3
class RsTlvBanListEntry ;
class RsTlvBanListEntry;
class BanListPeer
{
@ -78,42 +87,71 @@ public:
class RsBanList
{
public:
virtual void enableIPFiltering(bool b) =0;
virtual bool ipFilteringEnabled() =0;
/**
* @brief Enable or disable IP filtering service
* @jsonapi{development}
* @param[in] enable pass true to enable, false to disable
*/
virtual void enableIPFiltering(bool enable) = 0;
// addIpRange()/removeIpRange()
// addr: full IPv4 address. Port is ignored.
// masked_bytes: 0=full IP, 1="/24", 2="/16"
// list_type: RSBANLIST_TYPE_WHITELIST or RSBANLIST_TYPE_BLACKLIST
// comment: anything, user-based.
/**
* @brief Get ip filtering service status
* @jsonapi{development}
* @return true if enabled, false if disabled
*/
virtual bool ipFilteringEnabled() = 0;
virtual bool addIpRange(const struct sockaddr_storage& addr,int masked_bytes,uint32_t list_type,const std::string& comment) =0;
virtual bool removeIpRange(const struct sockaddr_storage& addr,int masked_bytes,uint32_t list_type) =0;
/**
* @brief addIpRange
* @param addr full IPv4 address. Port is ignored.
* @param masked_bytes 0=full IP, 1="/24", 2="/16"
* @param list_type RSBANLIST_TYPE_WHITELIST or RSBANLIST_TYPE_BLACKLIST
* @param comment anything, user-based
* @return
*/
virtual bool addIpRange(
const sockaddr_storage& addr, int masked_bytes, uint32_t list_type,
const std::string& comment ) = 0;
// isAddressAccepted()
// addr: full IPv4 address. Port is ignored.
// checking flags: any combination of RSBANLIST_CHECKING_FLAGS_BLACKLIST and RSBANLIST_CHECKING_FLAGS_WHITELIST
// check_result: returned result of the check in RSBANLIST_CHECK_RESULT_*
// returned value: true=address is accepted, false=address is rejected.
/**
* @brief removeIpRange
* @param addr full IPv4 address. Port is ignored.
* @param masked_bytes 0=full IP, 1="/24", 2="/16"
* @param list_type RSBANLIST_TYPE_WHITELIST or RSBANLIST_TYPE_BLACKLIST
* @return
*/
virtual bool removeIpRange(
const sockaddr_storage& addr, int masked_bytes, uint32_t list_type
) = 0;
virtual bool isAddressAccepted(const struct sockaddr_storage& addr,uint32_t checking_flags,uint32_t *check_result=NULL) =0;
/**
* @brief isAddressAccepted
* @param addr full IPv4 address. Port is ignored.
* @param checking_flags any combination of
* RSBANLIST_CHECKING_FLAGS_BLACKLIST and
* RSBANLIST_CHECKING_FLAGS_WHITELIST
* @param check_result returned result of the check in
* RSBANLIST_CHECK_RESULT_*
* @return true if address is accepted, false false if address is rejected.
*/
virtual bool isAddressAccepted(
const sockaddr_storage& addr, uint32_t checking_flags,
uint32_t& check_result = RS_DEFAULT_STORAGE_PARAM(uint32_t) ) = 0;
virtual void getBannedIps(std::list<BanListPeer>& list) =0;
virtual void getWhiteListedIps(std::list<BanListPeer>& list) =0;
virtual void getBannedIps(std::list<BanListPeer>& list) = 0;
virtual void getWhiteListedIps(std::list<BanListPeer>& list) = 0;
virtual bool autoRangeEnabled() =0;
virtual void enableAutoRange(bool b) =0 ;
virtual bool autoRangeEnabled() = 0;
virtual void enableAutoRange(bool b) = 0;
virtual int autoRangeLimit() =0;
virtual void setAutoRangeLimit(int n)=0;
virtual int autoRangeLimit() = 0;
virtual void setAutoRangeLimit(int n) = 0;
virtual void enableIPsFromFriends(bool b) =0;
virtual bool IPsFromFriendsEnabled() =0;
virtual void enableIPsFromFriends(bool b) = 0;
virtual bool IPsFromFriendsEnabled() = 0;
virtual void enableIPsFromDHT(bool b) =0;
virtual bool iPsFromDHTEnabled() =0;
virtual void enableIPsFromDHT(bool b) = 0;
virtual bool iPsFromDHTEnabled() = 0;
virtual ~RsBanList();
};

39
libretroshare/src/services/p3banlist.cc
View File

@ -306,12 +306,15 @@ bool p3BanList::acceptedBanRanges_locked(const BanListPeer& blp)
}
return false ;
}
bool p3BanList::isAddressAccepted(const sockaddr_storage &dAddr, uint32_t checking_flags,uint32_t *check_result)
bool p3BanList::isAddressAccepted(
const sockaddr_storage& dAddr, uint32_t checking_flags,
uint32_t& check_result )
{
check_result = RSBANLIST_CHECK_RESULT_NOCHECK;
if(!mIPFilteringEnabled) return true;
sockaddr_storage addr; sockaddr_storage_copy(dAddr, addr);
if(!mIPFilteringEnabled) return true;
if(check_result != NULL) *check_result = RSBANLIST_CHECK_RESULT_NOCHECK;
if(!sockaddr_storage_ipv6_to_ipv4(addr)) return true;
if(sockaddr_storage_isLoopbackNet(addr)) return true;
@ -332,9 +335,8 @@ bool p3BanList::isAddressAccepted(const sockaddr_storage &dAddr, uint32_t checki
white_list_found = white_list_found || (mWhiteListedRanges.find(addr_32) != mWhiteListedRanges.end()) ;
if(white_list_found)
{
if(check_result != NULL)
*check_result = RSBANLIST_CHECK_RESULT_ACCEPTED ;
{
check_result = RSBANLIST_CHECK_RESULT_ACCEPTED;
#ifdef DEBUG_BANLIST
std::cerr << ". Address is in whitelist. Accepting" << std::endl;
#endif
@ -342,9 +344,8 @@ bool p3BanList::isAddressAccepted(const sockaddr_storage &dAddr, uint32_t checki
}
if(checking_flags & RSBANLIST_CHECKING_FLAGS_WHITELIST)
{
if(check_result != NULL)
*check_result = RSBANLIST_CHECK_RESULT_NOT_WHITELISTED ;
{
check_result = RSBANLIST_CHECK_RESULT_NOT_WHITELISTED;
#ifdef DEBUG_BANLIST
std::cerr << ". Address is not whitelist, and whitelist is required. Rejecting" << std::endl;
#endif
@ -356,8 +357,7 @@ bool p3BanList::isAddressAccepted(const sockaddr_storage &dAddr, uint32_t checki
#ifdef DEBUG_BANLIST
std::cerr << ". No blacklisting required. Accepting." << std::endl;
#endif
if(check_result != NULL)
*check_result = RSBANLIST_CHECK_RESULT_ACCEPTED ;
check_result = RSBANLIST_CHECK_RESULT_ACCEPTED;
return true;
}
@ -369,8 +369,7 @@ bool p3BanList::isAddressAccepted(const sockaddr_storage &dAddr, uint32_t checki
#ifdef DEBUG_BANLIST
std::cerr << " found in blacklisted range " << sockaddr_storage_iptostring(it->first) << "/16. returning false. attempts=" << it->second.connect_attempts << std::endl;
#endif
if(check_result != NULL)
*check_result = RSBANLIST_CHECK_RESULT_BLACKLISTED ;
check_result = RSBANLIST_CHECK_RESULT_BLACKLISTED;
return false ;
}
@ -380,8 +379,7 @@ bool p3BanList::isAddressAccepted(const sockaddr_storage &dAddr, uint32_t checki
#ifdef DEBUG_BANLIST
std::cerr << " found in blacklisted range " << sockaddr_storage_iptostring(it->first) << "/24. returning false. attempts=" << it->second.connect_attempts << std::endl;
#endif
if(check_result != NULL)
*check_result = RSBANLIST_CHECK_RESULT_BLACKLISTED ;
check_result = RSBANLIST_CHECK_RESULT_BLACKLISTED;
return false ;
}
@ -391,8 +389,7 @@ bool p3BanList::isAddressAccepted(const sockaddr_storage &dAddr, uint32_t checki
#ifdef DEBUG_BANLIST
std::cerr << " found in blacklisted range " << sockaddr_storage_iptostring(it->first) << "/32. returning false. attempts=" << it->second.connect_attempts << std::endl;
#endif
if(check_result != NULL)
*check_result = RSBANLIST_CHECK_RESULT_BLACKLISTED ;
check_result = RSBANLIST_CHECK_RESULT_BLACKLISTED;
return false ;
}
@ -402,16 +399,14 @@ bool p3BanList::isAddressAccepted(const sockaddr_storage &dAddr, uint32_t checki
#ifdef DEBUG_BANLIST
std::cerr << "found as blacklisted address " << sockaddr_storage_iptostring(it->first) << ". returning false. attempts=" << it->second.connect_attempts << std::endl;
#endif
if(check_result != NULL)
*check_result = RSBANLIST_CHECK_RESULT_BLACKLISTED ;
check_result = RSBANLIST_CHECK_RESULT_BLACKLISTED;
return false ;
}
#ifdef DEBUG_BANLIST
std::cerr << " not blacklisted. Accepting." << std::endl;
#endif
if(check_result != NULL)
*check_result = RSBANLIST_CHECK_RESULT_ACCEPTED ;
check_result = RSBANLIST_CHECK_RESULT_ACCEPTED;
return true ;
}
void p3BanList::getWhiteListedIps(std::list<BanListPeer> &lst)
@ -1304,4 +1299,4 @@ int p3BanList::printBanSources_locked(std::ostream &out)
return true ;
}
RsBanList::~RsBanList() = default;

8
libretroshare/src/services/p3banlist.h
View File

@ -56,9 +56,11 @@ public:
/***** overloaded from RsBanList *****/
virtual bool isAddressAccepted( const sockaddr_storage& addr,
uint32_t checking_flags,
uint32_t *check_result=NULL );
/// @see RsBanList
virtual bool isAddressAccepted(
const sockaddr_storage& addr, uint32_t checking_flags,
uint32_t& check_result = RS_DEFAULT_STORAGE_PARAM(uint32_t)
) override;
virtual void getBannedIps(std::list<BanListPeer>& list) ;
virtual void getWhiteListedIps(std::list<BanListPeer>& list) ;