Git-Mirrors/RetroShare
1
0
Fork 0
mirror of https://github.com/RetroShare/RetroShare.git synced 2024-12-27 16:39:29 -05:00
Code Issues Actions Packages Projects Releases Wiki Activity

Prepare RsBanList for JSON API support

Browse Source
This commit is contained in:
Gioacchino Mazzurco 2019-05-05 14:54:46 +02:00
parent ebd55b2626
commit fb4be22f0e
No known key found for this signature in database
GPG Key ID: A1FBCA3872E87051
6 changed files with 103 additions and 66 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
libretroshare/src/dht/p3bitdht.cc
View File

@ -85,7 +85,10 @@ virtual int dhtInfoCallback(const bdId *id, uint32_t type, uint32_t flags, std::
return 0; return 0;
// now check the filter // now check the filter
if(rsBanList->isAddressAccepted(*(const sockaddr_storage*)addr, RSBANLIST_CHECKING_FLAGS_BLACKLIST, NULL)) { if(rsBanList->isAddressAccepted(
*reinterpret_cast<const sockaddr_storage*>(addr),
RSBANLIST_CHECKING_FLAGS_BLACKLIST ))
{
*isBanned = false; *isBanned = false;
} else { } else {
#ifdef DEBUG_BITDHT #ifdef DEBUG_BITDHT

10
libretroshare/src/pqi/p3peermgr.cc
View File

@ -1476,12 +1476,12 @@ bool p3PeerMgrIMPL::setExtAddress( const RsPeerId &id,
bool changed = false; bool changed = false;
uint32_t check_res = 0; uint32_t check_res = 0;
if( rsBanList!=NULL && !rsBanList->isAddressAccepted( if(rsBanList && !rsBanList->isAddressAccepted(
addr, RSBANLIST_CHECKING_FLAGS_BLACKLIST, &check_res) ) addr, RSBANLIST_CHECKING_FLAGS_BLACKLIST, check_res ))
{ {
std::cerr << "(SS) trying to set external contact address for peer " RsErr() << __PRETTY_FUNCTION__ << " trying to set external contact "
<< id << " to a banned address " << "address for peer: " << id << " to a banned address " << addr
<< sockaddr_storage_iptostring(addr) << std::endl; << std::endl;
return false; return false;
} }

5
libretroshare/src/pqi/pqissl.cc
View File

@ -1251,9 +1251,8 @@ int pqissl::accept_locked( SSL *ssl, int fd,
if (rsPeers->servicePermissionFlags(PeerId()) & RS_NODE_PERM_REQUIRE_WL) if (rsPeers->servicePermissionFlags(PeerId()) & RS_NODE_PERM_REQUIRE_WL)
checking_flags |= RSBANLIST_CHECKING_FLAGS_WHITELIST; checking_flags |= RSBANLIST_CHECKING_FLAGS_WHITELIST;
if( rsBanList && !rsBanList->isAddressAccepted( foreign_addr, if(rsBanList && !rsBanList->isAddressAccepted(
checking_flags, foreign_addr, checking_flags, check_result ))
&check_result ) )
{ {
RsErr() << __PRETTY_FUNCTION__ RsErr() << __PRETTY_FUNCTION__
<< " Refusing incoming SSL connection from blacklisted " << " Refusing incoming SSL connection from blacklisted "

102
libretroshare/src/retroshare/rsbanlist.h
View File

@ -1,9 +1,9 @@
/******************************************************************************* /*******************************************************************************
* libretroshare/src/retroshare: rsbanlist.h * * IPv4 address filtering interface *
* * * *
* libretroshare: retroshare core library * * libretroshare: retroshare core library *
* * * *
* Copyright 2011-2011 by Robert Fernie <retroshare@lunamutt.com> * * Copyright (C) 2015 Cyril Soler <retroshare.team@gmail.com> *
* * * *
* This program is free software: you can redistribute it and/or modify * * This program is free software: you can redistribute it and/or modify *
* it under the terms of the GNU Lesser General Public License as * * it under the terms of the GNU Lesser General Public License as *
@ -21,12 +21,21 @@
*******************************************************************************/ *******************************************************************************/
#pragma once #pragma once
#include <list>
#include "util/rsnet.h" #include "util/rsnet.h"
#include "util/rstime.h" #include "util/rstime.h"
#include "util/rsmemory.h"
class RsBanList; class RsBanList;
extern RsBanList *rsBanList ;
/**
* Pointer to global instance of RsBanList service implementation
* @jsonapi{development}
*/
extern RsBanList* rsBanList;
// TODO: use enum class instead of defines
#define RSBANLIST_ORIGIN_UNKNOWN 0 #define RSBANLIST_ORIGIN_UNKNOWN 0
#define RSBANLIST_ORIGIN_SELF 1 #define RSBANLIST_ORIGIN_SELF 1
#define RSBANLIST_ORIGIN_FRIEND 2 #define RSBANLIST_ORIGIN_FRIEND 2
@ -55,7 +64,7 @@ extern RsBanList *rsBanList ;
#define RSBANLIST_TYPE_BLACKLIST 2 #define RSBANLIST_TYPE_BLACKLIST 2
#define RSBANLIST_TYPE_WHITELIST 3 #define RSBANLIST_TYPE_WHITELIST 3
class RsTlvBanListEntry ; class RsTlvBanListEntry;
class BanListPeer class BanListPeer
{ {
@ -78,42 +87,71 @@ public:
class RsBanList class RsBanList
{ {
public: public:
virtual void enableIPFiltering(bool b) =0; /**
virtual bool ipFilteringEnabled() =0; * @brief Enable or disable IP filtering service
* @jsonapi{development}
* @param[in] enable pass true to enable, false to disable
*/
virtual void enableIPFiltering(bool enable) = 0;
// addIpRange()/removeIpRange() /**
// addr: full IPv4 address. Port is ignored. * @brief Get ip filtering service status
// masked_bytes: 0=full IP, 1="/24", 2="/16" * @jsonapi{development}
// list_type: RSBANLIST_TYPE_WHITELIST or RSBANLIST_TYPE_BLACKLIST * @return true if enabled, false if disabled
// comment: anything, user-based. */
virtual bool ipFilteringEnabled() = 0;
virtual bool addIpRange(const struct sockaddr_storage& addr,int masked_bytes,uint32_t list_type,const std::string& comment) =0; /**
virtual bool removeIpRange(const struct sockaddr_storage& addr,int masked_bytes,uint32_t list_type) =0; * @brief addIpRange
* @param addr full IPv4 address. Port is ignored.
* @param masked_bytes 0=full IP, 1="/24", 2="/16"
* @param list_type RSBANLIST_TYPE_WHITELIST or RSBANLIST_TYPE_BLACKLIST
* @param comment anything, user-based
* @return
*/
virtual bool addIpRange(
const sockaddr_storage& addr, int masked_bytes, uint32_t list_type,
const std::string& comment ) = 0;
// isAddressAccepted() /**
// addr: full IPv4 address. Port is ignored. * @brief removeIpRange
// checking flags: any combination of RSBANLIST_CHECKING_FLAGS_BLACKLIST and RSBANLIST_CHECKING_FLAGS_WHITELIST * @param addr full IPv4 address. Port is ignored.
// check_result: returned result of the check in RSBANLIST_CHECK_RESULT_* * @param masked_bytes 0=full IP, 1="/24", 2="/16"
// returned value: true=address is accepted, false=address is rejected. * @param list_type RSBANLIST_TYPE_WHITELIST or RSBANLIST_TYPE_BLACKLIST
* @return
*/
virtual bool removeIpRange(
const sockaddr_storage& addr, int masked_bytes, uint32_t list_type
) = 0;
virtual bool isAddressAccepted(const struct sockaddr_storage& addr,uint32_t checking_flags,uint32_t *check_result=NULL) =0; /**
* @brief isAddressAccepted
* @param addr full IPv4 address. Port is ignored.
* @param checking_flags any combination of
* RSBANLIST_CHECKING_FLAGS_BLACKLIST and
* RSBANLIST_CHECKING_FLAGS_WHITELIST
* @param check_result returned result of the check in
* RSBANLIST_CHECK_RESULT_*
* @return true if address is accepted, false false if address is rejected.
*/
virtual bool isAddressAccepted(
const sockaddr_storage& addr, uint32_t checking_flags,
uint32_t& check_result = RS_DEFAULT_STORAGE_PARAM(uint32_t) ) = 0;
virtual void getBannedIps(std::list<BanListPeer>& list) =0; virtual void getBannedIps(std::list<BanListPeer>& list) = 0;
virtual void getWhiteListedIps(std::list<BanListPeer>& list) =0; virtual void getWhiteListedIps(std::list<BanListPeer>& list) = 0;
virtual bool autoRangeEnabled() =0; virtual bool autoRangeEnabled() = 0;
virtual void enableAutoRange(bool b) =0 ; virtual void enableAutoRange(bool b) = 0;
virtual int autoRangeLimit() =0; virtual int autoRangeLimit() = 0;
virtual void setAutoRangeLimit(int n)=0; virtual void setAutoRangeLimit(int n) = 0;
virtual void enableIPsFromFriends(bool b) =0; virtual void enableIPsFromFriends(bool b) = 0;
virtual bool IPsFromFriendsEnabled() =0; virtual bool IPsFromFriendsEnabled() = 0;
virtual void enableIPsFromDHT(bool b) =0; virtual void enableIPsFromDHT(bool b) = 0;
virtual bool iPsFromDHTEnabled() =0; virtual bool iPsFromDHTEnabled() = 0;
virtual ~RsBanList();
}; };

39
libretroshare/src/services/p3banlist.cc
View File

@ -306,12 +306,15 @@ bool p3BanList::acceptedBanRanges_locked(const BanListPeer& blp)
} }
return false ; return false ;
} }
bool p3BanList::isAddressAccepted(const sockaddr_storage &dAddr, uint32_t checking_flags,uint32_t *check_result) bool p3BanList::isAddressAccepted(
const sockaddr_storage& dAddr, uint32_t checking_flags,
uint32_t& check_result )
{ {
check_result = RSBANLIST_CHECK_RESULT_NOCHECK;
if(!mIPFilteringEnabled) return true;
sockaddr_storage addr; sockaddr_storage_copy(dAddr, addr); sockaddr_storage addr; sockaddr_storage_copy(dAddr, addr);
if(!mIPFilteringEnabled) return true;
if(check_result != NULL) *check_result = RSBANLIST_CHECK_RESULT_NOCHECK;
if(!sockaddr_storage_ipv6_to_ipv4(addr)) return true; if(!sockaddr_storage_ipv6_to_ipv4(addr)) return true;
if(sockaddr_storage_isLoopbackNet(addr)) return true; if(sockaddr_storage_isLoopbackNet(addr)) return true;
@ -332,9 +335,8 @@ bool p3BanList::isAddressAccepted(const sockaddr_storage &dAddr, uint32_t checki
white_list_found = white_list_found || (mWhiteListedRanges.find(addr_32) != mWhiteListedRanges.end()) ; white_list_found = white_list_found || (mWhiteListedRanges.find(addr_32) != mWhiteListedRanges.end()) ;
if(white_list_found) if(white_list_found)
{ {
if(check_result != NULL) check_result = RSBANLIST_CHECK_RESULT_ACCEPTED;
*check_result = RSBANLIST_CHECK_RESULT_ACCEPTED ;
#ifdef DEBUG_BANLIST #ifdef DEBUG_BANLIST
std::cerr << ". Address is in whitelist. Accepting" << std::endl; std::cerr << ". Address is in whitelist. Accepting" << std::endl;
#endif #endif
@ -342,9 +344,8 @@ bool p3BanList::isAddressAccepted(const sockaddr_storage &dAddr, uint32_t checki
} }
if(checking_flags & RSBANLIST_CHECKING_FLAGS_WHITELIST) if(checking_flags & RSBANLIST_CHECKING_FLAGS_WHITELIST)
{ {
if(check_result != NULL) check_result = RSBANLIST_CHECK_RESULT_NOT_WHITELISTED;
*check_result = RSBANLIST_CHECK_RESULT_NOT_WHITELISTED ;
#ifdef DEBUG_BANLIST #ifdef DEBUG_BANLIST
std::cerr << ". Address is not whitelist, and whitelist is required. Rejecting" << std::endl; std::cerr << ". Address is not whitelist, and whitelist is required. Rejecting" << std::endl;
#endif #endif
@ -356,8 +357,7 @@ bool p3BanList::isAddressAccepted(const sockaddr_storage &dAddr, uint32_t checki
#ifdef DEBUG_BANLIST #ifdef DEBUG_BANLIST
std::cerr << ". No blacklisting required. Accepting." << std::endl; std::cerr << ". No blacklisting required. Accepting." << std::endl;
#endif #endif
if(check_result != NULL) check_result = RSBANLIST_CHECK_RESULT_ACCEPTED;
*check_result = RSBANLIST_CHECK_RESULT_ACCEPTED ;
return true; return true;
} }
@ -369,8 +369,7 @@ bool p3BanList::isAddressAccepted(const sockaddr_storage &dAddr, uint32_t checki
#ifdef DEBUG_BANLIST #ifdef DEBUG_BANLIST
std::cerr << " found in blacklisted range " << sockaddr_storage_iptostring(it->first) << "/16. returning false. attempts=" << it->second.connect_attempts << std::endl; std::cerr << " found in blacklisted range " << sockaddr_storage_iptostring(it->first) << "/16. returning false. attempts=" << it->second.connect_attempts << std::endl;
#endif #endif
if(check_result != NULL) check_result = RSBANLIST_CHECK_RESULT_BLACKLISTED;
*check_result = RSBANLIST_CHECK_RESULT_BLACKLISTED ;
return false ; return false ;
} }
@ -380,8 +379,7 @@ bool p3BanList::isAddressAccepted(const sockaddr_storage &dAddr, uint32_t checki
#ifdef DEBUG_BANLIST #ifdef DEBUG_BANLIST
std::cerr << " found in blacklisted range " << sockaddr_storage_iptostring(it->first) << "/24. returning false. attempts=" << it->second.connect_attempts << std::endl; std::cerr << " found in blacklisted range " << sockaddr_storage_iptostring(it->first) << "/24. returning false. attempts=" << it->second.connect_attempts << std::endl;
#endif #endif
if(check_result != NULL) check_result = RSBANLIST_CHECK_RESULT_BLACKLISTED;
*check_result = RSBANLIST_CHECK_RESULT_BLACKLISTED ;
return false ; return false ;
} }
@ -391,8 +389,7 @@ bool p3BanList::isAddressAccepted(const sockaddr_storage &dAddr, uint32_t checki
#ifdef DEBUG_BANLIST #ifdef DEBUG_BANLIST
std::cerr << " found in blacklisted range " << sockaddr_storage_iptostring(it->first) << "/32. returning false. attempts=" << it->second.connect_attempts << std::endl; std::cerr << " found in blacklisted range " << sockaddr_storage_iptostring(it->first) << "/32. returning false. attempts=" << it->second.connect_attempts << std::endl;
#endif #endif
if(check_result != NULL) check_result = RSBANLIST_CHECK_RESULT_BLACKLISTED;
*check_result = RSBANLIST_CHECK_RESULT_BLACKLISTED ;
return false ; return false ;
} }
@ -402,16 +399,14 @@ bool p3BanList::isAddressAccepted(const sockaddr_storage &dAddr, uint32_t checki
#ifdef DEBUG_BANLIST #ifdef DEBUG_BANLIST
std::cerr << "found as blacklisted address " << sockaddr_storage_iptostring(it->first) << ". returning false. attempts=" << it->second.connect_attempts << std::endl; std::cerr << "found as blacklisted address " << sockaddr_storage_iptostring(it->first) << ". returning false. attempts=" << it->second.connect_attempts << std::endl;
#endif #endif
if(check_result != NULL) check_result = RSBANLIST_CHECK_RESULT_BLACKLISTED;
*check_result = RSBANLIST_CHECK_RESULT_BLACKLISTED ;
return false ; return false ;
} }
#ifdef DEBUG_BANLIST #ifdef DEBUG_BANLIST
std::cerr << " not blacklisted. Accepting." << std::endl; std::cerr << " not blacklisted. Accepting." << std::endl;
#endif #endif
if(check_result != NULL) check_result = RSBANLIST_CHECK_RESULT_ACCEPTED;
*check_result = RSBANLIST_CHECK_RESULT_ACCEPTED ;
return true ; return true ;
} }
void p3BanList::getWhiteListedIps(std::list<BanListPeer> &lst) void p3BanList::getWhiteListedIps(std::list<BanListPeer> &lst)
@ -1304,4 +1299,4 @@ int p3BanList::printBanSources_locked(std::ostream &out)
return true ; return true ;
} }
RsBanList::~RsBanList() = default;

8
libretroshare/src/services/p3banlist.h
View File

@ -56,9 +56,11 @@ public:
/***** overloaded from RsBanList *****/ /***** overloaded from RsBanList *****/
virtual bool isAddressAccepted( const sockaddr_storage& addr, /// @see RsBanList
uint32_t checking_flags, virtual bool isAddressAccepted(
uint32_t *check_result=NULL ); const sockaddr_storage& addr, uint32_t checking_flags,
uint32_t& check_result = RS_DEFAULT_STORAGE_PARAM(uint32_t)
) override;
virtual void getBannedIps(std::list<BanListPeer>& list) ; virtual void getBannedIps(std::list<BanListPeer>& list) ;
virtual void getWhiteListedIps(std::list<BanListPeer>& list) ; virtual void getWhiteListedIps(std::list<BanListPeer>& list) ;