removed BanList service from Retro-Tor version

This commit is contained in:
csoler 2018-01-01 15:49:49 +01:00
parent 2c10f4f340
commit fcc3995d87
9 changed files with 52 additions and 24 deletions

View File

@ -718,7 +718,7 @@ void p3NetMgrIMPL::netExtCheck()
#endif
if(sockaddr_storage_isValidNet(tmpip))
{
if(rsBanList->isAddressAccepted(tmpip,RSBANLIST_CHECKING_FLAGS_BLACKLIST))
if( (rsBanList==NULL) || rsBanList->isAddressAccepted(tmpip,RSBANLIST_CHECKING_FLAGS_BLACKLIST))
{
// must be stable???
isStable = true;
@ -761,7 +761,7 @@ void p3NetMgrIMPL::netExtCheck()
/* input network bits */
if (mDhtStunner->getExternalAddr(tmpaddr, isstable))
{
if(rsBanList->isAddressAccepted(tmpaddr,RSBANLIST_CHECKING_FLAGS_BLACKLIST))
if((rsBanList == NULL) || rsBanList->isAddressAccepted(tmpaddr,RSBANLIST_CHECKING_FLAGS_BLACKLIST))
{
// must be stable???
isStable = (isstable == 1);

View File

@ -1218,7 +1218,7 @@ bool p3PeerMgrIMPL::UpdateOwnAddress(const struct sockaddr_storage &localAddr,
std::cerr << ")" << std::endl;
#endif
if(!rsBanList->isAddressAccepted(localAddr, RSBANLIST_CHECKING_FLAGS_BLACKLIST))
if((rsBanList != NULL) && !rsBanList->isAddressAccepted(localAddr, RSBANLIST_CHECKING_FLAGS_BLACKLIST))
{
std::cerr << "(SS) Trying to set own IP to a banned IP " << sockaddr_storage_iptostring(localAddr) << ". This probably means that a friend in under traffic re-routing attack." << std::endl;
return false ;
@ -1357,7 +1357,7 @@ bool p3PeerMgrIMPL::setExtAddress(const RsPeerId &id, const struct sockaddr_s
bool changed = false;
uint32_t check_res = 0 ;
if(!rsBanList->isAddressAccepted(addr,RSBANLIST_CHECKING_FLAGS_BLACKLIST,&check_res))
if(rsBanList!=NULL && !rsBanList->isAddressAccepted(addr,RSBANLIST_CHECKING_FLAGS_BLACKLIST,&check_res))
{
std::cerr << "(SS) trying to set external contact address for peer " << id << " to a banned address " << sockaddr_storage_iptostring(addr )<< std::endl;
return false ;
@ -1531,7 +1531,7 @@ bool p3PeerMgrIMPL::addCandidateForOwnExternalAddress(const RsPeerId &from, cons
// Notify for every friend that has reported a wrong external address, except if that address is in the IP whitelist.
if((!rsBanList->isAddressAccepted(addr_filtered,RSBANLIST_CHECKING_FLAGS_WHITELIST)) && (!sockaddr_storage_sameip(own_addr,addr_filtered)))
if((rsBanList!=NULL && !rsBanList->isAddressAccepted(addr_filtered,RSBANLIST_CHECKING_FLAGS_WHITELIST)) && (!sockaddr_storage_sameip(own_addr,addr_filtered)))
{
std::cerr << " Peer " << from << " reports a connection address (" << sockaddr_storage_iptostring(addr_filtered) <<") that is not your current external address (" << sockaddr_storage_iptostring(own_addr) << "). This is weird." << std::endl;
@ -2774,7 +2774,7 @@ bool p3PeerMgrIMPL::removeBannedIps()
if(cleanIpList(it->second.ipAddrs.mExt.mAddrs,it->first,mLinkMgr)) changed = true ;
if(cleanIpList(it->second.ipAddrs.mLocal.mAddrs,it->first,mLinkMgr)) changed = true ;
if(!rsBanList->isAddressAccepted(it->second.serveraddr,RSBANLIST_CHECKING_FLAGS_BLACKLIST))
if(rsBanList!=NULL && !rsBanList->isAddressAccepted(it->second.serveraddr,RSBANLIST_CHECKING_FLAGS_BLACKLIST))
{
sockaddr_storage_clear(it->second.serveraddr) ;
std::cerr << "(SS) Peer " << it->first << " has a banned server address. Wiping it out." << std::endl;

View File

@ -1321,14 +1321,14 @@ int pqissl::Authorise_SSL_Connection()
if (rsPeers->servicePermissionFlags(PeerId()) & RS_NODE_PERM_REQUIRE_WL)
checking_flags |= RSBANLIST_CHECKING_FLAGS_WHITELIST;
if(!rsBanList->isAddressAccepted(remote_addr,checking_flags,&check_result))
if(rsBanList!=NULL && !rsBanList->isAddressAccepted(remote_addr,checking_flags,&check_result))
{
std::cerr << "(SS) refusing connection attempt from IP address " << sockaddr_storage_iptostring(remote_addr) << ". Reason: " <<
std::cerr << "(SS) refusing connection attempt from IP address " << sockaddr_storage_iptostring(remote_addr) << ". Reason: " <<
((check_result == RSBANLIST_CHECK_RESULT_NOT_WHITELISTED)?"not whitelisted (peer requires whitelist)":"blacklisted") << std::endl;
RsServer::notify()->AddFeedItem(RS_FEED_ITEM_SEC_IP_BLACKLISTED, PeerId().toStdString(), sockaddr_storage_iptostring(remote_addr), "", "", check_result);
reset_locked();
return 0 ;
reset_locked();
return 0 ;
}
// check it's the right one.
if (certCorrect)
@ -1371,12 +1371,12 @@ int pqissl::accept_locked(SSL *ssl, int fd, const struct sockaddr_storage &forei
if (rsPeers->servicePermissionFlags(PeerId()) & RS_NODE_PERM_REQUIRE_WL)
checking_flags |= RSBANLIST_CHECKING_FLAGS_WHITELIST;
if(!rsBanList->isAddressAccepted(foreign_addr,checking_flags,&check_result))
if(rsBanList!=NULL && !rsBanList->isAddressAccepted(foreign_addr,checking_flags,&check_result))
{
std::cerr << "(SS) refusing incoming SSL connection from blacklisted foreign address " << sockaddr_storage_iptostring(foreign_addr)
<< ". Reason: " << check_result << "." << std::endl;
RsServer::notify()->AddFeedItem(RS_FEED_ITEM_SEC_IP_BLACKLISTED, PeerId().toStdString(), sockaddr_storage_iptostring(foreign_addr), "", "", check_result);
reset_locked();
reset_locked();
return -1;
}
if (waiting != WAITING_NOT)

View File

@ -1518,9 +1518,14 @@ int RsServer::StartupRetroShare()
#endif
// new services to test.
#ifndef RETROTOR
p3BanList *mBanList = new p3BanList(serviceCtrl, mNetMgr);
rsBanList = mBanList ;
pqih -> addService(mBanList, true);
#else
rsBanList = NULL ;
#endif
#ifdef RS_USE_BITDHT
mBitDht->setupPeerSharer(mBanList);
#endif
@ -1589,7 +1594,9 @@ int RsServer::StartupRetroShare()
mConfigMgr->addConfiguration("p3History.cfg", mHistoryMgr);
mConfigMgr->addConfiguration("p3Status.cfg", mStatusSrv);
mConfigMgr->addConfiguration("turtle.cfg", tr);
#ifndef RETROTOR
mConfigMgr->addConfiguration("banlist.cfg", mBanList);
#endif
mConfigMgr->addConfiguration("servicecontrol.cfg", serviceCtrl);
mConfigMgr->addConfiguration("reputations.cfg", mReputations);
#ifdef ENABLE_GROUTER

View File

@ -225,9 +225,10 @@ void AWidget::initImages()
//p.drawPixmap(QRect(10, 10, width()-10, 60), image);
/* Draw RetroShare version */
p.drawText(QPointF(10, 50), QString("%1 : %2").arg(tr("Retroshare version"), Rshare::retroshareVersion(true)));
#ifdef RS_ONLYHIDDENNODE
p.drawText(QPointF(10, 70), QString("Only Hidden Node"));
p.drawText(QPointF(10, 50), QString("%1 : %2 (With embedded Tor)").arg(tr("Retroshare version"), Rshare::retroshareVersion(true)));
#else
p.drawText(QPointF(10, 50), QString("%1 : %2").arg(tr("Retroshare version"), Rshare::retroshareVersion(true)));
#endif
/* Draw Qt's version number */

View File

@ -195,6 +195,10 @@ GenCertDialog::GenCertDialog(bool onlyGenerateIdentity, QWidget *parent)
ui.nodeType_CB->setCurrentIndex(1);
ui.nodeType_CB->setEnabled(false);
#endif
#ifdef RETROTOR
ui.adv_checkbox->setChecked(false);
ui.adv_checkbox->setVisible(true);
#endif
initKeyList();
setupState();
@ -255,10 +259,16 @@ void GenCertDialog::setupState()
{
bool adv_state = ui.adv_checkbox->isChecked();
#ifdef RETROTOR
bool retrotor = true ;
#else
bool retrotor = false ;
#endif
if(!adv_state)
{
ui.reuse_existing_node_CB->setChecked(false) ;
ui.nodeType_CB->setCurrentIndex(0) ;
ui.nodeType_CB->setCurrentIndex(retrotor?1:0) ;
ui.keylength_comboBox->setCurrentIndex(0) ;
}
bool hidden_state = ui.nodeType_CB->currentIndex()==1;
@ -271,8 +281,8 @@ void GenCertDialog::setupState()
setWindowTitle(generate_new?tr("Create new profile and new Retroshare node"):tr("Create new Retroshare node"));
//ui.headerFrame->setHeaderText(generate_new?tr("Create a new profile and node"):tr("Create a new node"));
ui.label_nodeType->setVisible(adv_state) ;
ui.nodeType_CB->setVisible(adv_state) ;
ui.label_nodeType->setVisible(adv_state && !retrotor) ;
ui.nodeType_CB->setVisible(adv_state && !retrotor) ;
ui.reuse_existing_node_CB->setEnabled(adv_state) ;
ui.importIdentity_PB->setVisible(adv_state && !generate_new) ;
ui.exportIdentity_PB->setVisible(adv_state && !generate_new) ;
@ -308,13 +318,13 @@ void GenCertDialog::setupState()
ui.entropy_bar->setVisible(true);
ui.genButton->setVisible(true);
ui.hiddenaddr_input->setVisible(hidden_state);
ui.hiddenaddr_label->setVisible(hidden_state);
ui.hiddenaddr_input->setVisible(hidden_state && !retrotor);
ui.hiddenaddr_label->setVisible(hidden_state && !retrotor);
ui.hiddenport_label->setVisible(hidden_state);
ui.hiddenport_spinBox->setVisible(hidden_state);
ui.hiddenport_label->setVisible(hidden_state && !retrotor);
ui.hiddenport_spinBox->setVisible(hidden_state && !retrotor);
ui.cbUseBob->setVisible(hidden_state);
ui.cbUseBob->setVisible(hidden_state && !retrotor);
if(!mAllFieldsOk)
{

View File

@ -487,6 +487,9 @@ void ServerPage::toggleIpFiltering(bool b)
void ServerPage::loadFilteredIps()
{
if(rsBanList == NULL)
return ;
if(rsBanList->ipFilteringEnabled())
{
whileBlocking(ui.denyAll_CB)->setChecked(true) ;

View File

@ -26,7 +26,7 @@
<item>
<widget class="QTabWidget" name="tabWidget">
<property name="currentIndex">
<number>2</number>
<number>0</number>
</property>
<widget class="QWidget" name="tabNetConf">
<attribute name="title">

View File

@ -3,7 +3,10 @@
CONFIG *= retroshare_gui
no_retroshare_gui:CONFIG -= retroshare_gui
# To build the RetroTor executable, just uncomment the following option
# To build the RetroTor executable, just uncomment the following option.
# RetroTor is a version of RS that automatically configures Tor for its own usage
# using only hidden nodes. It will not start if Tor is not working.
# CONFIG *= retrotor
# To disable RetroShare-nogui append the following
@ -231,6 +234,10 @@ rs_autologin {
warning("You have enabled RetroShare auto-login, this is discouraged. The usage of auto-login on some linux distributions may allow someone having access to your session to steal the SSL keys of your node location and therefore compromise your security")
}
retrotor {
DEFINES *= RS_ONLYHIDDENNODE
}
rs_onlyhiddennode {
DEFINES *= RS_ONLYHIDDENNODE
warning("QMAKE: You have enabled only hidden node.")