diff --git a/libretroshare/src/pqi/p3netmgr.cc b/libretroshare/src/pqi/p3netmgr.cc index 03c809789..2d593e42f 100644 --- a/libretroshare/src/pqi/p3netmgr.cc +++ b/libretroshare/src/pqi/p3netmgr.cc @@ -718,7 +718,7 @@ void p3NetMgrIMPL::netExtCheck() #endif if(sockaddr_storage_isValidNet(tmpip)) { - if(rsBanList->isAddressAccepted(tmpip,RSBANLIST_CHECKING_FLAGS_BLACKLIST)) + if( (rsBanList==NULL) || rsBanList->isAddressAccepted(tmpip,RSBANLIST_CHECKING_FLAGS_BLACKLIST)) { // must be stable??? isStable = true; @@ -761,7 +761,7 @@ void p3NetMgrIMPL::netExtCheck() /* input network bits */ if (mDhtStunner->getExternalAddr(tmpaddr, isstable)) { - if(rsBanList->isAddressAccepted(tmpaddr,RSBANLIST_CHECKING_FLAGS_BLACKLIST)) + if((rsBanList == NULL) || rsBanList->isAddressAccepted(tmpaddr,RSBANLIST_CHECKING_FLAGS_BLACKLIST)) { // must be stable??? isStable = (isstable == 1); diff --git a/libretroshare/src/pqi/p3peermgr.cc b/libretroshare/src/pqi/p3peermgr.cc index d62d2ca08..61deb9713 100644 --- a/libretroshare/src/pqi/p3peermgr.cc +++ b/libretroshare/src/pqi/p3peermgr.cc @@ -1218,7 +1218,7 @@ bool p3PeerMgrIMPL::UpdateOwnAddress(const struct sockaddr_storage &localAddr, std::cerr << ")" << std::endl; #endif - if(!rsBanList->isAddressAccepted(localAddr, RSBANLIST_CHECKING_FLAGS_BLACKLIST)) + if((rsBanList != NULL) && !rsBanList->isAddressAccepted(localAddr, RSBANLIST_CHECKING_FLAGS_BLACKLIST)) { std::cerr << "(SS) Trying to set own IP to a banned IP " << sockaddr_storage_iptostring(localAddr) << ". This probably means that a friend in under traffic re-routing attack." << std::endl; return false ; @@ -1357,7 +1357,7 @@ bool p3PeerMgrIMPL::setExtAddress(const RsPeerId &id, const struct sockaddr_s bool changed = false; uint32_t check_res = 0 ; - if(!rsBanList->isAddressAccepted(addr,RSBANLIST_CHECKING_FLAGS_BLACKLIST,&check_res)) + if(rsBanList!=NULL && !rsBanList->isAddressAccepted(addr,RSBANLIST_CHECKING_FLAGS_BLACKLIST,&check_res)) { std::cerr << "(SS) trying to set external contact address for peer " << id << " to a banned address " << sockaddr_storage_iptostring(addr )<< std::endl; return false ; @@ -1531,7 +1531,7 @@ bool p3PeerMgrIMPL::addCandidateForOwnExternalAddress(const RsPeerId &from, cons // Notify for every friend that has reported a wrong external address, except if that address is in the IP whitelist. - if((!rsBanList->isAddressAccepted(addr_filtered,RSBANLIST_CHECKING_FLAGS_WHITELIST)) && (!sockaddr_storage_sameip(own_addr,addr_filtered))) + if((rsBanList!=NULL && !rsBanList->isAddressAccepted(addr_filtered,RSBANLIST_CHECKING_FLAGS_WHITELIST)) && (!sockaddr_storage_sameip(own_addr,addr_filtered))) { std::cerr << " Peer " << from << " reports a connection address (" << sockaddr_storage_iptostring(addr_filtered) <<") that is not your current external address (" << sockaddr_storage_iptostring(own_addr) << "). This is weird." << std::endl; @@ -2774,7 +2774,7 @@ bool p3PeerMgrIMPL::removeBannedIps() if(cleanIpList(it->second.ipAddrs.mExt.mAddrs,it->first,mLinkMgr)) changed = true ; if(cleanIpList(it->second.ipAddrs.mLocal.mAddrs,it->first,mLinkMgr)) changed = true ; - if(!rsBanList->isAddressAccepted(it->second.serveraddr,RSBANLIST_CHECKING_FLAGS_BLACKLIST)) + if(rsBanList!=NULL && !rsBanList->isAddressAccepted(it->second.serveraddr,RSBANLIST_CHECKING_FLAGS_BLACKLIST)) { sockaddr_storage_clear(it->second.serveraddr) ; std::cerr << "(SS) Peer " << it->first << " has a banned server address. Wiping it out." << std::endl; diff --git a/libretroshare/src/pqi/pqissl.cc b/libretroshare/src/pqi/pqissl.cc index caa2ac6bb..898080262 100644 --- a/libretroshare/src/pqi/pqissl.cc +++ b/libretroshare/src/pqi/pqissl.cc @@ -1321,14 +1321,14 @@ int pqissl::Authorise_SSL_Connection() if (rsPeers->servicePermissionFlags(PeerId()) & RS_NODE_PERM_REQUIRE_WL) checking_flags |= RSBANLIST_CHECKING_FLAGS_WHITELIST; - if(!rsBanList->isAddressAccepted(remote_addr,checking_flags,&check_result)) + if(rsBanList!=NULL && !rsBanList->isAddressAccepted(remote_addr,checking_flags,&check_result)) { - std::cerr << "(SS) refusing connection attempt from IP address " << sockaddr_storage_iptostring(remote_addr) << ". Reason: " << + std::cerr << "(SS) refusing connection attempt from IP address " << sockaddr_storage_iptostring(remote_addr) << ". Reason: " << ((check_result == RSBANLIST_CHECK_RESULT_NOT_WHITELISTED)?"not whitelisted (peer requires whitelist)":"blacklisted") << std::endl; RsServer::notify()->AddFeedItem(RS_FEED_ITEM_SEC_IP_BLACKLISTED, PeerId().toStdString(), sockaddr_storage_iptostring(remote_addr), "", "", check_result); - reset_locked(); - return 0 ; + reset_locked(); + return 0 ; } // check it's the right one. if (certCorrect) @@ -1371,12 +1371,12 @@ int pqissl::accept_locked(SSL *ssl, int fd, const struct sockaddr_storage &forei if (rsPeers->servicePermissionFlags(PeerId()) & RS_NODE_PERM_REQUIRE_WL) checking_flags |= RSBANLIST_CHECKING_FLAGS_WHITELIST; - if(!rsBanList->isAddressAccepted(foreign_addr,checking_flags,&check_result)) + if(rsBanList!=NULL && !rsBanList->isAddressAccepted(foreign_addr,checking_flags,&check_result)) { std::cerr << "(SS) refusing incoming SSL connection from blacklisted foreign address " << sockaddr_storage_iptostring(foreign_addr) << ". Reason: " << check_result << "." << std::endl; RsServer::notify()->AddFeedItem(RS_FEED_ITEM_SEC_IP_BLACKLISTED, PeerId().toStdString(), sockaddr_storage_iptostring(foreign_addr), "", "", check_result); - reset_locked(); + reset_locked(); return -1; } if (waiting != WAITING_NOT) diff --git a/libretroshare/src/rsserver/rsinit.cc b/libretroshare/src/rsserver/rsinit.cc index 797d53067..b93082080 100644 --- a/libretroshare/src/rsserver/rsinit.cc +++ b/libretroshare/src/rsserver/rsinit.cc @@ -1518,9 +1518,14 @@ int RsServer::StartupRetroShare() #endif // new services to test. +#ifndef RETROTOR p3BanList *mBanList = new p3BanList(serviceCtrl, mNetMgr); rsBanList = mBanList ; pqih -> addService(mBanList, true); +#else + rsBanList = NULL ; +#endif + #ifdef RS_USE_BITDHT mBitDht->setupPeerSharer(mBanList); #endif @@ -1589,7 +1594,9 @@ int RsServer::StartupRetroShare() mConfigMgr->addConfiguration("p3History.cfg", mHistoryMgr); mConfigMgr->addConfiguration("p3Status.cfg", mStatusSrv); mConfigMgr->addConfiguration("turtle.cfg", tr); +#ifndef RETROTOR mConfigMgr->addConfiguration("banlist.cfg", mBanList); +#endif mConfigMgr->addConfiguration("servicecontrol.cfg", serviceCtrl); mConfigMgr->addConfiguration("reputations.cfg", mReputations); #ifdef ENABLE_GROUTER diff --git a/retroshare-gui/src/gui/AboutWidget.cpp b/retroshare-gui/src/gui/AboutWidget.cpp index d19e4a7bc..1ade24dc7 100644 --- a/retroshare-gui/src/gui/AboutWidget.cpp +++ b/retroshare-gui/src/gui/AboutWidget.cpp @@ -225,9 +225,10 @@ void AWidget::initImages() //p.drawPixmap(QRect(10, 10, width()-10, 60), image); /* Draw RetroShare version */ - p.drawText(QPointF(10, 50), QString("%1 : %2").arg(tr("Retroshare version"), Rshare::retroshareVersion(true))); #ifdef RS_ONLYHIDDENNODE - p.drawText(QPointF(10, 70), QString("Only Hidden Node")); + p.drawText(QPointF(10, 50), QString("%1 : %2 (With embedded Tor)").arg(tr("Retroshare version"), Rshare::retroshareVersion(true))); +#else + p.drawText(QPointF(10, 50), QString("%1 : %2").arg(tr("Retroshare version"), Rshare::retroshareVersion(true))); #endif /* Draw Qt's version number */ diff --git a/retroshare-gui/src/gui/GenCertDialog.cpp b/retroshare-gui/src/gui/GenCertDialog.cpp index 75bb7d7a3..133bfbc4a 100644 --- a/retroshare-gui/src/gui/GenCertDialog.cpp +++ b/retroshare-gui/src/gui/GenCertDialog.cpp @@ -195,6 +195,10 @@ GenCertDialog::GenCertDialog(bool onlyGenerateIdentity, QWidget *parent) ui.nodeType_CB->setCurrentIndex(1); ui.nodeType_CB->setEnabled(false); #endif +#ifdef RETROTOR + ui.adv_checkbox->setChecked(false); + ui.adv_checkbox->setVisible(true); +#endif initKeyList(); setupState(); @@ -255,10 +259,16 @@ void GenCertDialog::setupState() { bool adv_state = ui.adv_checkbox->isChecked(); +#ifdef RETROTOR + bool retrotor = true ; +#else + bool retrotor = false ; +#endif + if(!adv_state) { ui.reuse_existing_node_CB->setChecked(false) ; - ui.nodeType_CB->setCurrentIndex(0) ; + ui.nodeType_CB->setCurrentIndex(retrotor?1:0) ; ui.keylength_comboBox->setCurrentIndex(0) ; } bool hidden_state = ui.nodeType_CB->currentIndex()==1; @@ -271,8 +281,8 @@ void GenCertDialog::setupState() setWindowTitle(generate_new?tr("Create new profile and new Retroshare node"):tr("Create new Retroshare node")); //ui.headerFrame->setHeaderText(generate_new?tr("Create a new profile and node"):tr("Create a new node")); - ui.label_nodeType->setVisible(adv_state) ; - ui.nodeType_CB->setVisible(adv_state) ; + ui.label_nodeType->setVisible(adv_state && !retrotor) ; + ui.nodeType_CB->setVisible(adv_state && !retrotor) ; ui.reuse_existing_node_CB->setEnabled(adv_state) ; ui.importIdentity_PB->setVisible(adv_state && !generate_new) ; ui.exportIdentity_PB->setVisible(adv_state && !generate_new) ; @@ -308,13 +318,13 @@ void GenCertDialog::setupState() ui.entropy_bar->setVisible(true); ui.genButton->setVisible(true); - ui.hiddenaddr_input->setVisible(hidden_state); - ui.hiddenaddr_label->setVisible(hidden_state); + ui.hiddenaddr_input->setVisible(hidden_state && !retrotor); + ui.hiddenaddr_label->setVisible(hidden_state && !retrotor); - ui.hiddenport_label->setVisible(hidden_state); - ui.hiddenport_spinBox->setVisible(hidden_state); + ui.hiddenport_label->setVisible(hidden_state && !retrotor); + ui.hiddenport_spinBox->setVisible(hidden_state && !retrotor); - ui.cbUseBob->setVisible(hidden_state); + ui.cbUseBob->setVisible(hidden_state && !retrotor); if(!mAllFieldsOk) { diff --git a/retroshare-gui/src/gui/settings/ServerPage.cpp b/retroshare-gui/src/gui/settings/ServerPage.cpp index fe2939cf6..9076d76af 100755 --- a/retroshare-gui/src/gui/settings/ServerPage.cpp +++ b/retroshare-gui/src/gui/settings/ServerPage.cpp @@ -487,6 +487,9 @@ void ServerPage::toggleIpFiltering(bool b) void ServerPage::loadFilteredIps() { + if(rsBanList == NULL) + return ; + if(rsBanList->ipFilteringEnabled()) { whileBlocking(ui.denyAll_CB)->setChecked(true) ; diff --git a/retroshare-gui/src/gui/settings/ServerPage.ui b/retroshare-gui/src/gui/settings/ServerPage.ui index 5b4051914..5394ce5be 100755 --- a/retroshare-gui/src/gui/settings/ServerPage.ui +++ b/retroshare-gui/src/gui/settings/ServerPage.ui @@ -26,7 +26,7 @@ - 2 + 0 diff --git a/retroshare.pri b/retroshare.pri index db1834efe..e2397e62b 100644 --- a/retroshare.pri +++ b/retroshare.pri @@ -3,7 +3,10 @@ CONFIG *= retroshare_gui no_retroshare_gui:CONFIG -= retroshare_gui -# To build the RetroTor executable, just uncomment the following option +# To build the RetroTor executable, just uncomment the following option. +# RetroTor is a version of RS that automatically configures Tor for its own usage +# using only hidden nodes. It will not start if Tor is not working. + # CONFIG *= retrotor # To disable RetroShare-nogui append the following @@ -231,6 +234,10 @@ rs_autologin { warning("You have enabled RetroShare auto-login, this is discouraged. The usage of auto-login on some linux distributions may allow someone having access to your session to steal the SSL keys of your node location and therefore compromise your security") } +retrotor { + DEFINES *= RS_ONLYHIDDENNODE +} + rs_onlyhiddennode { DEFINES *= RS_ONLYHIDDENNODE warning("QMAKE: You have enabled only hidden node.")