removed BanList service from Retro-Tor version

This commit is contained in:
csoler 2018-01-01 15:49:49 +01:00
parent 2c10f4f340
commit fcc3995d87
9 changed files with 52 additions and 24 deletions

View File

@ -718,7 +718,7 @@ void p3NetMgrIMPL::netExtCheck()
#endif #endif
if(sockaddr_storage_isValidNet(tmpip)) if(sockaddr_storage_isValidNet(tmpip))
{ {
if(rsBanList->isAddressAccepted(tmpip,RSBANLIST_CHECKING_FLAGS_BLACKLIST)) if( (rsBanList==NULL) || rsBanList->isAddressAccepted(tmpip,RSBANLIST_CHECKING_FLAGS_BLACKLIST))
{ {
// must be stable??? // must be stable???
isStable = true; isStable = true;
@ -761,7 +761,7 @@ void p3NetMgrIMPL::netExtCheck()
/* input network bits */ /* input network bits */
if (mDhtStunner->getExternalAddr(tmpaddr, isstable)) if (mDhtStunner->getExternalAddr(tmpaddr, isstable))
{ {
if(rsBanList->isAddressAccepted(tmpaddr,RSBANLIST_CHECKING_FLAGS_BLACKLIST)) if((rsBanList == NULL) || rsBanList->isAddressAccepted(tmpaddr,RSBANLIST_CHECKING_FLAGS_BLACKLIST))
{ {
// must be stable??? // must be stable???
isStable = (isstable == 1); isStable = (isstable == 1);

View File

@ -1218,7 +1218,7 @@ bool p3PeerMgrIMPL::UpdateOwnAddress(const struct sockaddr_storage &localAddr,
std::cerr << ")" << std::endl; std::cerr << ")" << std::endl;
#endif #endif
if(!rsBanList->isAddressAccepted(localAddr, RSBANLIST_CHECKING_FLAGS_BLACKLIST)) if((rsBanList != NULL) && !rsBanList->isAddressAccepted(localAddr, RSBANLIST_CHECKING_FLAGS_BLACKLIST))
{ {
std::cerr << "(SS) Trying to set own IP to a banned IP " << sockaddr_storage_iptostring(localAddr) << ". This probably means that a friend in under traffic re-routing attack." << std::endl; std::cerr << "(SS) Trying to set own IP to a banned IP " << sockaddr_storage_iptostring(localAddr) << ". This probably means that a friend in under traffic re-routing attack." << std::endl;
return false ; return false ;
@ -1357,7 +1357,7 @@ bool p3PeerMgrIMPL::setExtAddress(const RsPeerId &id, const struct sockaddr_s
bool changed = false; bool changed = false;
uint32_t check_res = 0 ; uint32_t check_res = 0 ;
if(!rsBanList->isAddressAccepted(addr,RSBANLIST_CHECKING_FLAGS_BLACKLIST,&check_res)) if(rsBanList!=NULL && !rsBanList->isAddressAccepted(addr,RSBANLIST_CHECKING_FLAGS_BLACKLIST,&check_res))
{ {
std::cerr << "(SS) trying to set external contact address for peer " << id << " to a banned address " << sockaddr_storage_iptostring(addr )<< std::endl; std::cerr << "(SS) trying to set external contact address for peer " << id << " to a banned address " << sockaddr_storage_iptostring(addr )<< std::endl;
return false ; return false ;
@ -1531,7 +1531,7 @@ bool p3PeerMgrIMPL::addCandidateForOwnExternalAddress(const RsPeerId &from, cons
// Notify for every friend that has reported a wrong external address, except if that address is in the IP whitelist. // Notify for every friend that has reported a wrong external address, except if that address is in the IP whitelist.
if((!rsBanList->isAddressAccepted(addr_filtered,RSBANLIST_CHECKING_FLAGS_WHITELIST)) && (!sockaddr_storage_sameip(own_addr,addr_filtered))) if((rsBanList!=NULL && !rsBanList->isAddressAccepted(addr_filtered,RSBANLIST_CHECKING_FLAGS_WHITELIST)) && (!sockaddr_storage_sameip(own_addr,addr_filtered)))
{ {
std::cerr << " Peer " << from << " reports a connection address (" << sockaddr_storage_iptostring(addr_filtered) <<") that is not your current external address (" << sockaddr_storage_iptostring(own_addr) << "). This is weird." << std::endl; std::cerr << " Peer " << from << " reports a connection address (" << sockaddr_storage_iptostring(addr_filtered) <<") that is not your current external address (" << sockaddr_storage_iptostring(own_addr) << "). This is weird." << std::endl;
@ -2774,7 +2774,7 @@ bool p3PeerMgrIMPL::removeBannedIps()
if(cleanIpList(it->second.ipAddrs.mExt.mAddrs,it->first,mLinkMgr)) changed = true ; if(cleanIpList(it->second.ipAddrs.mExt.mAddrs,it->first,mLinkMgr)) changed = true ;
if(cleanIpList(it->second.ipAddrs.mLocal.mAddrs,it->first,mLinkMgr)) changed = true ; if(cleanIpList(it->second.ipAddrs.mLocal.mAddrs,it->first,mLinkMgr)) changed = true ;
if(!rsBanList->isAddressAccepted(it->second.serveraddr,RSBANLIST_CHECKING_FLAGS_BLACKLIST)) if(rsBanList!=NULL && !rsBanList->isAddressAccepted(it->second.serveraddr,RSBANLIST_CHECKING_FLAGS_BLACKLIST))
{ {
sockaddr_storage_clear(it->second.serveraddr) ; sockaddr_storage_clear(it->second.serveraddr) ;
std::cerr << "(SS) Peer " << it->first << " has a banned server address. Wiping it out." << std::endl; std::cerr << "(SS) Peer " << it->first << " has a banned server address. Wiping it out." << std::endl;

View File

@ -1321,14 +1321,14 @@ int pqissl::Authorise_SSL_Connection()
if (rsPeers->servicePermissionFlags(PeerId()) & RS_NODE_PERM_REQUIRE_WL) if (rsPeers->servicePermissionFlags(PeerId()) & RS_NODE_PERM_REQUIRE_WL)
checking_flags |= RSBANLIST_CHECKING_FLAGS_WHITELIST; checking_flags |= RSBANLIST_CHECKING_FLAGS_WHITELIST;
if(!rsBanList->isAddressAccepted(remote_addr,checking_flags,&check_result)) if(rsBanList!=NULL && !rsBanList->isAddressAccepted(remote_addr,checking_flags,&check_result))
{ {
std::cerr << "(SS) refusing connection attempt from IP address " << sockaddr_storage_iptostring(remote_addr) << ". Reason: " << std::cerr << "(SS) refusing connection attempt from IP address " << sockaddr_storage_iptostring(remote_addr) << ". Reason: " <<
((check_result == RSBANLIST_CHECK_RESULT_NOT_WHITELISTED)?"not whitelisted (peer requires whitelist)":"blacklisted") << std::endl; ((check_result == RSBANLIST_CHECK_RESULT_NOT_WHITELISTED)?"not whitelisted (peer requires whitelist)":"blacklisted") << std::endl;
RsServer::notify()->AddFeedItem(RS_FEED_ITEM_SEC_IP_BLACKLISTED, PeerId().toStdString(), sockaddr_storage_iptostring(remote_addr), "", "", check_result); RsServer::notify()->AddFeedItem(RS_FEED_ITEM_SEC_IP_BLACKLISTED, PeerId().toStdString(), sockaddr_storage_iptostring(remote_addr), "", "", check_result);
reset_locked(); reset_locked();
return 0 ; return 0 ;
} }
// check it's the right one. // check it's the right one.
if (certCorrect) if (certCorrect)
@ -1371,12 +1371,12 @@ int pqissl::accept_locked(SSL *ssl, int fd, const struct sockaddr_storage &forei
if (rsPeers->servicePermissionFlags(PeerId()) & RS_NODE_PERM_REQUIRE_WL) if (rsPeers->servicePermissionFlags(PeerId()) & RS_NODE_PERM_REQUIRE_WL)
checking_flags |= RSBANLIST_CHECKING_FLAGS_WHITELIST; checking_flags |= RSBANLIST_CHECKING_FLAGS_WHITELIST;
if(!rsBanList->isAddressAccepted(foreign_addr,checking_flags,&check_result)) if(rsBanList!=NULL && !rsBanList->isAddressAccepted(foreign_addr,checking_flags,&check_result))
{ {
std::cerr << "(SS) refusing incoming SSL connection from blacklisted foreign address " << sockaddr_storage_iptostring(foreign_addr) std::cerr << "(SS) refusing incoming SSL connection from blacklisted foreign address " << sockaddr_storage_iptostring(foreign_addr)
<< ". Reason: " << check_result << "." << std::endl; << ". Reason: " << check_result << "." << std::endl;
RsServer::notify()->AddFeedItem(RS_FEED_ITEM_SEC_IP_BLACKLISTED, PeerId().toStdString(), sockaddr_storage_iptostring(foreign_addr), "", "", check_result); RsServer::notify()->AddFeedItem(RS_FEED_ITEM_SEC_IP_BLACKLISTED, PeerId().toStdString(), sockaddr_storage_iptostring(foreign_addr), "", "", check_result);
reset_locked(); reset_locked();
return -1; return -1;
} }
if (waiting != WAITING_NOT) if (waiting != WAITING_NOT)

View File

@ -1518,9 +1518,14 @@ int RsServer::StartupRetroShare()
#endif #endif
// new services to test. // new services to test.
#ifndef RETROTOR
p3BanList *mBanList = new p3BanList(serviceCtrl, mNetMgr); p3BanList *mBanList = new p3BanList(serviceCtrl, mNetMgr);
rsBanList = mBanList ; rsBanList = mBanList ;
pqih -> addService(mBanList, true); pqih -> addService(mBanList, true);
#else
rsBanList = NULL ;
#endif
#ifdef RS_USE_BITDHT #ifdef RS_USE_BITDHT
mBitDht->setupPeerSharer(mBanList); mBitDht->setupPeerSharer(mBanList);
#endif #endif
@ -1589,7 +1594,9 @@ int RsServer::StartupRetroShare()
mConfigMgr->addConfiguration("p3History.cfg", mHistoryMgr); mConfigMgr->addConfiguration("p3History.cfg", mHistoryMgr);
mConfigMgr->addConfiguration("p3Status.cfg", mStatusSrv); mConfigMgr->addConfiguration("p3Status.cfg", mStatusSrv);
mConfigMgr->addConfiguration("turtle.cfg", tr); mConfigMgr->addConfiguration("turtle.cfg", tr);
#ifndef RETROTOR
mConfigMgr->addConfiguration("banlist.cfg", mBanList); mConfigMgr->addConfiguration("banlist.cfg", mBanList);
#endif
mConfigMgr->addConfiguration("servicecontrol.cfg", serviceCtrl); mConfigMgr->addConfiguration("servicecontrol.cfg", serviceCtrl);
mConfigMgr->addConfiguration("reputations.cfg", mReputations); mConfigMgr->addConfiguration("reputations.cfg", mReputations);
#ifdef ENABLE_GROUTER #ifdef ENABLE_GROUTER

View File

@ -225,9 +225,10 @@ void AWidget::initImages()
//p.drawPixmap(QRect(10, 10, width()-10, 60), image); //p.drawPixmap(QRect(10, 10, width()-10, 60), image);
/* Draw RetroShare version */ /* Draw RetroShare version */
p.drawText(QPointF(10, 50), QString("%1 : %2").arg(tr("Retroshare version"), Rshare::retroshareVersion(true)));
#ifdef RS_ONLYHIDDENNODE #ifdef RS_ONLYHIDDENNODE
p.drawText(QPointF(10, 70), QString("Only Hidden Node")); p.drawText(QPointF(10, 50), QString("%1 : %2 (With embedded Tor)").arg(tr("Retroshare version"), Rshare::retroshareVersion(true)));
#else
p.drawText(QPointF(10, 50), QString("%1 : %2").arg(tr("Retroshare version"), Rshare::retroshareVersion(true)));
#endif #endif
/* Draw Qt's version number */ /* Draw Qt's version number */

View File

@ -195,6 +195,10 @@ GenCertDialog::GenCertDialog(bool onlyGenerateIdentity, QWidget *parent)
ui.nodeType_CB->setCurrentIndex(1); ui.nodeType_CB->setCurrentIndex(1);
ui.nodeType_CB->setEnabled(false); ui.nodeType_CB->setEnabled(false);
#endif #endif
#ifdef RETROTOR
ui.adv_checkbox->setChecked(false);
ui.adv_checkbox->setVisible(true);
#endif
initKeyList(); initKeyList();
setupState(); setupState();
@ -255,10 +259,16 @@ void GenCertDialog::setupState()
{ {
bool adv_state = ui.adv_checkbox->isChecked(); bool adv_state = ui.adv_checkbox->isChecked();
#ifdef RETROTOR
bool retrotor = true ;
#else
bool retrotor = false ;
#endif
if(!adv_state) if(!adv_state)
{ {
ui.reuse_existing_node_CB->setChecked(false) ; ui.reuse_existing_node_CB->setChecked(false) ;
ui.nodeType_CB->setCurrentIndex(0) ; ui.nodeType_CB->setCurrentIndex(retrotor?1:0) ;
ui.keylength_comboBox->setCurrentIndex(0) ; ui.keylength_comboBox->setCurrentIndex(0) ;
} }
bool hidden_state = ui.nodeType_CB->currentIndex()==1; bool hidden_state = ui.nodeType_CB->currentIndex()==1;
@ -271,8 +281,8 @@ void GenCertDialog::setupState()
setWindowTitle(generate_new?tr("Create new profile and new Retroshare node"):tr("Create new Retroshare node")); setWindowTitle(generate_new?tr("Create new profile and new Retroshare node"):tr("Create new Retroshare node"));
//ui.headerFrame->setHeaderText(generate_new?tr("Create a new profile and node"):tr("Create a new node")); //ui.headerFrame->setHeaderText(generate_new?tr("Create a new profile and node"):tr("Create a new node"));
ui.label_nodeType->setVisible(adv_state) ; ui.label_nodeType->setVisible(adv_state && !retrotor) ;
ui.nodeType_CB->setVisible(adv_state) ; ui.nodeType_CB->setVisible(adv_state && !retrotor) ;
ui.reuse_existing_node_CB->setEnabled(adv_state) ; ui.reuse_existing_node_CB->setEnabled(adv_state) ;
ui.importIdentity_PB->setVisible(adv_state && !generate_new) ; ui.importIdentity_PB->setVisible(adv_state && !generate_new) ;
ui.exportIdentity_PB->setVisible(adv_state && !generate_new) ; ui.exportIdentity_PB->setVisible(adv_state && !generate_new) ;
@ -308,13 +318,13 @@ void GenCertDialog::setupState()
ui.entropy_bar->setVisible(true); ui.entropy_bar->setVisible(true);
ui.genButton->setVisible(true); ui.genButton->setVisible(true);
ui.hiddenaddr_input->setVisible(hidden_state); ui.hiddenaddr_input->setVisible(hidden_state && !retrotor);
ui.hiddenaddr_label->setVisible(hidden_state); ui.hiddenaddr_label->setVisible(hidden_state && !retrotor);
ui.hiddenport_label->setVisible(hidden_state); ui.hiddenport_label->setVisible(hidden_state && !retrotor);
ui.hiddenport_spinBox->setVisible(hidden_state); ui.hiddenport_spinBox->setVisible(hidden_state && !retrotor);
ui.cbUseBob->setVisible(hidden_state); ui.cbUseBob->setVisible(hidden_state && !retrotor);
if(!mAllFieldsOk) if(!mAllFieldsOk)
{ {

View File

@ -487,6 +487,9 @@ void ServerPage::toggleIpFiltering(bool b)
void ServerPage::loadFilteredIps() void ServerPage::loadFilteredIps()
{ {
if(rsBanList == NULL)
return ;
if(rsBanList->ipFilteringEnabled()) if(rsBanList->ipFilteringEnabled())
{ {
whileBlocking(ui.denyAll_CB)->setChecked(true) ; whileBlocking(ui.denyAll_CB)->setChecked(true) ;

View File

@ -26,7 +26,7 @@
<item> <item>
<widget class="QTabWidget" name="tabWidget"> <widget class="QTabWidget" name="tabWidget">
<property name="currentIndex"> <property name="currentIndex">
<number>2</number> <number>0</number>
</property> </property>
<widget class="QWidget" name="tabNetConf"> <widget class="QWidget" name="tabNetConf">
<attribute name="title"> <attribute name="title">

View File

@ -3,7 +3,10 @@
CONFIG *= retroshare_gui CONFIG *= retroshare_gui
no_retroshare_gui:CONFIG -= retroshare_gui no_retroshare_gui:CONFIG -= retroshare_gui
# To build the RetroTor executable, just uncomment the following option # To build the RetroTor executable, just uncomment the following option.
# RetroTor is a version of RS that automatically configures Tor for its own usage
# using only hidden nodes. It will not start if Tor is not working.
# CONFIG *= retrotor # CONFIG *= retrotor
# To disable RetroShare-nogui append the following # To disable RetroShare-nogui append the following
@ -231,6 +234,10 @@ rs_autologin {
warning("You have enabled RetroShare auto-login, this is discouraged. The usage of auto-login on some linux distributions may allow someone having access to your session to steal the SSL keys of your node location and therefore compromise your security") warning("You have enabled RetroShare auto-login, this is discouraged. The usage of auto-login on some linux distributions may allow someone having access to your session to steal the SSL keys of your node location and therefore compromise your security")
} }
retrotor {
DEFINES *= RS_ONLYHIDDENNODE
}
rs_onlyhiddennode { rs_onlyhiddennode {
DEFINES *= RS_ONLYHIDDENNODE DEFINES *= RS_ONLYHIDDENNODE
warning("QMAKE: You have enabled only hidden node.") warning("QMAKE: You have enabled only hidden node.")