From 76ad7f24eeee0c536333987f4b433af8b6e3c69d Mon Sep 17 00:00:00 2001 From: orignal Date: Mon, 16 Mar 2015 14:52:42 -0400 Subject: [PATCH] access list for server tunnels --- ClientContext.cpp | 18 +++++++++++++++++- ClientContext.h | 1 + I2PTunnel.cpp | 17 ++++++++++++++++- I2PTunnel.h | 6 +++++- 4 files changed, 39 insertions(+), 3 deletions(-) diff --git a/ClientContext.cpp b/ClientContext.cpp index fb85f88c..4073421b 100644 --- a/ClientContext.cpp +++ b/ClientContext.cpp @@ -300,9 +300,25 @@ namespace client std::string keys = section.second.get (I2P_SERVER_TUNNEL_KEYS); // optional params int inPort = section.second.get (I2P_SERVER_TUNNEL_INPORT, 0); - + std::string accessList = section.second.get (I2P_SERVER_TUNNEL_ACCESS_LIST, ""); + auto localDestination = LoadLocalDestination (keys, true); auto serverTunnel = new I2PServerTunnel (host, port, localDestination, inPort); + if (accessList.length () > 0) + { + std::set idents; + size_t pos = 0, comma; + do + { + comma = accessList.find (',', pos); + i2p::data::IdentHash ident; + ident.FromBase32 (accessList.substr (pos, comma != std::string::npos ? comma - pos : std::string::npos)); + idents.insert (ident); + pos = comma + 1; + } + while (comma != std::string::npos); + serverTunnel->SetAccessList (idents); + } if (m_ServerTunnels.insert (std::make_pair (localDestination->GetIdentHash (), std::unique_ptr(serverTunnel))).second) serverTunnel->Start (); else diff --git a/ClientContext.h b/ClientContext.h index 87ce4519..a034e541 100644 --- a/ClientContext.h +++ b/ClientContext.h @@ -28,6 +28,7 @@ namespace client const char I2P_SERVER_TUNNEL_PORT[] = "port"; const char I2P_SERVER_TUNNEL_KEYS[] = "keys"; const char I2P_SERVER_TUNNEL_INPORT[] = "inport"; + const char I2P_SERVER_TUNNEL_ACCESS_LIST[] = "accesslist"; const char TUNNELS_CONFIG_FILENAME[] = "tunnels.cfg"; class ClientContext diff --git a/I2PTunnel.cpp b/I2PTunnel.cpp index b4925438..3eb89f45 100644 --- a/I2PTunnel.cpp +++ b/I2PTunnel.cpp @@ -248,7 +248,7 @@ namespace client I2PServerTunnel::I2PServerTunnel (const std::string& address, int port, std::shared_ptr localDestination, int inport): - I2PService (localDestination), m_Endpoint (boost::asio::ip::address::from_string (address), port) + I2PService (localDestination), m_Endpoint (boost::asio::ip::address::from_string (address), port), m_IsAccessList (false) { m_PortDestination = localDestination->CreateStreamingDestination (inport > 0 ? inport : port); } @@ -263,6 +263,12 @@ namespace client ClearHandlers (); } + void I2PServerTunnel::SetAccessList (const std::set& accessList) + { + m_AccessList = accessList; + m_IsAccessList = true; + } + void I2PServerTunnel::Accept () { if (m_PortDestination) @@ -282,6 +288,15 @@ namespace client { if (stream) { + if (m_IsAccessList) + { + if (!m_AccessList.count (stream->GetRemoteIdentity ().GetIdentHash ())) + { + LogPrint (eLogWarning, "Address ", stream->GetRemoteIdentity ().GetIdentHash ().ToBase32 (), " is not in white list. Incoming connection dropped"); + stream->Close (); + return; + } + } auto conn = std::make_shared (this, stream, new boost::asio::ip::tcp::socket (GetService ()), m_Endpoint); AddHandler (conn); conn->Connect (); diff --git a/I2PTunnel.h b/I2PTunnel.h index 88e0083a..41a067f8 100644 --- a/I2PTunnel.h +++ b/I2PTunnel.h @@ -90,6 +90,8 @@ namespace client void Start (); void Stop (); + void SetAccessList (const std::set& accessList); + private: void Accept (); @@ -98,7 +100,9 @@ namespace client private: boost::asio::ip::tcp::endpoint m_Endpoint; - std::shared_ptr m_PortDestination; + std::shared_ptr m_PortDestination; + std::set m_AccessList; + bool m_IsAccessList; }; } }