GNUnet  0.20.0
gnunet-daemon-testbed-blacklist.c
Go to the documentation of this file.
1 /*
2  This file is part of GNUnet
3  Copyright (C) 2008--2013 GNUnet e.V.
4 
5  GNUnet is free software: you can redistribute it and/or modify it
6  under the terms of the GNU Affero General Public License as published
7  by the Free Software Foundation, either version 3 of the License,
8  or (at your option) any later version.
9 
10  GNUnet is distributed in the hope that it will be useful, but
11  WITHOUT ANY WARRANTY; without even the implied warranty of
12  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13  Affero General Public License for more details.
14 
15  You should have received a copy of the GNU Affero General Public License
16  along with this program. If not, see <http://www.gnu.org/licenses/>.
17 
18  SPDX-License-Identifier: AGPL3.0-or-later
19  */
20 
21 
29 #include "platform.h"
30 #include "gnunet_util_lib.h"
31 #include "gnunet_transport_service.h"
32 
33 
37 #define LOG(type, ...) \
38  GNUNET_log (type, __VA_ARGS__)
39 
43 #define DEBUG(...) \
44  LOG (GNUNET_ERROR_TYPE_DEBUG, __VA_ARGS__)
45 
49 #define ACCESS_ALLOW 1
50 
54 #define ACCESS_DENY 0
55 
59 static struct GNUNET_CONTAINER_MultiPeerMap *map;
60 
64 static struct GNUNET_PeerIdentity *ilist;
65 
70 static struct GNUNET_TRANSPORT_Blacklist *bh;
71 
75 static int mode;
76 
77 
81 static void
82 cleanup_map ()
83 {
84  if (NULL != map)
85  {
86  GNUNET_CONTAINER_multipeermap_destroy (map);
87  map = NULL;
88  }
89 }
90 
91 
97 static void
98 do_shutdown (void *cls)
99 {
100  cleanup_map ();
101  if (NULL != bh)
102  GNUNET_TRANSPORT_blacklist_cancel (bh);
103 }
104 
105 
113 static int
114 check_access (void *cls, const struct GNUNET_PeerIdentity *pid)
115 {
116  int contains;
117 
118  if (NULL != map)
119  contains = GNUNET_CONTAINER_multipeermap_contains (map, pid);
120  else
121  contains = GNUNET_NO;
122  if (ACCESS_DENY == mode)
123  return (contains) ? GNUNET_SYSERR : GNUNET_OK;
124  return (contains) ? GNUNET_OK : GNUNET_SYSERR;
125 }
126 
127 
135 static void
136 setup_ac (const char *fname,
137  const struct GNUNET_CONFIGURATION_Handle *cfg)
138 {
139  uint64_t fsize;
140  unsigned int npeers;
141  unsigned int cnt;
142 
143  GNUNET_assert (GNUNET_OK !=
144  GNUNET_DISK_file_size (fname, &fsize, GNUNET_NO,
145  GNUNET_YES));
146  if (0 != (fsize % sizeof(struct GNUNET_PeerIdentity)))
147  {
148  GNUNET_break (0);
149  return;
150  }
151  npeers = fsize / sizeof(struct GNUNET_PeerIdentity);
152  if (0 != npeers)
153  {
154  map = GNUNET_CONTAINER_multipeermap_create (npeers, GNUNET_YES);
155  ilist = GNUNET_malloc_large (fsize);
156  GNUNET_assert (fsize == GNUNET_DISK_fn_read (fname, ilist, fsize));
157  }
158  for (cnt = 0; cnt < npeers; cnt++)
159  {
160  if (GNUNET_SYSERR ==
161  GNUNET_CONTAINER_multipeermap_put (map, &ilist[cnt],
162  &ilist[cnt],
163  GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY))
164  {
165  cleanup_map ();
166  GNUNET_free (ilist);
167  return;
168  }
169  }
170  GNUNET_SCHEDULER_add_shutdown (&do_shutdown, NULL);
171  bh = GNUNET_TRANSPORT_blacklist (cfg, &check_access, NULL);
172 }
173 
174 
183 static void
184 run (void *cls,
185  char *const *args,
186  const char *cfgfile,
187  const struct GNUNET_CONFIGURATION_Handle *c)
188 {
189  char *shome;
190  char *fname;
191 
192  if (GNUNET_OK !=
193  GNUNET_CONFIGURATION_get_value_filename (c,
194  "PATHS",
195  "GNUNET_HOME",
196  &shome))
197  {
198  GNUNET_break (0);
199  return;
200  }
201  GNUNET_asprintf (&fname,
202  "%s/whitelist",
203  shome);
204  if (GNUNET_YES == GNUNET_DISK_file_test (fname))
205  {
206  mode = ACCESS_ALLOW;
207  setup_ac (fname, c);
208  GNUNET_free (shome);
209  GNUNET_free (fname);
210  return;
211  }
212  GNUNET_free (fname);
213  GNUNET_asprintf (&fname,
214  "%s/blacklist",
215  shome);
216  if (GNUNET_YES == GNUNET_DISK_file_test (fname))
217  {
218  mode = ACCESS_DENY;
219  setup_ac (shome, c);
220  }
221  GNUNET_free (shome);
222  GNUNET_free (fname);
223 }
224 
225 
233 int
234 main (int argc, char *const *argv)
235 {
236  static const struct GNUNET_GETOPT_CommandLineOption options[] = {
237  GNUNET_GETOPT_OPTION_END
238  };
239  int ret;
240 
241  if (GNUNET_OK !=
242  GNUNET_STRINGS_get_utf8_args (argc, argv,
243  &argc, &argv))
244  return 2;
245  ret =
246  (GNUNET_OK ==
247  GNUNET_PROGRAM_run (argc, argv,
248  "gnunet-daemon-testbed-blacklist",
249  _ (
250  "Daemon to restrict incoming transport layer connections during testbed deployments"),
251  options, &run, NULL)) ? 0 : 1;
252  GNUNET_free_nz ((void *) argv);
253  return ret;
254 }
GNUNET_GETOPT_OPTION_END
struct GNUNET_GETOPT_CommandLineOption GNUNET_GETOPT_OPTION_END
Definition: 002.c:13
options
struct GNUNET_GETOPT_CommandLineOption options[]
Definition: 002.c:5
cfg
static const struct GNUNET_CONFIGURATION_Handle * cfg
Configuration we are using.
Definition: gnunet-abd.c:36
ret
static int ret
Return value of the commandline.
Definition: gnunet-abd.c:81
mode
static int mode
Are we allowing or denying access from peers.
Definition: gnunet-daemon-testbed-blacklist.c:75
ACCESS_DENY
#define ACCESS_DENY
Deny access from the peers read from the blacklist.
Definition: gnunet-daemon-testbed-blacklist.c:54
ACCESS_ALLOW
#define ACCESS_ALLOW
Allow access from the peers read from the whitelist.
Definition: gnunet-daemon-testbed-blacklist.c:49
bh
static struct GNUNET_TRANSPORT_Blacklist * bh
The blacklist handle we obtain from transport when we register ourselves for access control.
Definition: gnunet-daemon-testbed-blacklist.c:70
check_access
static int check_access(void *cls, const struct GNUNET_PeerIdentity *pid)
Function that decides if a connection is acceptable or not.
Definition: gnunet-daemon-testbed-blacklist.c:114
do_shutdown
static void do_shutdown(void *cls)
Shutdown task to cleanup our resources and exit.
Definition: gnunet-daemon-testbed-blacklist.c:98
cleanup_map
static void cleanup_map()
Cleaup and destroy the map.
Definition: gnunet-daemon-testbed-blacklist.c:82
map
static struct GNUNET_CONTAINER_MultiPeerMap * map
The map to store the peer identities to allow/deny.
Definition: gnunet-daemon-testbed-blacklist.c:59
run
static void run(void *cls, char *const *args, const char *cfgfile, const struct GNUNET_CONFIGURATION_Handle *c)
Main function that will be run.
Definition: gnunet-daemon-testbed-blacklist.c:184
ilist
static struct GNUNET_PeerIdentity * ilist
The array of peer identities we read from whitelist/blacklist.
Definition: gnunet-daemon-testbed-blacklist.c:64
setup_ac
static void setup_ac(const char *fname, const struct GNUNET_CONFIGURATION_Handle *cfg)
Setup the access control by reading the given file containing peer identities and then establishing b...
Definition: gnunet-daemon-testbed-blacklist.c:136
main
int main(int argc, char *const *argv)
The main function.
Definition: gnunet-daemon-testbed-blacklist.c:234
pid
static struct GNUNET_PeerIdentity pid
Identity of the peer we transmit to / connect to.
Definition: gnunet-transport-profiler.c:149
gnunet_transport_service.h
Low-level P2P IO.
gnunet_util_lib.h
GNUNET_CONFIGURATION_get_value_filename
enum GNUNET_GenericReturnValue GNUNET_CONFIGURATION_get_value_filename(const struct GNUNET_CONFIGURATION_Handle *cfg, const char *section, const char *option, char **value)
Get a configuration value that should be the name of a file or directory.
Definition: configuration.c:2042
GNUNET_DISK_file_test
enum GNUNET_GenericReturnValue GNUNET_DISK_file_test(const char *fil)
Check that fil corresponds to a filename (of a file that exists and that is not a directory).
Definition: disk.c:482
GNUNET_DISK_file_size
enum GNUNET_GenericReturnValue GNUNET_DISK_file_size(const char *filename, uint64_t *size, int include_symbolic_links, int single_file_mode)
Get the size of the file (or directory) of the given file (in bytes).
Definition: disk.c:221
GNUNET_DISK_fn_read
ssize_t GNUNET_DISK_fn_read(const char *fn, void *result, size_t len)
Read the contents of a binary file into a buffer.
Definition: disk.c:664
GNUNET_CONTAINER_multipeermap_contains
enum GNUNET_GenericReturnValue GNUNET_CONTAINER_multipeermap_contains(const struct GNUNET_CONTAINER_MultiPeerMap *map, const struct GNUNET_PeerIdentity *key)
Check if the map contains any value under the given key (including values that are NULL).
Definition: container_multipeermap.c:524
GNUNET_CONTAINER_multipeermap_destroy
void GNUNET_CONTAINER_multipeermap_destroy(struct GNUNET_CONTAINER_MultiPeerMap *map)
Destroy a hash map.
Definition: container_multipeermap.c:199
GNUNET_CONTAINER_multipeermap_create
struct GNUNET_CONTAINER_MultiPeerMap * GNUNET_CONTAINER_multipeermap_create(unsigned int len, int do_not_copy_keys)
Create a multi peer map (hash map for public keys of peers).
Definition: container_multipeermap.c:179
GNUNET_CONTAINER_multipeermap_put
int GNUNET_CONTAINER_multipeermap_put(struct GNUNET_CONTAINER_MultiPeerMap *map, const struct GNUNET_PeerIdentity *key, void *value, enum GNUNET_CONTAINER_MultiHashMapOption opt)
Store a key-value pair in the map.
Definition: container_multipeermap.c:632
GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY
@ GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY
There must only be one value per key; storing a value should fail if a value under the same key alrea...
Definition: gnunet_container_lib.h:378
GNUNET_OK
@ GNUNET_OK
Definition: gnunet_common.h:109
GNUNET_YES
@ GNUNET_YES
Definition: gnunet_common.h:111
GNUNET_NO
@ GNUNET_NO
Definition: gnunet_common.h:108
GNUNET_SYSERR
@ GNUNET_SYSERR
Definition: gnunet_common.h:107
GNUNET_assert
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
Definition: gnunet_common.h:943
GNUNET_break
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur.
Definition: gnunet_common.h:1024
GNUNET_asprintf
int int GNUNET_asprintf(char **buf, const char *format,...) __attribute__((format(printf
Like asprintf, just portable.
GNUNET_malloc_large
#define GNUNET_malloc_large(size)
Wrapper around malloc.
Definition: gnunet_common.h:1372
GNUNET_free
#define GNUNET_free(ptr)
Wrapper around free.
Definition: gnunet_common.h:1412
GNUNET_free_nz
#define GNUNET_free_nz(ptr)
Wrapper around free.
Definition: gnunet_common.h:1398
GNUNET_PROGRAM_run
enum GNUNET_GenericReturnValue GNUNET_PROGRAM_run(int argc, char *const *argv, const char *binaryName, const char *binaryHelp, const struct GNUNET_GETOPT_CommandLineOption *options, GNUNET_PROGRAM_Main task, void *task_cls)
Run a standard GNUnet command startup sequence (initialize loggers and configuration,...
Definition: program.c:400
GNUNET_SCHEDULER_add_shutdown
struct GNUNET_SCHEDULER_Task * GNUNET_SCHEDULER_add_shutdown(GNUNET_SCHEDULER_TaskCallback task, void *task_cls)
Schedule a new task to be run on shutdown, that is when a CTRL-C signal is received,...
Definition: scheduler.c:1334
GNUNET_STRINGS_get_utf8_args
enum GNUNET_GenericReturnValue GNUNET_STRINGS_get_utf8_args(int argc, char *const *argv, int *u8argc, char *const **u8argv)
Returns utf-8 encoded arguments.
Definition: strings.c:1222
GNUNET_TRANSPORT_blacklist
struct GNUNET_TRANSPORT_Blacklist * GNUNET_TRANSPORT_blacklist(const struct GNUNET_CONFIGURATION_Handle *cfg, GNUNET_TRANSPORT_BlacklistCallback cb, void *cb_cls)
Install a blacklist callback.
Definition: transport_api_blacklist.c:163
GNUNET_TRANSPORT_blacklist_cancel
void GNUNET_TRANSPORT_blacklist_cancel(struct GNUNET_TRANSPORT_Blacklist *br)
Abort the blacklist.
Definition: transport_api_blacklist.c:190
_
#define _(String)
GNU gettext support macro.
Definition: platform.h:178
GNUNET_CONFIGURATION_Handle
configuration data
Definition: configuration.c:150
GNUNET_CONTAINER_MultiPeerMap
Internal representation of the hash map.
Definition: container_multipeermap.c:106
GNUNET_GETOPT_CommandLineOption
Definition of a command line option.
Definition: gnunet_getopt_lib.h:110
GNUNET_PeerIdentity
The identity of the host (wraps the signing key of the peer).
Definition: gnunet_crypto_lib.h:229
GNUNET_TRANSPORT_Blacklist
Handle for blacklisting requests.
Definition: transport_api_blacklist.c:38