GNUnet  0.10.x
gnunet-daemon-testbed-blacklist.c
Go to the documentation of this file.
1 /*
2  This file is part of GNUnet
3  Copyright (C) 2008--2013 GNUnet e.V.
4 
5  GNUnet is free software: you can redistribute it and/or modify it
6  under the terms of the GNU Affero General Public License as published
7  by the Free Software Foundation, either version 3 of the License,
8  or (at your option) any later version.
9 
10  GNUnet is distributed in the hope that it will be useful, but
11  WITHOUT ANY WARRANTY; without even the implied warranty of
12  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13  Affero General Public License for more details.
14 
15  You should have received a copy of the GNU Affero General Public License
16  along with this program. If not, see <http://www.gnu.org/licenses/>.
17 
18  SPDX-License-Identifier: AGPL3.0-or-later
19  */
20 
21 
29 #include "platform.h"
30 #include "gnunet_util_lib.h"
32 
33 
37 #define LOG(type, ...) \
38  GNUNET_log(type, __VA_ARGS__)
39 
43 #define DEBUG(...) \
44  LOG(GNUNET_ERROR_TYPE_DEBUG, __VA_ARGS__)
45 
49 #define ACCESS_ALLOW 1
50 
54 #define ACCESS_DENY 0
55 
60 
64 static struct GNUNET_PeerIdentity *ilist;
65 
71 
75 static int mode;
76 
77 
81 static void
83 {
84  if (NULL != map)
85  {
87  map = NULL;
88  }
89 }
90 
91 
97 static void
98 do_shutdown(void *cls)
99 {
100  cleanup_map();
101  if (NULL != bh)
103 }
104 
105 
113 static int
114 check_access(void *cls, const struct GNUNET_PeerIdentity * pid)
115 {
116  int contains;
117 
118  if (NULL != map)
119  contains = GNUNET_CONTAINER_multipeermap_contains(map, pid);
120  else
121  contains = GNUNET_NO;
122  if (ACCESS_DENY == mode)
123  return (contains) ? GNUNET_SYSERR : GNUNET_OK;
124  return (contains) ? GNUNET_OK : GNUNET_SYSERR;
125 }
126 
127 
135 static void
136 setup_ac(const char *fname,
137  const struct GNUNET_CONFIGURATION_Handle *cfg)
138 {
139  uint64_t fsize;
140  unsigned int npeers;
141  unsigned int cnt;
142 
144  GNUNET_DISK_file_size(fname, &fsize, GNUNET_NO,
145  GNUNET_YES));
146  if (0 != (fsize % sizeof(struct GNUNET_PeerIdentity)))
147  {
148  GNUNET_break(0);
149  return;
150  }
151  npeers = fsize / sizeof(struct GNUNET_PeerIdentity);
152  if (0 != npeers)
153  {
155  ilist = GNUNET_malloc_large(fsize);
156  GNUNET_assert(fsize == GNUNET_DISK_fn_read(fname, ilist, fsize));
157  }
158  for (cnt = 0; cnt < npeers; cnt++)
159  {
160  if (GNUNET_SYSERR ==
161  GNUNET_CONTAINER_multipeermap_put(map, &ilist[cnt],
162  &ilist[cnt],
164  {
165  cleanup_map();
166  GNUNET_free(ilist);
167  return;
168  }
169  }
171  bh = GNUNET_TRANSPORT_blacklist(cfg, &check_access, NULL);
172 }
173 
174 
183 static void
184 run(void *cls,
185  char *const *args,
186  const char *cfgfile,
187  const struct GNUNET_CONFIGURATION_Handle *c)
188 {
189  char *shome;
190  char *fname;
191 
192  if (GNUNET_OK !=
194  "PATHS",
195  "GNUNET_HOME",
196  &shome))
197  {
198  GNUNET_break(0);
199  return;
200  }
201  GNUNET_asprintf(&fname,
202  "%s/whitelist",
203  shome);
204  if (GNUNET_YES == GNUNET_DISK_file_test(fname))
205  {
206  mode = ACCESS_ALLOW;
207  setup_ac(fname, c);
208  GNUNET_free(shome);
209  GNUNET_free(fname);
210  return;
211  }
212  GNUNET_free(fname);
213  GNUNET_asprintf(&fname,
214  "%s/blacklist",
215  shome);
216  if (GNUNET_YES == GNUNET_DISK_file_test(fname))
217  {
218  mode = ACCESS_DENY;
219  setup_ac(shome, c);
220  }
221  GNUNET_free(shome);
222  GNUNET_free(fname);
223 }
224 
225 
233 int
234 main(int argc, char *const *argv)
235 {
236  static const struct GNUNET_GETOPT_CommandLineOption options[] = {
238  };
239  int ret;
240 
241  if (GNUNET_OK !=
242  GNUNET_STRINGS_get_utf8_args(argc, argv,
243  &argc, &argv))
244  return 2;
245  ret =
246  (GNUNET_OK ==
247  GNUNET_PROGRAM_run(argc, argv,
248  "gnunet-daemon-testbed-blacklist",
249  _("Daemon to restrict incoming transport layer connections during testbed deployments"),
250  options, &run, NULL)) ? 0 : 1;
251  GNUNET_free((void*)argv);
252  return ret;
253 }
int GNUNET_DISK_file_test(const char *fil)
Check that fil corresponds to a filename (of a file that exists and that is not a directory)...
Definition: disk.c:541
static void setup_ac(const char *fname, const struct GNUNET_CONFIGURATION_Handle *cfg)
Setup the access control by reading the given file containing peer identities and then establishing b...
int main(int argc, char *const *argv)
The main function.
struct GNUNET_SCHEDULER_Task * GNUNET_SCHEDULER_add_shutdown(GNUNET_SCHEDULER_TaskCallback task, void *task_cls)
Schedule a new task to be run on shutdown, that is when a CTRL-C signal is received, or when GNUNET_SCHEDULER_shutdown() is being invoked.
Definition: scheduler.c:1284
int GNUNET_STRINGS_get_utf8_args(int argc, char *const *argv, int *u8argc, char *const **u8argv)
Returns utf-8 encoded arguments.
Definition: strings.c:1439
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
static int check_access(void *cls, const struct GNUNET_PeerIdentity *pid)
Function that decides if a connection is acceptable or not.
static void cleanup_map()
Cleaup and destroy the map.
static int mode
Are we allowing or denying access from peers.
static struct GNUNET_CONTAINER_MultiPeerMap * map
The map to store the peer identities to allow/deny.
#define GNUNET_NO
Definition: gnunet_common.h:78
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:75
Definition of a command line option.
void GNUNET_TRANSPORT_blacklist_cancel(struct GNUNET_TRANSPORT_Blacklist *br)
Abort the blacklist.
struct GNUNET_CONTAINER_MultiPeerMap * GNUNET_CONTAINER_multipeermap_create(unsigned int len, int do_not_copy_keys)
Create a multi peer map (hash map for public keys of peers).
static int ret
Final status code.
Definition: gnunet-arm.c:89
#define GNUNET_malloc_large(size)
Wrapper around malloc.
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur...
struct GNUNET_GETOPT_CommandLineOption GNUNET_GETOPT_OPTION_END
Definition: 002.c:13
void GNUNET_CONTAINER_multipeermap_destroy(struct GNUNET_CONTAINER_MultiPeerMap *map)
Destroy a hash map.
#define _(String)
GNU gettext support macro.
Definition: platform.h:181
int GNUNET_asprintf(char **buf, const char *format,...)
Like asprintf, just portable.
struct GNUNET_TRANSPORT_Blacklist * GNUNET_TRANSPORT_blacklist(const struct GNUNET_CONFIGURATION_Handle *cfg, GNUNET_TRANSPORT_BlacklistCallback cb, void *cb_cls)
Install a blacklist callback.
static void do_shutdown(void *cls)
Shutdown task to cleanup our resources and exit.
static struct GNUNET_TRANSPORT_Blacklist * bh
The blacklist handle we obtain from transport when we register ourselves for access control...
Internal representation of the hash map.
Handle for blacklisting requests.
static struct GNUNET_CONFIGURATION_Handle * cfg
Our configuration.
Definition: gnunet-arm.c:104
There must only be one value per key; storing a value should fail if a value under the same key alrea...
#define GNUNET_SYSERR
Definition: gnunet_common.h:76
#define ACCESS_DENY
Deny access from the peers read from the blacklist.
int GNUNET_DISK_file_size(const char *filename, uint64_t *size, int include_symbolic_links, int single_file_mode)
Get the size of the file (or directory) of the given file (in bytes).
Definition: disk.c:254
static struct GNUNET_PeerIdentity * ilist
The array of peer identities we read from whitelist/blacklist.
int GNUNET_CONTAINER_multipeermap_put(struct GNUNET_CONTAINER_MultiPeerMap *map, const struct GNUNET_PeerIdentity *key, void *value, enum GNUNET_CONTAINER_MultiHashMapOption opt)
Store a key-value pair in the map.
The identity of the host (wraps the signing key of the peer).
static void run(void *cls, char *const *args, const char *cfgfile, const struct GNUNET_CONFIGURATION_Handle *c)
Main function that will be run.
configuration data
Definition: configuration.c:83
#define ACCESS_ALLOW
Allow access from the peers read from the whitelist.
int GNUNET_CONFIGURATION_get_value_filename(const struct GNUNET_CONFIGURATION_Handle *cfg, const char *section, const char *option, char **value)
Get a configuration value that should be the name of a file or directory.
int GNUNET_PROGRAM_run(int argc, char *const *argv, const char *binaryName, const char *binaryHelp, const struct GNUNET_GETOPT_CommandLineOption *options, GNUNET_PROGRAM_Main task, void *task_cls)
Run a standard GNUnet command startup sequence (initialize loggers and configuration, parse options).
Definition: program.c:367
#define GNUNET_YES
Definition: gnunet_common.h:77
static struct GNUNET_PeerIdentity pid
Identity of the peer we transmit to / connect to.
int GNUNET_CONTAINER_multipeermap_contains(const struct GNUNET_CONTAINER_MultiPeerMap *map, const struct GNUNET_PeerIdentity *key)
Check if the map contains any value under the given key (including values that are NULL)...
ssize_t GNUNET_DISK_fn_read(const char *fn, void *result, size_t len)
Read the contents of a binary file into a buffer.
Definition: disk.c:791
#define GNUNET_free(ptr)
Wrapper around free.