GNUnet  0.11.x
gnunet-daemon-testbed-blacklist.c
Go to the documentation of this file.
1 /*
2  This file is part of GNUnet
3  Copyright (C) 2008--2013 GNUnet e.V.
4 
5  GNUnet is free software: you can redistribute it and/or modify it
6  under the terms of the GNU Affero General Public License as published
7  by the Free Software Foundation, either version 3 of the License,
8  or (at your option) any later version.
9 
10  GNUnet is distributed in the hope that it will be useful, but
11  WITHOUT ANY WARRANTY; without even the implied warranty of
12  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13  Affero General Public License for more details.
14 
15  You should have received a copy of the GNU Affero General Public License
16  along with this program. If not, see <http://www.gnu.org/licenses/>.
17 
18  SPDX-License-Identifier: AGPL3.0-or-later
19  */
20 
21 
29 #include "platform.h"
30 #include "gnunet_util_lib.h"
32 
33 
37 #define LOG(type, ...) \
38  GNUNET_log (type, __VA_ARGS__)
39 
43 #define DEBUG(...) \
44  LOG (GNUNET_ERROR_TYPE_DEBUG, __VA_ARGS__)
45 
49 #define ACCESS_ALLOW 1
50 
54 #define ACCESS_DENY 0
55 
60 
64 static struct GNUNET_PeerIdentity *ilist;
65 
71 
75 static int mode;
76 
77 
81 static void
83 {
84  if (NULL != map)
85  {
87  map = NULL;
88  }
89 }
90 
91 
97 static void
98 do_shutdown (void *cls)
99 {
100  cleanup_map ();
101  if (NULL != bh)
103 }
104 
105 
113 static int
114 check_access (void *cls, const struct GNUNET_PeerIdentity *pid)
115 {
116  int contains;
117 
118  if (NULL != map)
119  contains = GNUNET_CONTAINER_multipeermap_contains (map, pid);
120  else
121  contains = GNUNET_NO;
122  if (ACCESS_DENY == mode)
123  return (contains) ? GNUNET_SYSERR : GNUNET_OK;
124  return (contains) ? GNUNET_OK : GNUNET_SYSERR;
125 }
126 
127 
135 static void
136 setup_ac (const char *fname,
137  const struct GNUNET_CONFIGURATION_Handle *cfg)
138 {
139  uint64_t fsize;
140  unsigned int npeers;
141  unsigned int cnt;
142 
144  GNUNET_DISK_file_size (fname, &fsize, GNUNET_NO,
145  GNUNET_YES));
146  if (0 != (fsize % sizeof(struct GNUNET_PeerIdentity)))
147  {
148  GNUNET_break (0);
149  return;
150  }
151  npeers = fsize / sizeof(struct GNUNET_PeerIdentity);
152  if (0 != npeers)
153  {
155  ilist = GNUNET_malloc_large (fsize);
156  GNUNET_assert (fsize == GNUNET_DISK_fn_read (fname, ilist, fsize));
157  }
158  for (cnt = 0; cnt < npeers; cnt++)
159  {
160  if (GNUNET_SYSERR ==
161  GNUNET_CONTAINER_multipeermap_put (map, &ilist[cnt],
162  &ilist[cnt],
164  {
165  cleanup_map ();
166  GNUNET_free (ilist);
167  return;
168  }
169  }
171  bh = GNUNET_TRANSPORT_blacklist (cfg, &check_access, NULL);
172 }
173 
174 
183 static void
184 run (void *cls,
185  char *const *args,
186  const char *cfgfile,
187  const struct GNUNET_CONFIGURATION_Handle *c)
188 {
189  char *shome;
190  char *fname;
191 
192  if (GNUNET_OK !=
194  "PATHS",
195  "GNUNET_HOME",
196  &shome))
197  {
198  GNUNET_break (0);
199  return;
200  }
201  GNUNET_asprintf (&fname,
202  "%s/whitelist",
203  shome);
204  if (GNUNET_YES == GNUNET_DISK_file_test (fname))
205  {
206  mode = ACCESS_ALLOW;
207  setup_ac (fname, c);
208  GNUNET_free (shome);
209  GNUNET_free (fname);
210  return;
211  }
212  GNUNET_free (fname);
213  GNUNET_asprintf (&fname,
214  "%s/blacklist",
215  shome);
216  if (GNUNET_YES == GNUNET_DISK_file_test (fname))
217  {
218  mode = ACCESS_DENY;
219  setup_ac (shome, c);
220  }
221  GNUNET_free (shome);
222  GNUNET_free (fname);
223 }
224 
225 
233 int
234 main (int argc, char *const *argv)
235 {
236  static const struct GNUNET_GETOPT_CommandLineOption options[] = {
238  };
239  int ret;
240 
241  if (GNUNET_OK !=
242  GNUNET_STRINGS_get_utf8_args (argc, argv,
243  &argc, &argv))
244  return 2;
245  ret =
246  (GNUNET_OK ==
247  GNUNET_PROGRAM_run (argc, argv,
248  "gnunet-daemon-testbed-blacklist",
249  _ (
250  "Daemon to restrict incoming transport layer connections during testbed deployments"),
251  options, &run, NULL)) ? 0 : 1;
252  GNUNET_free ((void*) argv);
253  return ret;
254 }
int GNUNET_DISK_file_test(const char *fil)
Check that fil corresponds to a filename (of a file that exists and that is not a directory)...
Definition: disk.c:544
static void setup_ac(const char *fname, const struct GNUNET_CONFIGURATION_Handle *cfg)
Setup the access control by reading the given file containing peer identities and then establishing b...
int main(int argc, char *const *argv)
The main function.
static const struct GNUNET_CONFIGURATION_Handle * cfg
Configuration we are using.
Definition: gnunet-abd.c:36
struct GNUNET_SCHEDULER_Task * GNUNET_SCHEDULER_add_shutdown(GNUNET_SCHEDULER_TaskCallback task, void *task_cls)
Schedule a new task to be run on shutdown, that is when a CTRL-C signal is received, or when GNUNET_SCHEDULER_shutdown() is being invoked.
Definition: scheduler.c:1300
int GNUNET_STRINGS_get_utf8_args(int argc, char *const *argv, int *u8argc, char *const **u8argv)
Returns utf-8 encoded arguments.
Definition: strings.c:1438
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
static int check_access(void *cls, const struct GNUNET_PeerIdentity *pid)
Function that decides if a connection is acceptable or not.
static int ret
Return value of the commandline.
Definition: gnunet-abd.c:81
static void cleanup_map()
Cleaup and destroy the map.
static int mode
Are we allowing or denying access from peers.
static struct GNUNET_CONTAINER_MultiPeerMap * map
The map to store the peer identities to allow/deny.
#define GNUNET_NO
Definition: gnunet_common.h:78
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:75
Definition of a command line option.
void GNUNET_TRANSPORT_blacklist_cancel(struct GNUNET_TRANSPORT_Blacklist *br)
Abort the blacklist.
struct GNUNET_CONTAINER_MultiPeerMap * GNUNET_CONTAINER_multipeermap_create(unsigned int len, int do_not_copy_keys)
Create a multi peer map (hash map for public keys of peers).
#define GNUNET_malloc_large(size)
Wrapper around malloc.
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur...
struct GNUNET_GETOPT_CommandLineOption GNUNET_GETOPT_OPTION_END
Definition: 002.c:13
void GNUNET_CONTAINER_multipeermap_destroy(struct GNUNET_CONTAINER_MultiPeerMap *map)
Destroy a hash map.
#define _(String)
GNU gettext support macro.
Definition: platform.h:181
int GNUNET_asprintf(char **buf, const char *format,...)
Like asprintf, just portable.
struct GNUNET_TRANSPORT_Blacklist * GNUNET_TRANSPORT_blacklist(const struct GNUNET_CONFIGURATION_Handle *cfg, GNUNET_TRANSPORT_BlacklistCallback cb, void *cb_cls)
Install a blacklist callback.
static void do_shutdown(void *cls)
Shutdown task to cleanup our resources and exit.
static struct GNUNET_TRANSPORT_Blacklist * bh
The blacklist handle we obtain from transport when we register ourselves for access control...
Internal representation of the hash map.
Handle for blacklisting requests.
There must only be one value per key; storing a value should fail if a value under the same key alrea...
#define GNUNET_SYSERR
Definition: gnunet_common.h:76
#define ACCESS_DENY
Deny access from the peers read from the blacklist.
int GNUNET_DISK_file_size(const char *filename, uint64_t *size, int include_symbolic_links, int single_file_mode)
Get the size of the file (or directory) of the given file (in bytes).
Definition: disk.c:257
static struct GNUNET_PeerIdentity * ilist
The array of peer identities we read from whitelist/blacklist.
int GNUNET_CONTAINER_multipeermap_put(struct GNUNET_CONTAINER_MultiPeerMap *map, const struct GNUNET_PeerIdentity *key, void *value, enum GNUNET_CONTAINER_MultiHashMapOption opt)
Store a key-value pair in the map.
The identity of the host (wraps the signing key of the peer).
static void run(void *cls, char *const *args, const char *cfgfile, const struct GNUNET_CONFIGURATION_Handle *c)
Main function that will be run.
configuration data
Definition: configuration.c:85
#define ACCESS_ALLOW
Allow access from the peers read from the whitelist.
int GNUNET_CONFIGURATION_get_value_filename(const struct GNUNET_CONFIGURATION_Handle *cfg, const char *section, const char *option, char **value)
Get a configuration value that should be the name of a file or directory.
int GNUNET_PROGRAM_run(int argc, char *const *argv, const char *binaryName, const char *binaryHelp, const struct GNUNET_GETOPT_CommandLineOption *options, GNUNET_PROGRAM_Main task, void *task_cls)
Run a standard GNUnet command startup sequence (initialize loggers and configuration, parse options).
Definition: program.c:367
#define GNUNET_YES
Definition: gnunet_common.h:77
static struct GNUNET_PeerIdentity pid
Identity of the peer we transmit to / connect to.
int GNUNET_CONTAINER_multipeermap_contains(const struct GNUNET_CONTAINER_MultiPeerMap *map, const struct GNUNET_PeerIdentity *key)
Check if the map contains any value under the given key (including values that are NULL)...
ssize_t GNUNET_DISK_fn_read(const char *fn, void *result, size_t len)
Read the contents of a binary file into a buffer.
Definition: disk.c:794
#define GNUNET_free(ptr)
Wrapper around free.