Author: toad
Date: 2007-03-20 00:04:49 +0000 (Tue, 20 Mar 2007)
New Revision: 12229
Modified:
trunk/freenet/src/freenet/node/fcp/AddPeer.java
trunk/freenet/src/freenet/node/fcp/FCPConnectionHandler.java
trunk/freenet/src/freenet/node/fcp/FCPServer.java
trunk/freenet/src/freenet/node/fcp/GetConfig.java
trunk/freenet/src/freenet/node/fcp/GetNode.java
trunk/freenet/src/freenet/node/fcp/ListPeerNotesMessage.java
trunk/freenet/src/freenet/node/fcp/ListPeersMessage.java
trunk/freenet/src/freenet/node/fcp/ModifyConfig.java
trunk/freenet/src/freenet/node/fcp/ModifyPeer.java
trunk/freenet/src/freenet/node/fcp/ModifyPeerNote.java
trunk/freenet/src/freenet/node/fcp/ProtocolErrorMessage.java
trunk/freenet/src/freenet/node/fcp/ShutdownMessage.java
Log:
fcp.allowedHostsFullAccess
Modified: trunk/freenet/src/freenet/node/fcp/AddPeer.java
===================================================================
--- trunk/freenet/src/freenet/node/fcp/AddPeer.java 2007-03-19 23:44:49 UTC
(rev 12228)
+++ trunk/freenet/src/freenet/node/fcp/AddPeer.java 2007-03-20 00:04:49 UTC
(rev 12229)
@@ -39,6 +39,9 @@
}
public void run(FCPConnectionHandler handler, Node node) throws
MessageInvalidException {
+ if(!handler.hasFullAccess()) {
+ throw new
MessageInvalidException(ProtocolErrorMessage.ACCESS_DENIED, "AddPeer requires
full access", fs.get("Identifier"), false);
+ }
String urlString = fs.get("URL");
String fileString = fs.get("File");
StringBuffer ref = null;
Modified: trunk/freenet/src/freenet/node/fcp/FCPConnectionHandler.java
===================================================================
--- trunk/freenet/src/freenet/node/fcp/FCPConnectionHandler.java
2007-03-19 23:44:49 UTC (rev 12228)
+++ trunk/freenet/src/freenet/node/fcp/FCPConnectionHandler.java
2007-03-20 00:04:49 UTC (rev 12229)
@@ -235,4 +235,8 @@
return client.watchGlobal;
}
+ public boolean hasFullAccess() {
+ return
server.allowedHostsFullAccess.allowed(sock.getInetAddress());
+ }
+
}
Modified: trunk/freenet/src/freenet/node/fcp/FCPServer.java
===================================================================
--- trunk/freenet/src/freenet/node/fcp/FCPServer.java 2007-03-19 23:44:49 UTC
(rev 12228)
+++ trunk/freenet/src/freenet/node/fcp/FCPServer.java 2007-03-20 00:04:49 UTC
(rev 12229)
@@ -31,6 +31,7 @@
import freenet.config.Config;
import freenet.config.InvalidConfigValueException;
import freenet.config.SubConfig;
+import freenet.io.AllowedHosts;
import freenet.io.NetworkInterface;
import freenet.keys.FreenetURI;
import freenet.node.Node;
@@ -59,6 +60,7 @@
public final boolean enabled;
String bindTo;
String allowedHosts;
+ AllowedHosts allowedHostsFullAccess;
final WeakHashMap clientsByName;
final FCPClient globalClient;
private boolean enablePersistentDownloads;
@@ -88,9 +90,10 @@
persister = null;
}
- public FCPServer(String ipToBindTo, String allowedHosts, int port, Node
node, NodeClientCore core, boolean persistentDownloadsEnabled, String
persistentDownloadsDir, long persistenceInterval, boolean isEnabled) throws
IOException, InvalidConfigValueException {
+ public FCPServer(String ipToBindTo, String allowedHosts, String
allowedHostsFullAccess, int port, Node node, NodeClientCore core, boolean
persistentDownloadsEnabled, String persistentDownloadsDir, long
persistenceInterval, boolean isEnabled) throws IOException,
InvalidConfigValueException {
this.bindTo = ipToBindTo;
this.allowedHosts = allowedHosts;
+ this.allowedHostsFullAccess = new
AllowedHosts(allowedHostsFullAccess);
this.persistenceInterval = persistenceInterval;
this.port = port;
this.enabled = isEnabled;
@@ -254,6 +257,26 @@
}
+ static class FCPAllowedHostsFullAccessCallback implements
StringCallback {
+
+ private final NodeClientCore node;
+
+ public FCPAllowedHostsFullAccessCallback(NodeClientCore node) {
+ this.node = node;
+ }
+
+ public String get() {
+ return
node.getFCPServer().allowedHostsFullAccess.getAllowedHosts();
+ }
+
+ public void set(String val) {
+ if (!val.equals(get())) {
+
node.getFCPServer().allowedHostsFullAccess.setAllowedHosts(val);
+ }
+ }
+
+ }
+
static class PersistentDownloadsEnabledCallback implements
BooleanCallback {
FCPServer server;
@@ -310,10 +333,12 @@
2, true, true, "FCP port number", "FCP port
number", new FCPPortNumberCallback(core));
fcpConfig.register("bindTo", "127.0.0.1", 2, false, true, "IP
address to bind to", "IP address to bind the FCP server to", new
FCPBindtoCallback(core));
fcpConfig.register("allowedHosts", "127.0.0.1,0:0:0:0:0:0:0:1",
2, false, true, "Allowed hosts (read the warning!)",
- "Hostnames or IP addresses that are allowed to
connect to the FCP server. " +
+ "IP addresses that are allowed to connect to
the FCP server. " +
"May be a comma-separated list of single IPs
and CIDR masked IPs like 192.168.0.0/24. "+
- "WARNING! Anyone who has access to FCP can
upload any file the node has access to, download files to disk (no
overwriting), reconfigure the node, shut down the node etc. "+
- "Do not allow untrusted hosts or users access
to FCP!", new FCPAllowedHostsCallback(core));
+ "WARNING! Anyone who has access to FCP can
upload any file the node has access to, or download files to disk (no
overwriting).", new FCPAllowedHostsCallback(core));
+ fcpConfig.register("allowedHostsFullAccess",
"127.0.0.1,0:0:0:0:0:0:0:1", 2, false, true, "Hosts allowed full access",
+ "IP addresses which are allowed full access to
the node. Clients on these IPs may restart the node, reconfigure it, etc. " +
+ "Note that ALL clients are allowed to do direct
disk I/O!", new FCPAllowedHostsFullAccessCallback(core));
PersistentDownloadsEnabledCallback cb1;
PersistentDownloadsFileCallback cb2;
PersistentDownloadsIntervalCallback cb3;
@@ -332,7 +357,7 @@
FCPServer fcp;
- fcp = new FCPServer(fcpConfig.getString("bindTo"),
fcpConfig.getString("allowedHosts"), fcpConfig.getInt("port"), node, core,
persistentDownloadsEnabled, persistentDownloadsDir,
persistentDownloadsInterval, fcpConfig.getBoolean("enabled"));
+ fcp = new FCPServer(fcpConfig.getString("bindTo"),
fcpConfig.getString("allowedHosts"),
fcpConfig.getString("allowedHostsFullAccess"), fcpConfig.getInt("port"), node,
core, persistentDownloadsEnabled, persistentDownloadsDir,
persistentDownloadsInterval, fcpConfig.getBoolean("enabled"));
core.setFCPServer(fcp);
if(fcp != null) {
Modified: trunk/freenet/src/freenet/node/fcp/GetConfig.java
===================================================================
--- trunk/freenet/src/freenet/node/fcp/GetConfig.java 2007-03-19 23:44:49 UTC
(rev 12228)
+++ trunk/freenet/src/freenet/node/fcp/GetConfig.java 2007-03-20 00:04:49 UTC
(rev 12229)
@@ -26,6 +26,9 @@
public void run(FCPConnectionHandler handler, Node node)
throws MessageInvalidException {
+ if(!handler.hasFullAccess()) {
+ throw new
MessageInvalidException(ProtocolErrorMessage.ACCESS_DENIED, "GetConfig requires
full access", null, false);
+ }
handler.outputHandler.queue(new ConfigData(node, true));
}
Modified: trunk/freenet/src/freenet/node/fcp/GetNode.java
===================================================================
--- trunk/freenet/src/freenet/node/fcp/GetNode.java 2007-03-19 23:44:49 UTC
(rev 12228)
+++ trunk/freenet/src/freenet/node/fcp/GetNode.java 2007-03-20 00:04:49 UTC
(rev 12229)
@@ -28,6 +28,9 @@
public void run(FCPConnectionHandler handler, Node node)
throws MessageInvalidException {
+ if(!handler.hasFullAccess()) {
+ throw new
MessageInvalidException(ProtocolErrorMessage.ACCESS_DENIED, "GetNode requires
full access", null, false);
+ }
handler.outputHandler.queue(new NodeData(node, withPrivate,
withVolatile));
}
Modified: trunk/freenet/src/freenet/node/fcp/ListPeerNotesMessage.java
===================================================================
--- trunk/freenet/src/freenet/node/fcp/ListPeerNotesMessage.java
2007-03-19 23:44:49 UTC (rev 12228)
+++ trunk/freenet/src/freenet/node/fcp/ListPeerNotesMessage.java
2007-03-20 00:04:49 UTC (rev 12229)
@@ -26,6 +26,9 @@
public void run(FCPConnectionHandler handler, Node node)
throws MessageInvalidException {
+ if(!handler.hasFullAccess()) {
+ throw new
MessageInvalidException(ProtocolErrorMessage.ACCESS_DENIED, "ListPeerNotes
requires full access", fs.get("Identifier"), false);
+ }
String nodeIdentifier = fs.get("NodeIdentifier");
PeerNode pn = node.getPeerNode(nodeIdentifier);
if(pn == null) {
Modified: trunk/freenet/src/freenet/node/fcp/ListPeersMessage.java
===================================================================
--- trunk/freenet/src/freenet/node/fcp/ListPeersMessage.java 2007-03-19
23:44:49 UTC (rev 12228)
+++ trunk/freenet/src/freenet/node/fcp/ListPeersMessage.java 2007-03-20
00:04:49 UTC (rev 12229)
@@ -29,6 +29,9 @@
public void run(FCPConnectionHandler handler, Node node)
throws MessageInvalidException {
+ if(!handler.hasFullAccess()) {
+ throw new
MessageInvalidException(ProtocolErrorMessage.ACCESS_DENIED, "ListPeers requires
full access", null, false);
+ }
PeerNode[] nodes = node.getPeerNodes();
for(int i = 0; i < nodes.length; i++) {
PeerNode pn = nodes[i];
Modified: trunk/freenet/src/freenet/node/fcp/ModifyConfig.java
===================================================================
--- trunk/freenet/src/freenet/node/fcp/ModifyConfig.java 2007-03-19
23:44:49 UTC (rev 12228)
+++ trunk/freenet/src/freenet/node/fcp/ModifyConfig.java 2007-03-20
00:04:49 UTC (rev 12229)
@@ -29,6 +29,9 @@
}
public void run(FCPConnectionHandler handler, Node node) throws
MessageInvalidException {
+ if(!handler.hasFullAccess()) {
+ throw new
MessageInvalidException(ProtocolErrorMessage.ACCESS_DENIED, "ModifyConfig
requires full access", fs.get("Identifier"), false);
+ }
Config config = node.config;
SubConfig[] sc = config.getConfigs();
Modified: trunk/freenet/src/freenet/node/fcp/ModifyPeer.java
===================================================================
--- trunk/freenet/src/freenet/node/fcp/ModifyPeer.java 2007-03-19 23:44:49 UTC
(rev 12228)
+++ trunk/freenet/src/freenet/node/fcp/ModifyPeer.java 2007-03-20 00:04:49 UTC
(rev 12229)
@@ -27,6 +27,9 @@
}
public void run(FCPConnectionHandler handler, Node node) throws
MessageInvalidException {
+ if(!handler.hasFullAccess()) {
+ throw new
MessageInvalidException(ProtocolErrorMessage.ACCESS_DENIED, "ModifyPeer
requires full access", fs.get("Identifier"), false);
+ }
String nodeIdentifier = fs.get("NodeIdentifier");
PeerNode pn = node.getPeerNode(nodeIdentifier);
if(pn == null) {
Modified: trunk/freenet/src/freenet/node/fcp/ModifyPeerNote.java
===================================================================
--- trunk/freenet/src/freenet/node/fcp/ModifyPeerNote.java 2007-03-19
23:44:49 UTC (rev 12228)
+++ trunk/freenet/src/freenet/node/fcp/ModifyPeerNote.java 2007-03-20
00:04:49 UTC (rev 12229)
@@ -30,6 +30,9 @@
}
public void run(FCPConnectionHandler handler, Node node) throws
MessageInvalidException {
+ if(!handler.hasFullAccess()) {
+ throw new
MessageInvalidException(ProtocolErrorMessage.ACCESS_DENIED, "ModifyPeerNote
requires full access", fs.get("Identifier"), false);
+ }
String nodeIdentifier = fs.get("NodeIdentifier");
if( nodeIdentifier == null ) {
throw new
MessageInvalidException(ProtocolErrorMessage.MISSING_FIELD, "Error:
NodeIdentifier field missing", null, false);
Modified: trunk/freenet/src/freenet/node/fcp/ProtocolErrorMessage.java
===================================================================
--- trunk/freenet/src/freenet/node/fcp/ProtocolErrorMessage.java
2007-03-19 23:44:49 UTC (rev 12228)
+++ trunk/freenet/src/freenet/node/fcp/ProtocolErrorMessage.java
2007-03-20 00:04:49 UTC (rev 12229)
@@ -45,6 +45,7 @@
static final int REF_PARSE_ERROR = 21;
static final int FILE_PARSE_ERROR = 22;
static final int NOT_A_FILE_ERROR = 23;
+ static final int ACCESS_DENIED = 24;
final int code;
final String extra;
@@ -100,6 +101,8 @@
return "File could not be read";
case NOT_A_FILE_ERROR:
return "Filepath is not a file";
+ case ACCESS_DENIED:
+ return "Access denied";
default:
Logger.error(this, "Unknown error code: "+code, new
Exception("debug"));
return "(Unknown)";
Modified: trunk/freenet/src/freenet/node/fcp/ShutdownMessage.java
===================================================================
--- trunk/freenet/src/freenet/node/fcp/ShutdownMessage.java 2007-03-19
23:44:49 UTC (rev 12228)
+++ trunk/freenet/src/freenet/node/fcp/ShutdownMessage.java 2007-03-20
00:04:49 UTC (rev 12229)
@@ -21,7 +21,10 @@
return name;
}
- public void run(FCPConnectionHandler handler, Node node) {
+ public void run(FCPConnectionHandler handler, Node node) throws
MessageInvalidException {
+ if(!handler.hasFullAccess()) {
+ throw new
MessageInvalidException(ProtocolErrorMessage.ACCESS_DENIED, "Shutdown requires
full access", null, false);
+ }
FCPMessage msg = new
ProtocolErrorMessage(ProtocolErrorMessage.SHUTTING_DOWN,true,"The node is
shutting down","Node",false);
handler.outputHandler.queue(msg);
node.exit("Received FCP shutdown message");
