On Wednesday 30 May 2007 22:32, Florent Daigni?re wrote:
> * Matthew Toseland <toad at amphibian.dyndns.org> [2007-05-30 20:24:14]:
> > Is this safe by default? Are you planning to deal with UP&P based
> > on this code too?
>
> Yes binding only to "trusted" interfaces is safe... I don't see any kind
> of UI we could use not requiering the user to understand the CIDR
> notation and so on... so I just gave up :) Assuming that geeks will find
> the way to do it and other users won't need it anyway.
Well, we could identify the number of LANs the node is on, and the number of
direct internet connections, that'd be a good start. If it's 1/1, the user is
probably directly connected, so we're only asking about FCP; if it's 1/0, the
user is either directly connected, on a shared LAN with a NAT, or on a
private LAN with a NAT. And so on.
>
> I dunno yet, I'll keep it simple at the beginning and make it evolve
> over time depending on feedback given by newbies.
>
> > On Wednesday 30 May 2007 20:12, nextgens at freenetproject.org wrote:
> > > Author: nextgens Date: 2007-05-30 19:12:37 +0000 (Wed, 30 May 2007)
> > > New Revision: 13395
> > >
> > > Modified:
> > > trunk/freenet/src/freenet/clients/http/FirstTimeWizardToadlet.java
> > > trunk/freenet/src/freenet/l10n/freenet.l10n.en.properties
> > > Log: New step for network configuration in the wizard ... I'm
> > > not proud of it: suggestions are welcome.
> > >
> > > Modified:
> > > trunk/freenet/src/freenet/clients/http/FirstTimeWizardToadlet.java
> > > ===================================================================
> > > ---
> > > trunk/freenet/src/freenet/clients/http/FirstTimeWizardToadlet.java
> > > 2007-05-
> > >29 22:24:23 UTC (rev 13394) +++
> > > trunk/freenet/src/freenet/clients/http/FirstTimeWizardToadlet.java
> > > 2007-05-
> > >30 19:12:37 UTC (rev 13395) @@ -4,7 +4,10 @@
> > > package freenet.clients.http;
> > >
> > > import java.io.IOException;
> > > +import java.net.InetAddress; +import java.net.NetworkInterface;
> > > import java.net.URI;
> > > +import java.util.Enumeration;
> > >
> > > import freenet.client.HighLevelSimpleClient; import
> > > freenet.config.Config;
> > > @@ -45,7 +48,7 @@
> > > int currentStep = request.getIntParam("step");
> > >
> > > if(currentStep == 1) {
> > > - HTMLNode pageNode =
> > > ctx.getPageMaker().getPageNode(l10n("step1Title"),
> > > ctx); + HTMLNode pageNode =
> > > ctx.getPageMaker().getPageNode(l10n("step1Title"), false, ctx);
> > > HTMLNode contentNode = ctx.getPageMaker().getContentNode(pageNode);
> > >
> > > HTMLNode languageInfobox =
> > > contentNode.addChild("div", "class",
> > > "infobox infobox-normal"); @@ -70,7 +73,7 @@
> > > this.writeReply(ctx, 200, "text/html;
> > > charset=utf-8", "OK",
> > > pageNode.generate()); return;
> > > } else if(currentStep == 2) {
> > > - HTMLNode pageNode =
> > > ctx.getPageMaker().getPageNode(l10n("step2Title"),
> > > ctx); + HTMLNode pageNode =
> > > ctx.getPageMaker().getPageNode(l10n("step2Title"), false, ctx);
> > > HTMLNode contentNode = ctx.getPageMaker().getContentNode(pageNode);
> > >
> > > HTMLNode bandwidthInfobox =
> > > contentNode.addChild("div", "class",
> > > "infobox infobox-normal"); @@ -95,7 +98,7 @@
> > > this.writeReply(ctx, 200, "text/html;
> > > charset=utf-8", "OK",
> > > pageNode.generate()); return;
> > > } else if(currentStep == 3) {
> > > - HTMLNode pageNode =
> > > ctx.getPageMaker().getPageNode(l10n("step3Title"),
> > > ctx); + HTMLNode pageNode =
> > > ctx.getPageMaker().getPageNode(l10n("step3Title"), false, ctx);
> > > HTMLNode contentNode = ctx.getPageMaker().getContentNode(pageNode);
> > >
> > > HTMLNode bandwidthInfobox =
> > > contentNode.addChild("div", "class",
> > > "infobox infobox-normal"); @@ -121,17 +124,67 @@
> > > bandwidthForm.addChild("input", new String[] {
> > > "type", "name", "value"
> > > }, new String[] { "submit", "cancel",
> > > L10n.getString("Toadlet.cancel")}); this.writeReply(ctx, 200,
> > > "text/html; charset=utf-8", "OK", pageNode.generate()); return; +
> > > } else if(currentStep == 4) { + HTMLNode
> > > pageNode = ctx.getPageMaker().getPageNode(l10n("step4Title"),
> > > false, ctx); + HTMLNode contentNode
> > > = ctx.getPageMaker().getContentNode(pageNode); + +
> > > HTMLNode bandwidthInfobox = contentNode.addChild("div", "class",
> > > "infobox infobox-normal"); + HTMLNode
> > > bandwidthnfoboxHeader = bandwidthInfobox.addChild("div",
> > > "class", "infobox-header"); + HTMLNode
> > > bandwidthInfoboxContent = bandwidthInfobox.addChild("div", "class",
> > > "infobox-content"); + + Enumeration
> > > interfaces = NetworkInterface.getNetworkInterfaces();
> > > + HTMLNode bandwidthForm =
> > > ctx.addFormChild(bandwidthInfoboxContent, ".", "networkForm");
> > > + // We always want that... don't we ? +
> > > bandwidthForm.addChild("input", new String[] { "type",
> > > "name", "value"}, new String[] { "hidden", "127.0.0.1",
> > > "true" }); + + short ifCount = 0; +
> > > HTMLNode ifList = new HTMLNode("div", "class", "interface");
> > > + while(interfaces.hasMoreElements())
> > > { + NetworkInterface
> > > currentInterface = (NetworkInterface) interfaces.nextElement(); +
> > > if((currentInterface == null) || (currentInterface.isLoopback()))
> > > continue; + + Enumeration
> > > ipAddresses = currentInterface.getInetAddresses(); +
> > > while(ipAddresses.hasMoreElements()) { +
> > > InetAddress ip = (InetAddress) ipAddresses.nextElement();
> > > + if(ip == null)
> > > continue; + ifCount++; +
> > > HTMLNode ipDiv = ifList.addChild("div", "class", "ipAddress");
> > > + ipDiv.addChild("#",
> > > L10n.getString("FirstTimeWizardToadlet.iDoTrust",
> > > new String[] { "interface", "ip" }, new String[] {
> > > currentInterface.getName(), ip.getHostAddress() }));
> > > + ipDiv.addChild("input",
> > > new String[] { "type", "name", "value"}, new String[] { "radio",
> > > ip.getHostAddress(), "true" }, L10n.getString("Toadlet.yes"));
> > > + ipDiv.addChild("input",
> > > new String[] { "type", "name", "value", "checked"}, new
> > > String[] { "radio", ip.getHostAddress(), "false", "checked" },
> > > L10n.getString("Toadlet.no")); + } +
> > > } + + if(ifCount > 0) { +
> > > bandwidthnfoboxHeader.addChild("#", l10n("isNetworkTrusted")); +
> > > bandwidthInfoboxContent.addChild("#",
> > > l10n("isNetworkTrustedLong")); +
> > > bandwidthForm.addChild(ifList); + } else { +
> > > bandwidthnfoboxHeader.addChild("#", l10n("noNetworkIF")); +
> > > bandwidthInfoboxContent.addChild("#", l10n("noNetworkIFLong")); +
> > > } + + bandwidthForm.addChild("input",
> > > new String[] { "type", "name", "value" }, new String[] {
> > > "submit", "networkF", L10n.getString("Toadlet.clickHere")});
> > > + bandwidthForm.addChild("input",
> > > new String[] { "type", "name", "value" }, new String[] {
> > > "submit", "cancel", L10n.getString("Toadlet.cancel")}); +
> > > this.writeReply(ctx, 200, "text/html; charset=utf-8", "OK",
> > > pageNode.generate()); + return;
> > > }
> > >
> > > - HTMLNode pageNode =
> > > ctx.getPageMaker().getPageNode(l10n("homepageTitle"),
> > > ctx); + HTMLNode pageNode =
> > > ctx.getPageMaker().getPageNode(l10n("homepageTitle"), false, ctx);
> > > HTMLNode contentNode = ctx.getPageMaker().getContentNode(pageNode);
> > >
> > > HTMLNode welcomeInfobox = contentNode.addChild("div",
> > > "class", "infobox
> > > infobox-normal"); HTMLNode welcomeInfoboxHeader
> > > = welcomeInfobox.addChild("div", "class",
> > > "infobox-header"); HTMLNode welcomeInfoboxContent =
> > > welcomeInfobox.addChild("div", "class", "infobox-content");
> > > welcomeInfoboxHeader.addChild("#", l10n("welcomeInfoboxTitle"));
> > > - welcomeInfoboxContent.addChild("#",
> > > l10n("welcomeInfoboxContent1"));
> > > - welcomeInfoboxContent.addChild("a", "href",
> > > "?step=1").addChild("#", L10n.getString("Toadlet.clickHere")); + +
> > > HTMLNode firstParagraph = welcomeInfoboxContent.addChild("p"); +
> > > firstParagraph.addChild("#", l10n("welcomeInfoboxContent1")
> > > + ' '); + firstParagraph.addChild("a", "href",
> > > "?step=1").addChild("#", L10n.getString("Toadlet.clickHere")); + +
> > > HTMLNode secondParagraph = welcomeInfoboxContent.addChild("p"); +
> > > secondParagraph.addChild("a", "href", "/").addChild("#",
> > > l10n("skipWizard")); +
> > > this.writeReply(ctx, 200, "text/html; charset=utf-8",
> > > "OK",
> > > pageNode.generate()); }
> > >
> > > @@ -183,8 +236,48 @@
> > > } super.writeTemporaryRedirect(ctx, "step3",
> > > TOADLET_URL+"?step=4"); return;
> > > + } else if(request.isPartSet("networkF")) {
> > > + StringBuffer sb = new StringBuffer(); +
> > > short ifCount = 0; + + Enumeration
> > > interfaces = NetworkInterface.getNetworkInterfaces();
> > > + while(interfaces.hasMoreElements())
> > > { + NetworkInterface
> > > currentIF = (NetworkInterface) interfaces.nextElement();
> > > + if(currentIF == null) continue; + +
> > > Enumeration ipAddresses = currentIF.getInetAddresses(); +
> > > while(ipAddresses.hasMoreElements()) {
> > > + InetAddress
> > > currentInetAddress = (InetAddress) ipAddresses.nextElement(); +
> > > if(currentInetAddress == null) continue;
> > > + String isIFSelected
> > > =request.getPartAsString(currentInetAddress.getHostAddress(),
> > > 255); + if((isIFSelected
> > > != null) && (isIFSelected.equals("true"))) { +
> > > sb.append(currentInetAddress.getHostAddress());
> > > + sb.append(',');
> > > + ifCount++;
> > > + // The trailling
> > > comma is going to be sanitized by the config framework anyway +
> > > } + } + }
> > > + + if(ifCount > 1) { // One is
> > > loopback => default + try {
> > > + // Java doesn't provide a
> > > way to get the netmask : workaround and bind only to trusted if +
> > > config.get("fcp").set("bindTo",
> > > sb.toString()); // FIXME: Would break ipv6? +
> > > config.get("fcp").set("allowedHosts", "*"); +
> > > config.get("fcp").set("allowedHostsFullAccess", "*"); + +
> > > config.get("fproxy").set("bindTo",
> > > sb.toString()); // FIXME: Would break ipv6? +
> > > config.get("fproxy").set("allowedHosts", "*"); +
> > > config.get("fproxy").set("allowedHostsFullAccess", "*"); +
> > > + Logger.normal(this,
> > > "Network allowance list has been set to "+ sb.toString()); +
> > > } catch (InvalidConfigValueException e) { +
> > > Logger.error(this, "Should not happen, please report!" + e);
> > > + } + } +
> > > super.writeTemporaryRedirect(ctx, "step4", TOADLET_URL+"?step=5");
> > > + return;
> > > }
> > > -
> > >
> > > super.writeTemporaryRedirect(ctx, "invalid/unhandled
> > > data",
> > > TOADLET_URL); }
> > >
> > > Modified: trunk/freenet/src/freenet/l10n/freenet.l10n.en.properties
> > > ===================================================================
> > > --- trunk/freenet/src/freenet/l10n/freenet.l10n.en.properties
> > > 2007-05-29 22:24:23 UTC (rev 13394) +++
> > > trunk/freenet/src/freenet/l10n/freenet.l10n.en.properties
> > > 2007-05-30 19:12:37 UTC (rev 13395) @@ -172,9 +172,16 @@
> > > FirstTimeWizardToadlet.bandwidthLimitLong=Please select your
> > > connection
> > > type from the dropdown menu below.
> > > FirstTimeWizardToadlet.datastoreSize=Datastore size
> > > FirstTimeWizardToadlet.datastoreSizeLong=Please select a size
> > > for your
> > > datastore. +FirstTimeWizardToadlet.isNetworkTrusted=Is your local
> > > network trusted ? +FirstTimeWizardToadlet.isNetworkTrustedLong=Is
> > > your local network trusted ? If you don't answer the default
> > > option all the services provided by your node will be wide open to
> > > everyone willing to access them. If you want to do more selective
> > > access controls you can proceed later on from the configuration
> > > page. +FirstTimeWizardToadlet.noNetworkIF=No additionnal network
> > > interface found +FirstTimeWizardToadlet.noNetworkIFLong=Freenet
> > > hasn't found any additionnal network interface. It will
> > > assume that you will connect to it from your computer
> > > and only from it. +FirstTimeWizardToadlet.iDoTrust=Do
> > > you trust people connected to ${interface} (${ip}) ?
> > > FirstTimeWizardToadlet.step1Title=Freenet first time wizard! -
> > > Choose your language FirstTimeWizardToadlet.step2Title=Freenet
> > > first time wizard! - Bandwidth limits
> > > FirstTimeWizardToadlet.step3Title=Freenet first time wizard! -
> > > Datastore size +FirstTimeWizardToadlet.step4Title=Freenet
> > > first time wizard! - Network configuration
> > > +FirstTimeWizardToadlet.skipWizard=I am not a newbie, please skip
> > > the wizard! FProxyToadlet.abortToHomepage=Abort and return to
> > > the FProxy home page FProxyToadlet.backToFProxy=${link}Click
> > > here${/link} to go to the FProxy home
> > > page. FProxyToadlet.backToReferrer=${link}Click here${/link}
> > > to go back to the referring page. @@ -782,6 +789,8 @@
> > > TextModeClientInterfaceServer.enabledLong=Whether to enable the TMCI
> > > TextModeClientInterfaceServer.telnetPortNumber=Telnet port
> > > TextModeClientInterfaceServer.telnetPortNumberLong=Telnet port number
> > > +Toadlet.yes=Yes
> > > +Toadlet.no=No
> > > Toadlet.cancel=Cancel
> > > Toadlet.clickHere=Click here
> > > Toadlet.internalErrorPleaseReport=Internal error: please report
> > >
> > > _______________________________________________
> > > cvs mailing list
> > > cvs at freenetproject.org
> > > http://emu.freenetproject.org/cgi-bin/mailman/listinfo/cvs
> >
> > _______________________________________________
> > Devl mailing list
> > Devl at freenetproject.org
> > http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL:
<https://emu.freenetproject.org/pipermail/devl/attachments/20070531/55c99d5e/attachment.pgp>
