Digital_Voice_Modem_Project
/
dvmhost
mirror of https://github.com/DVMProject/dvmhost.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

allow EKC container remote access to be disabled; add some extra documentation around dvmhost voice channels in the config stanza;

Browse Source
pull/121/merge
Bryan Biedenkapp 6 days ago
parent 1d8b31f6ea
commit ec91c0fcad
6 changed files with 32 additions and 4 deletions
Show Stats Download Patch File Download Diff File

3
configs/config.example.yml
Unescape View File

@ -474,6 +474,9 @@ system:
# #
# Voice Channels # Voice Channels
# Note: This is a list, these parameters are used by a control channel to communicate back to a voice channel
# for authoritative voice channel control. (Additionally this list is used to define the voice channels that are
# available for use by the host.)
# #
voiceChNo: voiceChNo:
# Channel Identity (corresponds to the appropriate entry in the iden_table file). # Channel Identity (corresponds to the appropriate entry in the iden_table file).

2
configs/fne-config.example.yml
Unescape View File

@ -229,6 +229,8 @@ master:
file: key_container.ekc file: key_container.ekc
# Container password. # Container password.
password: "PASSWORD" password: "PASSWORD"
# Flag indicating whether or not the crypto container remove access is enabled.
remoteAccess: false
# Remote access password for the crypto container. # Remote access password for the crypto container.
remoteAccessPassword: "PASSWORD" remoteAccessPassword: "PASSWORD"
# Amount of time between updates of crypto container file. (minutes) # Amount of time between updates of crypto container file. (minutes)

5
src/fne/CryptoContainer.cpp
Unescape View File

@ -141,11 +141,12 @@ std::mutex CryptoContainer::s_mutex;
/* Initializes a new instance of the CryptoContainer class. */ /* Initializes a new instance of the CryptoContainer class. */
CryptoContainer::CryptoContainer(const std::string& filename, const std::string& password, const std::string& remotePassword, CryptoContainer::CryptoContainer(const std::string& filename, const std::string& password,
uint32_t reloadTime, bool enabled) : Thread(), const std::string& remotePassword, bool remoteAccessEnabled, uint32_t reloadTime, bool enabled) : Thread(),
m_file(filename), m_file(filename),
m_password(password), m_password(password),
m_remotePassword(remotePassword), m_remotePassword(remotePassword),
m_remoteAccessEnabled(remoteAccessEnabled),
m_reloadTime(reloadTime), m_reloadTime(reloadTime),
m_lastLoadTime(0U), m_lastLoadTime(0U),
#if !defined(ENABLE_SSL) #if !defined(ENABLE_SSL)

11
src/fne/CryptoContainer.h
Unescape View File

@ -168,10 +168,12 @@ public:
* @param filename Full-path to the crypto container file. * @param filename Full-path to the crypto container file.
* @param password Crypto container file access password. * @param password Crypto container file access password.
* @param remotePassword Remote access password for the crypto container. * @param remotePassword Remote access password for the crypto container.
* @param remoteAccessEnabled Flag indicating if remote access is enabled.
* @param reloadTime Interval of time to reload the crypto container. * @param reloadTime Interval of time to reload the crypto container.
* @param enabled Flag indicating if crypto container is enabled. * @param enabled Flag indicating if crypto container is enabled.
*/ */
CryptoContainer(const std::string& filename, const std::string& password, const std::string& remotePassword, uint32_t reloadTime, bool enabled); CryptoContainer(const std::string& filename, const std::string& password,
const std::string& remotePassword, bool remoteAccessEnabled, uint32_t reloadTime, bool enabled);
/** /**
* @brief Finalizes a instance of the CryptoContainer class. * @brief Finalizes a instance of the CryptoContainer class.
*/ */
@ -257,16 +259,23 @@ public:
* @return const std::string& Filename of this lookup table. * @return const std::string& Filename of this lookup table.
*/ */
const std::string& filename() const { return m_file; } const std::string& filename() const { return m_file; }
/** /**
* @brief Returns the remote access password for the crypto container. * @brief Returns the remote access password for the crypto container.
* @return const std::string& Remote access password. * @return const std::string& Remote access password.
*/ */
const std::string& getRemotePassword() const { return m_remotePassword; } const std::string& getRemotePassword() const { return m_remotePassword; }
/**
* @brief Returns the flag indicating whether or not the crypto container remote access is enabled.
* @return const bool True, if remote access is enabled, otherwise false.
*/
const bool isRemoteAccessEnabled() const { return m_remoteAccessEnabled; }
private: private:
std::string m_file; std::string m_file;
std::string m_password; std::string m_password;
std::string m_remotePassword; std::string m_remotePassword;
bool m_remoteAccessEnabled;
uint32_t m_reloadTime; uint32_t m_reloadTime;
uint64_t m_lastLoadTime; uint64_t m_lastLoadTime;

5
src/fne/HostFNE.cpp
Unescape View File

@ -416,6 +416,7 @@ bool HostFNE::readParams()
std::string cryptoContainerEKC = cryptoContainer["file"].as<std::string>(); std::string cryptoContainerEKC = cryptoContainer["file"].as<std::string>();
std::string cryptoContainerPassword = cryptoContainer["password"].as<std::string>(); std::string cryptoContainerPassword = cryptoContainer["password"].as<std::string>();
std::string cryptoContainerRemotePassword = cryptoContainer["remoteAccessPassword"].as<std::string>(); std::string cryptoContainerRemotePassword = cryptoContainer["remoteAccessPassword"].as<std::string>();
bool cryptoContainerRemoteAccess = cryptoContainer["remoteAccess"].as<bool>(false);
uint32_t cryptoContainerReload = cryptoContainer["time"].as<uint32_t>(30U); uint32_t cryptoContainerReload = cryptoContainer["time"].as<uint32_t>(30U);
std::string peerListLookupFile = systemConf["peer_acl"]["file"].as<std::string>(); std::string peerListLookupFile = systemConf["peer_acl"]["file"].as<std::string>();
@ -458,8 +459,10 @@ bool HostFNE::readParams()
LogInfo(" File: %s", cryptoContainerEKC.length() > 0U ? cryptoContainerEKC.c_str() : "None"); LogInfo(" File: %s", cryptoContainerEKC.length() > 0U ? cryptoContainerEKC.c_str() : "None");
if (cryptoContainerReload > 0U) if (cryptoContainerReload > 0U)
LogInfo(" Reload: %u mins", cryptoContainerReload); LogInfo(" Reload: %u mins", cryptoContainerReload);
LogInfo(" Remote Access Enabled: %s", cryptoContainerRemoteAccess ? "yes" : "no");
m_cryptoLookup = new CryptoContainer(cryptoContainerEKC, cryptoContainerPassword, cryptoContainerRemotePassword, cryptoContainerReload, cryptoContainerEnabled); m_cryptoLookup = new CryptoContainer(cryptoContainerEKC, cryptoContainerPassword,
cryptoContainerRemotePassword, cryptoContainerRemoteAccess, cryptoContainerReload, cryptoContainerEnabled);
m_cryptoLookup->read(); m_cryptoLookup->read();
return true; return true;

10
src/fne/network/MetadataNetwork.cpp
Unescape View File

@ -713,6 +713,11 @@ void MetadataNetwork::taskNetworkRx(NetPacketRequest* req)
case NET_FUNC::KEYS_INVENTORY: // Encryption Key Container Inventory case NET_FUNC::KEYS_INVENTORY: // Encryption Key Container Inventory
{ {
if (!network->m_host->m_cryptoLookup->isRemoteAccessEnabled()) {
LogError(LOG_MASTER, "PEER %u requested enc. key inventory, but remote access is disabled, no response", peerId);
break;
}
lookups::PeerId peerEntry = network->m_peerListLookup->find(peerId); lookups::PeerId peerEntry = network->m_peerListLookup->find(peerId);
if (peerEntry.peerDefault()) { if (peerEntry.peerDefault()) {
LogError(LOG_MASTER, "PEER %u requested enc. key inventory but is not allowed, no response", peerId); LogError(LOG_MASTER, "PEER %u requested enc. key inventory but is not allowed, no response", peerId);
@ -895,6 +900,11 @@ void MetadataNetwork::taskNetworkRx(NetPacketRequest* req)
case NET_FUNC::KEYS_UPDATE: // Encryption Key Container Update case NET_FUNC::KEYS_UPDATE: // Encryption Key Container Update
{ {
if (!network->m_host->m_cryptoLookup->isRemoteAccessEnabled()) {
LogError(LOG_MASTER, "PEER %u requested enc. key update, but remote access is disabled, no response", peerId);
break;
}
lookups::PeerId peerEntry = network->m_peerListLookup->find(peerId); lookups::PeerId peerEntry = network->m_peerListLookup->find(peerId);
if (peerEntry.peerDefault()) { if (peerEntry.peerDefault()) {
LogError(LOG_MASTER, "PEER %u requested enc. key update but is not allowed, no response", peerId); LogError(LOG_MASTER, "PEER %u requested enc. key update but is not allowed, no response", peerId);

Write Preview
Loading…
Cancel
Save

Powered by TurnKey Linux.