aboutsummaryrefslogtreecommitdiff
path: root/src/simplewallet/simplewallet.cpp
diff options
context:
space:
mode:
authormoneromooo-monero <moneromooo-monero@users.noreply.github.com>2020-12-20 12:48:34 +0000
committermoneromooo-monero <moneromooo-monero@users.noreply.github.com>2020-12-22 23:39:07 +0000
commitd2fda6c25f476c45acbc875721106f965435d99f (patch)
tree57d87f47240d0d5526e83837cddb26cf4c88fbfa /src/simplewallet/simplewallet.cpp
parentMerge pull request #7151 (diff)
downloadmonero-d2fda6c25f476c45acbc875721106f965435d99f.tar.xz
restrict public node checks a little
do not include blocked hosts in peer lists or public node lists by default, warn about no https on clearnet and about untrusted peers likely being spies
Diffstat (limited to '')
-rw-r--r--src/simplewallet/simplewallet.cpp47
1 files changed, 39 insertions, 8 deletions
diff --git a/src/simplewallet/simplewallet.cpp b/src/simplewallet/simplewallet.cpp
index a90bd3a39..4385394ce 100644
--- a/src/simplewallet/simplewallet.cpp
+++ b/src/simplewallet/simplewallet.cpp
@@ -181,7 +181,7 @@ namespace
const command_line::arg_descriptor< std::vector<std::string> > arg_command = {"command", ""};
const char* USAGE_START_MINING("start_mining [<number_of_threads>] [bg_mining] [ignore_battery]");
- const char* USAGE_SET_DAEMON("set_daemon <host>[:<port>] [trusted|untrusted]");
+ const char* USAGE_SET_DAEMON("set_daemon <host>[:<port>] [trusted|untrusted|this-is-probably-a-spy-node]");
const char* USAGE_SHOW_BALANCE("balance [detail]");
const char* USAGE_INCOMING_TRANSFERS("incoming_transfers [available|unavailable] [verbose] [uses] [index=<N1>[,<N2>[,...]]]");
const char* USAGE_PAYMENTS("payments <PID_1> [<PID_2> ... <PID_N>]");
@@ -2286,6 +2286,7 @@ bool simple_wallet::public_nodes(const std::vector<std::string> &args)
{
fail_msg_writer() << tr("Error retrieving public node list: ") << e.what();
}
+ message_writer(console_color_red, true) << tr("Most of these nodes are probably spies. You should not use them unless connecting via Tor or I2P");
return true;
}
@@ -3240,7 +3241,7 @@ simple_wallet::simple_wallet()
m_cmd_binder.set_handler("set_daemon",
boost::bind(&simple_wallet::on_command, this, &simple_wallet::set_daemon, _1),
tr(USAGE_SET_DAEMON),
- tr("Set another daemon to connect to."));
+ tr("Set another daemon to connect to. If it's not yours, it'll probably spy on you."));
m_cmd_binder.set_handler("save_bc",
boost::bind(&simple_wallet::on_command, this, &simple_wallet::save_bc, _1),
tr("Save the current blockchain data."));
@@ -5527,21 +5528,51 @@ bool simple_wallet::set_daemon(const std::vector<std::string>& args)
} else {
daemon_url = args[0];
}
- LOCK_IDLE_SCOPE();
- m_wallet->init(daemon_url);
+ epee::net_utils::http::url_content parsed{};
+ const bool r = epee::net_utils::parse_url(daemon_url, parsed);
+ if (!r)
+ {
+ fail_msg_writer() << tr("Failed to parse address");
+ return true;
+ }
+
+ std::string trusted;
if (args.size() == 2)
{
if (args[1] == "trusted")
- m_wallet->set_trusted_daemon(true);
+ trusted = "trusted";
else if (args[1] == "untrusted")
- m_wallet->set_trusted_daemon(false);
+ trusted = "untrusted";
+ else if (args[1] == "this-is-probably-a-spy-node")
+ trusted = "this-is-probably-a-spy-node";
else
{
- fail_msg_writer() << tr("Expected trusted or untrusted, got ") << args[1] << ": assuming untrusted";
- m_wallet->set_trusted_daemon(false);
+ fail_msg_writer() << tr("Expected trusted, untrusted or this-is-probably-a-spy-node got ") << args[1];
+ return true;
}
}
+
+ if (!tools::is_privacy_preserving_network(parsed.host) && !tools::is_local_address(parsed.host))
+ {
+ if (trusted == "untrusted" || trusted == "")
+ {
+ fail_msg_writer() << tr("This is not Tor/I2P address, and is not a trusted daemon.");
+ fail_msg_writer() << tr("Either use your own trusted node, connect via Tor or I2P, or pass this-is-probably-a-spy-node and be spied on.");
+ return true;
+ }
+
+ if (parsed.schema != "https")
+ message_writer(console_color_red) << tr("Warning: connecting to a non-local daemon without SSL, passive adversaries will be able to spy on you.");
+ }
+
+ LOCK_IDLE_SCOPE();
+ m_wallet->init(daemon_url);
+
+ if (!trusted.empty())
+ {
+ m_wallet->set_trusted_daemon(trusted == "trusted");
+ }
else
{
m_wallet->set_trusted_daemon(false);