4 files changed, 85 insertions, 1 deletions

diff --git a/server/proxy_ui_server.workspace b/server/proxy_ui_server.workspace
index 4a0b48d..1e165f9 100644
--- a/server/proxy_ui_server.workspace
+++ b/server/proxy_ui_server.workspace
@@ -22,6 +22,7 @@
   
   
   
+  
   ]]>
   </Environment>
 </CodeLite_Workspace>
diff --git a/server/server/config.cpp b/server/server/config.cpp
index d4602da..b6b343d 100644
--- a/server/server/config.cpp
+++ b/server/server/config.cpp
@@ -22,8 +22,10 @@ config::config(const char *pth)
 	vars.bind_ip = get_string(cfg_str, "BindAddress=", "0.0.0.0");
 	vars.log_path = get_string(cfg_str, "LogPath=", "./server.log");
 	vars.dos_log_path = get_string(cfg_str, "DosLogPath=", "./server_dos.log");
+	vars.ignore_ssl_errors = get_int(cfg_str, "IgnoreSslErrors=", 0);
 	load_proxy_list();
 	load_static_proxy_list();
+	load_firewall_list();
 }
 const int config::get_int(const std::string& data, const char* var, int default_)
 {
@@ -183,6 +185,30 @@ void config::load_static_proxy_list(char *pth)
 		}
 	}
 }
+void config::load_firewall_list(char* pth)
+{
+	std::ifstream config;
+	if(!pth)
+		config.open("./firewall_list.cfg", std::fstream::in);
+	else
+		config.open(pth, std::fstream::in);
+	std::string cfg_str((std::istreambuf_iterator<char>(config)), std::istreambuf_iterator<char>());
+	config.close();
+	if(!cfg_str.empty())
+	{
+		std::string::size_type p1 = 0, p2 = 0, l = 1;
+		if(cfg_str.find("\r\n") != std::string::npos)
+			l = 2;
+		p2 = cfg_str.find(';');
+		while(p2 != std::string::npos)
+		{
+			std::string line = cfg_str.substr(p1, p2-p1);
+			p1 = p2+l;
+			firewall_list.push_back(line);
+			p2 = cfg_str.find(';', p1);
+		}
+	}
+}
 
 const int config::ban_time()
 {
@@ -228,4 +254,12 @@ std::list<static_proxy_entry> *config::get_static_proxy_list()
 {
 	return &static_proxy_list;
 }
+std::list<std::string> *config::get_firewall_list()
+{
+	return &firewall_list;
+}
 
+bool config::ignore_ssl_errors()
+{
+	return vars.ignore_ssl_errors;
+}
diff --git a/server/server/config.h b/server/server/config.h
index 62a75af..5d2eb83 100644
--- a/server/server/config.h
+++ b/server/server/config.h
@@ -49,18 +49,22 @@ public:
 	const int check_interval();
 	const int debug();
 	const int dos_conn_count();
+	bool ignore_ssl_errors();
 	const std::string& bind_ip();
 	const std::string& log_path();
 	const std::string& dos_log_path();
 	std::list<proxy_entry> *get_proxy_list();
 	std::list<static_proxy_entry> *get_static_proxy_list();
+	std::list<std::string> *get_firewall_list();
 private:
 	struct cfg_data
 	{
 		int ban_time, conn_count, check_interval, debug, dos_conn_count, conn_time;
+		bool ignore_ssl_errors;
 		std::string log_path, bind_ip, dos_log_path;
 		cfg_data()
 		{
+			ignore_ssl_errors = false;
 			ban_time = conn_time = 60;
 			conn_count = 30;
 			check_interval = 30;
@@ -72,9 +76,11 @@ private:
 	const std::string get_string(const std::string& data, const char* var, const std::string& default_);
 	void load_proxy_list(char* pth = NULL);
 	void load_static_proxy_list(char* pth = NULL);
+	void load_firewall_list(char* pth = NULL);
 	cfg_data vars;
 	std::list<proxy_entry> proxy_list;
 	std::list<static_proxy_entry> static_proxy_list;
+	std::list<std::string> firewall_list;
 };
 
 #endif
\ No newline at end of file
diff --git a/server/server/main.cpp b/server/server/main.cpp
index 37507a8..387ec77 100644
--- a/server/server/main.cpp
+++ b/server/server/main.cpp
@@ -350,6 +350,49 @@ void session::proto_parser(std::vector<byte>& data)
 							}
 						}
 						break;
+						case 0x08: // firewall list request
+						{
+							if(canceled)
+							{
+								delete this;
+								break;
+							}
+							logger->lock();
+							*logger<< time_str() << ": recieved firewall list request from "<<remote_ip << " session " << this_sid <<"\n";
+							logger->unlock();
+							if(!blacklisted)
+							{
+								logger->lock();
+								*logger<< time_str() << ": firewall list request from "<<remote_ip<< " session " << this_sid << " are permited \n";
+								logger->unlock();
+								std::vector<byte> data;
+								data.push_back(0x13);
+								data.push_back(0x13);
+								data.push_back(0x08);
+								for(std::list<std::string>::iterator it = cfg->get_firewall_list()->begin(), end = cfg->get_firewall_list()->end(); it != end; ++it)
+								{
+									if(!(it->empty()))
+										for(int i = 0; i < it->size(); ++ i)
+											data.push_back((*it)[i]);
+									data.push_back(';');
+								}
+								write_w_close(data);
+							}
+							else
+							{
+								logger->lock();
+								*logger<< time_str() << ": firewall list request from "<<remote_ip << " session " << this_sid <<" are denied \n";
+								logger->unlock();
+								std::vector<byte> data;
+								data.push_back(0x13);
+								data.push_back(0x13);
+								data.push_back(0x66);
+								data.push_back(0x14);
+								data.push_back(0x14);
+								write_w_close(data);
+							}
+						}
+						break;
 						default:
 						break;
 					}
@@ -455,7 +498,7 @@ server::server(boost::asio::io_service& io_service, unsigned short port) : io_se
 	boost::system::error_code err;
 	std::string b_path = boost::filesystem::initial_path().string(), tmp_path;
 //    context_.set_password_callback(boost::bind(&server::get_password, this));
-	context_.set_verify_mode(boost::asio::ssl::context::verify_peer | boost::asio::ssl::context::verify_fail_if_no_peer_cert);
+	context_.set_verify_mode(!cfg->ignore_ssl_errors()?(boost::asio::ssl::context::verify_peer | boost::asio::ssl::context::verify_fail_if_no_peer_cert):boost::asio::ssl::context::verify_none);
 	tmp_path = b_path;
 	tmp_path.append("/ca.crt");
 	context_.load_verify_file(tmp_path, err);