Merge pull request #1197 from csoler/v0.6-SecurityFixes

Fixing bugs on channels permission and notify
This commit is contained in:
csoler 2018-03-01 09:44:59 +01:00 committed by GitHub
commit 028a246b8d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 94 additions and 46 deletions

View file

@ -1643,7 +1643,7 @@ void RsGenExchange::notifyReceivePublishKey(const RsGxsGroupId &grpId)
{ {
RS_STACK_MUTEX(mGenMtx); RS_STACK_MUTEX(mGenMtx);
RsGxsGroupChange* gc = new RsGxsGroupChange(RsGxsNotify::TYPE_PUBLISHKEY, false); RsGxsGroupChange* gc = new RsGxsGroupChange(RsGxsNotify::TYPE_PUBLISHKEY, true);
gc->mGrpIdList.push_back(grpId); gc->mGrpIdList.push_back(grpId);
mNotifications.push_back(gc); mNotifications.push_back(gc);
} }
@ -2580,7 +2580,11 @@ void RsGenExchange::publishGrps()
ggps.mKeys = fullKeySet; ggps.mKeys = fullKeySet;
} }
else else
{
// We should just merge the keys instead of overwriting them, because the update may not contain private parts.
fullKeySet = ggps.mKeys; fullKeySet = ggps.mKeys;
}
// find private admin key // find private admin key
RsTlvPrivateRSAKey privAdminKey; RsTlvPrivateRSAKey privAdminKey;
@ -2756,7 +2760,7 @@ void RsGenExchange::publishGrps()
if(!grpChanged.empty()) if(!grpChanged.empty())
{ {
RsGxsGroupChange* gc = new RsGxsGroupChange(RsGxsNotify::TYPE_PUBLISH, false); RsGxsGroupChange* gc = new RsGxsGroupChange(RsGxsNotify::TYPE_RECEIVE, true);
gc->mGrpIdList = grpChanged; gc->mGrpIdList = grpChanged;
mNotifications.push_back(gc); mNotifications.push_back(gc);
#ifdef GEN_EXCH_DEBUG #ifdef GEN_EXCH_DEBUG
@ -3216,6 +3220,13 @@ void RsGenExchange::performUpdateValidation()
gu.newGrp->metaData->mSubscribeFlags = gu.oldGrpMeta->mSubscribeFlags ; gu.newGrp->metaData->mSubscribeFlags = gu.oldGrpMeta->mSubscribeFlags ;
// Also keep private keys if present
if(!gu.newGrp->metaData->keys.private_keys.empty())
std::cerr << "(EE) performUpdateValidation() group " <<gu.newGrp->metaData->mGroupId << " has been received with private keys. This is very unexpected!" << std::endl;
else
gu.newGrp->metaData->keys.private_keys = gu.oldGrpMeta->keys.private_keys ;
grps.push_back(gu.newGrp); grps.push_back(gu.newGrp);
} }
else else
@ -3254,7 +3265,7 @@ void RsGenExchange::performUpdateValidation()
mGroupUpdates.clear(); mGroupUpdates.clear();
} }
bool RsGenExchange::updateValid(const RsGxsGrpMetaData& oldGrpMeta, RsNxsGrp& newGrp) const bool RsGenExchange::updateValid(const RsGxsGrpMetaData& oldGrpMeta, const RsNxsGrp& newGrp) const
{ {
std::map<SignType, RsTlvKeySignature>& signSet = newGrp.metaData->signSet.keySignSet; std::map<SignType, RsTlvKeySignature>& signSet = newGrp.metaData->signSet.keySignSet;
std::map<SignType, RsTlvKeySignature>::iterator mit = signSet.find(INDEX_AUTHEN_ADMIN); std::map<SignType, RsTlvKeySignature>::iterator mit = signSet.find(INDEX_AUTHEN_ADMIN);

View file

@ -835,7 +835,7 @@ private:
* @param newGrp the new group that updates the old group (must have meta data member initialised) * @param newGrp the new group that updates the old group (must have meta data member initialised)
* @return * @return
*/ */
bool updateValid(const RsGxsGrpMetaData& oldGrp, RsNxsGrp& newGrp) const; bool updateValid(const RsGxsGrpMetaData& oldGrp, const RsNxsGrp& newGrp) const;
/*! /*!
* convenience function for checking private publish and admin keys are present * convenience function for checking private publish and admin keys are present

View file

@ -389,6 +389,8 @@ int RsGxsNetService::tick()
should_notify = should_notify || !mNewGroupsToNotify.empty() ; should_notify = should_notify || !mNewGroupsToNotify.empty() ;
should_notify = should_notify || !mNewMessagesToNotify.empty() ; should_notify = should_notify || !mNewMessagesToNotify.empty() ;
should_notify = should_notify || !mNewPublishKeysToNotify.empty() ;
should_notify = should_notify || !mNewStatsToNotify.empty() ;
} }
if(should_notify) if(should_notify)
@ -451,8 +453,11 @@ void RsGxsNetService::processObserverNotifications()
if(!grps_copy.empty()) mObserver->notifyNewGroups (grps_copy); if(!grps_copy.empty()) mObserver->notifyNewGroups (grps_copy);
if(!msgs_copy.empty()) mObserver->notifyNewMessages(msgs_copy); if(!msgs_copy.empty()) mObserver->notifyNewMessages(msgs_copy);
for(std::set<RsGxsGroupId>::const_iterator it(keys_copy.begin());it!=keys_copy.end();++it) mObserver->notifyReceivePublishKey(*it); for(std::set<RsGxsGroupId>::const_iterator it(keys_copy.begin());it!=keys_copy.end();++it)
for(std::set<RsGxsGroupId>::const_iterator it(stat_copy.begin());it!=stat_copy.end();++it) mObserver->notifyChangedGroupStats(*it); mObserver->notifyReceivePublishKey(*it);
for(std::set<RsGxsGroupId>::const_iterator it(stat_copy.begin());it!=stat_copy.end();++it)
mObserver->notifyChangedGroupStats(*it);
} }
void RsGxsNetService::rejectMessage(const RsGxsMessageId& msg_id) void RsGxsNetService::rejectMessage(const RsGxsMessageId& msg_id)
@ -4756,6 +4761,7 @@ void RsGxsNetService::handleRecvPublishKeys(RsNxsGroupPublishKeyItem *item)
#ifdef NXS_NET_DEBUG_3 #ifdef NXS_NET_DEBUG_3
GXSNETDEBUG_PG(item->PeerId(),item->grpId)<< " (EE) Publish key already present in database. Discarding message." << std::endl; GXSNETDEBUG_PG(item->PeerId(),item->grpId)<< " (EE) Publish key already present in database. Discarding message." << std::endl;
#endif #endif
mNewPublishKeysToNotify.insert(item->grpId) ;
return ; return ;
} }

View file

@ -58,24 +58,6 @@
#include "common/FeedNotify.h" #include "common/FeedNotify.h"
#include "notifyqt.h" #include "notifyqt.h"
const uint32_t NEWSFEED_PEERLIST = 0x0001;
const uint32_t NEWSFEED_FORUMNEWLIST = 0x0002;
const uint32_t NEWSFEED_FORUMMSGLIST = 0x0003;
const uint32_t NEWSFEED_CHANNELNEWLIST = 0x0004;
//const uint32_t NEWSFEED_CHANNELMSGLIST = 0x0005;
#if 0
const uint32_t NEWSFEED_BLOGNEWLIST = 0x0006;
const uint32_t NEWSFEED_BLOGMSGLIST = 0x0007;
#endif
const uint32_t NEWSFEED_MESSAGELIST = 0x0008;
const uint32_t NEWSFEED_CHATMSGLIST = 0x0009;
const uint32_t NEWSFEED_SECLIST = 0x000a;
const uint32_t NEWSFEED_POSTEDNEWLIST = 0x000b;
const uint32_t NEWSFEED_POSTEDMSGLIST = 0x000c;
const uint32_t NEWSFEED_CIRCLELIST = 0x000d;
#define ROLE_RECEIVED FEED_TREEWIDGET_SORTROLE #define ROLE_RECEIVED FEED_TREEWIDGET_SORTROLE
#define TOKEN_TYPE_GROUP 1 #define TOKEN_TYPE_GROUP 1
@ -281,20 +263,20 @@ void NewsFeed::updateDisplay()
mTokenQueueChannel = new TokenQueue(rsGxsChannels->getTokenService(), instance); mTokenQueueChannel = new TokenQueue(rsGxsChannels->getTokenService(), instance);
} }
RsGxsGroupId grpId(fi.mId1); addFeedItemChannelPublishKey(fi);
if (!grpId.isNull()) {
RsTokReqOptions opts;
opts.mReqType = GXS_REQUEST_TYPE_GROUP_DATA;
std::list<RsGxsGroupId> grpIds; // RsGxsGroupId grpId(fi.mId1);
grpIds.push_back(grpId); // if (!grpId.isNull()) {
// RsTokReqOptions opts;
uint32_t token; // opts.mReqType = GXS_REQUEST_TYPE_GROUP_DATA;
mTokenQueueChannel->requestGroupInfo(token, RS_TOKREQ_ANSTYPE_SUMMARY, opts, grpIds, TOKEN_TYPE_PUBLISHKEY); //
// std::list<RsGxsGroupId> grpIds;
// grpIds.push_back(grpId);
//
// uint32_t token;
// mTokenQueueChannel->requestGroupInfo(token, RS_TOKREQ_ANSTYPE_SUMMARY, opts, grpIds, TOKEN_TYPE_PUBLISHKEY);
// }
} }
}
// if (flags & RS_FEED_TYPE_CHANNEL)
// addFeedItemChannelPublishKey(fi);
break; break;
case RS_FEED_ITEM_FORUM_NEW: case RS_FEED_ITEM_FORUM_NEW:
@ -769,6 +751,14 @@ void NewsFeed::loadChannelPublishKey(const uint32_t &token)
#ifdef UNUSED_CODE #ifdef UNUSED_CODE
MessageComposer::sendChannelPublishKey(groups[0]); MessageComposer::sendChannelPublishKey(groups[0]);
#endif #endif
RsGxsChannelGroup& grp = *groups.begin();
RsFeedItem fi;
fi.mId1 = grp.mMeta.mGroupId.toStdString();
addFeedItemChannelPublishKey(fi);
} }
void NewsFeed::loadForumGroup(const uint32_t &token) void NewsFeed::loadForumGroup(const uint32_t &token)
@ -863,6 +853,8 @@ void NewsFeed::loadForumPublishKey(const uint32_t &token)
#ifdef UNUSED_CODE #ifdef UNUSED_CODE
MessageComposer::sendForumPublishKey(groups[0]); MessageComposer::sendForumPublishKey(groups[0]);
#endif #endif
std::cerr << "(EE) Unimplemented code: received an order to load/display item for received forum publish key, but the implementation is missing." << std::endl;
} }
void NewsFeed::loadPostedGroup(const uint32_t &token) void NewsFeed::loadPostedGroup(const uint32_t &token)
@ -1357,6 +1349,24 @@ void NewsFeed::addFeedItemChannelMsg(const RsFeedItem &fi)
/* add to layout */ /* add to layout */
addFeedItem(item); addFeedItem(item);
#ifdef NEWS_DEBUG
std::cerr << "NewsFeed::addFeedItemChanMsg()";
std::cerr << std::endl;
#endif
}
void NewsFeed::addFeedItemChannelPublishKey(const RsFeedItem &fi)
{
RsGxsGroupId grpId(fi.mId1);
if (grpId.isNull())
return;
/* make new widget */
GxsChannelGroupItem *item = new GxsChannelGroupItem(this, NEWSFEED_CHANNELPUBKEYLIST, grpId, false, true);
/* add to layout */
addFeedItem(item);
#ifdef NEWS_DEBUG #ifdef NEWS_DEBUG
std::cerr << "NewsFeed::addFeedItemChanMsg()"; std::cerr << "NewsFeed::addFeedItemChanMsg()";
std::cerr << std::endl; std::cerr << std::endl;

View file

@ -30,6 +30,25 @@
#define IMAGE_NEWSFEED ":/icons/plugins_128.png" #define IMAGE_NEWSFEED ":/icons/plugins_128.png"
const uint32_t NEWSFEED_PEERLIST = 0x0001;
const uint32_t NEWSFEED_FORUMNEWLIST = 0x0002;
const uint32_t NEWSFEED_FORUMMSGLIST = 0x0003;
const uint32_t NEWSFEED_CHANNELNEWLIST = 0x0004;
//const uint32_t NEWSFEED_CHANNELMSGLIST = 0x0005;
#if 0
const uint32_t NEWSFEED_BLOGNEWLIST = 0x0006;
const uint32_t NEWSFEED_BLOGMSGLIST = 0x0007;
#endif
const uint32_t NEWSFEED_MESSAGELIST = 0x0008;
const uint32_t NEWSFEED_CHATMSGLIST = 0x0009;
const uint32_t NEWSFEED_SECLIST = 0x000a;
const uint32_t NEWSFEED_POSTEDNEWLIST = 0x000b;
const uint32_t NEWSFEED_POSTEDMSGLIST = 0x000c;
const uint32_t NEWSFEED_CIRCLELIST = 0x000d;
const uint32_t NEWSFEED_CHANNELPUBKEYLIST= 0x000e;
namespace Ui { namespace Ui {
class NewsFeed; class NewsFeed;
} }
@ -102,6 +121,7 @@ private:
void addFeedItemChannelNew(const RsFeedItem &fi); void addFeedItemChannelNew(const RsFeedItem &fi);
// void addFeedItemChannelUpdate(const RsFeedItem &fi); // void addFeedItemChannelUpdate(const RsFeedItem &fi);
void addFeedItemChannelMsg(const RsFeedItem &fi); void addFeedItemChannelMsg(const RsFeedItem &fi);
void addFeedItemChannelPublishKey(const RsFeedItem &fi);
void addFeedItemForumNew(const RsFeedItem &fi); void addFeedItemForumNew(const RsFeedItem &fi);
// void addFeedItemForumUpdate(const RsFeedItem &fi); // void addFeedItemForumUpdate(const RsFeedItem &fi);

View file

@ -23,6 +23,7 @@
#include "ui_GxsChannelGroupItem.h" #include "ui_GxsChannelGroupItem.h"
#include "FeedHolder.h" #include "FeedHolder.h"
#include "gui/NewsFeed.h"
#include "gui/RetroShareLink.h" #include "gui/RetroShareLink.h"
/**** /****
@ -144,14 +145,14 @@ void GxsChannelGroupItem::fill()
ui->subscribeButton->setEnabled(true); ui->subscribeButton->setEnabled(true);
} }
// if (mIsNew) switch(mFeedId)
// { {
ui->titleLabel->setText(tr("New Channel")); case NEWSFEED_CHANNELPUBKEYLIST: ui->titleLabel->setText(tr("Publish permission received for channel: "));
// } break ;
// else
// { case NEWSFEED_CHANNELNEWLIST: ui->titleLabel->setText(tr("New Channel: "));
// ui->titleLabel->setText(tr("Updated Channel")); break ;
// } }
if (mIsHome) if (mIsHome)
{ {