From 93bfbb6edea5c0b52d72da0c7032977e72292845 Mon Sep 17 00:00:00 2001 From: Gioacchino Mazzurco Date: Wed, 9 Oct 2019 01:55:31 +0200 Subject: [PATCH] Fix addSslOnlyFriend when adding with already known PGP If the PGP key is available add as full friend. Without this change when the PGP key of a non-friend is available the SSL-id is added in peer list but the PGP-id is not added as PGP friend, at same time skip_pgp_signature_validation is false, because we have the full PGP, so the connection attempt is refused, when it should be verified with PGP and accepted. --- libretroshare/src/pqi/p3peermgr.cc | 42 ++++++++++++++---------------- 1 file changed, 19 insertions(+), 23 deletions(-) diff --git a/libretroshare/src/pqi/p3peermgr.cc b/libretroshare/src/pqi/p3peermgr.cc index b7902e181..e871e4ddd 100644 --- a/libretroshare/src/pqi/p3peermgr.cc +++ b/libretroshare/src/pqi/p3peermgr.cc @@ -1074,26 +1074,22 @@ bool p3PeerMgrIMPL::addFriend(const RsPeerId& input_id, const RsPgpId& input_gpg bool p3PeerMgrIMPL::addSslOnlyFriend( const RsPeerId& sslId, const RsPgpId& pgp_id, const RsPeerDetails& dt ) { - if(sslId.isNull()) + constexpr auto fname = __PRETTY_FUNCTION__; + const auto failure = [&](const std::string& err) { - RsErr() << __PRETTY_FUNCTION__ << " Cannot add a null " - << "ID as SSL-only friend " << std::endl; + RsErr() << fname << " " << err << std::endl; return false; - } + }; + + if(sslId.isNull()) + return failure("Cannot add a null ID as SSL-only friend"); if(pgp_id.isNull()) - { - RsErr() << __PRETTY_FUNCTION__ << " Cannot add as SSL-only friend a " - << "peer with null PGP" << std::endl; - return false; - } + return failure( " Cannot add as SSL-only friend a peer with null PGP"); if(sslId == getOwnId()) - { - RsErr() << __PRETTY_FUNCTION__ << " Cannot add yourself as SSL-only " - << "friend (id=" << sslId << ")" << std::endl; - return false; - } + return failure( "Cannot add yourself as SSL-only friend id:" + + sslId.toStdString() ); bool alreadySslFriend = false; peerState pstate; @@ -1116,13 +1112,10 @@ bool p3PeerMgrIMPL::addSslOnlyFriend( * PGP id we already know, to avoid nasty tricks with malevolently forged * short invites.*/ if(alreadySslFriend && pstate.gpg_id != pgp_id) - { - RsErr() << __PRETTY_FUNCTION__ << " Cannot SSL-only friend for " - << "a pre-existing friend with mismatching PGP-id " - << "known: " << pstate.gpg_id << " new: " << pgp_id - << std::endl; - return false; - } + return failure( "Cannot SSL-only friend for a pre-existing friend with " + "mismatching PGP-id known: " + + pstate.gpg_id.toStdString() + " new: " + + pgp_id.toStdString() ); /* It is very important to be expecially carefull setting * pstate.skip_pgp_signature_validation to true because this effectively @@ -1137,8 +1130,11 @@ bool p3PeerMgrIMPL::addSslOnlyFriend( * connection closed. * Instead if pstate.skip_pgp_signature_validation would have been * superficially set to true the PGP signature verification would have been - * skipped and the attacker connection would be accepted. */ - if(!AuthGPG::getAuthGPG()->isPgpPubKeyAvailable(pgp_id)) + * skipped and the attacker connection would be accepted. + * If the PGP key is available add it as full friend. */ + if(AuthGPG::getAuthGPG()->isPgpPubKeyAvailable(pgp_id)) + AuthGPG::getAuthGPG()->AllowConnection(pgp_id, true); + else pstate.skip_pgp_signature_validation = true; pstate.gpg_id = pgp_id;