ported branch commit 2732: fixed deadlock in passwd callback

git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@2734 b45a01b8-16f6-495d-af2f-9b41ad6348cc
2024-12-15 10:54:22 -05:00 · 2010-04-19 21:50:03 +00:00 · 2010-04-19 21:50:03 +00:00 · 38463c905e
commit 38463c905e
parent 768b9288b5
12 changed files with 102 additions and 61 deletions
--- a/libretroshare/src/pqi/authssl.cc
+++ b/libretroshare/src/pqi/authssl.cc
@ -1894,60 +1894,67 @@ int pem_passwd_cb(char *buf, int size, int rwflag, void *password)
 	return(strlen(buf));
 }

-bool AuthSSL::LocalStoreCert(X509* x509) {
-            //store the certificate in the local cert list
-            std::string peerId;
-            if(!getX509id(x509, peerId))
-            {
-                #ifdef AUTHSSL_DEBUG
-                std::cerr << "AuthSSL::LocalStoreCert() Cannot retrieve peer id from certificate." << std::endl;
-                #endif
-                return false;
-            }
-            if (peerId != mOwnId) {
-                if (mCerts[peerId]) {
-                    #ifdef AUTHSSL_DEBUG
-                    std::cerr << "AuthSSL::LocalStoreCert() get duplicate for " << mCerts[peerId]->id << std::endl;
-                    #endif
-                    /* have a duplicate */
-                    /* check that they are exact */
-                    if (0 != X509_cmp(mCerts[peerId]->certificate, x509))
-                    {
-                            /* MAJOR ERROR */
-                            std::cerr << "ERROR : AuthSSL::ValidateCertificate() got two different ssl certificate from the same peer. It could be a security intrusion attempt (man in the middle).";
-                            std::cerr << std::endl;
-                            return false;
-                    }
-                } else {
-                    RsStackMutex stack(sslMtx); /******* LOCKED ******/
+bool AuthSSL::LocalStoreCert(X509* x509) 
+{
+	//store the certificate in the local cert list
+	std::string peerId;
+	if(!getX509id(x509, peerId))
+	{
+#ifdef AUTHSSL_DEBUG
+		std::cerr << "AuthSSL::LocalStoreCert() Cannot retrieve peer id from certificate." << std::endl;
+#endif
+		return false;
+	}
+	if (peerId != mOwnId) 
+	{
+		if (mCerts[peerId]) 
+		{
+#ifdef AUTHSSL_DEBUG
+			std::cerr << "AuthSSL::LocalStoreCert() get duplicate for " << mCerts[peerId]->id << std::endl;
+#endif
+			/* have a duplicate */
+			/* check that they are exact */
+			if (0 != X509_cmp(mCerts[peerId]->certificate, x509))
+			{
+				/* MAJOR ERROR */
+				std::cerr << "ERROR : AuthSSL::ValidateCertificate() got two different ssl certificate from the same peer. It could be a security intrusion attempt (man in the middle).";
+				std::cerr << std::endl;
+				return false;
+			}
+		} 
+		else 
+		{
+			RsStackMutex stack(sslMtx); /******* LOCKED ******/

-                    #ifdef AUTHSSL_DEBUG
-                    std::cerr << "AuthSSL::LocalStoreCert() storing certificate for " << peerId << std::endl;
-                    #endif
-                    //have a deep copy of the x509 cert
-                    BIO *bp = BIO_new(BIO_s_mem());
-                    PEM_write_bio_X509(bp, x509);
-                    X509 *certCopy = PEM_read_bio_X509(bp, NULL, 0, NULL);certCopy->cert_info->key->pkey;
+#ifdef AUTHSSL_DEBUG
+			std::cerr << "AuthSSL::LocalStoreCert() storing certificate for " << peerId << std::endl;
+#endif
+			//have a deep copy of the x509 cert
+			BIO *bp = BIO_new(BIO_s_mem());
+			PEM_write_bio_X509(bp, x509);
+			X509 *certCopy = PEM_read_bio_X509(bp, NULL, 0, NULL);

-                    mCerts[peerId] = new sslcert(certCopy, peerId);
-                    /* cert->cert_info->key->pkey is NULL until we call SSL_CTX_use_certificate(),
-                    * so we do it here then...  */
-                    SSL_CTX *newSslctx = SSL_CTX_new(TLSv1_method());
-                    SSL_CTX_set_cipher_list(newSslctx, "DEFAULT");
-                    SSL_CTX_use_certificate(newSslctx, mCerts[peerId]->certificate);
+			mCerts[peerId] = new sslcert(certCopy, peerId);
+			/* cert->cert_info->key->pkey is NULL until we call SSL_CTX_use_certificate(),
+			 * so we do it here then...  */
+			SSL_CTX *newSslctx = SSL_CTX_new(TLSv1_method());
+			SSL_CTX_set_cipher_list(newSslctx, "DEFAULT");
+			SSL_CTX_use_certificate(newSslctx, mCerts[peerId]->certificate);

-                    #ifdef AUTHSSL_DEBUG
-                    std::cerr << "AuthSSL::LocalStoreCert() storing certificate with public key : " << mCerts[peerId]->certificate->cert_info->key->pkey << std::endl;
-                    #endif
+#ifdef AUTHSSL_DEBUG
+			std::cerr << "AuthSSL::LocalStoreCert() storing certificate with public key : " << mCerts[peerId]->certificate->cert_info->key->pkey << std::endl;
+#endif

-                    IndicateConfigChanged();
-                }
-            } else {
-                #ifdef AUTHSSL_DEBUG
-                std::cerr << "AuthSSL::LocalStoreCert() not storing certificate because it's our own " << peerId << std::endl;
-                #endif
-            }
-        }
+			IndicateConfigChanged();
+		}
+	} else {
+#ifdef AUTHSSL_DEBUG
+		std::cerr << "AuthSSL::LocalStoreCert() not storing certificate because it's our own " << peerId << std::endl;
+#endif
+	}
+
+	return true ;
+}

 int AuthSSL::VerifyX509Callback(int preverify_ok, X509_STORE_CTX *ctx)
 {
--- a/libretroshare/src/rsiface/rsiface.h
+++ b/libretroshare/src/rsiface/rsiface.h
@ -208,7 +208,7 @@ class NotifyBase
 	virtual void notifyOwnAvatarChanged() {}
 	virtual void notifyOwnStatusMessageChanged() {}

-        virtual std::string askForPassword(const std::string& key_details) { return "" ;}
+	virtual std::string askForPassword(const std::string& key_details,bool prev_is_bad) { return "" ;}
 };

 const int NOTIFY_LIST_NEIGHBOURS   		= 1;
--- a/libretroshare/src/rsserver/rsinit.cc
+++ b/libretroshare/src/rsserver/rsinit.cc
@ -1234,7 +1234,7 @@ int RsInit::LoadCertificates(bool autoLoginNT)
 		RsInitConfig::passwd = "";
 		create_configinit(RsInitConfig::basedir, RsInitConfig::preferedId);
                //don't autorise the password callback again because it will lead to deadlock due to QT reentrance
-                AuthGPG::getAuthGPG()->setAutorisePasswordCallbackNotify(false);
+//                AuthGPG::getAuthGPG()->setAutorisePasswordCallbackNotify(false);
 		return 1;
 	}

--- a/retroshare-gui/src/gui/MainWindow.cpp
+++ b/retroshare-gui/src/gui/MainWindow.cpp
@ -329,6 +329,9 @@ void MainWindow::displaySystrayMsg(const QString& title,const QString& msg)

 void MainWindow::updateStatus()
 {
+	// This call is essential to remove locks due to QEventLoop re-entrance while asking gpg passwds. Dont' remove it!
+	if(RsAutoUpdatePage::eventsLocked())
+		return ;

 	if (ratesstatus)
 		ratesstatus->getRatesStatus();
--- a/retroshare-gui/src/gui/MessengerWindow.cpp
+++ b/retroshare-gui/src/gui/MessengerWindow.cpp
@ -969,6 +969,9 @@ void MessengerWindow::loadOwnStatus()
 /** Save own status Online,Away,Busy **/
 void MessengerWindow::savestatus()
 {
+	if(RsAutoUpdatePage::eventsLocked())
+		return ;
+
 	//rsiface->lockData(); /* Lock Interface */

 	RsPeerDetails detail;
--- a/retroshare-gui/src/gui/NetworkDialog.cpp
+++ b/retroshare-gui/src/gui/NetworkDialog.cpp
@ -710,6 +710,9 @@ void NetworkDialog::displayInfoLogMenu(const QPoint& pos) {

 void NetworkDialog::getNetworkStatus()
 {
+	if(RsAutoUpdatePage::eventsLocked())
+		return ;
+
    rsiface->lockData(); /* Lock Interface */

    /* now the extra bit .... switch on check boxes */
@ -766,6 +769,9 @@ void NetworkDialog::getNetworkStatus()

 void NetworkDialog::updateNetworkStatus()
 {
+	if(RsAutoUpdatePage::eventsLocked())
+		return ;
+
    rsiface->lockData(); /* Lock Interface */

    /* now the extra bit .... switch on check boxes */
--- a/retroshare-gui/src/gui/RsAutoUpdatePage.cpp
+++ b/retroshare-gui/src/gui/RsAutoUpdatePage.cpp
@ -3,6 +3,8 @@
 #include "RsAutoUpdatePage.h"
 #include "MessengerWindow.h"

+bool RsAutoUpdatePage::_locked = false ;
+
 RsAutoUpdatePage::RsAutoUpdatePage(int ms_update_period,QWidget *parent)
 	: MainPage(parent)
 {
@ -16,14 +18,15 @@ RsAutoUpdatePage::RsAutoUpdatePage(int ms_update_period,QWidget *parent)
 void RsAutoUpdatePage::showEvent(QShowEvent *event)
 {
        //std::cout << "RsAutoUpdatePage::showEvent() In show event !!" << std::endl ;
-	updateDisplay();
+	if(!_locked)
+		updateDisplay();
 }

 void RsAutoUpdatePage::timerUpdate()
 {
 	// only update when the widget is visible.
 	//
-	if(!isVisible())
+	if(_locked || !isVisible())
 		return ;
 	
 	updateDisplay();
@ -31,3 +34,6 @@ void RsAutoUpdatePage::timerUpdate()
 	update() ;				// Qt flush
 }

+void RsAutoUpdatePage::lockAllEvents() { _locked = true ; }
+void RsAutoUpdatePage::unlockAllEvents() { _locked = false ; }
+bool RsAutoUpdatePage::eventsLocked() { return _locked ; }
--- a/retroshare-gui/src/gui/RsAutoUpdatePage.h
+++ b/retroshare-gui/src/gui/RsAutoUpdatePage.h
@ -21,6 +21,10 @@ class RsAutoUpdatePage: public MainPage
 		RsAutoUpdatePage(int ms_update_period = 1000,QWidget *parent=NULL) ;

 		virtual void updateDisplay() {}
+	
+		static void lockAllEvents() ;
+		static void unlockAllEvents() ;
+		static bool eventsLocked() ;

 	protected:
 		virtual void showEvent(QShowEvent *e) ;
@ -30,4 +34,7 @@ class RsAutoUpdatePage: public MainPage

 	private:
 		QTimer *_timer ;
+
+		static bool _locked ;
 };
+
--- a/retroshare-gui/src/gui/StartDialog.cpp
+++ b/retroshare-gui/src/gui/StartDialog.cpp
@ -211,7 +211,7 @@ void StartDialog::notSecureWarning() {
 		if(ui.autologin_checkbox->isChecked()){
            QMessageBox::StandardButton sb = QMessageBox::warning ( NULL,
                            tr("Insecure"),
-                            tr("Auto-Login is not Secure \n It can be disabled in General Settings"),
+                            tr("Auto Login is not so much secure:\n    - Your SSL certificate will be stored unprotected. \n    - Your PGP key will however not be stored.\nThis choice be reverted in settings."),
 			QMessageBox::Ok);
 		}

--- a/retroshare-gui/src/gui/bwgraph/bwgraph.cpp
+++ b/retroshare-gui/src/gui/bwgraph/bwgraph.cpp
@ -24,6 +24,7 @@
 #include <rshare.h>
 #include <control/bandwidthevent.h>
 #include "bwgraph.h"
+#include <gui/RsAutoUpdatePage.h>
 #include "rsiface/rsiface.h"

 #include <sstream>
@ -119,6 +120,9 @@ BandwidthGraph::timerEvent( QTimerEvent * )
 void 
 BandwidthGraph::updategraphstatus( )
 {
+	if(RsAutoUpdatePage::eventsLocked())
+		return ;
+
 	/* set users/friends/network */
 	float downKb = 0;
 	float upKb = 0;
--- a/retroshare-gui/src/gui/notifyqt.cpp
+++ b/retroshare-gui/src/gui/notifyqt.cpp
@ -42,13 +42,18 @@ void NotifyQt::notifyOwnAvatarChanged()
 	emit ownAvatarChanged() ;
 }

-std::string NotifyQt::askForPassword(const std::string& key_details)
+std::string NotifyQt::askForPassword(const std::string& key_details,bool prev_is_bad)
 {

-        return QInputDialog::getText(NULL, tr("GPG key passphrase"),
-                                          tr("Please enter the password to unlock the following GPG key:\n") + QString::fromStdString(key_details),
-                                          QLineEdit::Password,
-					  NULL, NULL).toStdString();
+	RsAutoUpdatePage::lockAllEvents() ;
+
+	std::string res = QInputDialog::getText(NULL, tr("GPG key passphrase"), 
+			(prev_is_bad?tr("Wrong password !\n\n"):QString()) +
+			tr("Please enter the password to unlock the following GPG key:\n") + QString::fromStdString(key_details), QLineEdit::Password, NULL, NULL).toStdString();
+
+	RsAutoUpdatePage::unlockAllEvents() ;
+
+	return res ;
 }

 void NotifyQt::notifyOwnStatusMessageChanged()
--- a/retroshare-gui/src/gui/notifyqt.h
+++ b/retroshare-gui/src/gui/notifyqt.h
@ -41,7 +41,7 @@ class NotifyQt: public QObject, public NotifyBase
 		virtual void notifyOwnAvatarChanged() ;
 		virtual void notifyOwnStatusMessageChanged() ;

-                virtual std::string askForPassword(const std::string& key_details) ;
+		virtual std::string askForPassword(const std::string& key_details,bool prev_is_bad) ;

 	signals:
 		// It's beneficial to send info to the GUI using signals, because signals are thread-safe