Merge pull request #1199 from csoler/v0.6-SecurityFixes

added consistency check in getGroupMeta so that ADMIN/PUBLISH flags a…
This commit is contained in:
csoler 2018-03-01 11:46:47 +01:00 committed by GitHub
commit 3d7be85003
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -39,6 +39,7 @@
#endif #endif
#include "rsdataservice.h" #include "rsdataservice.h"
#include "retroshare/rsgxsflags.h"
#include "util/rsstring.h" #include "util/rsstring.h"
#define MSG_TABLE_NAME std::string("MESSAGES") #define MSG_TABLE_NAME std::string("MESSAGES")
@ -572,6 +573,38 @@ RsGxsGrpMetaData* RsDataService::locked_getGrpMeta(RetroCursor &c, int colOffset
c.getString(mColGrpMeta_ParentGrpId, tempId); c.getString(mColGrpMeta_ParentGrpId, tempId);
grpMeta->mParentGrpId = RsGxsGroupId(tempId); grpMeta->mParentGrpId = RsGxsGroupId(tempId);
// make sure that flags and keys are actually consistent
bool have_private_admin_key = false ;
bool have_private_publish_key = false ;
for(auto mit = grpMeta->keys.private_keys.begin(); mit != grpMeta->keys.private_keys.end();++mit)
{
if(mit->second.keyFlags == (RSTLV_KEY_DISTRIB_PUBLISH | RSTLV_KEY_TYPE_FULL)) have_private_publish_key = true ;
if(mit->second.keyFlags == (RSTLV_KEY_DISTRIB_ADMIN | RSTLV_KEY_TYPE_FULL)) have_private_admin_key = true ;
}
if(have_private_admin_key && !(grpMeta->mSubscribeFlags & GXS_SERV::GROUP_SUBSCRIBE_ADMIN))
{
std::cerr << "(WW) inconsistency in group " << grpMeta->mGroupId << ": group does not have flag ADMIN but an admin key was found. Updating the flags." << std::endl;
grpMeta->mSubscribeFlags |= GXS_SERV::GROUP_SUBSCRIBE_ADMIN;
}
if(!have_private_admin_key && (grpMeta->mSubscribeFlags & GXS_SERV::GROUP_SUBSCRIBE_ADMIN))
{
std::cerr << "(WW) inconsistency in group " << grpMeta->mGroupId << ": group has flag ADMIN but no admin key found. Updating the flags." << std::endl;
grpMeta->mSubscribeFlags &= ~GXS_SERV::GROUP_SUBSCRIBE_ADMIN;
}
if(have_private_publish_key && !(grpMeta->mSubscribeFlags & GXS_SERV::GROUP_SUBSCRIBE_PUBLISH))
{
std::cerr << "(WW) inconsistency in group " << grpMeta->mGroupId << ": group does not have flag PUBLISH but an admin key was found. Updating the flags." << std::endl;
grpMeta->mSubscribeFlags |= GXS_SERV::GROUP_SUBSCRIBE_PUBLISH;
}
if(!have_private_publish_key && (grpMeta->mSubscribeFlags & GXS_SERV::GROUP_SUBSCRIBE_PUBLISH))
{
std::cerr << "(WW) inconsistency in group " << grpMeta->mGroupId << ": group has flag PUBLISH but no admin key found. Updating the flags." << std::endl;
grpMeta->mSubscribeFlags &= ~GXS_SERV::GROUP_SUBSCRIBE_PUBLISH;
}
if(ok) if(ok)
return grpMeta; return grpMeta;
else else