diff --git a/libretroshare/src/pqi/Makefile b/libretroshare/src/pqi/Makefile index c350e7113..e90080539 100644 --- a/libretroshare/src/pqi/Makefile +++ b/libretroshare/src/pqi/Makefile @@ -14,11 +14,32 @@ LOOP_OBJ = pqiloopback.o STREAM_OBJ = pqistreamer.o pqiarchive.o pqistore.o pqibin.o MGR_OBJ = pqimonitor.o p3dhtmgr.o p3connmgr.o p3cfgmgr.o p3authmgr.o GRP_OBJ = pqiperson.o pqihandler.o pqiservice.o pqipersongrp.o -SSL_OBJ = pqissl.o pqissllistener.o pqisslpersongrp.o +SSL_OBJ = pqissl.o pqissllistener.o pqisslpersongrp.o cleanupxpgp.o UDP_OBJ = pqissludp.o OTHER_OBJ = p3notify.o + +TESTOBJ = net_test.o dht_test.o net_test1.o +#conn_test.o + +TESTS = net_test dht_test net_test1 +#conn_test + +ifdef PQI_USE_XPGP + SSL_OBJ += authxpgp.o + TESTOBJ += xpgp_id.o + TESTS += xpgp_id +else + ifdef PQI_USE_SSLONLY + SSL_OBJ += authssl.o + else + SSL_OBJ += authssl.o authgpg.o + TESTOBJ += gpgme_tst.o + TESTS += gpgme_tst + endif +endif + RSOBJ = $(BASE_OBJ) $(LOOP_OBJ) \ $(STREAM_OBJ) \ $(MGR_OBJ) \ @@ -27,23 +48,11 @@ RSOBJ = $(BASE_OBJ) $(LOOP_OBJ) \ $(GRP_OBJ) \ $(OTHER_OBJ) -TESTOBJ = net_test.o dht_test.o net_test1.o -#conn_test.o - -TESTS = net_test dht_test net_test1 -#conn_test - -ifdef PQI_USE_XPGP - SSL_OBJ += authxpgp.o cleanupxpgp.o - TESTOBJ += xpgp_id.o - TESTS += xpgp_id -else - SSL_OBJ = authssl.o -endif - - all: librs tests +gpgme_tst: gpgme_tst.o + $(CC) $(CFLAGS) -o gpgme_tst gpgme_tst.o $(LIBS) + xpgp_id: xpgp_id.o $(CC) $(CFLAGS) -o xpgp_id xpgp_id.o $(LIBS) diff --git a/libretroshare/src/pqi/authssl.cc b/libretroshare/src/pqi/authssl.cc index 017739059..c3e9b525d 100644 --- a/libretroshare/src/pqi/authssl.cc +++ b/libretroshare/src/pqi/authssl.cc @@ -29,7 +29,7 @@ */ #include "authssl.h" -//#include "cleanupx509.h" +#include "cleanupxpgp.h" #include "pqinetwork.h" @@ -48,12 +48,16 @@ /********************************************************************************/ /********************************************************************************/ +static int verify_x509_callback(int preverify_ok, X509_STORE_CTX *ctx); + /*********** ** #define AUTHSSL_DEBUG 1 **********/ #define AUTHSSL_DEBUG 1 -// the single instance of this. +#ifdef PQI_USE_SSLONLY + +// the single instance of this, but only when SSL Only static AuthSSL instance_sslroot; p3AuthMgr *getAuthMgr() @@ -61,6 +65,8 @@ p3AuthMgr *getAuthMgr() return &instance_sslroot; } +#endif + sslcert::sslcert(X509 *x509, std::string pid) { @@ -71,9 +77,335 @@ sslcert::sslcert(X509 *x509, std::string pid) location = getX509LocString(x509->cert_info->subject); email = ""; + issuer = getX509CNString(x509->cert_info->issuer); + authed = false; } +X509_REQ *GenerateX509Req( + std::string pkey_file, std::string passwd, + std::string name, std::string email, std::string org, + std::string loc, std::string state, std::string country, + int nbits_in, std::string &errString) +{ + /* generate request */ + X509_REQ *req=X509_REQ_new(); + + // setup output. + BIO *bio_out = NULL; + bio_out = BIO_new(BIO_s_file()); + BIO_set_fp(bio_out,stdout,BIO_NOCLOSE); + + EVP_PKEY *pkey = NULL; + + // first generate a key.... + if ((pkey=EVP_PKEY_new()) == NULL) + { + fprintf(stderr,"GenerateX509Req: Couldn't Create Key\n"); + return 0; + } + + int nbits = 2048; + unsigned long e = 0x10001; + + if ((nbits_in >= 512) && (nbits_in <= 4096)) + { + nbits = nbits_in; + } + else + { + fprintf(stderr,"GenerateX509Req: strange num of nbits: %d\n", nbits_in); + fprintf(stderr,"GenerateX509Req: reverting to %d\n", nbits); + } + + + RSA *rsa = RSA_generate_key(nbits, e, NULL, NULL); + if ((rsa == NULL) || !EVP_PKEY_assign_RSA(pkey, rsa)) + { + if(rsa) RSA_free(rsa); + fprintf(stderr,"GenerateX509Req: Couldn't Generate RSA Key!\n"); + return 0; + } + + + // open the file. + FILE *out; + if (NULL == (out = fopen(pkey_file.c_str(), "w"))) + { + fprintf(stderr,"GenerateX509Req: Couldn't Create Key File!"); + fprintf(stderr," : %s\n", pkey_file.c_str()); + return 0; + } + + const EVP_CIPHER *cipher = EVP_des_ede3_cbc(); + + if (!PEM_write_PrivateKey(out,pkey,cipher, + NULL,0,NULL,(void *) passwd.c_str())) + { + fprintf(stderr,"GenerateX509Req() Couldn't Save Private Key"); + fprintf(stderr," : %s\n", pkey_file.c_str()); + return 0; + } + fclose(out); + + // We have now created a private key.... + fprintf(stderr,"GenerateX509Req() Saved Private Key"); + fprintf(stderr," : %s\n", pkey_file.c_str()); + + /********** Test Loading the private Key.... ************/ + FILE *tst_in = NULL; + EVP_PKEY *tst_pkey = NULL; + if (NULL == (tst_in = fopen(pkey_file.c_str(), "rb"))) + { + fprintf(stderr,"GenerateX509Req() Couldn't Open Private Key"); + fprintf(stderr," : %s\n", pkey_file.c_str()); + return 0; + } + + if (NULL == (tst_pkey = + PEM_read_PrivateKey(tst_in,NULL,NULL,(void *) passwd.c_str()))) + { + fprintf(stderr,"GenerateX509Req() Couldn't Read Private Key"); + fprintf(stderr," : %s\n", pkey_file.c_str()); + return 0; + } + fclose(tst_in); + EVP_PKEY_free(tst_pkey); + /********** Test Loading the private Key.... ************/ + + /* Fill in details: fields. + req->req_info; + req->req_info->enc; + req->req_info->version; + req->req_info->subject; + req->req_info->pubkey; + ****************************/ + + long version = 0x00; + unsigned long chtype = MBSTRING_ASC; + X509_NAME *x509_name = X509_NAME_new(); + + // fill in the request. + + /**** X509_REQ -> Version ********************************/ + if (!X509_REQ_set_version(req,version)) /* version 1 */ + { + fprintf(stderr,"GenerateX509Req(): Couldn't Set Version!\n"); + return 0; + } + /**** X509_REQ -> Version ********************************/ + /**** X509_REQ -> Key ********************************/ + + if (!X509_REQ_set_pubkey(req,pkey)) + { + fprintf(stderr,"GenerateX509Req() Couldn't Set PUBKEY Version!\n"); + return 0; + } + + /**** SUBJECT ********************************/ + // create the name. + + // fields to add. + // commonName CN + // emailAddress (none) + // organizationName O + // localityName L + // stateOrProvinceName ST + // countryName C + + if (0 < strlen(name.c_str())) + { + X509_NAME_add_entry_by_txt(x509_name, "CN", chtype, + (unsigned char *) name.c_str(), -1, -1, 0); + } + else + { + fprintf(stderr,"GenerateX509Req(): No Name -> Not creating X509 Cert Req\n"); + return 0; + } + + if (0 < strlen(email.c_str())) + { + //X509_NAME_add_entry_by_txt(x509_name, "Email", 0, + // (unsigned char *) ui -> gen_email -> value(), -1, -1, 0); + X509_NAME_add_entry_by_NID(x509_name, 48, 0, + (unsigned char *) email.c_str(), -1, -1, 0); + } + + if (0 < strlen(org.c_str())) + { + X509_NAME_add_entry_by_txt(x509_name, "O", chtype, + (unsigned char *) org.c_str(), -1, -1, 0); + } + + if (0 < strlen(loc.c_str())) + { + X509_NAME_add_entry_by_txt(x509_name, "L", chtype, + (unsigned char *) loc.c_str(), -1, -1, 0); + } + + if (0 < strlen(state.c_str())) + { + X509_NAME_add_entry_by_txt(x509_name, "ST", chtype, + (unsigned char *) state.c_str(), -1, -1, 0); + } + + if (0 < strlen(country.c_str())) + { + X509_NAME_add_entry_by_txt(x509_name, "C", chtype, + (unsigned char *) country.c_str(), -1, -1, 0); + } + + if (!X509_REQ_set_subject_name(req,x509_name)) + { + fprintf(stderr,"GenerateX509Req() Couldn't Set Name to Request!\n"); + X509_NAME_free(x509_name); + return 0; + } + + X509_NAME_free(x509_name); + /**** SUBJECT ********************************/ + + if (!X509_REQ_sign(req,pkey,EVP_sha1())) + { + fprintf(stderr,"GenerateX509Req() Failed to Sign REQ\n"); + return 0; + } + + return req; +} + +#define SERIAL_RAND_BITS 64 + +X509 *SignX509Certificate(X509_NAME *issuer, EVP_PKEY *privkey, X509_REQ *req, long days) +{ + const EVP_MD *digest = EVP_sha1(); + ASN1_INTEGER *serial = ASN1_INTEGER_new(); + EVP_PKEY *tmppkey; + X509 *x509 = X509_new(); + if (x509 == NULL) + return NULL; + + BIGNUM *btmp = BN_new(); + if (!BN_pseudo_rand(btmp, SERIAL_RAND_BITS, 0, 0)) + { + fprintf(stderr,"SignX509Certificate() Failed: "); + fprintf(stderr," pseudo_rand\n"); + + return NULL; + } + if (!BN_to_ASN1_INTEGER(btmp, serial)) + { + fprintf(stderr,"SignX509Certificate() Failed: "); + fprintf(stderr," int\n"); + + return NULL; + } + BN_free(btmp); + + if (!X509_set_serialNumber(x509, serial)) + { + fprintf(stderr,"SignX509Certificate() Failed: "); + fprintf(stderr," serialNumber\n"); + + return NULL; + } + ASN1_INTEGER_free(serial); + + if (!X509_set_issuer_name(x509, issuer)) + { + fprintf(stderr,"SignX509Certificate() Failed: "); + fprintf(stderr," issuer\n"); + + return NULL; + } + + if (!X509_gmtime_adj(x509->cert_info->validity->notBefore, 0)) + { + fprintf(stderr,"SignX509Certificate() Failed: "); + fprintf(stderr," notBefore\n"); + + return NULL; + } + + //x509->cert_info->validity->notAfter + //if (!X509_gmtime_adj(X509_get_notAfter(x509), (long)60*60*24*days)) + if (!X509_gmtime_adj(x509->cert_info->validity->notAfter, (long)60*60*24*days)) + { + fprintf(stderr,"SignX509Certificate() Failed: "); + fprintf(stderr," notAfter\n"); + + return NULL; + } + + if (!X509_set_subject_name(x509, X509_REQ_get_subject_name(req))) + { + fprintf(stderr,"SignX509Certificate() Failed: "); + fprintf(stderr," subject_name\n"); + + return NULL; + } + + + tmppkey = X509_REQ_get_pubkey(req); + if (!tmppkey || !X509_set_pubkey(x509,tmppkey)) + { + fprintf(stderr,"SignX509Certificate() Failed: "); + fprintf(stderr," pubkey\n"); + + return NULL; + } + + + /* Cleanup Algorithm part */ + + X509_ALGOR *algor1 = x509->cert_info->signature; + X509_ALGOR *algor2 = x509->sig_alg; + + X509_ALGOR *a; + + a = algor1; + ASN1_TYPE_free(a->parameter); + a->parameter=ASN1_TYPE_new(); + a->parameter->type=V_ASN1_NULL; + + ASN1_OBJECT_free(a->algorithm); + a->algorithm=OBJ_nid2obj(digest->pkey_type); + + a = algor2; + ASN1_TYPE_free(a->parameter); + a->parameter=ASN1_TYPE_new(); + a->parameter->type=V_ASN1_NULL; + + ASN1_OBJECT_free(a->algorithm); + a->algorithm=OBJ_nid2obj(digest->pkey_type); + + + if (!X509_sign(x509,privkey,digest)) + { + long e = ERR_get_error(); + + fprintf(stderr,"SignX509Certificate() Failed: "); + fprintf(stderr," signing Error: %ld\n", e); + + fprintf(stderr,"ERR: %s, %s, %s\n", + ERR_lib_error_string(e), + ERR_func_error_string(e), + ERR_reason_error_string(e)); + + int inl=i2d_X509(x509,NULL); + int outl=EVP_PKEY_size(privkey); + fprintf(stderr,"Size Check: inl: %d, outl: %d\n", inl, outl); + + return NULL; + } + + fprintf(stderr,"SignX509Certificate() Success\n"); + + return x509; +} + + AuthSSL::AuthSSL() :init(0), sslctx(NULL), pkey(NULL), mToSaveCerts(false), mConfigSaveActive(true) @@ -145,6 +477,11 @@ static int initLib = 0; if (x509 == NULL) { + std::cerr << "AuthSSL::InitAuth() PEM_read_X509() Failed"; + std::cerr << std::endl; +#ifdef AUTHSSL_DEBUG +#endif + return -1; } SSL_CTX_use_certificate(sslctx, x509); @@ -163,6 +500,10 @@ static int initLib = 0; if (pkey == NULL) { + std::cerr << "AuthSSL::InitAuth() PEM_read_PrivateKey() Failed"; + std::cerr << std::endl; +#ifdef AUTHSSL_DEBUG +#endif return -1; } SSL_CTX_use_PrivateKey(sslctx, pkey); @@ -179,6 +520,9 @@ static int initLib = 0; if (!getX509id(x509, mOwnId)) { + std::cerr << "AuthSSL::InitAuth() getX509id() Failed"; + std::cerr << std::endl; + /* bad certificate */ CloseAuth(); return -1; @@ -188,11 +532,22 @@ static int initLib = 0; * for gpg/pgp or CA verification */ - validateOwnCertificate(x509, pkey); + if (!validateOwnCertificate(x509, pkey)) + { + std::cerr << "AuthSSL::InitAuth() validateOwnCertificate() Failed"; + std::cerr << std::endl; + + /* bad certificate */ + CloseAuth(); + return -1; + } + // enable verification of certificates (PEER) + // and install verify callback. SSL_CTX_set_verify(sslctx, SSL_VERIFY_PEER | - SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL); + SSL_VERIFY_FAIL_IF_NO_PEER_CERT, + verify_x509_callback); std::cerr << "SSL Verification Set" << std::endl; @@ -202,7 +557,12 @@ static int initLib = 0; return 1; } - +/* Dummy function to be overloaded by real implementation */ +bool AuthSSL::validateOwnCertificate(X509 *x509, EVP_PKEY *pkey) +{ + return true; + //return false; +} bool AuthSSL::CloseAuth() { @@ -231,7 +591,9 @@ SSL_CTX *AuthSSL::getCTX() int AuthSSL::setConfigDirectories(std::string configfile, std::string neighdir) { #ifdef AUTHSSL_DEBUG - std::cerr << "AuthSSL::setConfigDirectories()"; + std::cerr << "AuthSSL::setConfigDirectories() "; + std::cerr << " configfile: " << configfile; + std::cerr << " neighdir: " << neighdir; std::cerr << std::endl; #endif sslMtx.lock(); /***** LOCK *****/ @@ -375,7 +737,7 @@ bool AuthSSL::isAuthenticated(std::string id) if (locked_FindCert(id, &cert)) { - auth = it->second->authed; + auth = cert->authed; } sslMtx.unlock(); /**** UNLOCK ****/ @@ -408,6 +770,31 @@ std::string AuthSSL::getName(std::string id) return name; } +std::string AuthSSL::getIssuerName(std::string id) +{ +#ifdef AUTHSSL_DEBUG + std::cerr << "AuthSSL::getIssuerName() " << id; + std::cerr << std::endl; +#endif + std::string issuer; + + sslMtx.lock(); /***** LOCK *****/ + + sslcert *cert = NULL; + if (id == mOwnId) + { + issuer = mOwnCert->issuer; + } + else if (locked_FindCert(id, &cert)) + { + issuer = cert->issuer; + } + + sslMtx.unlock(); /**** UNLOCK ****/ + + return issuer; +} + bool AuthSSL::getDetails(std::string id, pqiAuthDetails &details) { #ifdef AUTHSSL_DEBUG @@ -436,13 +823,15 @@ bool AuthSSL::getDetails(std::string id, pqiAuthDetails &details) details.email = cert->email; details.location= cert->location; details.org = cert->org; + details.issuer = cert->issuer; details.fpr = cert->fpr; details.signers = cert->signers; - details.trustLvl= cert->trustLvl; - details.ownsign = cert->ownsign; - details.trusted = cert->trusted; + //details.trustLvl= cert->trustLvl; + //details.ownsign = cert->ownsign; + //details.trusted = cert->trusted; + details.trusted = cert->authed; } sslMtx.unlock(); /**** UNLOCK ****/ @@ -465,7 +854,7 @@ bool AuthSSL::LoadCertificateFromString(std::string pem, std::string &id) std::cerr << std::endl; #endif - std::string cleancert = cleanUpX509Certificate(pem); + std::string cleancert = cleanUpCertificate(pem); X509 *x509 = loadX509FromPEM(cleancert); if (!x509) @@ -817,7 +1206,7 @@ bool AuthSSL::VerifySignBin(std::string pid, return false; } - EVP_PKEY *peerkey = peer->certificate->key->key->pkey; + EVP_PKEY *peerkey = peer->certificate->cert_info->key->pkey; EVP_MD_CTX *mdctx = EVP_MD_CTX_create(); if (0 == EVP_VerifyInit(mdctx, EVP_sha1())) @@ -1124,7 +1513,7 @@ X509 *AuthSSL::loadX509FromDER(const uint8_t *ptr, uint32_t len) #endif X509 *tmp = NULL; - unsigned char **certptr = (unsigned char **) &ptr; + const unsigned char **certptr = (const unsigned char **) &ptr; X509 *x509 = d2i_X509(&tmp, certptr, len); return x509; @@ -1164,15 +1553,15 @@ bool AuthSSL::ProcessX509(X509 *x509, std::string &id) /* extract id */ std::string xid; - if (!X509_check_valid_certificate(x509)) - { - /* bad certificate */ - X509_free(x509); - return false; - } - - if (!getX509id(x509, xid)) + + + if (!ValidateCertificate(x509, xid)) { +#ifdef AUTHSSL_DEBUG + std::cerr << "AuthSSL::ProcessX509() ValidateCertificate FAILED"; + std::cerr << std::endl; +#endif + /* bad certificate */ X509_free(x509); return false; @@ -1185,20 +1574,40 @@ bool AuthSSL::ProcessX509(X509 *x509, std::string &id) if (xid == mOwnId) { +#ifdef AUTHSSL_DEBUG + std::cerr << "AuthSSL::ProcessX509() Cert is own id (dup)"; + std::cerr << std::endl; +#endif + cert = mOwnCert; duplicate = true; } else if (locked_FindCert(xid, &cert)) { +#ifdef AUTHSSL_DEBUG + std::cerr << "AuthSSL::ProcessX509() Found Duplicate"; + std::cerr << std::endl; +#endif + duplicate = true; } if (duplicate) { +#ifdef AUTHSSL_DEBUG + std::cerr << "AuthSSL::ProcessX509() Processing as dup"; + std::cerr << std::endl; +#endif + /* have a duplicate */ /* check that they are exact */ if (0 != X509_cmp(cert->certificate, x509)) { +#ifdef AUTHSSL_DEBUG + std::cerr << "AuthSSL::ProcessX509() Not the same: MAJOR ERROR"; + std::cerr << std::endl; +#endif + /* MAJOR ERROR */ X509_free(x509); sslMtx.unlock(); /**** UNLOCK ****/ @@ -1209,6 +1618,11 @@ bool AuthSSL::ProcessX509(X509 *x509, std::string &id) /* we accepted it! */ id = xid; +#ifdef AUTHSSL_DEBUG + std::cerr << "AuthSSL::ProcessX509() Accepted Dup"; + std::cerr << std::endl; +#endif + sslMtx.unlock(); /**** UNLOCK ****/ return true; @@ -1239,6 +1653,10 @@ bool AuthSSL::ProcessX509(X509 *x509, std::string &id) id = xid; +#ifdef AUTHSSL_DEBUG + std::cerr << "AuthSSL::ProcessX509() Accepted New Cert"; + std::cerr << std::endl; +#endif return true; } @@ -1253,7 +1671,7 @@ bool getX509id(X509 *x509, std::string &xid) xid = ""; if (x509 == NULL) { -#ifdef X509_DEBUG +#ifdef AUTHSSL_DEBUG std::cerr << "AuthSSL::getX509id() NULL pointer"; std::cerr << std::endl; #endif @@ -1265,7 +1683,7 @@ bool getX509id(X509 *x509, std::string &xid) int signlen = ASN1_STRING_length(signature); if (signlen < CERTSIGNLEN) { -#ifdef X509_DEBUG +#ifdef AUTHSSL_DEBUG std::cerr << "AuthSSL::getX509id() ERROR: Short Signature"; std::cerr << std::endl; #endif @@ -1288,27 +1706,36 @@ bool getX509id(X509 *x509, std::string &xid) /* validate + get id */ -bool AuthSSL::ValidateCertificateX509(X509 *x509, std::string &peerId) +bool AuthSSL::ValidateCertificate(X509 *x509, std::string &peerId) { /* check self signed */ +#warning "ValidateCertificate Not Finished" + +#if 0 if (!X509_check_valid_certificate(x509)) { /* bad certificate */ return false; } +#endif + +#ifdef AUTHSSL_DEBUG + std::cerr << "AuthSSL::ValidateCertificate() Not Finished!"; + std::cerr << std::endl; +#endif return getX509id(x509, peerId); } /* store for discovery */ -bool AuthSSL::FailedCertificateX509(X509 *x509, bool incoming) +bool AuthSSL::FailedCertificate(X509 *x509, bool incoming) { std::string id; return ProcessX509(x509, id); } /* check that they are exact match */ -bool AuthSSL::CheckCertificateX509(std::string x509Id, X509 *x509) +bool AuthSSL::CheckCertificate(std::string x509Id, X509 *x509) { sslMtx.lock(); /***** LOCK *****/ @@ -1334,11 +1761,11 @@ bool AuthSSL::CheckCertificateX509(std::string x509Id, X509 *x509) } /* transfer new signatures */ - X509_copy_known_signatures(pgp_keyring, cert->certificate, x509); + //X509_copy_known_signatures(pgp_keyring, cert->certificate, x509); X509_free(x509); /* update signers */ - cert->signers = getX509signers(cert->certificate); + //cert->signers = getX509signers(cert->certificate); sslMtx.unlock(); /**** UNLOCK ****/ return true; @@ -1361,6 +1788,95 @@ int pem_passwd_cb(char *buf, int size, int rwflag, void *password) return(strlen(buf)); } + +static int verify_x509_callback(int preverify_ok, X509_STORE_CTX *ctx) +{ + AuthSSL *authssl = (AuthSSL *) getAuthMgr(); + return authssl->VerifyX509Callback(preverify_ok, ctx); + +} + + +int AuthSSL::VerifyX509Callback(int preverify_ok, X509_STORE_CTX *ctx) +{ + char buf[256]; + X509 *err_cert; + int err, depth; + //SSL *ssl; + //mydata_t *mydata; + + err_cert = X509_STORE_CTX_get_current_cert(ctx); + err = X509_STORE_CTX_get_error(ctx); + depth = X509_STORE_CTX_get_error_depth(ctx); + +#ifdef AUTHSSL_DEBUG + std::cerr << "AuthSSL::VerifyX509Callback(preverify_ok: " << preverify_ok + << " Err: " << err << " Depth: " << depth; + std::cerr << std::endl; +#endif + + /* + * Retrieve the pointer to the SSL of the connection currently treated + * and the application specific data stored into the SSL object. + */ + //ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx()); + //mydata = SSL_get_ex_data(ssl, mydata_index); + + X509_NAME_oneline(X509_get_subject_name(err_cert), buf, 256); + + std::cerr << "AuthSSL::VerifyX509Callback: depth: " << depth << ":" << buf; + std::cerr << std::endl; + + +// X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT +// X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN +// +// We accept self signed certificates. + if (!preverify_ok && (depth == 0) && (err == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT)) + { + std::cerr << "AuthSSL::VerifyX509Callback() Accepting SELF_SIGNED_CERT"; + std::cerr << std::endl; + preverify_ok = 1; + } + + if (!preverify_ok) { + fprintf(stderr, "Verify error:num=%d:%s:depth=%d:%s\n", err, + X509_verify_cert_error_string(err), depth, buf); + } + +#if 0 + else if (mydata->verbose_mode) + { + printf("depth=%d:%s\n", depth, buf); + } +#endif + + /* + * At this point, err contains the last verification error. We can use + * it for something special + */ + + if (!preverify_ok && (err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT)) + { + X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), buf, 256); + printf("issuer= %s\n", buf); + } + + +#if 0 + if (mydata->always_continue) + return 1; + else + return preverify_ok; +#endif + return preverify_ok; + +} + + + + + // Not dependent on sslroot. load, and detroys the X509 memory. int LoadCheckX509andGetName(const char *cert_file, std::string &userName, std::string &userId) @@ -1372,7 +1888,7 @@ int LoadCheckX509andGetName(const char *cert_file, std::string &userName, std::s FILE *tmpfp = fopen(cert_file, "r"); if (tmpfp == NULL) { -#ifdef X509_DEBUG +#ifdef AUTHSSL_DEBUG std::cerr << "sslroot::LoadCheckAndGetX509Name()"; std::cerr << " Failed to open Certificate File:" << cert_file; std::cerr << std::endl; @@ -1388,18 +1904,13 @@ int LoadCheckX509andGetName(const char *cert_file, std::string &userName, std::s bool valid = false; if (x509) { - valid = X509_check_valid_certificate(x509); + valid = ((AuthSSL *) getAuthMgr())->ValidateCertificate(x509, userId); } if (valid) { // extract the name. - userName = getX509CNString(x509->subject->subject); - } - - if (!getX509id(x509, userId)) - { - valid = false; + userName = getX509CNString(x509->cert_info->subject); } std::cout << getX509Info(x509) << std::endl ; @@ -1536,7 +2047,7 @@ std::string getX509Info(X509 *cert) l=X509_get_version(cert); out << " Version: " << l+1 << "(0x" << l << ")" << std::endl; out << " Subject: " << std::endl; - out << " " << getX509NameString(cert -> subject -> subject); + out << " " << getX509NameString(cert->cert_info->subject); out << std::endl; out << std::endl; out << " Signatures:" << std::endl; @@ -1569,10 +2080,9 @@ std::string getX509AuthCode(X509 *x509) } // other fns -#if 0 std::string getCertName(X509 *x509) { - std::string name = x509->name; + std::string name = getX509NameString(x509->cert_info->subject); // strip out bad chars. for(int i = 0; i < (signed) name.length(); i++) { @@ -1585,6 +2095,7 @@ std::string getCertName(X509 *x509) return name; } +#if 0 #endif @@ -1716,7 +2227,10 @@ bool AuthSSL::saveCertificates() for(it = mCerts.begin(); it != mCerts.end(); it++) { - if (it->second->trustLvl > TRUST_SIGN_BASIC) +// SAVE ALL CERTS +#if 0 + if (it->second->authed) +#endif { X509 *x509 = it->second->certificate; std::string hash; @@ -1747,14 +2261,14 @@ bool AuthSSL::saveCertificates() if (0 == EVP_SignInit_ex(mdctx, EVP_sha1(), NULL)) { -#ifdef X509_DEBUG +#ifdef AUTHSSL_DEBUG std::cerr << "EVP_SignInit Failure!" << std::endl; #endif } if (0 == EVP_SignUpdate(mdctx, conftxt.c_str(), conftxt.length())) { -#ifdef X509_DEBUG +#ifdef AUTHSSL_DEBUG std::cerr << "EVP_SignUpdate Failure!" << std::endl; #endif } @@ -1762,36 +2276,46 @@ bool AuthSSL::saveCertificates() if (0 == EVP_SignFinal(mdctx, signature, &signlen, pkey)) { -#ifdef X509_DEBUG +#ifdef AUTHSSL_DEBUG std::cerr << "EVP_SignFinal Failure!" << std::endl; #endif } -#ifdef X509_DEBUG +#ifdef AUTHSSL_DEBUG std::cerr << "Conf Signature is(" << signlen << "): "; #endif for(i = 0; i < signlen; i++) { -#ifdef X509_DEBUG +#ifdef AUTHSSL_DEBUG fprintf(stderr, "%02x", signature[i]); #endif conftxt += signature[i]; } -#ifdef X509_DEBUG +#ifdef AUTHSSL_DEBUG std::cerr << std::endl; #endif + EVP_MD_CTX_destroy(mdctx); FILE *cfd = fopen(configfile.c_str(), "wb"); + if (cfd == NULL) + { +#ifdef AUTHSSL_DEBUG + std::cerr << "Failed to open: " << configfile << std::endl; +#endif + sslMtx.unlock(); /**** UNLOCK ****/ + + return false; + } + int wrec; if (1 != (wrec = fwrite(conftxt.c_str(), conftxt.length(), 1, cfd))) { -#ifdef X509_DEBUG +#ifdef AUTHSSL_DEBUG std::cerr << "Error writing: " << configfile << std::endl; std::cerr << "Wrote: " << wrec << "/" << 1 << " Records" << std::endl; #endif } - EVP_MD_CTX_destroy(mdctx); fclose(cfd); sslMtx.unlock(); /**** UNLOCK ****/ @@ -1864,7 +2388,7 @@ bool AuthSSL::loadCertificates(bool &oldFormat, std::map @@ -60,6 +68,8 @@ class sslcert std::string org; std::string email; + std::string issuer; + std::string fpr; std::list signers; @@ -77,12 +87,17 @@ class AuthSSL: public p3AuthMgr /* Initialisation Functions (Unique) */ AuthSSL(); +bool validateOwnCertificate(X509 *x509, EVP_PKEY *pkey); + virtual bool active(); virtual int InitAuth(const char *srvr_cert, const char *priv_key, const char *passwd); virtual bool CloseAuth(); virtual int setConfigDirectories(std::string confFile, std::string neighDir); + /* Extra Function SSL only */ +std::string getIssuerName(std::string id); + /*********** Overloaded Functions from p3AuthMgr **********/ /* get Certificate Ids */ @@ -138,16 +153,26 @@ virtual bool VerifySignBin(std::string, const void*, uint32_t, unsigned char* /*********** Overloaded Functions from p3AuthMgr **********/ + /************* Virtual Functions from AuthSSL *************/ + +virtual int VerifyX509Callback(int preverify_ok, X509_STORE_CTX *ctx); +virtual bool ValidateCertificate(X509 *x509, std::string &peerId); /* validate + get id */ + + /************* Virtual Functions from AuthSSL *************/ + + public: /* SSL specific functions used in pqissl/pqissllistener */ SSL_CTX *getCTX(); -bool ValidateCertificate(X509 *x509, std::string &peerId); /* validate + get id */ + bool FailedCertificate(X509 *x509, bool incoming); /* store for discovery */ bool CheckCertificate(std::string peerId, X509 *x509); /* check that they are exact match */ /* Special Config Loading (backwards compatibility) */ bool loadCertificates(bool &oldFormat, std::map &keyValueMap); + + private: /* Helper Functions */ @@ -184,6 +209,16 @@ bool locked_FindCert(std::string id, sslcert **cert); }; + +X509_REQ *GenerateX509Req( + std::string pkey_file, std::string passwd, + std::string name, std::string email, std::string org, + std::string loc, std::string state, std::string country, + int nbits_in, std::string &errString); + +X509 *SignX509Certificate(X509_NAME *issuer, EVP_PKEY *privkey, X509_REQ *req, long days); + + /* Helper Functions */ int printSSLError(SSL *ssl, int retval, int err, unsigned long err2, std::ostream &out); std::string getX509NameString(X509_NAME *name); @@ -195,13 +230,14 @@ std::string getX509CountryString(X509_NAME *name); #if 0 std::list getXPGPsigners(XPGP *cert); -std::string getXPGPInfo(XPGP *cert); std::string getXPGPAuthCode(XPGP *xpgp); -int LoadCheckXPGPandGetName(const char *cert_file, - std::string &userName, std::string &userId); #endif +std::string getX509Info(X509 *cert); bool getX509id(X509 *x509, std::string &xid); +int LoadCheckX509andGetName(const char *cert_file, + std::string &userName, std::string &userId); + #endif // MRK_AUTH_SSL_HEADER diff --git a/libretroshare/src/pqi/cleanupxpgp.cc b/libretroshare/src/pqi/cleanupxpgp.cc index ee71c44d7..99b7077ea 100644 --- a/libretroshare/src/pqi/cleanupxpgp.cc +++ b/libretroshare/src/pqi/cleanupxpgp.cc @@ -25,7 +25,7 @@ #include "cleanupxpgp.h" #include -#include #strlen +#include //strlen /* Method for cleaning up the certificate. This method removes any unnecessay white spaces and unnecessary diff --git a/libretroshare/src/pqi/p3authmgr.h b/libretroshare/src/pqi/p3authmgr.h index 186839454..12ceba3e8 100644 --- a/libretroshare/src/pqi/p3authmgr.h +++ b/libretroshare/src/pqi/p3authmgr.h @@ -58,6 +58,8 @@ class pqiAuthDetails std::string location; std::string org; + std::string issuer; + std::string fpr; /* fingerprint */ std::list signers; @@ -105,6 +107,10 @@ virtual bool loadCertificates() = 0; virtual bool isTrustingMe(std::string id) = 0; virtual void addTrustingPeer(std::string id) = 0; + /* Extra Fns for PGP, call std versions if not overloaded */ +virtual std::string PGPOwnId() { return OwnId(); } +virtual bool getPGPAllList(std::list &ids) { return getAllList(ids); }; + /* Load/Save certificates */ virtual bool LoadCertificateFromString(std::string pem, std::string &id) = 0; diff --git a/libretroshare/src/pqi/p3connmgr.cc b/libretroshare/src/pqi/p3connmgr.cc index 75d172eb6..752596e68 100644 --- a/libretroshare/src/pqi/p3connmgr.cc +++ b/libretroshare/src/pqi/p3connmgr.cc @@ -64,6 +64,7 @@ const uint32_t MAX_UPNP_INIT = 10; /* seconds UPnP timeout */ * #define P3CONNMGR_NO_AUTO_CONNECTION 1 ***/ +#define CONN_DEBUG 1 const uint32_t P3CONNMGR_TCP_DEFAULT_DELAY = 2; /* 2 Seconds? is it be enough! */ const uint32_t P3CONNMGR_UDP_DHT_DELAY = DHT_NOTIFY_PERIOD + 60; /* + 1 minute for DHT POST */ @@ -123,7 +124,8 @@ p3ConnectMgr::p3ConnectMgr(p3AuthMgr *am) ownState.name = mAuthMgr->getName(ownState.id); ownState.netMode = RS_NET_MODE_UDP; } - use_extr_addr_finder = true ; + //use_extr_addr_finder = true ; + use_extr_addr_finder = false; mExtAddrFinder = new ExtAddrFinder ; return; diff --git a/libretroshare/src/pqi/pqissl.cc b/libretroshare/src/pqi/pqissl.cc index 5b10598f4..d051ffb99 100644 --- a/libretroshare/src/pqi/pqissl.cc +++ b/libretroshare/src/pqi/pqissl.cc @@ -1112,9 +1112,6 @@ int pqissl::Authorise_SSL_Connection() // reset switch. waiting = WAITING_NOT; - // Get the Peer Certificate.... - //AuthXPGP *authXPGP = (AuthXPGP *) getAuthMgr(); - /**************** PQI_USE_XPGP ******************/ #if defined(PQI_USE_XPGP) XPGP *peercert = SSL_get_peer_pgp_certificate(ssl_connection); diff --git a/libretroshare/src/pqi/pqissl.h b/libretroshare/src/pqi/pqissl.h index a6ae095ab..44ecbcfa7 100644 --- a/libretroshare/src/pqi/pqissl.h +++ b/libretroshare/src/pqi/pqissl.h @@ -202,6 +202,7 @@ virtual int net_internal_fcntl_nonblock(int fd) { return unix_fcntl_nonblock(fd) uint32_t mConnectTimeout; time_t mTimeoutTS; + /* Need Certificate specific functions here! */ /**************** PQI_USE_XPGP ******************/ #if defined(PQI_USE_XPGP) @@ -210,7 +211,6 @@ virtual int net_internal_fcntl_nonblock(int fd) { return unix_fcntl_nonblock(fd) #else /* X509 Certificates */ /**************** PQI_USE_XPGP ******************/ - //p3AuthMgr *mAuthMgr; AuthSSL *mAuthMgr; #endif /* X509 Certificates */ diff --git a/libretroshare/src/pqi/pqissllistener.cc b/libretroshare/src/pqi/pqissllistener.cc index dea02c2b5..3856aad9f 100644 --- a/libretroshare/src/pqi/pqissllistener.cc +++ b/libretroshare/src/pqi/pqissllistener.cc @@ -616,7 +616,14 @@ int pqissllistener::completeConnection(int fd, SSL *ssl, struct sockaddr_in &rem bool certOk = mAuthMgr->ValidateCertificateXPGP(peercert, newPeerId); #else /* X509 Certificates */ /**************** PQI_USE_XPGP ******************/ + + /**** + * As the validation is actually done before this... + * we should only need to call CheckCertificate here! + ****/ + bool certOk = mAuthMgr->ValidateCertificate(peercert, newPeerId); + #endif /* X509 Certificates */ /**************** PQI_USE_XPGP ******************/ diff --git a/libretroshare/src/pqi/pqissllistener.h b/libretroshare/src/pqi/pqissllistener.h index 27fddab24..fde267efe 100644 --- a/libretroshare/src/pqi/pqissllistener.h +++ b/libretroshare/src/pqi/pqissllistener.h @@ -104,7 +104,6 @@ int Extract_Failed_SSL_Certificate(SSL *ssl, struct sockaddr_in *inaddr); /**************** PQI_USE_XPGP ******************/ AuthSSL *mAuthMgr; - //p3AuthMgr *mAuthMgr; #endif /* X509 Certificates */ /**************** PQI_USE_XPGP ******************/ diff --git a/libretroshare/src/rsiface/rsinit.h b/libretroshare/src/rsiface/rsinit.h index 4d4d6aa26..8a5e5b357 100644 --- a/libretroshare/src/rsiface/rsinit.h +++ b/libretroshare/src/rsiface/rsinit.h @@ -1,5 +1,9 @@ /* Initialisation Class (not publicly disclosed to RsIFace) */ +/**** + * #define RS_USE_PGPSSL 1 + ***/ + class RsInit { public: @@ -7,6 +11,7 @@ class RsInit static const char *RsConfigDirectory() ; + static bool setStartMinimised() ; static int InitRetroShare(int argcIgnored, char **argvIgnored) ; static int LoadCertificates(bool autoLoginNT) ; @@ -23,6 +28,16 @@ class RsInit static std::string getHomePath() ; + /* PGPSSL init functions */ + +#ifdef RS_USE_PGPSSL + static bool LoadGPGPassword(std::string id, std::string passwd); + static int GetLogins(std::list &pgpIds); + static int GetLoginDetails(std::string id, std::string &name, std::string &email); + + static std::string gpgPasswd; +#endif + /* Key Parameters that must be set before * RetroShare will start up: */ diff --git a/libretroshare/src/rsiface/rspeers.h b/libretroshare/src/rsiface/rspeers.h index 278e30e66..ae3976d5c 100644 --- a/libretroshare/src/rsiface/rspeers.h +++ b/libretroshare/src/rsiface/rspeers.h @@ -78,7 +78,7 @@ class RsPeerDetails std::string location; std::string org; - std::string fpr; /* fingerprint */ + std::string fpr; /* pgp fingerprint */ std::string authcode; std::list signers; @@ -130,6 +130,11 @@ virtual bool isFriend(std::string id) = 0; virtual std::string getPeerName(std::string id) = 0; virtual bool getPeerDetails(std::string id, RsPeerDetails &d) = 0; + /* Using PGP Ids */ +virtual std::string getPGPOwnId() = 0; +virtual bool getPGPFriendList(std::list &ids) = 0; +virtual bool getPGPAllList(std::list &ids) = 0; + /* Add/Remove Friends */ virtual bool addFriend(std::string id) = 0; virtual bool removeFriend(std::string id) = 0; diff --git a/libretroshare/src/rsserver/Makefile b/libretroshare/src/rsserver/Makefile index a846dc819..11706be5a 100644 --- a/libretroshare/src/rsserver/Makefile +++ b/libretroshare/src/rsserver/Makefile @@ -20,12 +20,6 @@ RSOBJ = p3peers.o \ rsiface.o \ rstypes.o -# p3files.o \ -# p3face-file.o \ -# pqistrings.o \ -# p3face-people.o -# p3face-network.o \ - #TESTOBJ = #TESTS = diff --git a/libretroshare/src/rsserver/p3face-file.cc b/libretroshare/src/rsserver/p3face-file.cc deleted file mode 100644 index 384696a97..000000000 --- a/libretroshare/src/rsserver/p3face-file.cc +++ /dev/null @@ -1,404 +0,0 @@ - -/* - * "$Id: p3face-file.cc,v 1.6 2007-04-15 18:45:23 rmf24 Exp $" - * - * RetroShare C++ Interface. - * - * Copyright 2004-2006 by Robert Fernie. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Library General Public - * License Version 2 as published by the Free Software Foundation. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Library General Public License for more details. - * - * You should have received a copy of the GNU Library General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 - * USA. - * - * Please report all bugs and problems to "retroshare@lunamutt.com". - * - */ - - -#include "rsiface/rsiface.h" -#include "rsserver/p3face.h" -#include "util/rsdir.h" - -#include "serialiser/rsconfigitems.h" - -#include -#include - -#include "util/rsdebug.h" -const int p3facefilezone = 11452; - -#include -#include - -static const int FileMaxAge = 1800; /* Reload Data after 30 minutes */ - -//int ensureExtension(std::string &name, std::string def_ext); - -/****************************************/ -/****************************************/ -int RsServer::UpdateRemotePeople() -{ - RsIface &iface = getIface(); - - /* lock Mutexes */ - lockRsCore(); /* LOCK */ - iface.lockData(); /* LOCK */ - - /* unlock Mutexes */ - iface.unlockData(); /* UNLOCK */ - unlockRsCore(); /* UNLOCK */ - - return 1; -} - -/****************************************/ -/****************************************/ -int RsServer::UpdateAllTransfers() -{ - NotifyBase &cb = getNotify(); - cb.notifyListPreChange(NOTIFY_LIST_TRANSFERLIST, NOTIFY_TYPE_MOD); - - RsIface &iface = getIface(); - - /* lock Mutexes */ - lockRsCore(); /* LOCK */ - iface.lockData(); /* LOCK */ - - - /* clear the old transfer list() */ - std::list &transfers = iface.mTransferList; - transfers.clear(); - - std::list nTransList = server -> getTransfers(); - std::list::iterator it; - - for(it = nTransList.begin(); it != nTransList.end(); it++) - { - FileTransferInfo ti; - - ti.id = (*it)->cPeerId; - ti.source = mAuthMgr->getName(ti.id); - ti.peerIds = (*it) -> allPeerIds.ids; - - ti.fname = (*it) -> file.name; - ti.hash = (*it) -> file.hash; - ti.path = (*it) -> file.path; - ti.size = (*it) -> file.filesize; - - ti.transfered = (*it) -> transferred; - /* other ones!!! */ - ti.tfRate = (*it) -> crate / 1000; - ti.download = (*it) -> in; - ti.downloadStatus = (*it) -> state; - transfers.push_back(ti); - - delete (*it); - } - - iface.setChanged(RsIface::Transfer); - - /* unlock Mutexes */ - iface.unlockData(); /* UNLOCK */ - unlockRsCore(); /* UNLOCK */ - - /* Now Notify of the Change */ - cb.notifyListChange(NOTIFY_LIST_TRANSFERLIST, NOTIFY_TYPE_MOD); - - return 1; -} - - -int RsServer::FileRequest(std::string fname, std::string hash, - uint32_t size, std::string dest) -{ - lockRsCore(); /* LOCKED */ - - std::cerr << "RsServer::FileRequest(" << fname << ", "; - std::cerr << hash << ", " << size << ", " << dest << ")" << std::endl; - - int ret = server -> getFile(fname, hash, size, dest); - - unlockRsCore(); /* UNLOCKED */ - - return ret; -} - - - /* Actions For Upload/Download */ -int RsServer::FileRecommend(std::string fname, std::string hash, int size) -{ - /* check for new data */ - RsIface &iface = getIface(); - - /* lock Mutexes */ - lockRsCore(); /* LOCK */ - iface.lockData(); /* LOCK */ - - /* add the entry to FileRecommends. - */ - - std::list &recList = iface.mRecommendList; - std::list::iterator it; - - FileInfo fi; - fi.path = ""; /* this is not needed / wanted anymore */ - fi.hash = hash; - fi.fname = fname; - fi.size = size; - fi.rank = 1; - fi.inRecommend = false; - - /* check if it exists already! */ - bool found = false; - for(it = recList.begin(); (!found) && (it != recList.end()); it++) - { - if ((it->hash == fi.hash) && (it -> fname == fi.fname)) - { - found = true; - } - } - - if (!found) - { - recList.push_back(fi); - } - - /* Notify of change */ - iface.setChanged(RsIface::Recommend); - - /* lock Mutexes */ - iface.unlockData(); /* UNLOCK */ - unlockRsCore(); /* UNLOCK */ - - return true; -} - -int RsServer::FileCancel(std::string fname, std::string hash, uint32_t size) -{ - lockRsCore(); /* LOCKED */ - - server -> cancelTransfer(fname, hash, size); - - unlockRsCore(); /* UNLOCKED */ - - return 1; -} - - -int RsServer::FileClearCompleted() -{ - std::cerr << "RsServer::FileClearCompleted()" << std::endl; - - /* check for new data */ - RsIface &iface = getIface(); - - /* lock Mutexes */ - lockRsCore(); /* LOCK */ - iface.lockData(); /* LOCK */ - - server -> clear_old_transfers(); - - /* lock Mutexes */ - iface.unlockData(); /* UNLOCK */ - unlockRsCore(); /* UNLOCK */ - - /* update data */ - UpdateAllTransfers(); - - return 1; -} - - -int RsServer::FileSetBandwidthTotals(float outkB, float inkB) -{ - int ret = 0; - return ret; -} - - -/**************************************************************************/ -#if 0 - -int RsServer::FileBroadcast(std::string id, std::string src, int size) -{ - lockRsCore(); /* LOCKED */ - RsCertId uId(id); - - int ret = 1; - cert *c = intFindCert(uId); - if ((c == NULL) || (c == sslr -> getOwnCert())) - { - ret = 0; - } - - if (ret) - { - /* TO DO */ - } - - unlockRsCore(); /* UNLOCKED */ - - return ret; -} - -int RsServer::FileDelete(std::string id, std::string fname) -{ - lockRsCore(); /* LOCKED */ - RsCertId uId(id); - - int ret = 1; - cert *c = intFindCert(uId); - if ((c == NULL) || (c == sslr -> getOwnCert())) - { - ret = 0; - } - - if (ret) - { - /* TO DO */ - } - - unlockRsCore(); /* UNLOCKED */ - - return ret; -} - -#endif -/**************************************************************************/ - - - -int RsServer::RequestDirDetails(std::string uid, std::string path, - DirDetails &details) -{ - /* lock Mutexes */ - RsIface &iface = getIface(); - - lockRsCore(); /* LOCK */ - iface.lockData(); /* LOCK */ - - /* call to filedexserver */ - int val = server->RequestDirDetails(uid, path, details); - - /* done! */ - /* unlock Mutexes */ - iface.unlockData(); /* UNLOCK */ - unlockRsCore(); /* UNLOCK */ - - return val; - -} - -int RsServer::RequestDirDetails(void *ref, DirDetails &details, uint32_t flags) -{ - - /* lock Mutexes */ - RsIface &iface = getIface(); - - lockRsCore(); /* LOCK */ - iface.lockData(); /* LOCK */ - - /* call to filedexserver */ - int val = server->RequestDirDetails(ref, details, flags); - - /* done! */ - /* unlock Mutexes */ - iface.unlockData(); /* UNLOCK */ - unlockRsCore(); /* UNLOCK */ - - return val; -} - - -int RsServer::SearchKeywords(std::list keywords, std::list &results) -{ - /* lock Mutexes */ - RsIface &iface = getIface(); - - lockRsCore(); /* LOCK */ - iface.lockData(); /* LOCK */ - - /* call to filedexserver */ - int val = server->SearchKeywords(keywords, results); - - /* done! */ - /* unlock Mutexes */ - iface.unlockData(); /* UNLOCK */ - unlockRsCore(); /* UNLOCK */ - - return val; -} - -int RsServer::SearchBoolExp(Expression *exp, std::list &results) -{ - /* lock Mutexes */ - RsIface &iface = getIface(); - - lockRsCore(); /* LOCK */ - iface.lockData(); /* LOCK */ - - /* call to filedexserver */ - int val = server->SearchBoolExp(exp, results); - - /* done! */ - /* unlock Mutexes */ - iface.unlockData(); /* UNLOCK */ - unlockRsCore(); /* UNLOCK */ - - return val; -} - -bool RsServer::ConvertSharedFilePath(std::string path, std::string &fullpath) -{ - lockRsCore(); /* LOCK */ - - /* call to filedexserver */ - bool val = server->ConvertSharedFilePath(path, fullpath); - - /* done! */ - /* unlock Mutexes */ - unlockRsCore(); /* UNLOCK */ - - return val; -} - - -void RsServer::ForceDirectoryCheck() -{ - lockRsCore(); /* LOCK */ - - /* call to filedexserver */ - server->ForceDirectoryCheck(); - - /* done! */ - /* unlock Mutexes */ - unlockRsCore(); /* UNLOCK */ -} - - -bool RsServer::InDirectoryCheck() -{ - lockRsCore(); /* LOCK */ - - /* call to filedexserver */ - bool val = server->InDirectoryCheck(); - - /* done! */ - /* unlock Mutexes */ - unlockRsCore(); /* UNLOCK */ - - return val; -} - - - diff --git a/libretroshare/src/rsserver/p3face-network.cc b/libretroshare/src/rsserver/p3face-network.cc deleted file mode 100644 index beb1e5636..000000000 --- a/libretroshare/src/rsserver/p3face-network.cc +++ /dev/null @@ -1,435 +0,0 @@ - -/* - * "$Id: p3face-people.cc,v 1.8 2007-04-15 18:45:23 rmf24 Exp $" - * - * RetroShare C++ Interface. - * - * Copyright 2004-2006 by Robert Fernie. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Library General Public - * License Version 2 as published by the Free Software Foundation. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Library General Public License for more details. - * - * You should have received a copy of the GNU Library General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 - * USA. - * - * Please report all bugs and problems to "retroshare@lunamutt.com". - * - */ - - - -#include "dht/dhthandler.h" -#include "upnp/upnphandler.h" - -#include "rsserver/p3face.h" -#include "rsserver/pqistrings.h" - -#include -#include - -#include "util/rsdebug.h" - -#include -#include - - - -const int p3facenetworkzone = 4219; - -/***** -int RsServer::NetworkDHTActive(bool active); -int RsServer::NetworkUPnPActive(bool active); -int RsServer::NetworkDHTStatus(); -int RsServer::NetworkUPnPStatus(); -********/ - -/* internal */ - -/***** -int RsServer::CheckNetworking(); -int RsServer::InitNetworking(); - -int RsServer::InitDHT(); -int RsServer::CheckDHT(); - -int RsServer::InitUPnP(); -int RsServer::CheckUPnP(); -********/ - -int RsServer::NetworkDHTActive(bool active) -{ - lockRsCore(); /* LOCK */ - - server->setDHTEnabled(active); - - unlockRsCore(); /* UNLOCK */ - - return 1; -} - -int RsServer::NetworkUPnPActive(bool active) -{ - lockRsCore(); /* LOCK */ - - server->setUPnPEnabled(active); - - unlockRsCore(); /* UNLOCK */ - - return 1; -} - -int RsServer::NetworkDHTStatus() -{ - lockRsCore(); /* LOCK */ - - server->getDHTEnabled(); - - unlockRsCore(); /* UNLOCK */ - - return 1; -} - - -int RsServer::NetworkUPnPStatus() -{ - lockRsCore(); /* LOCK */ - - server->getUPnPEnabled(); - - unlockRsCore(); /* UNLOCK */ - - return 1; -} - - - -int RsServer::InitNetworking(std::string dhtfile) -{ - InitDHT(dhtfile); - InitUPnP(); - return 1; -} - - -int RsServer::CheckNetworking() -{ - CheckDHT(); - CheckUPnP(); - return 1; -} - - -dhthandler *dhtp = NULL; -upnphandler *upnpp = NULL; - -pqiAddrStore *getDHTServer() -{ - return dhtp; -} - -int RsServer::InitDHT(std::string file) -{ - /* only startup if it is supposed to be started! */ - if (server -> getDHTEnabled()) - { - dhtp = new dhthandler(file); - } - else - { - dhtp = new dhthandler(""); - } - - /* - * - */ - dhtp -> start(); - cert *c = sslr -> getOwnCert(); - - SetExternalPorts(); - - /* give it our port, and hash */ - dhtp -> setOwnHash(c->Signature()); - return 1; -} - -int RsServer::SetExternalPorts() -{ - cert *c = sslr -> getOwnCert(); - - /* decide on the most sensible port */ - - unsigned short port = ntohs(c -> serveraddr.sin_port); - if (port < 100) - { - port = ntohs(c -> localaddr.sin_port); - } - - /* set for both DHT and UPnP -> so they are the same! */ - if (upnpp) - upnpp -> setExternalPort(port); - if (dhtp) - dhtp -> setOwnPort(port); - - return 1; -} - - - - -int RsServer::CheckDHT() -{ - lockRsCore(); /* LOCK */ - - int i; - int ret = 1; - - if (server -> getDHTEnabled()) - { - /* startup if necessary */ - - } - else - { - /* shutdown if necessary */ - } - - /* for each friend */ - - /* add, and then check */ - - std::list::iterator it; - std::list &certs = sslr -> getCertList(); - - std::string emptystr(""); - //int online = 0; - - for(it = certs.begin(), i = 0; it != certs.end(); it++, i++) - { - cert *c = (*it); - - /* skip own cert */ - if (c == sslr -> getOwnCert()) - { - continue; - } - - if (c -> hasDHT()) - { - /* ignore */ - } - else - { - std::string id = c -> Signature(); - dhtp -> addFriend(id); - - struct sockaddr_in addr; - unsigned int flags; - if (dhtp -> addrFriend(id, addr, flags)) - { - c -> setDHT(addr, flags); - - /* connect attempt! */ - c -> nc_timestamp = 0; - c -> WillConnect(true); - } - } - } - - unlockRsCore(); /* UNLOCK */ - return ret; -} - - - - - -int RsServer::InitUPnP() -{ - upnpp = new upnphandler(); - /* - * - */ - - /* set our internal address to it */ - cert *c = sslr -> getOwnCert(); - upnpp -> setInternalAddress(c -> localaddr); - - SetExternalPorts(); - - upnpp -> start(); - - - return 1; -} - -int RsServer::CheckUPnP() -{ - lockRsCore(); /* LOCK */ - - int ret = 1; - - /* set our internal address to it */ - cert *c = sslr -> getOwnCert(); - upnpp -> setInternalAddress(c -> localaddr); - - /* get the state */ - upnpentry ent; - int state = upnpp -> getUPnPStatus(ent); - - if (server -> getUPnPEnabled()) - { - std::cerr << "UPnP ENABLED: "; - switch(state) - { - case RS_UPNP_S_ACTIVE: - std::cerr << "UPnP Forwarding already up"; - break; - case RS_UPNP_S_UDP_FAILED: - std::cerr << "UPnP TCP Forwarding Ok / UDP Failed"; - break; - case RS_UPNP_S_TCP_FAILED: - std::cerr << "UPnP Forwarding Failed"; - break; - case RS_UPNP_S_READY: - std::cerr << "Setting up UPnP Forwarding"; - upnpp -> setupUPnPForwarding(); - break; - case RS_UPNP_S_UNAVAILABLE: - case RS_UPNP_S_UNINITIALISED: - std::cerr << "Error UPNP not working"; - break; - } - } - else - { - std::cerr << "UPnP DISABLED: "; - /* shutdown a forward */ - switch(state) - { - case RS_UPNP_S_ACTIVE: - case RS_UPNP_S_UDP_FAILED: - case RS_UPNP_S_TCP_FAILED: - std::cerr << "Shutting down UPnP Forwarding"; - upnpp->shutdownUPnPForwarding(); - break; - case RS_UPNP_S_READY: - std::cerr << "UPnP Forwarding already down"; - break; - case RS_UPNP_S_UNAVAILABLE: - case RS_UPNP_S_UNINITIALISED: - std::cerr << "Error UPNP not working"; - break; - } - - } - std::cerr << std::endl; - - unlockRsCore(); /* UNLOCK */ - return ret; -} - -/* called from update Config (inside locks) */ -int RsServer::UpdateNetworkConfig(RsConfig &config) -{ - upnpentry ent; - int state = upnpp -> getUPnPStatus(ent); - - config.DHTActive = server -> getDHTEnabled(); - config.DHTPeers = dhtp -> dhtPeers(); - config.uPnPActive = server -> getUPnPEnabled(); - config.uPnPState = state; - - return 1; -} - -/************************/ - -int RsServer::ConfigSetLocalAddr( std::string ipAddr, int port ) -{ - /* check if this is all necessary */ - struct in_addr inaddr_local; - if (0 == inet_aton(ipAddr.c_str(), &inaddr_local)) - { - //bad address - reset. - return 0; - } - - /* fill the rsiface class */ - RsIface &iface = getIface(); - - /* lock Mutexes */ - lockRsCore(); /* LOCK */ - iface.lockData(); /* LOCK */ - - /* a little rough and ready, should be moved to the server! */ - cert *c = sslr -> getOwnCert(); - - /* always change the address (checked by sslr->checkNetAddress()) */ - c -> localaddr.sin_addr = inaddr_local; - c -> localaddr.sin_port = htons((short) port); - - sslr -> checkNetAddress(); - pqih -> restart_listener(); - sslr -> CertsChanged(); - - /* update local port address on uPnP */ - upnpp -> setInternalAddress(c -> localaddr); - - /* unlock Mutexes */ - iface.unlockData(); /* UNLOCK */ - unlockRsCore(); /* UNLOCK */ - - /* does its own locking */ - UpdateAllConfig(); - return 1; -} - - -int RsServer::ConfigSetExtAddr( std::string ipAddr, int port ) -{ - /* check if this is all necessary */ - struct in_addr inaddr; - if (0 == inet_aton(ipAddr.c_str(), &inaddr)) - { - //bad address - reset. - return 0; - } - - /* fill the rsiface class */ - RsIface &iface = getIface(); - - /* lock Mutexes */ - lockRsCore(); /* LOCK */ - iface.lockData(); /* LOCK */ - - /* a little rough and ready, should be moved to the server! */ - cert *c = sslr -> getOwnCert(); - - /* always change the address (checked by sslr->checkNetAddress()) */ - c -> serveraddr.sin_addr = inaddr; - c -> serveraddr.sin_port = htons((short) port); - - sslr -> checkNetAddress(); - sslr -> CertsChanged(); - - /* update the DHT/UPnP port (in_addr is auto found ) */ - SetExternalPorts(); - - /* unlock Mutexes */ - iface.unlockData(); /* UNLOCK */ - unlockRsCore(); /* UNLOCK */ - - /* does its own locking */ - UpdateAllConfig(); - return 1; -} - - diff --git a/libretroshare/src/rsserver/p3face-people.cc b/libretroshare/src/rsserver/p3face-people.cc deleted file mode 100644 index 4ed6f9ffa..000000000 --- a/libretroshare/src/rsserver/p3face-people.cc +++ /dev/null @@ -1,932 +0,0 @@ - -/* - * "$Id: p3face-people.cc,v 1.8 2007-04-15 18:45:23 rmf24 Exp $" - * - * RetroShare C++ Interface. - * - * Copyright 2004-2006 by Robert Fernie. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Library General Public - * License Version 2 as published by the Free Software Foundation. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Library General Public License for more details. - * - * You should have received a copy of the GNU Library General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 - * USA. - * - * Please report all bugs and problems to "retroshare@lunamutt.com". - * - */ - - -#include "rsserver/p3face.h" -#include "rsserver/pqistrings.h" - -#include "dht/dhthandler.h" - -const int p3facepersonzone = 11451; - -/***** - * - * - * Friend Interface - * -// Basic Connect/Denied Fns -int RsServer::FriendStatus(std::string id, bool accept); -int RsServer::FriendRemove(std::string id); -int RsServer::FriendConnectAttempt(std::string id); - -// Configuration -int RsServer::FriendSetAddress(std::string id, std::string &addr, - unsigned short port); -int RsServer::FriendSaveCertificate(std::string id, std::string fname); (TODO) -int RsServer::FriendSetBandwidth(std::string id, float outkB, float inkB); - -// Trust -int RsServer::FriendSignCert(std::string id); -int RsServer::FriendTrustSignature(std::string id, bool trust); - - * - * Neighbour Interface - * - -// Not much here. -std::string RsServer::NeighGetInvite(); -int RsServer::NeighLoadPEMString(std::string pem, std::string &id); -int RsServer::NeighLoadCertificate(std::string fname, std::string &id); -int RsServer::NeighAuthFriend(std::string id, RsAuthId code); -int RsServer::NeighAddFriend(std::string id); -int RsServer::NeighGetSigners(std::string uid, char *out, int len); - - * This file implements the Above fns from the set of RsCore - * functions. Above are the public entry points. - * - * Below are the private util fns.... - * These are unique the the functions here, - * any common util fns are defined in p3face.cc - * -// Update Functions. -int RsServer::UpdateAllCerts(): -int RsServer::UpdateAllNetwork(); - - * These must be run from outside the lock - * -void intNotifyCertError(RsCertId &id, std::string str) -void intNotifyChangeCert(RsCertId &id) - * - * - */ - - -#include "rsserver/p3face.h" - -#include -#include - -#include "util/rsdebug.h" -const int fltksrvrzone = 25915; - -#include -#include - - -/* Internal->Ext Translation */ -void initRsNI(cert *c, NeighbourInfo &ni); - -/* so first the cert */ - -/* Public Functions */ - -/****************************************/ - /* Public Friend Operations - * will lock control/iface if needed. - * - * Notifies must be outside the lock - * (so that it can read iface really) - * - * */ - - -int RsServer::FriendStatus(std::string uid, bool accept) -{ - lockRsCore(); /* LOCK */ - - RsCertId id(uid); - - std::cerr << "RsServer::FriendStatus() " << uid << " accept: " << accept << std::endl; - if (accept) - { - mConnMgr->addFriend(uid); - } - else - { - mConnMgr->removeFriend(uid); - } - - unlockRsCore(); /* UNLOCK */ - - /* call the repopulate fn */ - UpdateAllCerts(); - return 1; -} - - - -int RsServer::FriendRemove(std::string uid) -{ - lockRsCore(); /* LOCK */ - - std::cerr << "RsServer::FriendRemove() " << uid << std::endl; - mConnMgr->removeFriend(uid); - - unlockRsCore(); /* UNLOCK */ - - /* call the repopulate fn */ - UpdateAllCerts(); - - return 1; -} - - - -int RsServer::FriendConnectAttempt(std::string uid) -{ - int err = 0; - - lockRsCore(); /* LOCK */ - - err = mConnMgr->connectFriend(uid); - - unlockRsCore(); /* UNLOCK */ - - /* call the repopulate fn */ - UpdateAllCerts(); - - return err; -} - -int RsServer::FriendSignCert(std::string uid) -{ - lockRsCore(); /* LOCK */ - - int ret = mConnMgr->signCertificate(uid); - - unlockRsCore(); /* UNLOCK */ - - /* notify */ - UpdateAllCerts(); - - return ret; -} - - - -int RsServer::FriendTrustSignature(std::string uid, bool trust) -{ - lockRsCore(); /* LOCK */ - - int ret = -1; - ret = mConnMgr -> trustCertificate(uid, trust); - - unlockRsCore(); /* UNLOCK */ - - /* notify */ - UpdateAllCerts(); - - return ret; -} - -/* XXX This should be changed to handle - * (1) dns name - * (2) ip address. - */ -int RsServer::FriendSetFirewall(std::string uid, bool firewalled, bool forwarded) -{ - lockRsCore(); /* LOCK */ - RsCertId id(uid); - - int ret = 1; - - cert *c = intFindCert(id); - if ((c == NULL) || (c == sslr -> getOwnCert())) - { - pqioutput(PQL_ALERT, fltksrvrzone, "NULL/Own cert!"); - ret = 0; - } - - if (ret) - { - // get the server address. - c -> Firewalled(firewalled); - c -> Forwarded(forwarded); - /* tell SSL */ - getSSLRoot() -> IndicateCertsChanged(); - ret = 1; - } - unlockRsCore(); /* UNLOCK */ - - if (ret) - { - /* notify */ - UpdateAllCerts(); - } - else - { - /* error message? */ - intNotifyCertError(id, "Failed to Change Cert Address"); - } - return ret; -} - -int RsServer::FriendSetLocalAddress(std::string uid, - std::string addr_str, - unsigned short port) -{ - struct sockaddr_in addr; - - lockRsCore(); /* LOCK */ - - int ret = 1; - -/********************************** WINDOWS/UNIX SPECIFIC PART *******************/ -#ifndef WINDOWS_SYS - if (ret && (0 != inet_aton(addr_str.c_str(), &(addr.sin_addr)))) -#else - addr.sin_addr.s_addr = inet_addr(addr_str.c_str()); - if (ret) -#endif -/********************************** WINDOWS/UNIX SPECIFIC PART *******************/ - { - addr.sin_family = AF_INET; - addr.sin_port = htons(port); - - mConnMgr->setPeerLocalAddress(uid, addr); - - ret = 1; - } - unlockRsCore(); /* UNLOCK */ - - if (ret) - { - /* notify */ - UpdateAllCerts(); - } - else - { - /* error message? */ - intNotifyCertError(id, "Failed to Change Cert Address"); - } - return ret; -} - -int RsServer::FriendSetExtAddress(std::string uid, - std::string addr_str, - unsigned short port) -{ - struct sockaddr_in addr; - - lockRsCore(); /* LOCK */ - - int ret = 1; - - -/********************************** WINDOWS/UNIX SPECIFIC PART *******************/ -#ifndef WINDOWS_SYS - if (ret && (0 != inet_aton(addr_str.c_str(), &(addr.sin_addr)))) -#else - addr.sin_addr.s_addr = inet_addr(addr_str.c_str()); - if (ret) -#endif -/********************************** WINDOWS/UNIX SPECIFIC PART *******************/ - { - // get the server address. - addr.sin_family = AF_INET; - addr.sin_port = htons(port); - - mConnMgr->setPeerExtAddress(uid, addr); - ret = 1; - } - unlockRsCore(); /* UNLOCK */ - - if (ret) - { - /* notify */ - UpdateAllCerts(); - } - else - { - /* error message? */ - intNotifyCertError(id, "Failed to Change Cert Address"); - } - return ret; -} - - -int RsServer::FriendSetDNSAddress(std::string uid, std::string addr_str) -{ - lockRsCore(); /* LOCK */ - RsCertId id(uid); - - int ret = 1; - - unlockRsCore(); /* UNLOCK */ - - return ret; -} - - - -int RsServer::FriendSaveCertificate(std::string uid, std::string fname) -{ - lockRsCore(); /* LOCK */ - RsCertId id(uid); - - int ret = 1; - - ensureExtension(fname, "pqi"); - - mConnMgr->saveCertificate(uid, fname); - - unlockRsCore(); /* UNLOCK */ - - return ret; -} - - -int RsServer::FriendSetBandwidth(std::string uid, float outkB, float inkB) -{ - lockRsCore(); /* LOCK */ - RsCertId id(uid); - - int ret = 1; - - /* don't do nothing yet */ - - unlockRsCore(); /* UNLOCK */ - - /* notify */ - UpdateAllCerts(); - - return ret; -} - -/********** INTERNAL PUBLIC ... - * a brutal but honest update. - * - */ - -int RsServer::UpdateAllCerts() -{ - /* PreNotify of the Change */ - NotifyBase &cb = getNotify(); - cb.notifyListPreChange(NOTIFY_LIST_FRIENDS, NOTIFY_TYPE_MOD); - - lockRsCore(); /* LOCK */ - - - RsIface &iface = getIface(); - iface.lockData(); /* LOCK IFACE */ - - int i; - int ret = 1; - - std::list peers; - std::list::iterator it; - - mConnMgr->getFriendList(peers); - - // clear the data. - std::map &frnds = iface.mFriendMap; - frnds.clear(); - - for(it = peers.begin(); it != peers.end(); it++) - { - peerConnectState state; - mConnMgr->setFriendNetStatus(*it, state); - - std::string emptystr(""); - - NeighbourInfo ni; - - initRsNI(state, ni); /* same as for neighbour */ - - frnds[ni.id] = ni; - - /* let the GUI know */ - iface.setChanged(RsIface::Friend); - } - - iface.unlockData(); /* UNLOCK IFACE */ - unlockRsCore(); /* UNLOCK */ - - /* Now Notify of the Change */ - cb.notifyListChange(NOTIFY_LIST_FRIENDS, NOTIFY_TYPE_MOD); - - return ret; -} - - -/********* UNLOCKED INTERNAL CERT FNS.... - * These must be called from - * outside the lock - */ - - -void RsServer::intNotifyCertError(RsCertId &id, std::string str) -{ - NotifyBase &cb = getNotify(); - cb.notifyErrorMsg(NOTIFY_LIST_FRIENDS, 0, str); - return; -} - -void RsServer::intNotifyChangeCert(RsCertId &id) -{ - RsIface &iface = getIface(); - /* flag certId as modified */ - bool mods; - iface.lockData(); - - std::map &nl = iface.mNeighbourMap; - std::map::iterator it; - if (nl.end() != (it = nl.find(id))) - { - it -> second.flags = INFO_CHG; - mods = true; - - /* Flag as changed */ - iface.setChanged(RsIface::Neighbour); - } - - nl = iface.mFriendMap; - //std::map::iterator it; - if (nl.end() != (it = nl.find(id))) - { - it -> second.flags = INFO_CHG; - mods = true; - - /* Flag as changed */ - iface.setChanged(RsIface::Friend); - } - - - iface.unlockData(); - - /* send the notify message */ - if (mods) - { - std::cerr << "************** Notifying neighbor change *******************" << std::endl ; - getNotify().notifyListChange(NOTIFY_LIST_NEIGHBOURS, NOTIFY_TYPE_MOD); - getNotify().notifyListChange(NOTIFY_LIST_FRIENDS, NOTIFY_TYPE_MOD); - } -} - -/********* LOCKED INTERNAL CERT FNS.... - * These must be called from within the Mutex. - */ - - -/**************************** NEIGHBOUR FNS ******************* - * - * - * - */ - -/****************************************/ - /* Neighbour Operations */ - -std::string RsServer::NeighGetInvite() -{ - lockRsCore(); /* LOCK */ - - peerConnectState state; - mConnMgr->getOwnNetStatus(state); - - std::string name = state.name; - std::string certstr = mConnMgr -> getCertificateAsString(state.id); - - unlockRsCore(); /* UNLOCK */ - - std::ostringstream out; - out << "You have been invited to join the retroshare"; - out << " community by: " << name; - out << std::endl; - out << std::endl; - out << "Retroshare is a Friend-2-Friend network that enables you to"; - out << " communicate securely and"; - out << std::endl; - out << "privately with your friends. "; - out << "You can use it for chat, messages, "; - out << "channels, and file-sharing. "; - out << std::endl; - out << std::endl; - out << "Download it from: "; - out << "http://retroshare.sf.net"; - out << std::endl; - out << std::endl; - out << "Thanks, "; - out << " " << name << ", DrBob and the RetroShare Team!"; - out << std::endl; - out << std::endl; - out << certstr; - out << std::endl; - - return out.str(); -} - -/* same as the one below (almost) */ -int RsServer::NeighLoadPEMString(std::string pem, std::string &id) -{ - lockRsCore(); /* LOCK */ - - id = mConnMgr -> loadCertificateAsString(pem); - - /* ensure it gets to p3disc */ - if (ad) - { - ad -> distillData(); - } - - unlockRsCore(); /* UNLOCK */ - - if (id != "") - { - UpdateAllNetwork(); - return 1; - } - return 0; -} - - -int RsServer::NeighLoadCertificate(std::string fname, std::string &id) -{ - lockRsCore(); /* LOCK */ - - int ret = 1; - - lockRsCore(); /* LOCK */ - - id = mConnMgr -> loadCertificateFromFile(fname); - - /* ensure it gets to p3disc */ - if (ad) - { - ad -> distillData(); - } - - unlockRsCore(); /* UNLOCK */ - - if (id != "") - { - UpdateAllNetwork(); - return 1; - } - return 0; -} - - -int RsServer::NeighAuthFriend(std::string uid, RsAuthId code) -{ - lockRsCore(); /* LOCK */ - RsCertId id(uid); - - int ret = mConnMgr -> AuthNeighbour(uid, code); - - unlockRsCore(); /* UNLOCK */ - - if (ret) - { - /* Notify of changes */ - return UpdateAllNetwork(); - - } - return (ret); -} - -int RsServer::NeighAddFriend(std::string uid) -{ - lockRsCore(); /* LOCK */ - - int ret = mConnMgr -> AddNeighbour(uid); - - unlockRsCore(); /* UNLOCK */ - - if (ret) - { - /* Changed Cert Lists -> Notify */ - return UpdateAllCerts(); - - } - return (ret); -} - -int RsServer::NeighGetSigners(std::string uid, char *out, int len) -{ - lockRsCore(); /* LOCK */ - RsCertId id(uid); - std::list signers; - std::list::iterator it; - - int ret = 1; - - cert *c = intFindCert(id); - if ((c == NULL) || (c->certificate == NULL)) - { - ret = 0; - - } - - /* if valid, get signers */ - if (ret) - { - std::string str; - signers = getXPGPsigners(c->certificate); - for(it = signers.begin(); it != signers.end(); it++) - { - str += (*it); - str += "\n"; - } - strncpy(out, str.c_str(), len); - std::cerr << "SIGNERS(1): " << str << std::endl; - std::cerr << "SIGNERS(2): " << out << std::endl; - ret = signers.size(); - } - unlockRsCore(); /* UNLOCK */ - - return ret; -} - - - - -int RsServer::UpdateAllNetwork() -{ - /* PreNotify of the Change */ - NotifyBase &cb = getNotify(); - std::cerr << "************** Notifying neighbor change 2 *******************" << std::endl ; - cb.notifyListPreChange(NOTIFY_LIST_NEIGHBOURS, NOTIFY_TYPE_MOD); - - lockRsCore(); /* LOCK */ - - RsIface &iface = getIface(); - iface.lockData(); /* LOCK IFACE */ - int ret = 1; - int i; - - - std::list peers; - std::list::iterator it; - - mConnMgr->getOthersList(peers); - - // clear the data. - std::map &neighs = iface.mNeighbourMap; - neighs.clear(); - - for(it = peers.begin(); it != peers.end(); it++) - { - peerConnectState state; - mConnMgr->getOthersNetStatus(*it, state); - - NeighbourInfo ni; - - initRsNI(state, ni); /* same as for neighbour */ - - neighs[ni.id] = ni; - - /* let the GUI know */ - iface.setChanged(RsIface::Friend); - } - - /* let the GUI know */ - iface.setChanged(RsIface::Neighbour); - - iface.unlockData(); /* UNLOCK IFACE */ - unlockRsCore(); /* UNLOCK */ - - /* Now Notify of the Change */ - std::cerr << "************** Notifying neighbor change 3 *******************" << std::endl ; - cb.notifyListChange(NOTIFY_LIST_NEIGHBOURS, NOTIFY_TYPE_MOD); - - return ret; -} - - - - - -/******************** Translation from Int -> Ext Dtype ******************* - * - * MUST BE UNDER LOCK! - * - */ - -void RsServer::initRsNI(cert *c, NeighbourInfo &ni) -{ - ni.id = intGetCertId(c); /* get Id! */ - ni.name = get_cert_name(c); - ni.org = get_cert_org(c); - ni.loc = get_cert_loc(c); - ni.country = get_cert_country(c); - ni.authCode = getXPGPAuthCode(c->certificate); - - if (c->trustLvl == TRUST_SIGN_UNKNOWN) - { - sslr -> checkAuthCertificate(c); - } - ni.trustLvl = c->trustLvl; - ni.trustString = get_trust_string(c); - ni.statusString = get_status_string(c->Status()); - ni.connectString = get_autoconnect_string(c); - ni.peerAddress = get_server_string(c); - ni.lastConnect = get_lastconnecttime_string(c); - - if (c -> Accepted()) - { - ni.acceptString = "Accept"; - } - else - { - ni.acceptString = "Deny"; - } - - std::list::iterator it; - /**** TODO **** - std::list signers = getXPGPsigners(c->certificate); - for(it = signers.begin(); it != signers.end(); it++) - { - ni.signIds = - ui -> neigh_signers -> add(it->c_str()); - std::cerr << *it << std::endl; - } - ******/ - - /* check if we have signed the certificate */ - ni.ownsign = (0 < validateCertificateIsSignedByKey(c->certificate, - sslr -> getOwnCert() -> certificate)); - - /* ports */ - ni.localAddr = inet_ntoa(c->localaddr.sin_addr); - ni.localPort = ntohs(c->localaddr.sin_port); - - ni.firewalled = c -> Firewalled(); - ni.forwardPort = c -> Forwarded(); - - if (c -> Firewalled() && !c -> Forwarded()) - { - ni.extAddr = "0.0.0.0"; - ni.extPort = 0; - ni.extName = ""; - } - else - { - ni.extAddr = inet_ntoa(c -> serveraddr.sin_addr); - ni.extPort = ntohs(c -> serveraddr.sin_port); - ni.extName = c->dynDNSaddr; - } - - /* data rates */ - ni.maxRate = (int) pqih -> getMaxIndivRate(true);/* kb */ - - ni.inChat = c -> InChat(); - ni.inMsg = c -> InMessage(); - - return; -} - -/* Add rest to neighbourItem later */ - -#if 0 - - int status = c -> Status(); - if (!isfriend) - { - status = 0; - } - - ui -> cert_status -> value((get_status_string(status)).c_str()); - - if (isfriend) - { - ui -> cert_status -> value((get_status_string(status)).c_str()); - } - else - { - ui -> cert_status -> value("Neighbour"); - } - - // SET SERVER. - if (!cert_item_ok) - { - ui->cert_server->value(inet_ntoa(c->serveraddr.sin_addr)); - ui ->cert_port->value(ntohs(c->serveraddr.sin_port)); - - /* check if we have signed the certificate */ - if (0 < validateCertificateIsSignedByKey(c->certificate, - sslr -> getOwnCert() -> certificate)) - - { - ui->cert_authcode->value( - getXPGPAuthCode(c->certificate).c_str()); - ui ->cert_authcode->deactivate(); - ui ->cert_sign_button->deactivate(); - } - else - { - ui ->cert_authcode->value(""); - ui ->cert_authcode->activate(); - ui ->cert_sign_button->deactivate(); - } - } - - if (c -> Manual() || (!isfriend)) - ui -> cert_auto -> value(0); - else - ui -> cert_auto -> value(1); - - // Finally Fill in the Text Editor. - certtext = get_cert_info(c); - - // Last Connection - // Server Address - // Status - // Hashes - - buf = ui -> cert_details -> buffer(); - buf -> text(certtext.c_str()); - - - if (status & PERSON_STATUS_ACCEPTED) - ui -> cert_allow -> value(1); - else - ui -> cert_allow -> value(0); - - if (status & PERSON_STATUS_WILL_LISTEN) - ui -> cert_listen -> value(1); - else - ui -> cert_listen -> value(0); - - if (status & PERSON_STATUS_WILL_CONNECT) - ui -> cert_connect -> value(1); - else - ui -> cert_connect -> value(0); - - if (status & PERSON_STATUS_TRUSTED) - { - ui -> cert_trust_person -> value(1); - } - else - { - ui -> cert_trust_person -> value(0); - } - - - cert_item_ok = true; - return 1; -} - -#endif - - - - - -int RsServer::ensureExtension(std::string &name, std::string def_ext) -{ - /* if it has an extension, don't change */ - int len = name.length(); - int extpos = name.find_last_of('.'); - - std::ostringstream out; - out << "ensureExtension() name: " << name << std::endl; - out << "\t\t extpos: " << extpos; - out << " len: " << len << std::endl; - - /* check that the '.' has between 1 and 4 char after it (an extension) */ - if ((extpos > 0) && (extpos < len - 1) && (extpos + 6 > len)) - { - /* extension there */ - std::string curext = name.substr(extpos, len); - out << "ensureExtension() curext: " << curext << std::endl; - std::cerr << out.str(); - return 0; - } - - if (extpos != len - 1) - { - name += "."; - } - name += def_ext; - - out << "ensureExtension() added ext: " << name << std::endl; - - std::cerr << out.str(); - return 1; -} - - diff --git a/libretroshare/src/rsserver/p3face-startup.cc b/libretroshare/src/rsserver/p3face-startup.cc index d425dee97..7e8a557f9 100644 --- a/libretroshare/src/rsserver/p3face-startup.cc +++ b/libretroshare/src/rsserver/p3face-startup.cc @@ -97,7 +97,16 @@ RsTurtle *rsTurtle = NULL ; #include "pqi/authxpgp.h" #else /* X509 Certificates */ /**************** PQI_USE_XPGP ******************/ +/**************** PQI_USE_SSLONLY ***************/ + #if defined(PQI_USE_SSLONLY) #include "pqi/authssl.h" + #else /* X509 Certificates */ + /**************** PQI_USE_SSLONLY ***************/ + /**************** SSL + OPENPGP *****************/ + #include "pqi/authgpg.h" + #include "pqi/authssl.h" + #endif /* X509 Certificates */ + /**************** SSL + OPENPGP *****************/ #endif /* X509 Certificates */ /**************** PQI_USE_XPGP ******************/ @@ -479,27 +488,27 @@ int RsInit::InitRetroShare(int argcIgnored, char **argvIgnored) std::cerr << "No Existing User" << std::endl; } #else /* X509 Certificates */ -/**************** PQI_USE_XPGP ******************/ - - /* here we need to decide if existing user is okay.... - * obviously - it can't be until we have functions - * to do it! +/**************** PQI_USE_SSLONLY ***************/ + /* Initial Certificate load will be X509 for SSL cases. + * in the OpenPGP case, this needs to be checked too. */ + if (LoadCheckX509andGetName(load_cert.c_str(), userName, userId)) + { + std::cerr << "X509 Existing Name: " << userName << std::endl; + std::cerr << "Existing Id: " << userId << std::endl; + existingUser = true; + } + else + { + std::cerr << "No Existing User" << std::endl; + } + +/**************** SSL + OPENPGP *****************/ #endif /* X509 Certificates */ /**************** PQI_USE_XPGP ******************/ - - /* do a null init to allow the SSL libray to startup! */ -/**************** PQI_USE_XPGP ******************/ -#if defined(PQI_USE_XPGP) - /* do a null init to allow the SSL libray to startup! */ getAuthMgr() -> InitAuth(NULL, NULL, NULL); -#else /* X509 Certificates */ -/**************** PQI_USE_XPGP ******************/ - getAuthMgr() -> InitAuth(NULL, NULL, NULL); -#endif /* X509 Certificates */ -/**************** PQI_USE_XPGP ******************/ /* if existing user, and havePasswd .... we can skip the login prompt */ if (existingUser) @@ -516,6 +525,74 @@ int RsInit::InitRetroShare(int argcIgnored, char **argvIgnored) return 0; } +#ifdef RS_USE_PGPSSL +int RsInit::GetLogins(std::list &pgpIds) +{ + #ifdef PQI_USE_XPGP + return 0; + #else + #ifdef PQI_USE_SSLONLY + return 0; + #else // PGP+SSL + GPGAuthMgr *mgr = (GPGAuthMgr *) getAuthMgr(); + + mgr->availablePGPCertificates(pgpIds); + return 1; + #endif + #endif +} + +int RsInit::GetLoginDetails(std::string id, std::string &name, std::string &email) +{ + #ifdef PQI_USE_XPGP + return 0; + #else + #ifdef PQI_USE_SSLONLY + return 0; + #else // PGP+SSL + + GPGAuthMgr *mgr = (GPGAuthMgr *) getAuthMgr(); + name = id; + email = id; + + return 1; + #endif + #endif +} + + +std::string RsInit::gpgPasswd; + +bool RsInit::LoadGPGPassword(std::string id, std::string _passwd) +{ + bool ok = false; + std::string gpgId = id; + std::string name = id; + gpgPasswd = _passwd; + + + GPGAuthMgr *gpgAuthMgr = (GPGAuthMgr *) getAuthMgr(); + if (0 < gpgAuthMgr -> GPGInit(gpgId, name, gpgPasswd.c_str())) + { + ok = true; + std::cerr << "PGP Auth Success!"; + std::cerr << "ID: " << id << " NAME: " << name; + std::cerr << std::endl; + } + else + { + std::cerr << "PGP Auth Failed!"; + std::cerr << "ID: " << id << " NAME: " << name; + std::cerr << std::endl; + } + return ok; +} + +#endif // RS_USE_PGPSSL + + + + const std::string& RsServer::certificateFileName() { return RsInit::load_cert ; } /* @@ -594,15 +671,7 @@ int RsServer::StartupRetroShare() mAuthMgr -> setConfigDirectories(certConfigFile, certNeighDir); -/**************** PQI_USE_XPGP ******************/ -#if defined(PQI_USE_XPGP) - ((AuthXPGP *) mAuthMgr) -> loadCertificates(oldFormat, oldConfigMap); -#else /* X509 Certificates */ -/**************** PQI_USE_XPGP ******************/ mAuthMgr -> loadCertificates(); -#endif /* X509 Certificates */ -/**************** PQI_USE_XPGP ******************/ - /**************************************************************************/ /* setup classes / structures */ @@ -774,23 +843,6 @@ int RsServer::StartupRetroShare() #endif /* X509 Certificates */ /**************** PQI_USE_XPGP ******************/ - if (oldFormat) - { - std::cerr << "Startup() Loaded Old Certificate Format" << std::endl; - - /* transfer all authenticated peers to friend list */ - std::list authIds; - mAuthMgr->getAuthenticatedList(authIds); - - std::list::iterator it; - for(it = authIds.begin(); it != authIds.end(); it++) - { - mConnMgr->addFriend(*it); - } - - /* move other configuration options */ - } - /**************************************************************************/ /* trigger generalConfig loading for classes that require it */ /**************************************************************************/ @@ -948,20 +1000,46 @@ int RsInit::LoadCertificates(bool autoLoginNT) p3AuthMgr *authMgr = getAuthMgr(); + bool ok = false; + /**************** PQI_USE_XPGP ******************/ #if defined(PQI_USE_XPGP) if (0 < authMgr -> InitAuth(load_cert.c_str(), load_key.c_str(),passwd.c_str())) + { + ok = true; + } #else /* X509 Certificates */ /**************** PQI_USE_XPGP ******************/ - /* The SSL + PGP version will require - * Id of pgp account + password - * padding with NULLs - */ + /* The SSL / SSL + PGP version requires, SSL init + PGP init. */ + /**************** PQI_USE_XPGP ******************/ + #if defined(PQI_USE_SSLONLY) + if (0 < authMgr -> InitAuth(load_cert.c_str(), load_key.c_str(),passwd.c_str())) + { + ok = true; + } + else + { + std::cerr << "AuthSSL::InitAuth Failed" << std::endl; + } - if (0 < authMgr -> InitAuth(load_cert.c_str(), NULL, passwd.c_str())) + #else /* X509 Certificates */ + /**************** PQI_USE_XPGP ******************/ + /* The SSL / SSL + PGP version requires, SSL init + PGP init. */ + if (0 < authMgr -> InitAuth(load_cert.c_str(), load_key.c_str(),passwd.c_str())) + { + ok = true; + } + else + { + std::cerr << "SSL Auth Failed!"; + std::cerr << std::endl; + } + #endif /* X509 Certificates */ + /**************** PQI_USE_XPGP ******************/ #endif /* X509 Certificates */ /**************** PQI_USE_XPGP ******************/ + if (ok) { if (autoLoginNT) { @@ -1003,6 +1081,7 @@ bool RsInit::ValidateCertificate(std::string &userName) #else /* X509 Certificates */ /**************** PQI_USE_XPGP ******************/ /* check against authmanagers private keys */ + return LoadCheckX509andGetName(fname.c_str(), userName, userId); #endif /* X509 Certificates */ /**************** PQI_USE_XPGP ******************/ @@ -1019,6 +1098,7 @@ bool RsInit::ValidateTrustedUser(std::string fname, std::string &userName) valid = LoadCheckXPGPandGetName(fname.c_str(), userName, userId); #else /* X509 Certificates */ /**************** PQI_USE_XPGP ******************/ + valid = LoadCheckX509andGetName(fname.c_str(), userName, userId); #endif /* X509 Certificates */ /**************** PQI_USE_XPGP ******************/ @@ -1041,6 +1121,7 @@ bool RsInit::LoadPassword(std::string _passwd) return true; } + /* A little nasty fn.... * (1) returns true, if successful, and updates config. * (2) returns false if fails, with error msg to errString. @@ -1083,6 +1164,7 @@ bool RsInit::RsGenerateCertificate( std::string key_name = basename + "_pk.pem"; std::string cert_name = basename + "_cert.pem"; + bool gen_ok = false; /**************** PQI_USE_XPGP ******************/ #if defined(PQI_USE_XPGP) @@ -1095,18 +1177,187 @@ bool RsInit::RsGenerateCertificate( "", //ui -> gen_state -> value(), country.c_str(), nbits)) + { + gen_ok = true; + } + #else /* X509 Certificates */ /**************** PQI_USE_XPGP ******************/ - /* UNTIL THIS IS FILLED IN CANNOT GENERATE X509 REQ */ - /* What should happen here - is a new openpgp certificate - * is created, with a retroshare subkey, - * this is then used to generate a self-signed certificate +/**************** PQI_USE_XPGP ******************/ + #if defined(PQI_USE_SSLONLY) + X509_REQ *req = GenerateX509Req( + key_name.c_str(), + password.c_str(), + name.c_str(), + "", //ui -> gen_email -> value(), + org.c_str(), + loc.c_str(), + "", //ui -> gen_state -> value(), + country.c_str(), + nbits, errString); + + /* load private key */ + /* now convert to a self-signed certificate */ + EVP_PKEY *privkey = NULL; + long days = 3000; + + gen_ok = true; + /********** Test Loading the private Key.... ************/ + FILE *tst_in = NULL; + if (NULL == (tst_in = fopen(key_name.c_str(), "rb"))) + { + fprintf(stderr,"RsGenerateCert() Couldn't Open Private Key"); + fprintf(stderr," : %s\n", key_name.c_str()); + gen_ok = false; + } + + if ((gen_ok) && (NULL == (privkey = + PEM_read_PrivateKey(tst_in,NULL,NULL,(void *) password.c_str())))) + { + fprintf(stderr,"RsGenerateCert() Couldn't Read Private Key"); + fprintf(stderr," : %s\n", key_name.c_str()); + gen_ok = false; + } + + + X509 *cert = NULL; + if (gen_ok) + { + cert = SignX509Certificate(X509_REQ_get_subject_name(req), + privkey,req,days); + + /* Print the signed Certificate! */ + BIO *bio_out = NULL; + bio_out = BIO_new(BIO_s_file()); + BIO_set_fp(bio_out,stdout,BIO_NOCLOSE); + + /* Print it out */ + int nmflag = 0; + int reqflag = 0; + + X509_print_ex(bio_out, cert, nmflag, reqflag); + + BIO_flush(bio_out); + BIO_free(bio_out); + + } + else + { + fprintf(stderr,"RsGenerateCert() Didn't Sign Certificate\n"); + gen_ok = false; + } + + /* Save cert to file */ + // open the file. + FILE *out = NULL; + if (NULL == (out = fopen(cert_name.c_str(), "w"))) + { + fprintf(stderr,"RsGenerateCert() Couldn't create Cert File"); + fprintf(stderr," : %s\n", cert_name.c_str()); + return 0; + } + + if (!PEM_write_X509(out,cert)) + { + fprintf(stderr,"RsGenerateCert() Couldn't Save Cert"); + fprintf(stderr," : %s\n", cert_name.c_str()); + return 0; + } + + if (cert) + { + gen_ok = true; + } + + X509_free(cert); + X509_REQ_free(req); + fclose(tst_in); + fclose(out); + EVP_PKEY_free(privkey); + + + #else /* X509 Certificates */ + /**************** PQI_USE_XPGP ******************/ + + + /* Extra step required for SSL + PGP, user must have selected + * or generated a suitable key so the signing can happen. */ - //mAuthMgr->createUser( ); + + X509_REQ *req = GenerateX509Req( + key_name.c_str(), + password.c_str(), + name.c_str(), + "", //ui -> gen_email -> value(), + org.c_str(), + loc.c_str(), + "", //ui -> gen_state -> value(), + country.c_str(), + nbits, errString); + + GPGAuthMgr *mgr = (GPGAuthMgr *) getAuthMgr(); + long days = 3000; + X509 *x509 = mgr->SignX509Req(req, days, "dummypassword"); + + X509_REQ_free(req); + + /* save to file */ + if (x509) + { + gen_ok = true; + + /* Print the signed Certificate! */ + BIO *bio_out = NULL; + bio_out = BIO_new(BIO_s_file()); + BIO_set_fp(bio_out,stdout,BIO_NOCLOSE); + + /* Print it out */ + int nmflag = 0; + int reqflag = 0; + + X509_print_ex(bio_out, x509, nmflag, reqflag); + + BIO_flush(bio_out); + BIO_free(bio_out); + + } + else + { + gen_ok = false; + } + + if (gen_ok) + { + /* Save cert to file */ + // open the file. + FILE *out = NULL; + if (NULL == (out = fopen(cert_name.c_str(), "w"))) + { + fprintf(stderr,"RsGenerateCert() Couldn't create Cert File"); + fprintf(stderr," : %s\n", cert_name.c_str()); + gen_ok = false; + } + + if (!PEM_write_X509(out,x509)) + { + fprintf(stderr,"RsGenerateCert() Couldn't Save Cert"); + fprintf(stderr," : %s\n", cert_name.c_str()); + gen_ok = false; + } + + fclose(out); + X509_free(x509); + } + + + #endif /* X509 Certificates */ + /**************** PQI_USE_XPGP ******************/ #endif /* X509 Certificates */ /**************** PQI_USE_XPGP ******************/ + + if (!gen_ok) { - errString = "Generation of XPGP Failed"; + errString = "Generation of Certificate Failed"; return false; } diff --git a/libretroshare/src/rsserver/p3files.cc b/libretroshare/src/rsserver/p3files.cc deleted file mode 100644 index 6217a44af..000000000 --- a/libretroshare/src/rsserver/p3files.cc +++ /dev/null @@ -1,396 +0,0 @@ - -/* - * "$Id: p3face-file.cc,v 1.6 2007-04-15 18:45:23 rmf24 Exp $" - * - * RetroShare C++ Interface. - * - * Copyright 2004-2006 by Robert Fernie. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Library General Public - * License Version 2 as published by the Free Software Foundation. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Library General Public License for more details. - * - * You should have received a copy of the GNU Library General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 - * USA. - * - * Please report all bugs and problems to "retroshare@lunamutt.com". - * - */ - -#include "rsserver/p3files.h" - -#include "rsserver/p3face.h" -#include "server/filedexserver.h" - -#include -#include - -//RsFiles *rsFiles = NULL; - -void p3Files::lockRsCore() -{ - mCore->lockRsCore(); -} - -void p3Files::unlockRsCore() -{ - mCore->unlockRsCore(); -} - -int p3Files::UpdateAllTransfers() -{ - /* lock Mutexes */ - lockRsCore(); /* LOCK */ - - std::list nTransList = mServer -> getTransfers(); - std::list::iterator it; - - mTransfers.clear(); - - for(it = nTransList.begin(); it != nTransList.end(); it++) - { - FileInfo ti; - - ti.id = (*it)->cPeerId; - ti.source = mAuthMgr->getName(ti.id); - ti.peerIds = (*it) -> allPeerIds.ids; - - ti.fname = (*it) -> file.name; - ti.hash = (*it) -> file.hash; - ti.path = (*it) -> file.path; - ti.size = (*it) -> file.filesize; - - ti.transfered = (*it) -> transferred; - ti.avail = ti.transfered; - /* other ones!!! */ - ti.tfRate = (*it) -> crate / 1000; - ti.download = (*it) -> in; - ti.downloadStatus = (*it) -> state; - - mTransfers[ti.hash] = ti; - - delete (*it); - } - - unlockRsCore(); /* UNLOCK */ - - return 1; -} - - -/* 1) Access to downloading / uploading files. */ - -bool p3Files::FileDownloads(std::list &hashs) -{ - RsStackMutex stack(fMutex); /**** LOCKED ****/ - - std::map::iterator it; - for(it = mTransfers.begin(); it != mTransfers.end(); it++) - { - if (it->second.download) - { - hashs.push_back(it->second.hash); - } - } - return true; -} - -bool p3Files::FileUploads(std::list &hashs) -{ - RsStackMutex stack(fMutex); /**** LOCKED ****/ - - std::map::iterator it; - for(it = mTransfers.begin(); it != mTransfers.end(); it++) - { - if (!(it->second.download)) - { - hashs.push_back(it->second.hash); - } - } - return true; -} - -bool p3Files::FileDetails(std::string hash, uint32_t hintflags, FileInfo &info) -{ - RsStackMutex stack(fMutex); /**** LOCKED ****/ - - /* for the moment this will only show transferred data */ - std::map::iterator it; - - if (mTransfers.end() == (it = mTransfers.find(hash))) - { - return false; - } - - info = it->second; - return true; -} - - -/* 2) Control of Downloads. */ -bool p3Files::FileControl(std::string hash, uint32_t flags) -{ - /* dummy function for now */ - return false; -} - -bool p3Files::FileRequest(std::string fname, std::string hash, uint64_t size, - std::string dest, uint32_t flags, std::list srcIds) -{ - std::cerr << "p3Files::FileRequest()"; - std::cerr << std::endl; - std::cerr << "name:" << fname; - std::cerr << std::endl; - std::cerr << "size:" << size; - std::cerr << std::endl; - std::cerr << "dest:" << dest; - std::cerr << std::endl; - - lockRsCore(); /* LOCKED */ - - std::cerr << "p3Files::FileRequest(" << fname << ", "; - std::cerr << hash << ", " << size << ", " << dest << ")" << std::endl; - - int ret = mServer -> getFile(fname, hash, size, dest); - - unlockRsCore(); /* UNLOCKED */ - std::cerr << "p3Files::FileRequest() Done"; - std::cerr << std::endl; - - return ret; -} - -bool p3Files::FileCancel(std::string hash) -{ - lockRsCore(); /* LOCKED */ - - mServer -> cancelTransfer("", hash, 0); // other args not actually used!. - - unlockRsCore(); /* UNLOCKED */ - - return 1; -} - - -bool p3Files::FileClearCompleted() -{ - std::cerr << "p3Files::FileClearCompleted()" << std::endl; - - /* lock Mutexes */ - lockRsCore(); /* LOCK */ - - mServer -> clear_old_transfers(); - - unlockRsCore(); /* UNLOCK */ - - /* update data */ - UpdateAllTransfers(); - - return 1; -} - - - -/* 3) Addition of Extra Files... From File System (Dummy at the moment) */ - -bool p3Files::ExtraFileAdd(std::string fname, std::string hash, uint64_t size, - uint32_t period, uint32_t flags) -{ - return false; -} - -bool p3Files::ExtraFileRemove(std::string hash, uint32_t flags) -{ - return false; -} - -bool p3Files::ExtraFileHash(std::string localpath, - uint32_t period, uint32_t flags) -{ - return false; -} - -bool p3Files::ExtraFileStatus(std::string localpath, FileInfo &info) -{ - return false; -} - - -/* 4) Search and Listing Interface */ - -int p3Files::RequestDirDetails(std::string uid, std::string path, - DirDetails &details) -{ - lockRsCore(); /* LOCK */ - - /* call to filedexmServer */ - int val = mServer->RequestDirDetails(uid, path, details); - - unlockRsCore(); /* UNLOCK */ - - return val; - -} - -int p3Files::RequestDirDetails(void *ref, DirDetails &details, uint32_t flags) -{ - lockRsCore(); /* LOCK */ - - /* call to filedexmServer */ - int val = mServer->RequestDirDetails(ref, details, flags); - - unlockRsCore(); /* UNLOCK */ - - return val; -} - - -int p3Files::SearchKeywords(std::list keywords, std::list &results,uint32_t flags) -{ - lockRsCore(); /* LOCK */ - - /* call to filedexmServer */ - int val = mServer->SearchKeywords(keywords, results,flags); - - unlockRsCore(); /* UNLOCK */ - - return val; -} - -int p3Files::SearchBoolExp(Expression *exp, std::list &results) -{ - lockRsCore(); /* LOCK */ - - /* call to filedexmServer */ - int val = mServer->SearchBoolExp(exp, results); - - unlockRsCore(); /* UNLOCK */ - - return val; -} - - -/* 5) Utility Functions. */ - - -bool p3Files::ConvertSharedFilePath(std::string path, std::string &fullpath) -{ - lockRsCore(); /* LOCK */ - - /* call to filedexmServer */ - bool val = mServer->ConvertSharedFilePath(path, fullpath); - - /* done! */ - /* unlock Mutexes */ - unlockRsCore(); /* UNLOCK */ - - return val; -} - - -void p3Files::ForceDirectoryCheck() -{ - lockRsCore(); /* LOCK */ - - /* call to filedexmServer */ - mServer->ForceDirectoryCheck(); - - /* done! */ - /* unlock Mutexes */ - unlockRsCore(); /* UNLOCK */ -} - - -bool p3Files::InDirectoryCheck() -{ - lockRsCore(); /* LOCK */ - - /* call to filedexmServer */ - bool val = mServer->InDirectoryCheck(); - - /* done! */ - /* unlock Mutexes */ - unlockRsCore(); /* UNLOCK */ - - return val; -} - - - -void p3Files::setDownloadDirectory(std::string path) -{ - /* lock Mutexes */ - lockRsCore(); /* LOCK */ - - mServer -> setSaveDir(path); - - unlockRsCore(); /* UNLOCK */ -} - - -std::string p3Files::getDownloadDirectory() -{ - /* lock Mutexes */ - lockRsCore(); /* LOCK */ - - std::string path = mServer -> getSaveDir(); - - unlockRsCore(); /* UNLOCK */ - - return path; -} - -void p3Files::setPartialsDirectory(std::string path) -{ - /* dummy */ - return; -} - -std::string p3Files::getPartialsDirectory() -{ - std::string path; - return path; -} - -bool p3Files::getSharedDirectories(std::list &dirs) -{ - /* lock Mutexes */ - lockRsCore(); /* LOCK */ - - dirs = mServer -> getSearchDirectories(); - - unlockRsCore(); /* UNLOCK */ - return true; -} - - -bool p3Files::addSharedDirectory(std::string dir) -{ - /* lock Mutexes */ - lockRsCore(); /* LOCK */ - - mServer -> addSearchDirectory(dir); - - unlockRsCore(); /* UNLOCK */ - return true; -} - -bool p3Files::removeSharedDirectory(std::string dir) -{ - lockRsCore(); /* LOCK */ - - mServer -> removeSearchDirectory(dir); - - unlockRsCore(); /* UNLOCK */ - - return true; -} - - diff --git a/libretroshare/src/rsserver/p3peers.cc b/libretroshare/src/rsserver/p3peers.cc index a31ee220a..3b0c592dc 100644 --- a/libretroshare/src/rsserver/p3peers.cc +++ b/libretroshare/src/rsserver/p3peers.cc @@ -33,6 +33,8 @@ #include #include +#include + /**************** PQI_USE_XPGP ******************/ #if defined(PQI_USE_XPGP) #include "pqi/authxpgp.h" @@ -48,13 +50,42 @@ RsPeers *rsPeers = NULL; /******* * #define P3PEERS_DEBUG 1 *******/ +#define P3PEERS_DEBUG 1 static uint32_t RsPeerTranslateTrust(uint32_t trustLvl); int ensureExtension(std::string &name, std::string def_ext); std::string RsPeerTrustString(uint32_t trustLvl) { + std::string str; + +#ifdef RS_USE_PGPSSL + switch(trustLvl) + { + default: + case GPGME_VALIDITY_UNKNOWN: + str = "GPGME_VALIDITY_UNKNOWN"; + break; + case GPGME_VALIDITY_UNDEFINED: + str = "GPGME_VALIDITY_UNDEFINED"; + break; + case GPGME_VALIDITY_NEVER: + str = "GPGME_VALIDITY_NEVER"; + break; + case GPGME_VALIDITY_MARGINAL: + str = "GPGME_VALIDITY_MARGINAL"; + break; + case GPGME_VALIDITY_FULL: + str = "GPGME_VALIDITY_FULL"; + break; + case GPGME_VALIDITY_ULTIMATE: + str = "GPGME_VALIDITY_ULTIMATE"; + break; + } + return str; +#endif + if (trustLvl == RS_TRUST_LVL_GOOD) { str = "Good"; @@ -262,6 +293,7 @@ bool p3Peers::getPeerDetails(std::string id, RsPeerDetails &d) return false; } + d.fpr = authDetail.fpr; d.id = authDetail.id; d.name = authDetail.name; d.email = authDetail.email; @@ -272,7 +304,11 @@ bool p3Peers::getPeerDetails(std::string id, RsPeerDetails &d) d.ownsign = authDetail.ownsign; d.trusted = authDetail.trusted; +#ifdef RS_USE_PGPSSL + d.trustLvl = authDetail.trustLvl; +#else d.trustLvl = RsPeerTranslateTrust(authDetail.trustLvl); +#endif /* generate */ d.authcode = "AUTHCODE"; @@ -427,6 +463,84 @@ std::string p3Peers::getPeerName(std::string id) return mAuthMgr->getName(id); } + +bool p3Peers::getPGPFriendList(std::list &ids) +{ +#ifdef P3PEERS_DEBUG + std::cerr << "p3Peers::getPGPFriendList()"; + std::cerr << std::endl; +#endif + + std::list certids; + std::list::iterator it; + + mConnMgr->getFriendList(certids); + + /* get from mAuthMgr (first) */ + for(it = certids.begin(); it != certids.end(); it++) + { + pqiAuthDetails detail; + if (!mAuthMgr->getDetails(*it, detail)) + { + continue; + } + +#ifdef P3PEERS_DEBUG + std::cerr << "p3Peers::getPGPFriendList() Cert Id: " << *it; + std::cerr << " Issuer: " << detail.issuer; + std::cerr << std::endl; +#endif + +#if 0 + if (!mAuthMgr->isPGPvalid(detail.issuer)) + { + continue; + } +#endif + + if (ids.end() == std::find(ids.begin(),ids.end(),detail.issuer)) + { + +#ifdef P3PEERS_DEBUG + std::cerr << "p3Peers::getPGPFriendList() Adding Friend: "; + std::cerr << detail.issuer; + std::cerr << std::endl; +#endif + + ids.push_back(detail.issuer); + } + } + return true; +} + + + +bool p3Peers::getPGPAllList(std::list &ids) +{ +#ifdef P3PEERS_DEBUG + std::cerr << "p3Peers::getPGPOthersList()"; + std::cerr << std::endl; +#endif + + /* get from mAuthMgr */ + mAuthMgr->getPGPAllList(ids); + return true; +} + +std::string p3Peers::getPGPOwnId() +{ +#ifdef P3PEERS_DEBUG + std::cerr << "p3Peers::getPGPOwnId()"; + std::cerr << std::endl; +#endif + + /* get from mAuthMgr */ + return mAuthMgr->PGPOwnId(); +} + + + + /* Add/Remove Friends */ bool p3Peers::addFriend(std::string id) { @@ -583,27 +697,32 @@ p3Peers::GetRetroshareInvite() std::cerr << std::endl; #endif + std::cerr << "p3Peers::GetRetroshareInvite()"; + std::cerr << std::endl; + std::string ownId = mAuthMgr->OwnId(); - //std::string certstr = mAuthMgr->SaveCertificateToString(ownId); - - std::string certstr ; - FILE *fcert = fopen(RsInit::load_cert.c_str(), "r"); - char c ; - - if(fcert == NULL) - return "Error: could not open certificate file." ; - - while( (c=fgetc(fcert))!=EOF) - certstr.push_back(c) ; - fclose(fcert) ; - + std::string certstr = mAuthMgr->SaveCertificateToString(ownId); std::string name = mAuthMgr->getName(ownId); - std::ostringstream out; - out << certstr; - out << std::endl; + std::string pgpownId = mAuthMgr->PGPOwnId(); + std::string pgpcertstr = mAuthMgr->SaveCertificateToString(pgpownId); - return out.str(); + std::cerr << "p3Peers::GetRetroshareInvite() SSL Cert:"; + std::cerr << std::endl; + std::cerr << certstr; + std::cerr << std::endl; + + std::cerr << "p3Peers::GetRetroshareInvite() PGP Cert:"; + std::cerr << std::endl; + std::cerr << pgpcertstr; + std::cerr << std::endl; + + std::string combinedcerts = certstr; + combinedcerts += '\n'; + combinedcerts += pgpcertstr; + combinedcerts += '\n'; + + return combinedcerts; } //=========================================================================== @@ -618,6 +737,51 @@ bool p3Peers::LoadCertificateFromFile(std::string fname, std::string &id) return mAuthMgr->LoadCertificateFromFile(fname, id); } + +bool splitCerts(std::string in, std::string &sslcert, std::string &pgpcert) +{ + std::cerr << "splitCerts():" << in; + std::cerr << std::endl; + + /* search for -----END CERTIFICATE----- */ + std::string sslend("-----END CERTIFICATE-----"); + std::string pgpend("-----END PGP PUBLIC KEY BLOCK-----"); + size_t pos = in.find(sslend); + size_t pos2 = in.find(pgpend); + size_t ssllen, pgplen; + + if (pos != std::string::npos) + { + std::cerr << "splitCerts(): Found SSL Cert"; + std::cerr << std::endl; + + ssllen = pos + sslend.length(); + sslcert = in.substr(0, ssllen); + + if (pos2 != std::string::npos) + { + std::cerr << "splitCerts(): Found SSL + PGP Cert"; + std::cerr << std::endl; + + pgplen = pos2 + pgpend.length() - ssllen; + pgpcert = in.substr(ssllen, pgplen); + } + return true; + } + else if (pos2 != std::string::npos) + { + std::cerr << "splitCerts(): Found PGP Cert Only"; + std::cerr << std::endl; + + pgplen = pos2 + pgpend.length(); + pgpcert = in.substr(0, pgplen); + return true; + } + return false; +} + + + bool p3Peers::LoadCertificateFromString(std::string cert, std::string &id) { #ifdef P3PEERS_DEBUG @@ -625,9 +789,34 @@ bool p3Peers::LoadCertificateFromString(std::string cert, std::string &id) std::cerr << std::endl; #endif - return mAuthMgr->LoadCertificateFromString(cert, id); + std::string sslcert; + std::string pgpcert; + bool ret = false; + if (splitCerts(cert, sslcert, pgpcert)) + { + if (pgpcert != "") + { + std::cerr << "pgpcert .... " << std::endl; + std::cerr << pgpcert << std::endl; + + ret = mAuthMgr->LoadCertificateFromString(pgpcert, id); + } + if (sslcert != "") + { + std::cerr << "sslcert .... " << std::endl; + std::cerr << sslcert << std::endl; + + ret = mAuthMgr->LoadCertificateFromString(sslcert, id); + } + } + + return ret; } + + + + bool p3Peers::SaveCertificateToFile(std::string id, std::string fname) { #ifdef P3PEERS_DEBUG @@ -659,6 +848,11 @@ bool p3Peers::AuthCertificate(std::string id, std::string code) if (mAuthMgr->AuthCertificate(id)) { +#ifdef P3PEERS_DEBUG + std::cerr << "p3Peers::AuthCertificate() OK ... Adding as Friend"; + std::cerr << std::endl; +#endif + /* add in as a friend */ return mConnMgr->addFriend(id); } diff --git a/libretroshare/src/rsserver/p3peers.h b/libretroshare/src/rsserver/p3peers.h index 76f0f2ec8..01c45ebe1 100644 --- a/libretroshare/src/rsserver/p3peers.h +++ b/libretroshare/src/rsserver/p3peers.h @@ -53,6 +53,12 @@ virtual bool isFriend(std::string id); virtual std::string getPeerName(std::string id); virtual bool getPeerDetails(std::string id, RsPeerDetails &d); + /* Using PGP Ids */ +virtual std::string getPGPOwnId(); +virtual bool getPGPFriendList(std::list &ids); +virtual bool getPGPAllList(std::list &ids); + + /* Add/Remove Friends */ virtual bool addFriend(std::string id); virtual bool removeFriend(std::string id); diff --git a/libretroshare/src/rsserver/pqistrings.cc b/libretroshare/src/rsserver/pqistrings.cc deleted file mode 100644 index 3f8e549aa..000000000 --- a/libretroshare/src/rsserver/pqistrings.cc +++ /dev/null @@ -1,744 +0,0 @@ - -/* - * "$Id: pqistrings.cc,v 1.1 2007-02-19 20:08:30 rmf24 Exp $" - * - * RetroShare C++ Interface. - * - * Copyright 2004-2006 by Robert Fernie. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Library General Public - * License Version 2 as published by the Free Software Foundation. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Library General Public License for more details. - * - * You should have received a copy of the GNU Library General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 - * USA. - * - * Please report all bugs and problems to "retroshare@lunamutt.com". - * - */ - - -#include "pqi/pqi.h" -#include "pqi/pqinetwork.h" - -/**************** PQI_USE_XPGP ******************/ -#if defined(PQI_USE_XPGP) - -#include "pqi/xpgpcert.h" - -#else /* X509 Certificates */ -/**************** PQI_USE_XPGP ******************/ - -#include "pqi/sslcert.h" - -#endif /* X509 Certificates */ -/**************** PQI_USE_XPGP ******************/ - -#include "rsserver/pqistrings.h" - -#include -#include -#include -#include - -/**************** PQI_USE_XPGP ******************/ -#if defined(PQI_USE_XPGP) -std::string getXPGPInfo(XPGP *cert); -#endif /* XPGP Certificates */ -/**************** PQI_USE_XPGP ******************/ - -std::string get_status_string(int status) -{ - std::string sstr(""); - if (status & PERSON_STATUS_CONNECTED) - { - sstr += "Online"; - return sstr; - } - if (!(status & PERSON_STATUS_ACCEPTED)) - { - sstr += "Denied Access"; - return sstr; - } - - if (status & PERSON_STATUS_INUSE) - { - sstr += "Connecting"; - /* - if (status & PERSON_STATUS_WILL_LISTEN) - { - sstr += "Listening"; - } - sstr += "/"; - if (status & PERSON_STATUS_WILL_CONNECT) - { - sstr += "Connecting"; - } - sstr += "]"; - */ - return sstr; - } - sstr += "Unknown"; - return sstr; -} - - -std::string get_neighbourstatus_string(Person *p) -{ - // if connected - show how long - // if !autoconnected - tick to connect. - // - // if connecting. - // show time to next connect attempt. - // else show the last connect time. - - std::ostringstream connstr; - - connstr << "Last Conn/Recv: "; - int lct = time(NULL) - p -> lc_timestamp; - int lrt = time(NULL) - p -> lr_timestamp; - if (lct < 100000000) - { - connstr << get_timeperiod_string(lct); - } - else - { - connstr << "Never"; - } - connstr << "/"; - if (lrt < 100000000) - { - connstr << get_timeperiod_string(lrt); - } - else - { - connstr << "Never"; - } - - return connstr.str(); -} - - -int get_lastconnecttime(Person *p) -{ - std::ostringstream connstr; - - int lct = time(NULL) - p -> lc_timestamp; - int lrt = time(NULL) - p -> lr_timestamp; - if (lrt < lct) - { - lct = lrt; - } - return lct; -} - -std::string get_lastconnecttime_string(Person *p) -{ - int lct = get_lastconnecttime(p); - if (lct < 32000000) - { - return get_timeperiod_string(lct); - } - else - { - return std::string("Never"); - } -} - - -std::string get_autoconnect_string(Person *p) -{ - // if connected - show how long - // if !autoconnected - tick to connect. - // - // if connecting. - // show time to next connect attempt. - // else show the last connect time. - - std::ostringstream connstr; - - Person *own = getSSLRoot() -> getOwnCert(); - if (p == own) - { - connstr << "Yourself"; - return connstr.str(); - } - - if (p -> Connected()) - { - /* - long ct = p->lc_timestamp; - if (ct < p->lr_timestamp) - ct = p->lr_timestamp; - - connstr << "Online: " << get_timeperiod_string(time(NULL) - ct); - */ - connstr << "Online"; - } - else if (p -> Manual()) - { - if (p->trustLvl < TRUST_SIGN_AUTHEN) - { - connstr << "Please Authenticate"; - } - else - { - connstr << "Tick to Connect"; - } - } - else - { - connstr << "Offline"; - } - - /* - else if (p -> WillConnect()) - { - connstr << "Connect in:"; - connstr << get_timeperiod_string(p->nc_timestamp - time(NULL)); - } - else - { - connstr << "Last Conn:"; - long ct = p->lc_timestamp; - if (ct < p->lr_timestamp) - { - ct = p->lr_timestamp; - connstr << "(I):"; - } - else - { - connstr << "(O):"; - } - connstr << get_timeperiod_string(time(NULL) - ct); - } - */ - - return connstr.str(); -} - - -std::string get_trust_string(Person *p) -{ - std::ostringstream srvstr; - - /* This is now changing to display 2 things. - * - * (1) - Proxy - * (2) - Auth Level. - */ - - Person *own = getSSLRoot() -> getOwnCert(); - if (p == own) - { - srvstr << "Yourself"; // Certificate"; - return srvstr.str(); - } - - switch(p -> trustLvl) - { - case TRUST_SIGN_OWN: - srvstr << "Auth (S)"; //Good: Own Signature"; - break; - case TRUST_SIGN_TRSTED: - srvstr << "Trusted (ST)"; //Good: Trusted Signer"; - break; - case TRUST_SIGN_AUTHEN: - srvstr << "Auth"; //Good: Authenticated"; - break; - case TRUST_SIGN_BASIC: - srvstr << "Untrusted"; // : Acquaintance "; - break; - case TRUST_SIGN_UNTRUSTED: - srvstr << "Unknown (2)"; - break; - case TRUST_SIGN_UNKNOWN: - srvstr << "Unknown (1)"; - break; - case TRUST_SIGN_NONE: - srvstr << "Unknown (0)"; - break; - case TRUST_SIGN_BAD: /* not checked yet */ - srvstr << "Not Avail"; - break; - default: - srvstr << "UNKNOWN"; - break; - } - return srvstr.str(); -} - - - -std::string get_server_string(Person *p) -{ - std::ostringstream srvstr; - - if ((0 == inaddr_cmp(p -> serveraddr, 0)) || (p -> Local())) - { - if (0 == inaddr_cmp(p -> localaddr, 0)) - { - srvstr << "Unknown Addr"; - } - else - { - srvstr << "L: " << inet_ntoa(p -> localaddr.sin_addr); - srvstr << ":" << ntohs(p -> localaddr.sin_port); - } - } - else - { - srvstr << "S: " << inet_ntoa(p -> serveraddr.sin_addr); - srvstr << ":" << ntohs(p -> serveraddr.sin_port); - } - - // need own cert! - Person *own = getSSLRoot() -> getOwnCert(); - - if ((isValidNet(&(p->serveraddr.sin_addr))) && - (!isPrivateNet(&(p->serveraddr.sin_addr))) && - (!sameNet(&(own->localaddr.sin_addr), &(p->serveraddr.sin_addr)))) - { - srvstr << " (Proxy-S) "; - } - else if ((!p->Firewalled()) && (isValidNet(&(p->localaddr.sin_addr))) && - (!isPrivateNet(&(p->localaddr.sin_addr))) && - (!sameNet(&(own->localaddr.sin_addr), &(p->localaddr.sin_addr)))) - { - srvstr << " (Proxy-L) "; - } - return srvstr.str(); -} - -const int sec_per_min = 60; -const int sec_per_hour = 3600; -const int sec_per_day = 3600 * 24; - -std::string get_timeperiod_string(int secs) -{ - - int days = secs / sec_per_day; - secs -= days * sec_per_day; - int hours = secs / sec_per_hour; - secs -= hours * sec_per_hour; - int mins = secs / sec_per_min; - secs -= mins * sec_per_min; - - std::ostringstream srvstr; - - if (days > 0) - { - srvstr << days << " days "; - } - else if (hours > 0) - { - srvstr << hours << ":" << mins << " hours"; - } - else - { - srvstr << mins << ":" << secs << " min"; - } - return srvstr.str(); -} - -std::string get_neighbour_info(cert *c) -{ - std::ostringstream ostr; - -/**************** PQI_USE_XPGP ******************/ -#if defined(PQI_USE_XPGP) - ostr << getX509CNString(c -> certificate -> subject -> subject); -#else /* X509 Certificates */ -/**************** PQI_USE_XPGP ******************/ - ostr << getX509CNString(c -> certificate -> cert_info -> subject); -#endif /* X509 Certificates */ -/**************** PQI_USE_XPGP ******************/ - - - ostr << "\t" << get_neighbourstatus_string(c); - return ostr.str(); -} - -std::string get_cert_info(cert *c) -{ - std::ostringstream ostr; - ostr << "************ Certificate **************" << std::endl; -/**************** PQI_USE_XPGP ******************/ -#if defined(PQI_USE_XPGP) - ostr << getXPGPInfo(c -> certificate); -#else /* X509 Certificates */ -/**************** PQI_USE_XPGP ******************/ - ostr << getX509Info(c -> certificate); -#endif /* X509 Certificates */ -/**************** PQI_USE_XPGP ******************/ - ostr << "********** Connection Info ************" << std::endl; - ostr << "Local Addr : " << inet_ntoa(c -> localaddr.sin_addr); - ostr << ":" << ntohs(c -> localaddr.sin_port) << std::endl; - ostr << "Server Addr : " << inet_ntoa(c -> serveraddr.sin_addr); - ostr << ":" << ntohs(c -> serveraddr.sin_port) << std::endl; - ostr << "FLAGS: "; - if (!c -> Firewalled()) - { - ostr << "Not "; - } - ostr << "Firewalled, "; - if (!c -> Forwarded()) - { - ostr << "Not "; - } - ostr << "Forwarded" << std::endl; - ostr << std::endl; - - - ostr << "Last Connect Addr: " << inet_ntoa(c -> lastaddr.sin_addr); - ostr << ":" << ntohs(c -> lastaddr.sin_port) << std::endl; - - ostr << "Last Connect Time: "; - ostr << get_timeperiod_string(time(NULL) - c -> lc_timestamp); - ostr << std::endl; - ostr << "Last Receive Time: "; - ostr << get_timeperiod_string(time(NULL) - c -> lr_timestamp); - ostr << std::endl; - ostr << std::endl; - - ostr << "Next Connect in : "; - ostr << get_timeperiod_string(c->nc_timestamp - time(NULL)); - ostr << std::endl; - - ostr << "AutoConnect: " << get_autoconnect_string(c); - ostr << std::endl; - - ostr << "***************************************" << std::endl; - - return ostr.str(); -} - - -std::string getX509Info(X509 *cert) -{ - // Details from the structure - // cert_info (X509_CINF *) - // sig_alg (X509_ALGOR *) - // signature (ASN1_BIT_STRING *) - // valid (int) - // references (int) - // name (char *) - // - // random flags - // - // skid (ASN1_OCTET_STRING *) - // akid (AUTHORITY_KEYID *) - // aux (X509_CERT_AUX *) - std::string certstr; - char numstr[1000]; - - sprintf(numstr, "%ld", ASN1_INTEGER_get(cert -> cert_info -> version)); - certstr += "Version: "; - certstr += numstr; - - sprintf(numstr, "%ld", ASN1_INTEGER_get(cert -> - cert_info -> serialNumber)); - certstr += "\nSerial Number: "; - certstr += numstr; - -// switch(cert -> cert_info -> signature) -// { -// case STANDRD: -// certstr += "\nSig Algorithm: Standard"; -// break; -// default: -// certstr += "\nSig Algorithm: Unknown"; -// break; -// } -// - - - certstr += "\nSubject:\n"; - certstr += getX509NameString(cert -> cert_info -> subject); - - // Validity in Here. cert -> cert_info -> validity; - - certstr += "\nIssuer:\n"; - certstr += getX509NameString(cert -> cert_info -> issuer); - - // Key cert -> cert_info -> key; - // - // IDS + extensions. cert -> cert_info -> issuerUID/subjectUID; - // cert -> cert_info -> extensions; - - // END OF INFO. - - // Next sigalg again? - // next sig... - certstr += "\nSignature:"; - for(int i = 0; i < cert -> signature -> length;) - { - if (i % 128 == 0) - { - certstr += "\n\t"; - } - char hbyte = 0; - for(int j = 0; (j < 4) && (i < cert -> signature -> length); - j++, i++) - { - hbyte = hbyte << 1; - if (ASN1_BIT_STRING_get_bit(cert -> signature, i) == 1) - { - hbyte++; - //std::cerr << "1"; - } - else - { - //std::cerr << "0"; - } - } - if (hbyte > 9) - { - certstr += ('a' + (hbyte - 10)); - } - else - { - certstr += ('0' + hbyte); - } - //std::cerr << " " << i << " " << (char) ('0' + hbyte); - //std::cerr << " " << (int) hbyte << std::endl; - } - - - sprintf(numstr, "%d/%d", cert -> valid, cert -> references); - certstr += "\nValid/References: "; - certstr += numstr; - certstr += "\n"; - - // That will do for now. - return certstr; -} - -/* Helper function to convert a Epoch Timestamp - * into a string. - */ - -static const char *TIME_FORMAT_STR_BRIEF = "%H:%M:%S"; -static const char *TIME_FORMAT_STR_OLDVAGUE_NOW = "%H:%M:%S"; -static const char *TIME_FORMAT_STR_OLDVAGUE_WEEK = "%a %H:%M"; -static const char *TIME_FORMAT_STR_OLDVAGUE_OLD = "%a, %d %b"; -static const char *TIME_FORMAT_STR_LONG = "%c"; -static const char *TIME_FORMAT_STR_NORMAL = "%a, %H:%M:%S"; - -std::string timeFormat(int epoch, int format) -{ - time_t ctime = epoch; - struct tm *stime = localtime(&ctime); - - size_t msize = 1024; - char space[msize]; - const char *fmtstr = NULL; - - if (format == TIME_FORMAT_OLDVAGUE) - { - int itime = time(NULL); - int delta = abs(itime - ctime); - if (delta < 12 * 3600) - { - format = TIME_FORMAT_OLDVAGUE_NOW; - } - else if (delta < 3 * 24 * 3600) - { - format = TIME_FORMAT_OLDVAGUE_WEEK; - } - else - { - format = TIME_FORMAT_OLDVAGUE_OLD; - } - } - - switch(format) - { - case TIME_FORMAT_BRIEF: - fmtstr = TIME_FORMAT_STR_BRIEF; - break; - case TIME_FORMAT_OLDVAGUE_NOW: - fmtstr = TIME_FORMAT_STR_OLDVAGUE_NOW; - break; - case TIME_FORMAT_OLDVAGUE_WEEK: - fmtstr = TIME_FORMAT_STR_OLDVAGUE_WEEK; - break; - case TIME_FORMAT_OLDVAGUE_OLD: - fmtstr = TIME_FORMAT_STR_OLDVAGUE_OLD; - break; - case TIME_FORMAT_LONG: - fmtstr = TIME_FORMAT_STR_LONG; - break; - case TIME_FORMAT_NORMAL: - default: - fmtstr = TIME_FORMAT_STR_NORMAL; - break; - } - - if (fmtstr != NULL) // Short -> Only Time. - { - int usize = strftime(space, msize, fmtstr, stime); - if (usize > 0) - return std::string(space); - } - return std::string(""); -} - -/**************** PQI_USE_XPGP ******************/ -#if defined(PQI_USE_XPGP) - - -std::string getXPGPInfo(XPGP *cert) -{ - std::stringstream out; - long l; - int i,j; - - out << "XPGP Certificate:" << std::endl; - l=XPGP_get_version(cert); - out << " Version: " << l+1 << "(0x" << l << ")" << std::endl; - out << " Subject: " << std::endl; - out << " " << getX509NameString(cert -> subject -> subject); - out << std::endl; - out << std::endl; - out << " Signatures:" << std::endl; - - for(i = 0; i < sk_XPGP_SIGNATURE_num(cert->signs); i++) - { - out << "Sign[" << i << "] -> ["; - - XPGP_SIGNATURE *sig = sk_XPGP_SIGNATURE_value(cert->signs,i); - ASN1_BIT_STRING *signature = sig->signature; - int signlen = ASN1_STRING_length(signature); - unsigned char *signdata = ASN1_STRING_data(signature); - - /* only show the first 8 bytes */ - if (signlen > 8) - signlen = 8; - for(j=0;jissuer); - out << std::endl; - out << std::endl; - } - - return out.str(); -} - - - -std::string getXPGPAuthCode(XPGP *xpgp) -{ - /* get the self signature -> the first signature */ - - std::stringstream out; - if (1 > sk_XPGP_SIGNATURE_num(xpgp->signs)) - { - out.str(); - } - - XPGP_SIGNATURE *sig = sk_XPGP_SIGNATURE_value(xpgp->signs,0); - ASN1_BIT_STRING *signature = sig->signature; - int signlen = ASN1_STRING_length(signature); - unsigned char *signdata = ASN1_STRING_data(signature); - - /* extract the authcode from the signature */ - /* convert it to a string, inverse of 2 bytes of signdata */ - if (signlen > 2) - signlen = 2; - int j; - for(j=0;j getXPGPsigners(XPGP *cert) -{ - std::list signers; - int i; - - for(i = 0; i < sk_XPGP_SIGNATURE_num(cert->signs); i++) - { - XPGP_SIGNATURE *sig = sk_XPGP_SIGNATURE_value(cert->signs,i); - std::string str = getX509CNString(sig->issuer); - signers.push_back(str); - std::cerr << "XPGPsigners(" << i << ")" << str << std::endl; - } - return signers; -} - - -#endif /* XPGP Certificates */ -/**************** PQI_USE_XPGP ******************/ - - -std::string get_cert_name(cert *c) -{ -/**************** PQI_USE_XPGP ******************/ -#if defined(PQI_USE_XPGP) - return getX509CNString(c->certificate->subject -> subject); -#else - return getX509CNString(c->certificate->cert_info -> subject); -#endif /* XPGP Certificates */ -/**************** PQI_USE_XPGP ******************/ -} - -std::string get_cert_org(cert *c) -{ -/**************** PQI_USE_XPGP ******************/ -#if defined(PQI_USE_XPGP) - return getX509OrgString(c->certificate->subject -> subject); -#else - return getX509OrgString(c->certificate->cert_info -> subject); -#endif /* XPGP Certificates */ -/**************** PQI_USE_XPGP ******************/ -} - -std::string get_cert_loc(cert *c) -{ -/**************** PQI_USE_XPGP ******************/ -#if defined(PQI_USE_XPGP) - return getX509LocString(c->certificate->subject -> subject); -#else - return getX509LocString(c->certificate->cert_info -> subject); -#endif /* XPGP Certificates */ -/**************** PQI_USE_XPGP ******************/ -} - -std::string get_cert_country(cert *c) -{ -/**************** PQI_USE_XPGP ******************/ -#if defined(PQI_USE_XPGP) - return getX509CountryString(c->certificate->subject -> subject); -#else - return getX509CountryString(c->certificate->cert_info -> subject); -#endif /* XPGP Certificates */ -/**************** PQI_USE_XPGP ******************/ -} - - - - - diff --git a/libretroshare/src/rsserver/pqistrings.h b/libretroshare/src/rsserver/pqistrings.h deleted file mode 100644 index e07611966..000000000 --- a/libretroshare/src/rsserver/pqistrings.h +++ /dev/null @@ -1,78 +0,0 @@ -#ifndef PQI_STRINGS_H -#define PQI_STRINGS_H - -/* - * "$Id: pqistrings.h,v 1.1 2007-02-19 20:08:30 rmf24 Exp $" - * - * RetroShare C++ Interface. - * - * Copyright 2004-2006 by Robert Fernie. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Library General Public - * License Version 2 as published by the Free Software Foundation. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Library General Public License for more details. - * - * You should have received a copy of the GNU Library General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 - * USA. - * - * Please report all bugs and problems to "retroshare@lunamutt.com". - * - */ - - -#include -#include - -class Person; -class cert; - -#include - -std::string get_cert_country(cert *c); -std::string get_cert_loc(cert *c); -std::string get_cert_org(cert *c); -std::string get_cert_name(cert *c); - -std::string get_status_string(int status); -std::string get_autoconnect_string(Person *p); -std::string get_server_string(Person *p); -std::string get_trust_string(Person *p); -std::string get_timeperiod_string(int secs); - -std::string get_cert_info(cert *c); -std::string get_neighbour_info(cert *c); - -int get_lastconnecttime(Person *p); -std::string get_lastconnecttime_string(Person *p); - -std::string getX509NameString(X509_NAME *name); -std::string getX509Info(X509 *cert); -std::string getX509CNString(X509_NAME *name); - -#define TIME_FORMAT_BRIEF 0x001 -#define TIME_FORMAT_LONG 0x002 -#define TIME_FORMAT_NORMAL 0x003 -#define TIME_FORMAT_OLDVAGUE 0x004 -#define TIME_FORMAT_OLDVAGUE_NOW 0x005 -#define TIME_FORMAT_OLDVAGUE_WEEK 0x006 -#define TIME_FORMAT_OLDVAGUE_OLD 0x007 - -std::string timeFormat(int epoch, int format); - -#if defined(PQI_USE_XPGP) - -std::string getXPGPInfo(XPGP *cert); -std::string getXPGPAuthCode(XPGP *xpgp); -std::list getXPGPsigners(XPGP *cert); - -#endif /* XPGP Certificates */ - - -#endif diff --git a/libretroshare/src/scripts/config-linux.mk b/libretroshare/src/scripts/config-linux.mk index 436e2ad40..fd2889979 100644 --- a/libretroshare/src/scripts/config-linux.mk +++ b/libretroshare/src/scripts/config-linux.mk @@ -8,7 +8,10 @@ endif ############ LINUX CONFIGURATION ######################## # flags for components.... +#PQI_USE_SSLONLY = 1 PQI_USE_XPGP = 1 + + #PQI_USE_PROXY = 1 #PQI_USE_CHANNELS = 1 #USE_FILELOOK = 1 @@ -44,6 +47,10 @@ ifdef PQI_USE_XPGP CFLAGS += -DPQI_USE_XPGP endif +ifdef PQI_USE_SSLONLY + CFLAGS += -DPQI_USE_SSLONLY +endif + ifdef PQI_USE_PROXY CFLAGS += -DPQI_USE_PROXY endif @@ -84,6 +91,7 @@ ifdef PQI_USE_XPGP LIBS += -lssl -lcrypto -lpthread LIBS += -L$(UPNPC_DIR) -lminiupnpc LIBS += $(XLIB) -ldl -lz +LIBS += -lgpgme RSLIBS = $(LIBS)