diff --git a/libretroshare/src/pqi/authxpgp.cc b/libretroshare/src/pqi/authxpgp.cc index ddf779e93..c15764a07 100644 --- a/libretroshare/src/pqi/authxpgp.cc +++ b/libretroshare/src/pqi/authxpgp.cc @@ -1105,6 +1105,68 @@ bool AuthXPGP::getXPGPid(XPGP *xpgp, std::string &xpgpid) } + + /* validate + get id */ +bool AuthXPGP::ValidateCertificateXPGP(XPGP *xpgp, std::string &peerId) +{ + /* check self signed */ + if (!XPGP_check_valid_certificate(xpgp)) + { + /* bad certificate */ + return false; + } + + return getXPGPid(xpgp, peerId); +} + +/* store for discovery */ +bool AuthXPGP::FailedCertificateXPGP(XPGP *xpgp, bool incoming) +{ + std::string id; + return ProcessXPGP(xpgp, id); +} + +/* check that they are exact match */ +bool AuthXPGP::CheckCertificateXPGP(std::string xpgpId, XPGP *xpgp) +{ + xpgpMtx.lock(); /***** LOCK *****/ + + xpgpcert *cert = NULL; + if (!locked_FindCert(xpgpId, &cert)) + { + /* not there -> error */ + XPGP_free(xpgp); + + xpgpMtx.unlock(); /**** UNLOCK ****/ + return false; + } + else + { + /* have a duplicate */ + /* check that they are exact */ + if (0 != XPGP_cmp(cert->certificate, xpgp)) + { + /* MAJOR ERROR */ + XPGP_free(xpgp); + xpgpMtx.unlock(); /**** UNLOCK ****/ + return false; + } + + /* transfer new signatures */ + XPGP_copy_known_signatures(pgp_keyring, cert->certificate, xpgp); + XPGP_free(xpgp); + + /* update signers */ + cert->signers = getXPGPsigners(cert->certificate); + + xpgpMtx.unlock(); /**** UNLOCK ****/ + return true; + } +} + + + + /********************************************************************************/ /********************************************************************************/ /********************************************************************************/ diff --git a/libretroshare/src/pqi/authxpgp.h b/libretroshare/src/pqi/authxpgp.h index c98f061f6..1f1019cb2 100644 --- a/libretroshare/src/pqi/authxpgp.h +++ b/libretroshare/src/pqi/authxpgp.h @@ -119,15 +119,18 @@ virtual bool TrustCertificate(std::string id, bool trust); /* Sign / Encrypt / Verify Data (TODO) */ - /**** NEW functions we've added ****/ - - /*********** Overloaded Functions from p3AuthMgr **********/ + public: /* XPGP specific functions used in pqissl/pqissllistener */ +SSL_CTX *getCTX(); + +bool ValidateCertificateXPGP(XPGP *xpgp, std::string &peerId); /* validate + get id */ +bool FailedCertificateXPGP(XPGP *xpgp, bool incoming); /* store for discovery */ +bool CheckCertificateXPGP(std::string peerId, XPGP *xpgp); /* check that they are exact match */ + private: /* Helper Functions */ -SSL_CTX *getCTX(); bool getXPGPid(XPGP *xpgp, std::string &xpgpid); bool ProcessXPGP(XPGP *xpgp, std::string &id); diff --git a/libretroshare/src/pqi/p3connmgr.cc b/libretroshare/src/pqi/p3connmgr.cc index 58201e02b..492859b99 100644 --- a/libretroshare/src/pqi/p3connmgr.cc +++ b/libretroshare/src/pqi/p3connmgr.cc @@ -1079,7 +1079,7 @@ void p3ConnectMgr::peerStatus(std::string id, pca.type = RS_NET_CONN_TCP_LOCAL; pca.addr = details.laddr; - it->second.connAddrs.push_front(pca); + it->second.connAddrs.push_back(pca); } if ((details.type & RS_NET_CONN_TCP_EXTERNAL) && @@ -1092,7 +1092,7 @@ void p3ConnectMgr::peerStatus(std::string id, pca.type = RS_NET_CONN_TCP_EXTERNAL; pca.addr = details.raddr; - it->second.connAddrs.push_front(pca); + it->second.connAddrs.push_back(pca); } if (it->second.inConnAttempt) @@ -1491,7 +1491,7 @@ bool p3ConnectMgr::retryConnect(std::string id) pca.type = RS_NET_CONN_TCP_LOCAL; pca.addr = it->second.localaddr; - it->second.connAddrs.push_front(pca); + it->second.connAddrs.push_back(pca); } else { @@ -1539,7 +1539,7 @@ bool p3ConnectMgr::retryConnect(std::string id) pca.type = RS_NET_CONN_TCP_EXTERNAL; pca.addr = it->second.serveraddr; - it->second.connAddrs.push_front(pca); + it->second.connAddrs.push_back(pca); } else { @@ -1554,9 +1554,13 @@ bool p3ConnectMgr::retryConnect(std::string id) return true; } - /* start a connection attempt */ - it->second.actions |= RS_PEER_CONNECT_REQ; - mStatusChanged = true; + + /* start a connection attempt (only if we stuck something on the queue) */ + if (it->second.connAddrs.size() > 0) + { + it->second.actions |= RS_PEER_CONNECT_REQ; + mStatusChanged = true; + } return true; } diff --git a/libretroshare/src/pqi/pqiperson.cc b/libretroshare/src/pqi/pqiperson.cc index c555fdf9e..f630fa91b 100644 --- a/libretroshare/src/pqi/pqiperson.cc +++ b/libretroshare/src/pqi/pqiperson.cc @@ -342,7 +342,8 @@ int pqiperson::connect(uint32_t type, struct sockaddr_in raddr) out << " addr: " << inet_ntoa(raddr.sin_addr); out << ":" << ntohs(raddr.sin_port); out << std::endl; - pqioutput(PQL_DEBUG_BASIC, pqipersonzone, out.str()); + std::cerr << out.str(); + //pqioutput(PQL_DEBUG_BASIC, pqipersonzone, out.str()); } std::map::iterator it; diff --git a/libretroshare/src/pqi/pqiperson.h b/libretroshare/src/pqi/pqiperson.h index 7fac0bbb4..4664e9819 100644 --- a/libretroshare/src/pqi/pqiperson.h +++ b/libretroshare/src/pqi/pqiperson.h @@ -100,6 +100,8 @@ virtual ~pqiperson(); // must clean up children. // control of the connection. int reset(); +int listen(); +int stoplistening(); int connect(uint32_t type, struct sockaddr_in raddr); // add in connection method. @@ -129,8 +131,6 @@ virtual void setMaxRate(bool in, float val); private: /* Helper functions */ -int listen(); -int stoplistening(); pqipersongrp *pqipg; /* parent for callback */ }; diff --git a/libretroshare/src/pqi/pqipersongrp.cc b/libretroshare/src/pqi/pqipersongrp.cc index 1a2faecb5..1cccbb5ab 100644 --- a/libretroshare/src/pqi/pqipersongrp.cc +++ b/libretroshare/src/pqi/pqipersongrp.cc @@ -280,6 +280,7 @@ int pqipersongrp::addPeer(std::string id) // reset it to start it working. pqip -> reset(); + pqip -> listen(); return AddSearchModule(sm); } @@ -330,15 +331,30 @@ int pqipersongrp::connectPeer(std::string id) struct sockaddr_in addr; uint32_t type; - mConnMgr->connectAttempt(id, addr, type); + if (!mConnMgr->connectAttempt(id, addr, type)) + { + std::cerr << " pqipersongrp::connectPeer() No Net Address"; + std::cerr << std::endl; + return 0; + } + + std::cerr << " pqipersongrp::connectPeer() connectAttempt data id: " << id; + std::cerr << " addr: " << inet_ntoa(addr.sin_addr) << ":" << ntohs(addr.sin_port); + std::cerr << " type: " << type; + std::cerr << std::endl; + uint32_t ptype; if (type & RS_NET_CONN_TCP_ALL) { + std::cerr << " pqipersongrp::connectPeer() connecting with TCP"; + std::cerr << std::endl; ptype = PQI_CONNECT_TCP; } else if (type & RS_NET_CONN_UDP_ALL) { + std::cerr << " pqipersongrp::connectPeer() connecting with UDP"; + std::cerr << std::endl; ptype = PQI_CONNECT_UDP; } else diff --git a/libretroshare/src/pqi/pqissl.cc b/libretroshare/src/pqi/pqissl.cc index ffcaa5c31..bdb6d3963 100644 --- a/libretroshare/src/pqi/pqissl.cc +++ b/libretroshare/src/pqi/pqissl.cc @@ -85,7 +85,7 @@ static const int PQISSL_SSL_CONNECT_TIMEOUT = 30; * */ -pqissl::pqissl(pqissllistener *l, PQInterface *parent) +pqissl::pqissl(pqissllistener *l, PQInterface *parent, p3AuthMgr *am, p3ConnectMgr *cm) :NetBinInterface(parent, parent->PeerId()), waiting(WAITING_NOT), active(false), certvalid(false), sslmode(PQISSL_ACTIVE), ssl_connection(NULL), sockfd(-1), @@ -93,7 +93,16 @@ pqissl::pqissl(pqissllistener *l, PQInterface *parent) readpkt(NULL), pktlen(0), attempt_ts(0), net_attempt(0), net_failure(0), net_unreachable(0), - sameLAN(false), n_read_zero(0) + sameLAN(false), n_read_zero(0), + +/**************** PQI_USE_XPGP ******************/ +#if defined(PQI_USE_XPGP) + mAuthMgr((AuthXPGP *) am), mConnMgr(cm) +#else /* X509 Certificates */ +/**************** PQI_USE_XPGP ******************/ + mAuthMgr(am), mConnMgr(cm) +#endif /* X509 Certificates */ +/**************** PQI_USE_XPGP ******************/ { /* set address to zero */ @@ -101,26 +110,13 @@ pqissl::pqissl(pqissllistener *l, PQInterface *parent) remote_addr.sin_port = 0; remote_addr.sin_family = AF_INET; - sslroot *sslccr = getSSLRoot(); - { std::ostringstream out; out << "pqissl for PeerId: " << PeerId(); pqioutput(PQL_ALERT, pqisslzone, out.str()); } - cert *sslcert = sslccr->findPeerId(PeerId()); - // check certificate -/**************** PQI_USE_XPGP ******************/ -#if defined(PQI_USE_XPGP) - sslccr -> validateCertificateXPGP(sslcert); -#else /* X509 Certificates */ -/**************** PQI_USE_XPGP ******************/ - sslccr -> validateCertificate(sslcert); -#endif /* X509 Certificates */ -/**************** PQI_USE_XPGP ******************/ - - if (!(sslcert -> Valid())) + if (!(mAuthMgr->isAuthenticated(PeerId()))) { pqioutput(PQL_ALERT, pqisslzone, "pqissl::Warning Certificate Not Approved!"); @@ -269,9 +265,6 @@ int pqissl::status() { int alg; - sslroot *sslccr = getSSLRoot(); - cert *sslcert = sslccr->findPeerId(PeerId()); - std::ostringstream out; out << "pqissl::status()"; @@ -279,9 +272,8 @@ int pqissl::status() { out << " active: " << std::endl; // print out connection. - out << "Connected TO : "; - sslccr -> printCertificate(sslcert, out); - + out << "Connected TO : " << PeerId(); + out << std::endl; // print out cipher. out << "\t\tSSL Cipher:" << SSL_get_cipher(ssl_connection); out << " (" << SSL_get_cipher_bits(ssl_connection, &alg); @@ -296,7 +288,6 @@ int pqissl::status() out << " Waiting for connection!" << std::endl; } - out << "pqissl::cert status : " << sslcert -> Status() << std::endl; pqioutput(PQL_DEBUG_BASIC, pqisslzone, out.str()); if (active) @@ -807,9 +798,6 @@ int pqissl::Initiate_SSL_Connection() return err; } - sslroot *sslccr = getSSLRoot(); - - pqioutput(PQL_DEBUG_BASIC, pqisslzone, "pqissl::Initiate_SSL_Connection() Basic Connection Okay"); @@ -818,7 +806,7 @@ int pqissl::Initiate_SSL_Connection() // Perform SSL magic. // library already inited by sslroot(). - SSL *ssl = SSL_new(sslccr -> getCTX()); + SSL *ssl = SSL_new(mAuthMgr->getCTX()); if (ssl == NULL) { pqioutput(PQL_ALERT, pqisslzone, @@ -934,8 +922,6 @@ int pqissl::Extract_Failed_SSL_Certificate() pqioutput(PQL_DEBUG_BASIC, pqisslzone, "pqissl::Extract_Failed_SSL_Certificate()"); - sslroot *sslccr = getSSLRoot(); - // Get the Peer Certificate.... /**************** PQI_USE_XPGP ******************/ #if defined(PQI_USE_XPGP) @@ -963,10 +949,9 @@ int pqissl::Extract_Failed_SSL_Certificate() // (pqissl's case) sslcert->serveraddr or sslcert->localaddr. /**************** PQI_USE_XPGP ******************/ #if defined(PQI_USE_XPGP) - sslccr -> registerCertificateXPGP(peercert, remote_addr, false); + mAuthMgr->FailedCertificateXPGP(peercert, false); #else /* X509 Certificates */ /**************** PQI_USE_XPGP ******************/ - sslccr -> registerCertificate(peercert, remote_addr, false); #endif /* X509 Certificates */ /**************** PQI_USE_XPGP ******************/ @@ -1003,8 +988,7 @@ int pqissl::Authorise_SSL_Connection() waiting = WAITING_NOT; // Get the Peer Certificate.... - sslroot *sslccr = getSSLRoot(); - cert *sslcert = sslccr->findPeerId(PeerId()); + AuthXPGP *authXPGP = (AuthXPGP *) getAuthMgr(); /**************** PQI_USE_XPGP ******************/ #if defined(PQI_USE_XPGP) @@ -1020,11 +1004,6 @@ int pqissl::Authorise_SSL_Connection() pqioutput(PQL_WARNING, pqisslzone, "pqissl::Authorise_SSL_Connection() Peer Didnt Give Cert"); - - //SSL_shutdown(ssl_connection); - //net_internal_close(sockfd); - //waiting = WAITING_FAIL_INTERFACE; - // // Failed completely reset(); return -1; @@ -1038,28 +1017,21 @@ int pqissl::Authorise_SSL_Connection() // we actually connected to remote_addr, // which could be // (pqissl's case) sslcert->serveraddr or sslcert->localaddr. + + bool certCorrect = false; /**************** PQI_USE_XPGP ******************/ #if defined(PQI_USE_XPGP) - //cert *npc = sslccr -> registerCertificateXPGP(peercert, sslcert -> serveraddr, false); - cert *npc = sslccr -> registerCertificateXPGP(peercert, remote_addr, false); + certCorrect = mAuthMgr->CheckCertificateXPGP(PeerId(), peercert); #else /* X509 Certificates */ /**************** PQI_USE_XPGP ******************/ - //cert *npc = sslccr -> registerCertificate(peercert, sslcert -> serveraddr, false); - cert *npc = sslccr -> registerCertificate(peercert, remote_addr, false); + #endif /* X509 Certificates */ /**************** PQI_USE_XPGP ******************/ // check it's the right one. - if ((npc != NULL) && (!(npc -> Connected())) && - (sslccr -> compareCerts(sslcert, npc) == 0)) + if (certCorrect) { // then okay... - - // timestamp. - npc -> lc_timestamp = time(NULL); - // pass to accept... - // and notify that we're likely to succeed. - pqioutput(PQL_DEBUG_BASIC, pqisslzone, "pqissl::Authorise_SSL_Connection() Accepting Conn"); @@ -1071,12 +1043,7 @@ int pqissl::Authorise_SSL_Connection() "pqissl::Authorise_SSL_Connection() Something Wrong ... Shutdown "); // else shutdown ssl connection. - // - // failed completely... - //SSL_shutdown(ssl_connection); - //net_internal_close(sockfd); - //sockfd = -1; - //waiting = WAITING_FAIL_INTERFACE; + reset(); return 0; } @@ -1166,19 +1133,18 @@ int pqissl::accept(SSL *ssl, int fd, struct sockaddr_in foreign_addr) // initiat remote_addr = foreign_addr; /* check whether it is on the same LAN */ - sslroot *sslccr = getSSLRoot(); - cert *own = sslccr -> getOwnCert(); - struct sockaddr_in own_laddr = own -> localaddr; - sameLAN = isSameSubnet(&(remote_addr.sin_addr), &(own_laddr.sin_addr)); + peerConnectState details; + mConnMgr->getOwnNetStatus(details); + sameLAN = isSameSubnet(&(remote_addr.sin_addr), &(details.localaddr.sin_addr)); { std::ostringstream out; out << "pqissl::accept() checking for same LAN"; out << std::endl; - out << "\t localaddr: " << inet_ntoa(remote_addr.sin_addr); + out << "\t localaddr: " << inet_ntoa(details.localaddr.sin_addr); out << std::endl; - out << "\tremoteaddr: " << inet_ntoa(own_laddr.sin_addr); + out << "\t remoteaddr: " << inet_ntoa(remote_addr.sin_addr); out << std::endl; if (sameLAN) { diff --git a/libretroshare/src/pqi/pqissl.h b/libretroshare/src/pqi/pqissl.h index 000a37e50..9722b9675 100644 --- a/libretroshare/src/pqi/pqissl.h +++ b/libretroshare/src/pqi/pqissl.h @@ -38,12 +38,13 @@ #include "pqi/pqi_base.h" +#include "pqi/p3connmgr.h" + /**************** PQI_USE_XPGP ******************/ #if defined(PQI_USE_XPGP) -#include "pqi/xpgpcert.h" +#include "pqi/authxpgp.h" #else /* X509 Certificates */ /**************** PQI_USE_XPGP ******************/ -#include "pqi/sslcert.h" #endif /* X509 Certificates */ /**************** PQI_USE_XPGP ******************/ @@ -93,7 +94,8 @@ class pqissllistener; class pqissl: public NetBinInterface { public: - pqissl(pqissllistener *l, PQInterface *parent); + pqissl(pqissllistener *l, PQInterface *parent, + p3AuthMgr *am, p3ConnectMgr *cm); virtual ~pqissl(); // NetInterface @@ -190,6 +192,19 @@ virtual int net_internal_fcntl_nonblock(int fd) { return unix_fcntl_nonblock(fd) private: + +/**************** PQI_USE_XPGP ******************/ +#if defined(PQI_USE_XPGP) + + AuthXPGP *mAuthMgr; + +#else /* X509 Certificates */ +/**************** PQI_USE_XPGP ******************/ +#endif /* X509 Certificates */ +/**************** PQI_USE_XPGP ******************/ + + p3ConnectMgr *mConnMgr; + // ssl only fns. int connectInterface(sockaddr_in&); diff --git a/libretroshare/src/pqi/pqissllistener.cc b/libretroshare/src/pqi/pqissllistener.cc index 7319c1ed4..6a31cefef 100644 --- a/libretroshare/src/pqi/pqissllistener.cc +++ b/libretroshare/src/pqi/pqissllistener.cc @@ -48,11 +48,19 @@ const int pqissllistenzone = 49787; */ -pqissllistenbase::pqissllistenbase(struct sockaddr_in addr) - :laddr(addr), active(false) +pqissllistenbase::pqissllistenbase(struct sockaddr_in addr, p3AuthMgr *am, p3ConnectMgr *cm) + :laddr(addr), active(false), +/**************** PQI_USE_XPGP ******************/ +#if defined(PQI_USE_XPGP) + mAuthMgr((AuthXPGP *) am), mConnMgr(cm) +#else /* X509 Certificates */ +/**************** PQI_USE_XPGP ******************/ + mAuthMgr(am), mConnMgr(cm) +#endif /* X509 Certificates */ +/**************** PQI_USE_XPGP ******************/ + { - sslccr = getSSLRoot(); - if (!(sslccr -> active())) + if (!(mAuthMgr -> active())) { pqioutput(PQL_ALERT, pqissllistenzone, "SSL-CTX-CERT-ROOT not initialised!"); @@ -304,7 +312,7 @@ int pqissllistenbase::acceptconnection() // Negotiate certificates. SSL stylee. // Allow negotiations for secure transaction. - SSL *ssl = SSL_new(sslccr -> getCTX()); + SSL *ssl = SSL_new(mAuthMgr -> getCTX()); SSL_set_fd(ssl, fd); return continueSSL(ssl, remote_addr, true); // continue and save if incomplete. @@ -444,7 +452,7 @@ int pqissllistenbase::Extract_Failed_SSL_Certificate(SSL *ssl, struct sockaddr_ // false for outgoing.... /**************** PQI_USE_XPGP ******************/ #if defined(PQI_USE_XPGP) - sslccr -> registerCertificateXPGP(peercert, *inaddr, true); + mAuthMgr->FailedCertificateXPGP(peercert, true); #else /* X509 Certificates */ /**************** PQI_USE_XPGP ******************/ sslccr -> registerCertificate(peercert, *inaddr, true); @@ -492,8 +500,8 @@ int pqissllistenbase::continueaccepts() * */ -pqissllistener::pqissllistener(struct sockaddr_in addr) - :pqissllistenbase(addr) +pqissllistener::pqissllistener(struct sockaddr_in addr, p3AuthMgr *am, p3ConnectMgr *cm) + :pqissllistenbase(addr, am, cm) { return; } @@ -600,10 +608,12 @@ int pqissllistener::completeConnection(int fd, SSL *ssl, struct sockaddr_in &rem return -1; } - // save certificate... (and ip locations) + // Check cert. + std::string newPeerId; + /**************** PQI_USE_XPGP ******************/ #if defined(PQI_USE_XPGP) - cert *npc = sslccr -> registerCertificateXPGP(peercert, remote_addr, true); + bool certOk = mAuthMgr->ValidateCertificateXPGP(peercert, newPeerId); #else /* X509 Certificates */ /**************** PQI_USE_XPGP ******************/ cert *npc = sslccr -> registerCertificate(peercert, remote_addr, true); @@ -614,13 +624,14 @@ int pqissllistener::completeConnection(int fd, SSL *ssl, struct sockaddr_in &rem std::map::iterator it; // Let connected one through as well! if ((npc == NULL) || (npc -> Connected())) - if (npc == NULL) + if (!certOk) { pqioutput(PQL_WARNING, pqissllistenzone, "pqissllistener::completeConnection() registerCertificate Failed!"); // bad - shutdown. // pqissllistenbase will shutdown! + XPGP_free(peercert); return -1; } else @@ -628,12 +639,12 @@ int pqissllistener::completeConnection(int fd, SSL *ssl, struct sockaddr_in &rem std::ostringstream out; out << "pqissllistener::continueSSL()" << std::endl; - out << "checking: " << npc -> Name() << std::endl; + out << "checking: " << newPeerId << std::endl; // check if cert is in our list..... for(it = listenaddr.begin();(found!=true) && (it!=listenaddr.end());) { out << "\tagainst: " << it->first << std::endl; - if (it -> first == npc->PeerId()) + if (it -> first == newPeerId) { out << "\t\tMatch!"; found = true; @@ -655,6 +666,20 @@ int pqissllistener::completeConnection(int fd, SSL *ssl, struct sockaddr_in &rem out << std::endl; out << "pqissllistenbase: Will shut it down!" << std::endl; pqioutput(PQL_WARNING, pqissllistenzone, out.str()); + XPGP_free(peercert); + return -1; + } + + /* Certificate consumed! */ + bool certKnown = mAuthMgr->CheckCertificateXPGP(it->first, peercert); + if (certKnown == false) + { + std::ostringstream out; + out << "Failed Final Check"; + out << " for Connection:" << inet_ntoa(remote_addr.sin_addr); + out << std::endl; + out << "pqissllistenbase: Will shut it down!" << std::endl; + pqioutput(PQL_WARNING, pqissllistenzone, out.str()); return -1; } diff --git a/libretroshare/src/pqi/pqissllistener.h b/libretroshare/src/pqi/pqissllistener.h index a36da3416..d2224971f 100644 --- a/libretroshare/src/pqi/pqissllistener.h +++ b/libretroshare/src/pqi/pqissllistener.h @@ -41,10 +41,10 @@ /**************** PQI_USE_XPGP ******************/ #if defined(PQI_USE_XPGP) -#include "pqi/xpgpcert.h" +#include "pqi/authxpgp.h" #else /* X509 Certificates */ /**************** PQI_USE_XPGP ******************/ -#include "pqi/sslcert.h" +//#include "pqi/sslcert.h" #endif /* X509 Certificates */ /**************** PQI_USE_XPGP ******************/ @@ -52,14 +52,13 @@ */ class pqissl; -class cert; class pqissllistenbase: public pqilistener { public: - pqissllistenbase(struct sockaddr_in addr); + pqissllistenbase(struct sockaddr_in addr, p3AuthMgr *am, p3ConnectMgr *cm); virtual ~pqissllistenbase(); /*************************************/ @@ -83,20 +82,34 @@ virtual int completeConnection(int sockfd, SSL *in_connection, struct sockaddr_i protected: struct sockaddr_in laddr; - sslroot *sslccr; private: // fn to get cert, anyway int Extract_Failed_SSL_Certificate(SSL *ssl, struct sockaddr_in *inaddr); - bool active; int lsock; - cert *localcert; std::map incoming_ssl; + protected: + +/**************** PQI_USE_XPGP ******************/ +#if defined(PQI_USE_XPGP) + + AuthXPGP *mAuthMgr; + +#else /* X509 Certificates */ +/**************** PQI_USE_XPGP ******************/ + + p3AuthMgr *mAuthMgr; + +#endif /* X509 Certificates */ +/**************** PQI_USE_XPGP ******************/ + + p3ConnectMgr *mConnMgr; + }; @@ -104,7 +117,7 @@ class pqissllistener: public pqissllistenbase { public: - pqissllistener(struct sockaddr_in addr); + pqissllistener(struct sockaddr_in addr, p3AuthMgr *am, p3ConnectMgr *cm); virtual ~pqissllistener(); int addlistenaddr(std::string id, pqissl *acc); diff --git a/libretroshare/src/pqi/pqisslpersongrp.cc b/libretroshare/src/pqi/pqisslpersongrp.cc index b7fed9476..835916a0d 100644 --- a/libretroshare/src/pqi/pqisslpersongrp.cc +++ b/libretroshare/src/pqi/pqisslpersongrp.cc @@ -25,6 +25,8 @@ #include "pqi/pqisslpersongrp.h" #include "pqi/pqidebug.h" +#include "pqi/p3authmgr.h" + #include const int pqipersongrpzone = 354; @@ -40,7 +42,8 @@ const int pqipersongrpzone = 354; pqilistener * pqisslpersongrp::createListener(struct sockaddr_in laddr) { - pqilistener *listener = new pqissllistener(laddr); + p3AuthMgr *authMgr = getAuthMgr(); + pqilistener *listener = new pqissllistener(laddr, authMgr, mConnMgr); return listener; } @@ -52,8 +55,9 @@ pqiperson * pqisslpersongrp::createPerson(std::string id, pqilistener *listener) pqioutput(PQL_DEBUG_BASIC, pqipersongrpzone, out.str()); } + p3AuthMgr *authMgr = getAuthMgr(); pqiperson *pqip = new pqiperson(id, this); - pqissl *pqis = new pqissl((pqissllistener *) listener, pqip); + pqissl *pqis = new pqissl((pqissllistener *) listener, pqip, authMgr, mConnMgr); /* construct the serialiser .... * Needs: @@ -72,7 +76,7 @@ pqiperson * pqisslpersongrp::createPerson(std::string id, pqilistener *listener) pqip -> addChildInterface(PQI_CONNECT_TCP, pqisc); #ifdef PQI_USE_PROXY - pqissludp *pqius = new pqissludp(pqip); + pqissludp *pqius = new pqissludp(pqip, authMgr, mConnMgr); RsSerialiser *rss2 = new RsSerialiser(); rss2->addSerialType(new RsFileItemSerialiser()); diff --git a/libretroshare/src/pqi/pqissludp.cc b/libretroshare/src/pqi/pqissludp.cc index 3649d7edb..090784992 100644 --- a/libretroshare/src/pqi/pqissludp.cc +++ b/libretroshare/src/pqi/pqissludp.cc @@ -49,8 +49,8 @@ static const int PQI_SSLUDP_CONNECT_TIMEOUT = 300; /********** PQI SSL UDP STUFF **************************************/ -pqissludp::pqissludp(PQInterface *parent) - :pqissl(NULL, parent), tou_bio(NULL), +pqissludp::pqissludp(PQInterface *parent, p3AuthMgr *am, p3ConnectMgr *cm) + :pqissl(NULL, parent, am, cm), tou_bio(NULL), listen_checktime(0) { diff --git a/libretroshare/src/pqi/pqissludp.h b/libretroshare/src/pqi/pqissludp.h index 6b779c742..015a1fd35 100644 --- a/libretroshare/src/pqi/pqissludp.h +++ b/libretroshare/src/pqi/pqissludp.h @@ -55,7 +55,8 @@ class cert; class pqissludp: public pqissl { public: - pqissludp(PQInterface *parent); + pqissludp(PQInterface *parent, p3AuthMgr *am, p3ConnectMgr *cm); + virtual ~pqissludp(); // NetInterface. diff --git a/libretroshare/src/rsserver/p3face-startup.cc b/libretroshare/src/rsserver/p3face-startup.cc index 86ea3c240..dea9ad601 100644 --- a/libretroshare/src/rsserver/p3face-startup.cc +++ b/libretroshare/src/rsserver/p3face-startup.cc @@ -474,8 +474,8 @@ int RsServer::StartupRetroShare(RsInit *config) p3ConfigMgr *mConfigMgr = new p3ConfigMgr(config->basedir, "rs-v0.4.cfg", "rs-v0.4.sgn"); SecurityPolicy *none = secpolicy_create(); - //pqih = new pqisslpersongrp(none, flags); - pqih = new pqipersongrpDummy(none, flags); + pqih = new pqisslpersongrp(none, flags); + //pqih = new pqipersongrpDummy(none, flags); // Setup Peer Interface. rsPeers = new p3Peers(mConnMgr, mAuthMgr); @@ -546,6 +546,8 @@ int RsServer::StartupRetroShare(RsInit *config) /* startup (stuff dependent on Ids/peers is after this point) */ /**************************************************************************/ + pqih->init_listener(); +