mirror of
https://github.com/RetroShare/RetroShare.git
synced 2025-01-14 17:07:17 -05:00
Fix addSslOnlyFriend when adding with already known PGP
If the PGP key is available add as full friend. Without this change when the PGP key of a non-friend is available the SSL-id is added in peer list but the PGP-id is not added as PGP friend, at same time skip_pgp_signature_validation is false, because we have the full PGP, so the connection attempt is refused, when it should be verified with PGP and accepted.
This commit is contained in:
parent
1b071d106f
commit
93bfbb6ede
@ -1074,26 +1074,22 @@ bool p3PeerMgrIMPL::addFriend(const RsPeerId& input_id, const RsPgpId& input_gpg
|
|||||||
bool p3PeerMgrIMPL::addSslOnlyFriend(
|
bool p3PeerMgrIMPL::addSslOnlyFriend(
|
||||||
const RsPeerId& sslId, const RsPgpId& pgp_id, const RsPeerDetails& dt )
|
const RsPeerId& sslId, const RsPgpId& pgp_id, const RsPeerDetails& dt )
|
||||||
{
|
{
|
||||||
if(sslId.isNull())
|
constexpr auto fname = __PRETTY_FUNCTION__;
|
||||||
|
const auto failure = [&](const std::string& err)
|
||||||
{
|
{
|
||||||
RsErr() << __PRETTY_FUNCTION__ << " Cannot add a null "
|
RsErr() << fname << " " << err << std::endl;
|
||||||
<< "ID as SSL-only friend " << std::endl;
|
|
||||||
return false;
|
return false;
|
||||||
}
|
};
|
||||||
|
|
||||||
|
if(sslId.isNull())
|
||||||
|
return failure("Cannot add a null ID as SSL-only friend");
|
||||||
|
|
||||||
if(pgp_id.isNull())
|
if(pgp_id.isNull())
|
||||||
{
|
return failure( " Cannot add as SSL-only friend a peer with null PGP");
|
||||||
RsErr() << __PRETTY_FUNCTION__ << " Cannot add as SSL-only friend a "
|
|
||||||
<< "peer with null PGP" << std::endl;
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
if(sslId == getOwnId())
|
if(sslId == getOwnId())
|
||||||
{
|
return failure( "Cannot add yourself as SSL-only friend id:" +
|
||||||
RsErr() << __PRETTY_FUNCTION__ << " Cannot add yourself as SSL-only "
|
sslId.toStdString() );
|
||||||
<< "friend (id=" << sslId << ")" << std::endl;
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
bool alreadySslFriend = false;
|
bool alreadySslFriend = false;
|
||||||
peerState pstate;
|
peerState pstate;
|
||||||
@ -1116,13 +1112,10 @@ bool p3PeerMgrIMPL::addSslOnlyFriend(
|
|||||||
* PGP id we already know, to avoid nasty tricks with malevolently forged
|
* PGP id we already know, to avoid nasty tricks with malevolently forged
|
||||||
* short invites.*/
|
* short invites.*/
|
||||||
if(alreadySslFriend && pstate.gpg_id != pgp_id)
|
if(alreadySslFriend && pstate.gpg_id != pgp_id)
|
||||||
{
|
return failure( "Cannot SSL-only friend for a pre-existing friend with "
|
||||||
RsErr() << __PRETTY_FUNCTION__ << " Cannot SSL-only friend for "
|
"mismatching PGP-id known: " +
|
||||||
<< "a pre-existing friend with mismatching PGP-id "
|
pstate.gpg_id.toStdString() + " new: " +
|
||||||
<< "known: " << pstate.gpg_id << " new: " << pgp_id
|
pgp_id.toStdString() );
|
||||||
<< std::endl;
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* It is very important to be expecially carefull setting
|
/* It is very important to be expecially carefull setting
|
||||||
* pstate.skip_pgp_signature_validation to true because this effectively
|
* pstate.skip_pgp_signature_validation to true because this effectively
|
||||||
@ -1137,8 +1130,11 @@ bool p3PeerMgrIMPL::addSslOnlyFriend(
|
|||||||
* connection closed.
|
* connection closed.
|
||||||
* Instead if pstate.skip_pgp_signature_validation would have been
|
* Instead if pstate.skip_pgp_signature_validation would have been
|
||||||
* superficially set to true the PGP signature verification would have been
|
* superficially set to true the PGP signature verification would have been
|
||||||
* skipped and the attacker connection would be accepted. */
|
* skipped and the attacker connection would be accepted.
|
||||||
if(!AuthGPG::getAuthGPG()->isPgpPubKeyAvailable(pgp_id))
|
* If the PGP key is available add it as full friend. */
|
||||||
|
if(AuthGPG::getAuthGPG()->isPgpPubKeyAvailable(pgp_id))
|
||||||
|
AuthGPG::getAuthGPG()->AllowConnection(pgp_id, true);
|
||||||
|
else
|
||||||
pstate.skip_pgp_signature_validation = true;
|
pstate.skip_pgp_signature_validation = true;
|
||||||
|
|
||||||
pstate.gpg_id = pgp_id;
|
pstate.gpg_id = pgp_id;
|
||||||
|
Loading…
Reference in New Issue
Block a user