Git-Mirrors/RetroShare
1
0
Fork 0
mirror of https://github.com/RetroShare/RetroShare.git synced 2025-01-14 08:59:50 -05:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix addSslOnlyFriend when adding with already known PGP

Browse Source 
If the PGP key is available add as full friend.
Without this change when the PGP key of a non-friend is available
  the SSL-id is added in peer list but the PGP-id is not added as PGP
  friend, at same time skip_pgp_signature_validation is false, because
  we have the full PGP, so the connection attempt is refused, when it
  should be verified with PGP and accepted.
This commit is contained in:
Gioacchino Mazzurco 2019-10-09 01:55:31 +02:00
parent 1b071d106f
commit 93bfbb6ede
No known key found for this signature in database
GPG Key ID: A1FBCA3872E87051
1 changed files with 19 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
libretroshare/src/pqi/p3peermgr.cc
View File

@ -1074,26 +1074,22 @@ bool p3PeerMgrIMPL::addFriend(const RsPeerId& input_id, const RsPgpId& input_gpg
bool p3PeerMgrIMPL::addSslOnlyFriend( bool p3PeerMgrIMPL::addSslOnlyFriend(
const RsPeerId& sslId, const RsPgpId& pgp_id, const RsPeerDetails& dt ) const RsPeerId& sslId, const RsPgpId& pgp_id, const RsPeerDetails& dt )
{ {
if(sslId.isNull()) constexpr auto fname = __PRETTY_FUNCTION__;
const auto failure = [&](const std::string& err)
{ {
RsErr() << __PRETTY_FUNCTION__ << " Cannot add a null " RsErr() << fname << " " << err << std::endl;
<< "ID as SSL-only friend " << std::endl;
return false; return false;
} };
if(sslId.isNull())
return failure("Cannot add a null ID as SSL-only friend");
if(pgp_id.isNull()) if(pgp_id.isNull())
{ return failure( " Cannot add as SSL-only friend a peer with null PGP");
RsErr() << __PRETTY_FUNCTION__ << " Cannot add as SSL-only friend a "
<< "peer with null PGP" << std::endl;
return false;
}
if(sslId == getOwnId()) if(sslId == getOwnId())
{ return failure( "Cannot add yourself as SSL-only friend id:" +
RsErr() << __PRETTY_FUNCTION__ << " Cannot add yourself as SSL-only " sslId.toStdString() );
<< "friend (id=" << sslId << ")" << std::endl;
return false;
}
bool alreadySslFriend = false; bool alreadySslFriend = false;
peerState pstate; peerState pstate;
@ -1116,13 +1112,10 @@ bool p3PeerMgrIMPL::addSslOnlyFriend(
* PGP id we already know, to avoid nasty tricks with malevolently forged * PGP id we already know, to avoid nasty tricks with malevolently forged
* short invites.*/ * short invites.*/
if(alreadySslFriend && pstate.gpg_id != pgp_id) if(alreadySslFriend && pstate.gpg_id != pgp_id)
{ return failure( "Cannot SSL-only friend for a pre-existing friend with "
RsErr() << __PRETTY_FUNCTION__ << " Cannot SSL-only friend for " "mismatching PGP-id known: " +
<< "a pre-existing friend with mismatching PGP-id " pstate.gpg_id.toStdString() + " new: " +
<< "known: " << pstate.gpg_id << " new: " << pgp_id pgp_id.toStdString() );
<< std::endl;
return false;
}
/* It is very important to be expecially carefull setting /* It is very important to be expecially carefull setting
* pstate.skip_pgp_signature_validation to true because this effectively * pstate.skip_pgp_signature_validation to true because this effectively
@ -1137,8 +1130,11 @@ bool p3PeerMgrIMPL::addSslOnlyFriend(
* connection closed. * connection closed.
* Instead if pstate.skip_pgp_signature_validation would have been * Instead if pstate.skip_pgp_signature_validation would have been
* superficially set to true the PGP signature verification would have been * superficially set to true the PGP signature verification would have been
* skipped and the attacker connection would be accepted. */ * skipped and the attacker connection would be accepted.
if(!AuthGPG::getAuthGPG()->isPgpPubKeyAvailable(pgp_id)) * If the PGP key is available add it as full friend. */
if(AuthGPG::getAuthGPG()->isPgpPubKeyAvailable(pgp_id))
AuthGPG::getAuthGPG()->AllowConnection(pgp_id, true);
else
pstate.skip_pgp_signature_validation = true; pstate.skip_pgp_signature_validation = true;
pstate.gpg_id = pgp_id; pstate.gpg_id = pgp_id;