Git-Mirrors/RetroShare
1
0
Fork 0
mirror of https://github.com/RetroShare/RetroShare.git synced 2025-08-18 19:08:35 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

remove the ssl cert storage. Big rewrite of ssl cert and friend management

Browse source 
git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@2017 b45a01b8-16f6-495d-af2f-9b41ad6348cc
This commit is contained in:
joss17 2010-01-13 21:22:52 +00:00
parent bb9fb11257
commit 9976b80566
39 changed files with 2056 additions and 1957 deletions
Download patch file Download diff file Expand all files Collapse all files

153
libretroshare/src/pqi/authgpg.cc
View file

@ -198,7 +198,7 @@ AuthGPG::AuthGPG()
*
* returns false if GnuPG is not available.
*/
bool AuthGPG::availablePGPCertificatesWithPrivateKeys(std::list<std::string> &ids)
bool AuthGPG::availableGPGCertificatesWithPrivateKeys(std::list<std::string> &ids)
{
//RsStackMutex stack(pgpMtx); /******* LOCKED ******/
@ -281,6 +281,8 @@ int AuthGPG::GPGInit(std::string ownId)
mOwnGpgCert.key = newKey;
mOwnGpgId = ownId;
mOwnGpgName = newKey->uids->name;
mOwnGpgEmail = newKey->uids->email;
gpgmeKeySelected = true;
storeAllKeys_locked();
printAllKeys_locked();
@ -381,6 +383,13 @@ bool AuthGPG::storeAllKeys_locked()
nu.name = mainuid->name;
nu.email = mainuid->email;
gpgme_key_sig_t mainsiglist = mainuid->signatures;
std::map<std::string, bool>::iterator itAccept;
if (mAcceptToConnectMap.end() != (itAccept = mAcceptToConnectMap.find(nu.id))) {
nu.accept_connection = itAccept->second;
} else {
nu.accept_connection = false;
mAcceptToConnectMap[nu.id] = false;
}
nu.ownsign = false;
while(mainsiglist != NULL)
{
@ -738,7 +747,7 @@ bool AuthGPG::DoOwnSignature_locked(const void *data, unsigned int datalen, void
/* import to GnuPG and other Certificates */
bool AuthGPG::VerifySignature_locked(const void *data, int datalen, const void *sig, unsigned int siglen)
bool AuthGPG::VerifySignature_locked(const void *data, int datalen, const void *sig, unsigned int siglen, std::string withfingerprint)
{
gpgme_data_t gpgmeSig;
gpgme_data_t gpgmeData;
@ -793,7 +802,12 @@ bool AuthGPG::VerifySignature_locked(const void *data, int datalen, const void *
if (sg->summary & GPGME_SIGSUM_VALID)
{
fprintf(stderr, "AuthGPG::VerifySignature() OK\n");
valid = true;
if (withfingerprint != "" && withfingerprint == std::string(sg->fpr)) {
fprintf(stderr, "AuthGPG::VerifySignature() for the fingerprint key : ");
std::cerr << withfingerprint;
fprintf(stderr, "\n");
valid = true;
}
}
sg = sg->next;
@ -843,7 +857,7 @@ int AuthGPG::setConfigDirectories(std::string confFile, std::string neighDir
#endif
/**** These Two are common */
std::string AuthGPG::getPGPName(GPG_id id)
std::string AuthGPG::getGPGName(GPG_id id)
{
RsStackMutex stack(pgpMtx); /******* LOCKED ******/
@ -855,7 +869,7 @@ std::string AuthGPG::getPGPName(GPG_id id)
}
/**** These Two are common */
std::string AuthGPG::getPGPEmail(GPG_id id)
std::string AuthGPG::getGPGEmail(GPG_id id)
{
RsStackMutex stack(pgpMtx); /******* LOCKED ******/
@ -868,14 +882,19 @@ std::string AuthGPG::getPGPEmail(GPG_id id)
/**** GPG versions ***/
std::string AuthGPG::PGPOwnId()
std::string AuthGPG::getGPGOwnId()
{
//RsStackMutex stack(pgpMtx); /******* LOCKED ******/
return mOwnGpgId;
}
bool AuthGPG::getPGPAllList(std::list<std::string> &ids)
std::string AuthGPG::getGPGOwnName()
{
//RsStackMutex stack(pgpMtx); /******* LOCKED ******/
return mOwnGpgName;
}
bool AuthGPG::getGPGAllList(std::list<std::string> &ids)
{
RsStackMutex stack(pgpMtx); /******* LOCKED ******/
@ -888,36 +907,24 @@ bool AuthGPG::getPGPAllList(std::list<std::string> &ids)
return true;
}
bool AuthGPG::getPGPValidList(std::list<std::string> &ids)
bool AuthGPG::getGPGDetails(std::string id, RsPeerDetails &d)
{
RsStackMutex stack(pgpMtx); /******* LOCKED ******/
/* add an id for each pgp certificate */
certmap::iterator it;
for(it = mKeyList.begin(); it != mKeyList.end(); it++)
{
if (it->second.validLvl >= GPGME_VALIDITY_MARGINAL) {
ids.push_back(it->first);
}
}
return true;
}
bool AuthGPG::getPGPDetails(std::string id, RsPeerDetails &d)
{
RsStackMutex stack(pgpMtx); /******* LOCKED ******/
/* add an id for each pgp certificate */
certmap::iterator it;
if (mKeyList.end() != (it = mKeyList.find(id)))
{
d.id = it->second.id;
if (mKeyList.end() != (it = mKeyList.find(id))) {
d.id = it->second.id; //keep, it but can be bug gen
d.gpg_id = it->second.id;
d.name = it->second.name;
d.email = it->second.email;
d.trustLvl = it->second.trustLvl;
d.validLvl = it->second.validLvl;
d.ownsign = it->second.ownsign;
d.gpgSigners = it->second.signers;
d.fpr = it->second.fpr;
d.accept_connection = it->second.accept_connection;
//did the peer signed me ?
d.hasSignedMe = false;
@ -955,7 +962,6 @@ bool AuthGPG::decryptText(gpgme_data_t CIPHER, gpgme_data_t PLAIN) {
bool AuthGPG::encryptText(gpgme_data_t PLAIN, gpgme_data_t CIPHER) {
//RsStackMutex stack(pgpMtx); /******* LOCKED ******/
gpgme_encrypt_flags_t* flags = new gpgme_encrypt_flags_t();
gpgme_key_t keys[2] = {mOwnGpgCert.key, NULL};
gpgme_set_armor (CTX, 1);
@ -971,18 +977,37 @@ bool AuthGPG::encryptText(gpgme_data_t PLAIN, gpgme_data_t CIPHER) {
return true;
}
bool AuthGPG::getPGPAcceptedList(std::list<std::string> &ids)
bool AuthGPG::getGPGValidList(std::list<std::string> &ids)
{
//RsStackMutex stack(pgpMtx); /******* LOCKED ******/
//TODO : implement a list in config file of accepted GPG key to connect with
return getPGPSignedList(ids);
/* add an id for each pgp certificate */
certmap::iterator it;
for(it = mKeyList.begin(); it != mKeyList.end(); it++)
{
if (it->second.validLvl >= GPGME_VALIDITY_MARGINAL) {
ids.push_back(it->first);
}
}
return true;
}
bool AuthGPG::getPGPSignedList(std::list<std::string> &ids)
bool AuthGPG::getGPGAcceptedList(std::list<std::string> &ids)
{
//RsStackMutex stack(pgpMtx); /******* LOCKED ******/
certmap::iterator it;
for(it = mKeyList.begin(); it != mKeyList.end(); it++)
{
if (it->second.accept_connection)
{
ids.push_back(it->first);
}
}
return true;
}
bool AuthGPG::getGPGSignedList(std::list<std::string> &ids)
{
//RsStackMutex stack(pgpMtx); /******* LOCKED ******/
certmap::iterator it;
for(it = mKeyList.begin(); it != mKeyList.end(); it++)
{
@ -994,10 +1019,9 @@ bool AuthGPG::getPGPSignedList(std::list<std::string> &ids)
return true;
}
bool AuthGPG::isPGPValid(GPG_id id)
bool AuthGPG::isGPGValid(GPG_id id)
{
//RsStackMutex stack(pgpMtx); /******* LOCKED ******/
certmap::iterator it;
if (mKeyList.end() != (it = mKeyList.find(id))) {
return (it->second.validLvl >= GPGME_VALIDITY_MARGINAL);
@ -1008,10 +1032,9 @@ bool AuthGPG::isPGPValid(GPG_id id)
}
bool AuthGPG::isPGPSigned(GPG_id id)
bool AuthGPG::isGPGSigned(GPG_id id)
{
//RsStackMutex stack(pgpMtx); /******* LOCKED ******/
certmap::iterator it;
if (mKeyList.end() != (it = mKeyList.find(id)))
{
@ -1020,6 +1043,17 @@ bool AuthGPG::isPGPSigned(GPG_id id)
return false;
}
bool AuthGPG::isGPGAccepted(GPG_id id)
{
//RsStackMutex stack(pgpMtx); /******* LOCKED ******/
certmap::iterator it;
if (mKeyList.end() != (it = mKeyList.find(id)))
{
return (it->second.accept_connection);
}
return false;
}
/****** Large Parts of the p3AuthMgr is provided by AuthSSL ******
* As the majority of functions require SSL Certs
*
@ -1065,7 +1099,7 @@ bool AuthGPG::loadCertificates()
std::string AuthGPG::SaveCertificateToString(std::string id)
{
if (!isPGPValid(id)) {
if (!isGPGValid(id)) {
std::cerr << "AuthGPG::SaveCertificateToString() unknown ID" << std::endl;
std::string emptystr;
return emptystr;
@ -1112,7 +1146,7 @@ std::string AuthGPG::SaveCertificateToString(std::string id)
}
/* import to GnuPG and other Certificates */
bool AuthGPG::LoadCertificateFromString(std::string str)
bool AuthGPG::LoadCertificateFromString(std::string str, std::string &gpg_id)
{
RsStackMutex stack(pgpMtx); /******* LOCKED ******/
@ -1130,13 +1164,15 @@ bool AuthGPG::LoadCertificateFromString(std::string str)
if (GPG_ERR_NO_ERROR != gpgme_op_import (CTX,gpgmeData))
{
std::cerr << "AuthGPG::Error Importing Certificate";
std::cerr << "AuthGPG::LoadCertificateFromString() Error Importing Certificate";
std::cerr << std::endl;
return false ;
}
gpgme_import_result_t res = gpgme_op_import_result(CTX);
std::string fingerprint = std::string(res->imports->fpr);
std::cerr << "AuthGPG::LoadCertificateFromString() Importing considered folowing fpr : " << fingerprint << std::endl;
int imported = res->imported;
@ -1144,7 +1180,6 @@ bool AuthGPG::LoadCertificateFromString(std::string str)
res->considered, res->imported);
/* do we need to delete res??? */
gpgme_data_release (gpgmeData);
/* extract id(s)! (only if we actually imported one) */
@ -1152,6 +1187,17 @@ bool AuthGPG::LoadCertificateFromString(std::string str)
{
storeAllKeys_locked();
}
//retrieve the id of the key
certmap::iterator it;
for(it = mKeyList.begin(); it != mKeyList.end(); it++)
{
if (it->second.fpr == fingerprint)
{
gpg_id = it->second.id;
break;
}
}
std::cerr << "AuthGPG::LoadCertificateFromString() returning with gpg_id : " << gpg_id << std::endl;
return true;
}
@ -1169,6 +1215,25 @@ bool AuthGPG::LoadCertificateFromString(std::string str)
/*************************************/
/* These take PGP Ids */
bool AuthGPG::setAcceptToConnectGPGCertificate(std::string gpg_id, bool acceptance)
{
std::cerr << "AuthGPG::markGPGCertificateAsFriends(" << gpg_id << ")";
std::cerr << std::endl;
/* reload stuff now ... */
RsStackMutex stack(pgpMtx); /******* LOCKED ******/
certmap::iterator it;
if (mKeyList.end() == (it = mKeyList.find(gpg_id))) {
return false;
}
it->second.accept_connection = acceptance;
mAcceptToConnectMap[gpg_id] = acceptance;
return true;
}
/* These take PGP Ids */
bool AuthGPG::SignCertificateLevel0(GPG_id id)
{
@ -1235,9 +1300,9 @@ bool AuthGPG::SignDataBin(const void *data, unsigned int datalen, unsigned char
sign, signlen);
}
bool AuthGPG::VerifySignBin(const void *data, uint32_t datalen, unsigned char *sign, unsigned int signlen) {
bool AuthGPG::VerifySignBin(const void *data, uint32_t datalen, unsigned char *sign, unsigned int signlen, std::string withfingerprint) {
return VerifySignature_locked(data, datalen,
sign, signlen);
sign, signlen, withfingerprint);
}
@ -1298,7 +1363,7 @@ int AuthGPG::privateTrustCertificate(std::string id, int trustlvl)
/* The certificate should be in Peers list ??? */
if(!isPGPSigned(id)) {
if(!isGPGSigned(id)) {
std::cerr << "Invalid Certificate" << std::endl;
return 0;
}

39
libretroshare/src/pqi/authgpg.h
View file

@ -46,6 +46,7 @@
#include "rsiface/rspeers.h"
#include <string>
#include <list>
#include <set>
#include <map>
#define GPG_id std::string
@ -71,6 +72,9 @@ class gpgcert
bool ownsign;
//This is not gpg, but RS data. A gpg peer can be accepted for connecting but not signed.
bool accept_connection;
gpgme_key_t key;
};
@ -85,7 +89,7 @@ class AuthGPG
/* Internal functions */
bool DoOwnSignature_locked(const void *, unsigned int, void *, unsigned int *);
bool VerifySignature_locked(const void *data, int datalen, const void *sig, unsigned int siglen);
bool VerifySignature_locked(const void *data, int datalen, const void *sig, unsigned int siglen, std::string withfingerprint);
/* Sign/Trust stuff */
int privateSignCertificate(GPG_id id);
@ -104,7 +108,7 @@ class AuthGPG
AuthGPG();
~AuthGPG();
bool availablePGPCertificatesWithPrivateKeys(std::list<std::string> &ids);
bool availableGPGCertificatesWithPrivateKeys(std::list<std::string> &ids);
int GPGInit(std::string ownId);
@ -145,18 +149,21 @@ class AuthGPG
* provide access to details in cache list.
*
****/
std::string getPGPName(GPG_id pgp_id);
std::string getPGPEmail(GPG_id pgp_id);
std::string getGPGName(GPG_id pgp_id);
std::string getGPGEmail(GPG_id pgp_id);
/* PGP web of trust management */
GPG_id PGPOwnId();
bool getPGPDetails(std::string id, RsPeerDetails &d);
bool getPGPAllList(std::list<std::string> &ids);
bool getPGPValidList(std::list<std::string> &ids);
bool getPGPAcceptedList(std::list<std::string> &ids);
bool getPGPSignedList(std::list<std::string> &ids);
bool isPGPValid(std::string id);
bool isPGPSigned(std::string id);
std::string getGPGOwnId();
std::string getGPGOwnName();
std::string getGPGOwnEmail();
bool getGPGDetails(std::string id, RsPeerDetails &d);
bool getGPGAllList(std::list<std::string> &ids);
bool getGPGValidList(std::list<std::string> &ids);
bool getGPGAcceptedList(std::list<std::string> &ids);
bool getGPGSignedList(std::list<std::string> &ids);
bool isGPGValid(std::string id);
bool isGPGSigned(std::string id);
bool isGPGAccepted(std::string id);
/*********************************************************************************/
/************************* STAGE 4 ***********************************************/
@ -165,7 +172,7 @@ class AuthGPG
* STAGE 4: Loading and Saving Certificates. (Strings and Files)
*
****/
bool LoadCertificateFromString(std::string pem);
bool LoadCertificateFromString(std::string pem, std::string &gpg_id);
std::string SaveCertificateToString(std::string id);
/*********************************************************************************/
@ -178,6 +185,7 @@ class AuthGPG
* done in gpgroot already.
*
****/
bool setAcceptToConnectGPGCertificate(std::string gpg_id, bool acceptance); //don't act on the gpg key, use a seperate set
bool SignCertificateLevel0(std::string id);
bool RevokeCertificate(std::string id); /* Particularly hard - leave for later */
bool TrustCertificateNone(std::string id);
@ -198,7 +206,7 @@ class AuthGPG
bool SignData(const void *data, const uint32_t len, std::string &sign);
bool SignDataBin(std::string input, unsigned char *sign, unsigned int *signlen);
bool SignDataBin(const void *data, const uint32_t len, unsigned char *sign, unsigned int *signlen);
bool VerifySignBin(const void*, uint32_t, unsigned char*, unsigned int);
bool VerifySignBin(const void*, uint32_t, unsigned char*, unsigned int, std::string withfingerprint);
bool decryptText(gpgme_data_t CIPHER, gpgme_data_t PLAIN);
bool encryptText(gpgme_data_t PLAIN, gpgme_data_t CIPHER);
//END of PGP public functions
@ -223,7 +231,10 @@ private:
gpgme_ctx_t CTX;
std::string mOwnGpgId;
std::string mOwnGpgName;
std::string mOwnGpgEmail;
std::string mX509id;
std::map<std::string, bool> mAcceptToConnectMap;
gpgcert mOwnGpgCert;
};

2118
libretroshare/src/pqi/authssl.cc
View file

File diff suppressed because it is too large Load diff

64
libretroshare/src/pqi/authssl.h
View file

@ -27,12 +27,10 @@
#define MRK_AUTH_SSL_HEADER
/*
* This is an implementation of SSL certificate authentication, which can be
* This is an implementation of SSL certificate authentication, which is
* overloaded with pgp style signatures, and web-of-trust authentication.
*
* There are several virtual functions with can be overloaded to acheive this.
* SignCertificate()
* AuthCertificate()
* only the owner ssl cert is store, the rest is jeus callback verification
*
* To use as an SSL authentication system, you must use a common CA certificate.
* and compilation should be done with PQI_USE_XPGP off, and PQI_USE_SSLONLY on
@ -52,6 +50,7 @@
#include "pqi/pqi_base.h"
#include "pqi/pqinetwork.h"
#include "rsiface/rspeers.h"
typedef std::string SSL_id;
@ -75,7 +74,7 @@ class sslcert
std::string issuer;
std::string fpr;
std::list<std::string> signers;
//std::list<std::string> signers;
/* Auth settings */
bool authed;
@ -103,42 +102,43 @@ SSL_CTX * getNewSslCtx();
/*********** Overloaded Functions from p3AuthMgr **********/
/* get Certificate Ids */
/* get Certificate Id */
virtual std::string OwnId();
virtual bool getAllList(std::list<std::string> &ids);
virtual bool getAuthenticatedList(std::list<std::string> &ids);
virtual bool getUnknownList(std::list<std::string> &ids);
virtual bool getSSLChildListOfGPGId(std::string gpg_id, std::list<std::string> &ids);
//virtual bool getAllList(std::list<std::string> &ids);
//virtual bool getAuthenticatedList(std::list<std::string> &ids);
//virtual bool getUnknownList(std::list<std::string> &ids);
//virtual bool getSSLChildListOfGPGId(std::string gpg_id, std::list<std::string> &ids);
/* get Details from the Certificates */
virtual bool isAuthenticated(std::string id);
virtual std::string getName(std::string id);
virtual std::string getIssuerName(std::string id);
virtual std::string getGPGId(SSL_id id);
virtual bool getCertDetails(std::string id, sslcert &cert);
//virtual bool isAuthenticated(std::string id);
//virtual std::string getName(std::string id);
//virtual std::string getIssuerName(std::string id);
//virtual std::string getGPGId(SSL_id id);
//virtual bool getCertDetails(std::string id, sslcert &cert);
/* High Level Load/Save Configuration */
virtual bool FinalSaveCertificates();
virtual bool CheckSaveCertificates();
virtual bool saveCertificates();
virtual bool loadCertificates();
//virtual bool FinalSaveCertificates();
//virtual bool CheckSaveCertificates();
//virtual bool saveCertificates();
//virtual bool loadCertificates();
/* Load/Save certificates */
virtual bool LoadCertificateFromString(std::string pem, std::string &id);
virtual std::string SaveCertificateToString(std::string id);
virtual bool LoadCertificateFromFile(std::string filename, std::string &id);
virtual bool SaveCertificateToFile(std::string id, std::string filename);
bool ProcessX509(X509 *x509, std::string &id);
virtual bool LoadCertificateFromBinary(const uint8_t *ptr, uint32_t len, std::string &id);
virtual bool SaveCertificateToBinary(std::string id, uint8_t **ptr, uint32_t *len);
virtual bool LoadDetailsFromStringCert(std::string pem, RsPeerDetails &pd);
virtual std::string SaveOwnCertificateToString();
//virtual bool LoadCertificateFromFile(std::string filename, std::string &id);
//virtual bool SaveCertificateToFile(std::string id, std::string filename);
//bool ProcessX509(X509 *x509, std::string &id);
//
//virtual bool LoadCertificateFromBinary(const uint8_t *ptr, uint32_t len, std::string &id);
//virtual bool SaveCertificateToBinary(std::string id, uint8_t **ptr, uint32_t *len);
/* Sign / Encrypt / Verify Data (TODO) */
virtual bool SignData(std::string input, std::string &sign);
virtual bool SignData(const void *data, const uint32_t len, std::string &sign);
virtual bool SignDataBin(std::string, unsigned char*, unsigned int*);
virtual bool SignDataBin(const void*, uint32_t, unsigned char*, unsigned int*);
virtual bool VerifySignBin(std::string, const void*, uint32_t, unsigned char*, unsigned int);
virtual bool VerifySignBin(const void*, uint32_t, unsigned char*, unsigned int);
// return : false if encrypt failed
bool encrypt(void *&out, int &outlen, const void *in, int inlen, std::string peerId);
@ -165,11 +165,11 @@ SSL_CTX *getCTX();
static int ex_data_ctx_index; //used to pass the peer id in the ssl context
bool FailedCertificate(X509 *x509, bool incoming); /* store for discovery */
bool CheckCertificate(std::string peerId, X509 *x509); /* check that they are exact match */
//bool FailedCertificate(X509 *x509, bool incoming); /* store for discovery */
//bool CheckCertificate(std::string peerId, X509 *x509); /* check that they are exact match */
/* Special Config Loading (backwards compatibility) */
bool loadCertificates(bool &oldFormat, std::map<std::string, std::string> &keyValueMap);
//bool loadCertificates(bool &oldFormat, std::map<std::string, std::string> &keyValueMap);
static AuthSSL *getAuthSSL() throw() // pour obtenir l'instance
{ return instance_ssl; }
@ -190,7 +190,7 @@ X509 * loadX509FromDER(const uint8_t *ptr, uint32_t len);
bool saveX509ToDER(X509 *x509, uint8_t **ptr, uint32_t *len);
/*********** LOCKED Functions ******/
bool locked_FindCert(std::string id, sslcert **cert);
//bool locked_FindCert(std::string id, sslcert **cert);
/* Data */
@ -208,7 +208,7 @@ bool locked_FindCert(std::string id, sslcert **cert);
bool mToSaveCerts;
bool mConfigSaveActive;
std::map<std::string, sslcert *> mCerts;
//std::map<std::string, sslcert *> mCerts;
};

199
libretroshare/src/pqi/p3connmgr.cc
View file

@ -28,6 +28,8 @@
#include "tcponudp/tou.h"
#include "tcponudp/extaddrfinder.h"
#include "util/rsnet.h"
#include "pqi/authgpg.h"
#include "util/rsprint.h"
#include "util/rsdebug.h"
@ -96,12 +98,14 @@ peerAddrInfo::peerAddrInfo()
peerConnectState::peerConnectState()
:id("unknown"),
gpg_id("unknown"),
netMode(RS_NET_MODE_UNKNOWN), visState(RS_VIS_STATE_STD),
lastcontact(0),
connecttype(0),
lastavailable(0),
lastattempt(time(NULL) - MIN_RETRY_PERIOD + MIN_TIME_BETWEEN_NET_RESET + 2), //start connection 2 second after the possible next one net reset
name("nameless"), state(0), actions(0),
name(""), location(""),
state(0), actions(0),
source(0),
inConnAttempt(0)
{
@ -136,7 +140,7 @@ p3ConnectMgr::p3ConnectMgr()
{
/* setup basics of own state */
ownState.id = AuthSSL::getAuthSSL()->OwnId();
ownState.name = AuthSSL::getAuthSSL()->getName(ownState.id);
ownState.name = AuthGPG::getAuthGPG()->getGPGOwnName();
ownState.netMode = RS_NET_MODE_UDP;
//use_extr_addr_finder = true ;
@ -1442,18 +1446,18 @@ void p3ConnectMgr::getFriendList(std::list<std::string> &peers)
}
void p3ConnectMgr::getOthersList(std::list<std::string> &peers)
{
RsStackMutex stack(connMtx); /****** STACK LOCK MUTEX *******/
/* check for existing */
std::map<std::string, peerConnectState>::iterator it;
for(it = mOthersList.begin(); it != mOthersList.end(); it++)
{
peers.push_back(it->first);
}
return;
}
//void p3ConnectMgr::getOthersList(std::list<std::string> &peers)
//{
// RsStackMutex stack(connMtx); /****** STACK LOCK MUTEX *******/
//
// /* check for existing */
// std::map<std::string, peerConnectState>::iterator it;
// for(it = mOthersList.begin(); it != mOthersList.end(); it++)
// {
// peers.push_back(it->first);
// }
// return;
//}
@ -1984,7 +1988,7 @@ void p3ConnectMgr::peerConnectRequest(std::string id, struct sockaddr_in radd
/*******************************************************************/
/*******************************************************************/
bool p3ConnectMgr::addFriend(std::string id, uint32_t netMode, uint32_t visState, time_t lastContact)
bool p3ConnectMgr::addFriend(std::string id, std::string gpg_id, uint32_t netMode, uint32_t visState, time_t lastContact)
{
/* so three possibilities
* (1) already exists as friend -> do nothing.
@ -1993,7 +1997,7 @@ bool p3ConnectMgr::addFriend(std::string id, uint32_t netMode, uint32_t visState
*/
#ifdef CONN_DEBUG
std::cerr << "p3ConnectMgr::addFriend() " << id << std::endl;
std::cerr << "p3ConnectMgr::addFriend() " << id << "; gpg_id : " << gpg_id << std::endl;
#endif
RsStackMutex stack(connMtx); /****** STACK LOCK MUTEX *******/
@ -2009,19 +2013,21 @@ bool p3ConnectMgr::addFriend(std::string id, uint32_t netMode, uint32_t visState
return true;
}
/* check with the AuthMgr if its authorised */
if (!AuthSSL::getAuthSSL()->isAuthenticated(id))
{
//Authentication is now tested at connection time, we don't store the ssl cert anymore
if (!AuthGPG::getAuthGPG()->isGPGAccepted(gpg_id))
{
#ifdef CONN_DEBUG
std::cerr << "p3ConnectMgr::addFriend() Failed Authentication" << std::endl;
std::cerr << "p3ConnectMgr::addFriend() gpg is not accepted" << std::endl;
#endif
/* no auth */
return false;
}
/* no auth */
return false;
}
/* check if it is in others */
if (mOthersList.end() != (it = mOthersList.find(id)))
{
/* check if it is in others */
// if (mOthersList.end() != (it = mOthersList.find(id)))
if (false)
{
/* (2) in mOthersList -> move over */
#ifdef CONN_DEBUG
std::cerr << "p3ConnectMgr::addFriend() Move from Others" << std::endl;
@ -2057,19 +2063,7 @@ bool p3ConnectMgr::addFriend(std::string id, uint32_t netMode, uint32_t visState
IndicateConfigChanged(); /**** INDICATE MSG CONFIG CHANGED! *****/
return true;
}
/* get details from AuthMgr */
sslcert detail;
if (!AuthSSL::getAuthSSL()->getCertDetails(id, detail))
{
#ifdef CONN_DEBUG
std::cerr << "p3ConnectMgr::addFriend() Failed to get Details" << std::endl;
#endif
/* ERROR: no details */
return false;
}
}
#ifdef CONN_DEBUG
std::cerr << "p3ConnectMgr::addFriend() Creating New Entry" << std::endl;
@ -2079,7 +2073,8 @@ bool p3ConnectMgr::addFriend(std::string id, uint32_t netMode, uint32_t visState
peerConnectState pstate;
pstate.id = id;
pstate.name = detail.name;
pstate.gpg_id = gpg_id;
pstate.name = AuthGPG::getAuthGPG()->getGPGName(gpg_id);
pstate.state = RS_PEER_S_FRIEND;
pstate.actions = RS_PEER_NEW;
@ -2145,7 +2140,7 @@ bool p3ConnectMgr::addNeighbour(std::string id)
{
#ifdef CONN_DEBUG
std::cerr << "p3ConnectMgr::addNeighbour() " << id << std::endl;
std::cerr << "p3ConnectMgr::addNeighbour() not implemented anymore." << id << std::endl;
#endif
/* so three possibilities
@ -2154,51 +2149,51 @@ bool p3ConnectMgr::addNeighbour(std::string id)
* (3) is non-existant -> create new one.
*/
RsStackMutex stack(connMtx); /****** STACK LOCK MUTEX *******/
// RsStackMutex stack(connMtx); /****** STACK LOCK MUTEX *******/
//
// std::map<std::string, peerConnectState>::iterator it;
// if (mFriendList.end() == mFriendList.find(id))
// {
// /* (1) already exists */
// return false;
// }
//
// if (mOthersList.end() == mOthersList.find(id))
// {
// /* (2) already exists */
// return true;
// }
//
// /* check with the AuthMgr if its valid */
// if (!AuthSSL::getAuthSSL()->isAuthenticated(id))
// {
// /* no auth */
// return false;
// }
//
// /* get details from AuthMgr */
// sslcert detail;
// if (!AuthSSL::getAuthSSL()->getCertDetails(id, detail))
// {
// /* no details */
// return false;
// }
//
// /* create a new entry */
// peerConnectState pstate;
//
// pstate.id = id;
// pstate.name = detail.name;
//
// pstate.state = 0;
// pstate.actions = 0; //RS_PEER_NEW;
// pstate.visState = RS_VIS_STATE_STD;
// pstate.netMode = RS_NET_MODE_UNKNOWN;
//
// /* addr & timestamps -> auto cleared */
// mOthersList[id] = pstate;
std::map<std::string, peerConnectState>::iterator it;
if (mFriendList.end() == mFriendList.find(id))
{
/* (1) already exists */
return false;
}
if (mOthersList.end() == mOthersList.find(id))
{
/* (2) already exists */
return true;
}
/* check with the AuthMgr if its valid */
if (!AuthSSL::getAuthSSL()->isAuthenticated(id))
{
/* no auth */
return false;
}
/* get details from AuthMgr */
sslcert detail;
if (!AuthSSL::getAuthSSL()->getCertDetails(id, detail))
{
/* no details */
return false;
}
/* create a new entry */
peerConnectState pstate;
pstate.id = id;
pstate.name = detail.name;
pstate.state = 0;
pstate.actions = 0; //RS_PEER_NEW;
pstate.visState = RS_VIS_STATE_STD;
pstate.netMode = RS_NET_MODE_UNKNOWN;
/* addr & timestamps -> auto cleared */
mOthersList[id] = pstate;
return true;
return false;
}
/*******************************************************************/
@ -2633,6 +2628,30 @@ bool p3ConnectMgr::setNetworkMode(std::string id, uint32_t netMode)
return false;
}
bool p3ConnectMgr::setLocation(std::string id, std::string location)
{
#ifdef CONN_DEBUG
std::cerr << "p3ConnectMgr::setLocation() called for id : " << id << "; with location " << location << std::endl;
#endif
if (id == AuthSSL::getAuthSSL()->OwnId())
{
ownState.location = location;
return true;
}
RsStackMutex stack(connMtx); /****** STACK LOCK MUTEX *******/
/* check if it is a friend */
std::map<std::string, peerConnectState>::iterator it;
bool isFriend = false;
if (mFriendList.end() == (it = mFriendList.find(id))) {
return false;
} else {
it->second.location = location;
return true;
}
}
bool p3ConnectMgr::setVisState(std::string id, uint32_t visState)
{
if (id == AuthSSL::getAuthSSL()->OwnId())
@ -2792,6 +2811,8 @@ std::list<RsItem *> p3ConnectMgr::saveList(bool &cleanup)
item->clear();
item->pid = getOwnId();
item->gpg_id = ownState.gpg_id;
item->location = ownState.location;
if (ownState.netMode & RS_NET_MODE_TRY_EXT)
{
item->netMode = RS_NET_MODE_EXT;
@ -2828,7 +2849,9 @@ std::list<RsItem *> p3ConnectMgr::saveList(bool &cleanup)
item->clear();
item->pid = it->first;
item->netMode = (it->second).netMode;
item->gpg_id = (it->second).gpg_id;
item->location = (it->second).location;
item->netMode = (it->second).netMode;
item->visState = (it->second).visState;
item->lastContact = (it->second).lastcontact;
item->currentlocaladdr = (it->second).currentlocaladdr;
@ -2913,6 +2936,7 @@ bool p3ConnectMgr::loadList(std::list<RsItem *> load)
#endif
/* add ownConfig */
setOwnNetConfig(pitem->netMode, pitem->visState);
ownState.gpg_id = AuthGPG::getAuthGPG()->getGPGOwnId();
}
else
{
@ -2922,8 +2946,9 @@ bool p3ConnectMgr::loadList(std::list<RsItem *> load)
std::cerr << std::endl;
#endif
/* ************* */
addFriend(pitem->pid, pitem->netMode, pitem->visState, pitem->lastContact);
addFriend(pitem->pid, pitem->gpg_id, pitem->netMode, pitem->visState, pitem->lastContact);
}
setLocation(pitem->pid, pitem->location);
setLocalAddress(pitem->pid, pitem->currentlocaladdr);
setExtAddress(pitem->pid, pitem->currentremoteaddr);
setAddressList(pitem->pid, pitem->ipAddressList);

20
libretroshare/src/pqi/p3connmgr.h
View file

@ -135,7 +135,8 @@ class peerConnectState
public:
peerConnectState(); /* init */
std::string id;
std::string id;
std::string gpg_id;
uint32_t netMode; /* EXT / UPNP / UDP / INVALID */
uint32_t visState; /* STD, GRAY, DARK */
@ -167,6 +168,7 @@ class peerConnectState
time_t lastattempt;
std::string name;
std::string location;
uint32_t state;
uint32_t actions;
@ -231,11 +233,13 @@ bool setAddressList(std::string id, std::list<IpAddressTimed> IpAddressTimedL
bool setNetworkMode(std::string id, uint32_t netMode);
bool setVisState(std::string id, uint32_t visState);
bool setLocation(std::string pid, std::string location);//location is shown in the gui to differentiate ssl certs
/* add/remove friends */
bool addFriend(std::string id, uint32_t netMode = RS_NET_MODE_UDP,
bool addFriend(std::string ssl_id, std::string gpg_id, uint32_t netMode = RS_NET_MODE_UDP,
uint32_t visState = RS_VIS_STATE_STD , time_t lastContact = 0);
bool removeFriend(std::string);
bool removeFriend(std::string ssl_id);
bool addNeighbour(std::string);
/*************** External Control ****************/
@ -244,14 +248,14 @@ bool addNeighbour(std::string);
const std::string getOwnId();
bool getOwnNetStatus(peerConnectState &state);
bool isFriend(std::string id);
bool isOnline(std::string id);
bool isFriend(std::string ssl_id);
bool isOnline(std::string ssl_id);
bool getFriendNetStatus(std::string id, peerConnectState &state);
bool getOthersNetStatus(std::string id, peerConnectState &state);
void getOnlineList(std::list<std::string> &peers);
void getFriendList(std::list<std::string> &peers);
void getOthersList(std::list<std::string> &peers);
void getOnlineList(std::list<std::string> &ssl_peers);
void getFriendList(std::list<std::string> &ssl_peers);
//void getOthersList(std::list<std::string> &peers); /deprecated
/**************** handle monitors *****************/

59
libretroshare/src/pqi/pqissl.cc
View file

@ -109,16 +109,6 @@ pqissl::pqissl(pqissllistener *l, PQInterface *parent, p3ConnectMgr *cm)
rslog(RSL_ALERT, pqisslzone, out.str());
}
if (!(AuthSSL::getAuthSSL()->isAuthenticated(PeerId())))
{
rslog(RSL_ALERT, pqisslzone,
"pqissl::Warning Certificate Not Approved!");
rslog(RSL_ALERT, pqisslzone,
"\t pqissl will not initialise....");
}
return;
}
@ -1081,14 +1071,14 @@ int pqissl::Extract_Failed_SSL_Certificate()
}
rslog(RSL_DEBUG_BASIC, pqisslzone,
"pqissl::Extract_Failed_SSL_Certificate() Have Peer Cert - Registering");
"pqissl::Extract_Failed_SSL_Certificate() Have Peer Cert - (Not) Registering (anymore)");
// save certificate... (and ip locations)
// false for outgoing....
// we actually connected to remote_addr,
// which could be
// (pqissl's case) sslcert->serveraddr or sslcert->localaddr.
AuthSSL::getAuthSSL()->FailedCertificate(peercert, false);
//AuthSSL::getAuthSSL()->FailedCertificate(peercert, false);
return 1;
}
@ -1138,33 +1128,36 @@ int pqissl::Authorise_SSL_Connection()
rslog(RSL_DEBUG_BASIC, pqisslzone,
"pqissl::Authorise_SSL_Connection() Have Peer Cert");
accept(ssl_connection, sockfd, remote_addr);
return 1;
// save certificate... (and ip locations)
// false for outgoing....
// we actually connected to remote_addr,
// which could be
// (pqissl's case) sslcert->serveraddr or sslcert->localaddr.
bool certCorrect = false;
certCorrect = AuthSSL::getAuthSSL()->CheckCertificate(PeerId(), peercert);
// check it's the right one.
if (certCorrect)
{
// then okay...
std::ostringstream out;
out << "pqissl::Authorise_SSL_Connection() Accepting Conn. Peer: " << PeerId();
rslog(RSL_WARNING, pqisslzone, out.str());
accept(ssl_connection, sockfd, remote_addr);
return 1;
}
{
std::ostringstream out;
out << "pqissl::Authorise_SSL_Connection() Something Wrong ... ";
out << " Shutdown. Peer: " << PeerId();
rslog(RSL_WARNING, pqisslzone, out.str());
}
// bool certCorrect = false;
// certCorrect = AuthSSL::getAuthSSL()->CheckCertificate(PeerId(), peercert);
//
// // check it's the right one.
// if (certCorrect)
// {
// // then okay...
// std::ostringstream out;
// out << "pqissl::Authorise_SSL_Connection() Accepting Conn. Peer: " << PeerId();
// rslog(RSL_WARNING, pqisslzone, out.str());
//
// accept(ssl_connection, sockfd, remote_addr);
// return 1;
// }
//
// {
// std::ostringstream out;
// out << "pqissl::Authorise_SSL_Connection() Something Wrong ... ";
// out << " Shutdown. Peer: " << PeerId();
// rslog(RSL_WARNING, pqisslzone, out.str());
// }
// else shutdown ssl connection.

30
libretroshare/src/pqi/pqissllistener.cc
View file

@ -472,11 +472,11 @@ int pqissllistenbase::Extract_Failed_SSL_Certificate(SSL *ssl, struct sockaddr_
}
pqioutput(PQL_DEBUG_BASIC, pqissllistenzone,
"pqissllistenbase::Extract_Failed_SSL_Certificate() Have Peer Cert - Registering");
"pqissllistenbase::Extract_Failed_SSL_Certificate() Have Peer Cert - (Not) Registering (Anymore)");
// save certificate... (and ip locations)
// false for outgoing....
AuthSSL::getAuthSSL()->FailedCertificate(peercert, true);
//AuthSSL::getAuthSSL()->FailedCertificate(peercert, true);
return 1;
}
@ -683,19 +683,19 @@ int pqissllistener::completeConnection(int fd, SSL *ssl, struct sockaddr_in &rem
return -1;
}
/* Certificate consumed! */
bool certKnown = AuthSSL::getAuthSSL()->CheckCertificate(it->first, peercert);
if (certKnown == false)
{
std::ostringstream out;
out << "Failed Final Check";
out << " for Connection:" << inet_ntoa(remote_addr.sin_addr);
out << std::endl;
out << "pqissllistenbase: Will shut it down!" << std::endl;
pqioutput(PQL_WARNING, pqissllistenzone, out.str());
return -1;
}
// /* Certificate consumed! */
// bool certKnown = AuthSSL::getAuthSSL()->CheckCertificate(it->first, peercert);
//
// if (certKnown == false)
// {
// std::ostringstream out;
// out << "Failed Final Check";
// out << " for Connection:" << inet_ntoa(remote_addr.sin_addr);
// out << std::endl;
// out << "pqissllistenbase: Will shut it down!" << std::endl;
// pqioutput(PQL_WARNING, pqissllistenzone, out.str());
// return -1;
// }
pqissl *pqis = it -> second;

12
libretroshare/src/pqi/pqissltunnel.cc
View file

@ -102,12 +102,12 @@ pqissltunnel::pqissltunnel(PQInterface *parent, p3ConnectMgr *cm)
rslog(RSL_ALERT, pqisslzone, out.str());
}
if (!(AuthSSL::getAuthSSL()->isAuthenticated(PeerId()))) {
rslog(RSL_ALERT, pqisslzone,
"pqissltunnel::Warning Certificate Not Approved!");
rslog(RSL_ALERT, pqisslzone,
"\t pqissltunnel will not initialise....");
}
// if (!(AuthSSL::getAuthSSL()->isAuthenticated(PeerId()))) {
// rslog(RSL_ALERT, pqisslzone,
// "pqissltunnel::Warning Certificate Not Approved!");
// rslog(RSL_ALERT, pqisslzone,
// "\t pqissltunnel will not initialise....");
// }
mP3tunnel = mConnMgr->getP3tunnel();
current_data_offset = 0;
curent_data_packet.length = 0;