mirror of
https://github.com/RetroShare/RetroShare.git
synced 2024-12-14 18:34:29 -05:00
Major change to the way certificates are stored now defaults to ~/.retroshare/SSLID/
* supports Multiple Accounts on same computer. * Enabled libretroshare tests using Makefiles. * restructured RsInit functions: Config Data is now private. * switch OpenPGP on by default (added #define to rsinit). git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@1451 b45a01b8-16f6-495d-af2f-9b41ad6348cc
This commit is contained in:
parent
a7209f1001
commit
a023a0bfcd
@ -9,7 +9,7 @@ include $(RS_TOP_DIR)/scripts/config.mk
|
||||
|
||||
RSOBJ = ftdata.o ftfileprovider.o ftfilecreator.o ftextralist.o \
|
||||
ftdatamultiplex.o ftfilesearch.o fttransfermodule.o ftdbase.o ftserver.o \
|
||||
ftcontroller.o pqitestor.o
|
||||
ftcontroller.o pqitestor.o ftdwlqueue.o
|
||||
|
||||
|
||||
TESTOBJ = ftfileprovidertest.o ftfilecreatortest.o ftextralisttest.o ftdataplextest.o ftserver1test.o ftserver2test.o fttransfermoduletest.o ftserver3test.o
|
||||
|
@ -1,5 +1,5 @@
|
||||
TEMPLATE = lib
|
||||
CONFIG += static xpgp
|
||||
CONFIG += static pgp
|
||||
TARGET = retroshare
|
||||
CONFIG += release
|
||||
|
||||
@ -22,6 +22,7 @@ pgp {
|
||||
DEFINES -=PQI_USE_XPGP
|
||||
DEFINES *= RS_USE_PGPSSL
|
||||
}
|
||||
|
||||
xpgp {
|
||||
DEFINES *= PQI_USE_XPGP
|
||||
SSL_DIR=../../../../openssl-0.9.7g-xpgp-0.1c
|
||||
@ -246,7 +247,7 @@ SOURCES = \
|
||||
rsserver/p3face-msgs.cc \
|
||||
rsserver/rsiface.cc \
|
||||
rsserver/rstypes.cc \
|
||||
rsserver/p3face-startup.cc \
|
||||
rsserver/rsinit.cc \
|
||||
rsserver/p3face-config.cc \
|
||||
rsserver/p3face-server.cc \
|
||||
rsserver/p3Blog.cc \
|
||||
|
@ -57,10 +57,13 @@
|
||||
#include <iostream>
|
||||
#include <sstream>
|
||||
|
||||
#define AUTHGPG_DEBUG 1
|
||||
|
||||
|
||||
/* Turn a set of parameters into a string */
|
||||
static std::string setKeyPairParams(bool useRsa, unsigned int blen,
|
||||
std::string name, std::string comment, std::string email,
|
||||
std::string passphrase);
|
||||
std::string inPassphrase);
|
||||
|
||||
static gpgme_key_t getKey(gpgme_ctx_t, std::string, std::string, std::string);
|
||||
|
||||
@ -132,6 +135,7 @@ bool GPGAuthMgr::setPGPPassword_locked(std::string pwd)
|
||||
memcpy(PgpPassword, pwd.c_str(), pwd.length());
|
||||
PgpPassword[pwd.length()] = '\0';
|
||||
|
||||
fprintf(stderr, "GPGAuthMgr::setPGPPassword_locked() called\n");
|
||||
gpgme_set_passphrase_cb(CTX, pgp_pwd_callback, (void *) PgpPassword);
|
||||
|
||||
return true;
|
||||
@ -257,7 +261,7 @@ bool GPGAuthMgr::availablePGPCertificates(std::list<std::string> &ids)
|
||||
* This function must be called successfully (return == 1)
|
||||
* before anything else can be done. (except above fn).
|
||||
*/
|
||||
int GPGAuthMgr::GPGInit(std::string ownId, std::string name, std::string passphrase)
|
||||
int GPGAuthMgr::GPGInit(std::string ownId)
|
||||
{
|
||||
RsStackMutex stack(pgpMtx); /******* LOCKED ******/
|
||||
|
||||
@ -280,23 +284,24 @@ int GPGAuthMgr::GPGInit(std::string ownId, std::string name, std::string passphr
|
||||
return 0;
|
||||
}
|
||||
|
||||
mOwnGpgCert.user.name = name;
|
||||
mOwnGpgCert.user.name = newKey->uids->name;
|
||||
mOwnGpgCert.user.email = newKey->uids->email;
|
||||
mOwnGpgCert.user.fpr = newKey->subkeys->fpr;
|
||||
mOwnGpgCert.user.id = ownId;
|
||||
mOwnGpgCert.key = newKey;
|
||||
this->passphrase = passphrase;
|
||||
|
||||
mOwnId = ownId;
|
||||
gpgmeKeySelected = true;
|
||||
|
||||
setPGPPassword_locked(passphrase);
|
||||
// Password set in different fn.
|
||||
//this->passphrase = passphrase;
|
||||
//setPGPPassword_locked(passphrase);
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
int GPGAuthMgr::GPGInit(std::string name, std::string comment,
|
||||
std::string email, std::string passphrase)
|
||||
std::string email, std::string inPassphrase)
|
||||
{
|
||||
RsStackMutex stack(pgpMtx); /******* LOCKED ******/
|
||||
|
||||
@ -329,8 +334,8 @@ int GPGAuthMgr::GPGInit(std::string name, std::string comment,
|
||||
mOwnGpgCert.user.id = newKey->subkeys->keyid;
|
||||
mOwnGpgCert.key = newKey;
|
||||
|
||||
this->passphrase = passphrase;
|
||||
setPGPPassword_locked(passphrase);
|
||||
this->passphrase = inPassphrase;
|
||||
setPGPPassword_locked(inPassphrase);
|
||||
|
||||
mOwnId = mOwnGpgCert.user.id;
|
||||
gpgmeKeySelected = true;
|
||||
@ -342,6 +347,21 @@ int GPGAuthMgr::GPGInit(std::string name, std::string comment,
|
||||
{
|
||||
}
|
||||
|
||||
int GPGAuthMgr::LoadGPGPassword(std::string pwd)
|
||||
{
|
||||
RsStackMutex stack(pgpMtx); /******* LOCKED ******/
|
||||
|
||||
if (!gpgmeInit) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
this->passphrase = pwd;
|
||||
setPGPPassword_locked(pwd);
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
||||
|
||||
// store all keys in map mKeyList to avoid callin gpgme exe repeatedly
|
||||
bool GPGAuthMgr::storeAllKeys_locked()
|
||||
@ -637,6 +657,12 @@ bool GPGAuthMgr::printOwnKeys_locked()
|
||||
return true;
|
||||
}
|
||||
|
||||
bool GPGAuthMgr::printKeys()
|
||||
{
|
||||
RsStackMutex stack(pgpMtx); /******* LOCKED ******/
|
||||
printAllKeys_locked();
|
||||
return printOwnKeys_locked();
|
||||
}
|
||||
|
||||
X509 *GPGAuthMgr::SignX509Req(X509_REQ *req, long days, std::string gpg_passwd)
|
||||
{
|
||||
@ -820,7 +846,7 @@ X509 *GPGAuthMgr::SignX509Req(X509_REQ *req, long days, std::string gpg_passwd)
|
||||
goto err;
|
||||
}
|
||||
|
||||
passphrase = "NULL";
|
||||
//passphrase = "NULL";
|
||||
|
||||
std::cerr << "Signature done: len:" << sigoutl << std::endl;
|
||||
|
||||
@ -1258,6 +1284,10 @@ bool GPGAuthMgr::getDetails(std::string id, pqiAuthDetails &details)
|
||||
* Ids are the SSL id cert ids, so we have to get issuer id (pgpid)
|
||||
* before we can add any gpg details
|
||||
****/
|
||||
#ifdef AUTHGPG_DEBUG
|
||||
std::cerr << "GPGAuthMgr::getDetails() \"" << id << "\"";
|
||||
std::cerr << std::endl;
|
||||
#endif
|
||||
|
||||
if (AuthSSL::getDetails(id, details))
|
||||
{
|
||||
@ -1906,7 +1936,7 @@ void GPGAuthMgr::createDummyFriends()
|
||||
|
||||
static std::string setKeyPairParams(bool useRsa, unsigned int blen,
|
||||
std::string name, std::string comment, std::string email,
|
||||
std::string passphrase)
|
||||
std::string inPassphrase)
|
||||
{
|
||||
std::ostringstream params;
|
||||
params << "<GnupgKeyParms format=\"internal\">"<< std::endl;
|
||||
@ -1932,7 +1962,7 @@ static std::string setKeyPairParams(bool useRsa, unsigned int blen,
|
||||
params << "Name-Comment: "<< comment << std::endl;
|
||||
params << "Name-Email: "<< email << std::endl;
|
||||
params << "Expire-Date: 0"<< std::endl;
|
||||
params << "Passphrase: "<< passphrase << std::endl;
|
||||
params << "Passphrase: "<< inPassphrase << std::endl;
|
||||
params << "</GnupgKeyParms>"<< std::endl;
|
||||
|
||||
return params.str();
|
||||
|
@ -82,9 +82,12 @@ class GPGAuthMgr: public AuthSSL
|
||||
|
||||
bool availablePGPCertificates(std::list<std::string> &ids);
|
||||
|
||||
int GPGInit(std::string ownId, std::string name, std::string passwd);
|
||||
int GPGInit(std::string ownId);
|
||||
int GPGInit(std::string name, std::string comment,
|
||||
std::string email, std::string passwd);
|
||||
std::string email, std::string passwd); /* create it */
|
||||
|
||||
int LoadGPGPassword(std::string pwd);
|
||||
|
||||
/* Sign/Trust stuff */
|
||||
int signCertificate(std::string id);
|
||||
int revokeCertificate(std::string id); /* revoke the signature on Certificate */
|
||||
@ -94,6 +97,8 @@ class GPGAuthMgr: public AuthSSL
|
||||
void showData(gpgme_data_t dh);
|
||||
void createDummyFriends(void); //NYI
|
||||
|
||||
bool printKeys();
|
||||
|
||||
/*********************************************************************************/
|
||||
/************************* STAGE 1 ***********************************************/
|
||||
/*********************************************************************************/
|
||||
|
@ -803,7 +803,7 @@ std::string AuthSSL::getIssuerName(std::string id)
|
||||
bool AuthSSL::getDetails(std::string id, pqiAuthDetails &details)
|
||||
{
|
||||
#ifdef AUTHSSL_DEBUG
|
||||
std::cerr << "AuthSSL::getDetails() " << id;
|
||||
std::cerr << "AuthSSL::getDetails() \"" << id << "\"";
|
||||
std::cerr << std::endl;
|
||||
#endif
|
||||
sslMtx.lock(); /***** LOCK *****/
|
||||
@ -1964,6 +1964,59 @@ int LoadCheckX509andGetName(const char *cert_file, std::string &userName, std::s
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
// Not dependent on sslroot. load, and detroys the X509 memory.
|
||||
|
||||
int LoadCheckX509andGetIssuerName(const char *cert_file, std::string &issuerName, std::string &userId)
|
||||
{
|
||||
/* This function loads the X509 certificate from the file,
|
||||
* and checks the certificate
|
||||
*/
|
||||
|
||||
FILE *tmpfp = fopen(cert_file, "r");
|
||||
if (tmpfp == NULL)
|
||||
{
|
||||
#ifdef AUTHSSL_DEBUG
|
||||
std::cerr << "sslroot::LoadCheckAndGetX509Name()";
|
||||
std::cerr << " Failed to open Certificate File:" << cert_file;
|
||||
std::cerr << std::endl;
|
||||
#endif
|
||||
return 0;
|
||||
}
|
||||
|
||||
// get xPGP certificate.
|
||||
X509 *x509 = PEM_read_X509(tmpfp, NULL, NULL, NULL);
|
||||
fclose(tmpfp);
|
||||
|
||||
// check the certificate.
|
||||
bool valid = false;
|
||||
if (x509)
|
||||
{
|
||||
valid = ((AuthSSL *) getAuthMgr())->ValidateCertificate(x509, userId);
|
||||
}
|
||||
|
||||
if (valid)
|
||||
{
|
||||
// extract the name.
|
||||
issuerName = getX509CNString(x509->cert_info->issuer);
|
||||
}
|
||||
|
||||
std::cout << getX509Info(x509) << std::endl ;
|
||||
// clean up.
|
||||
X509_free(x509);
|
||||
|
||||
if (valid)
|
||||
{
|
||||
// happy!
|
||||
return 1;
|
||||
}
|
||||
else
|
||||
{
|
||||
// something went wrong!
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
std::string getX509NameString(X509_NAME *name)
|
||||
{
|
||||
std::string namestr;
|
||||
|
@ -236,6 +236,8 @@ std::string getXPGPAuthCode(XPGP *xpgp);
|
||||
std::string getX509Info(X509 *cert);
|
||||
bool getX509id(X509 *x509, std::string &xid);
|
||||
|
||||
int LoadCheckX509andGetIssuerName(const char *cert_file,
|
||||
std::string &issuerName, std::string &userId);
|
||||
int LoadCheckX509andGetName(const char *cert_file,
|
||||
std::string &userName, std::string &userId);
|
||||
|
||||
|
@ -21,8 +21,7 @@ int main()
|
||||
/* Select which GPG Keys we use */
|
||||
|
||||
/* print all keys */
|
||||
mgr.printAllKeys();
|
||||
mgr.printOwnKeys();
|
||||
mgr.printKeys();
|
||||
|
||||
std::list<std::string> idList;
|
||||
mgr.availablePGPCertificates(idList);
|
||||
@ -36,7 +35,8 @@ int main()
|
||||
fprintf(stderr, "Using GPG Certificate:%s \n", id.c_str());
|
||||
|
||||
std::string noname;
|
||||
mgr.GPGInit(id, "noname", gpg_passwd);
|
||||
mgr.GPGInit(id);
|
||||
mgr.LoadGPGPassword(gpg_passwd);
|
||||
|
||||
/* Init SSL library */
|
||||
mgr.InitAuth(NULL, NULL, NULL);
|
||||
|
@ -1,78 +1,104 @@
|
||||
#ifndef RETROSHARE_INIT_INTERFACE_H
|
||||
#define RETROSHARE_INIT_INTERFACE_H
|
||||
|
||||
/*
|
||||
* "$Id: rsiface.h,v 1.9 2007-04-21 19:08:51 rmf24 Exp $"
|
||||
*
|
||||
* RetroShare C++ Interface.
|
||||
*
|
||||
* Copyright 2004-2006 by Robert Fernie.
|
||||
*
|
||||
* This library is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU Library General Public
|
||||
* License Version 2 as published by the Free Software Foundation.
|
||||
*
|
||||
* This library is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
* Library General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Library General Public
|
||||
* License along with this library; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
|
||||
* USA.
|
||||
*
|
||||
* Please report all bugs and problems to "retroshare@lunamutt.com".
|
||||
*
|
||||
*/
|
||||
|
||||
|
||||
/* Initialisation Class (not publicly disclosed to RsIFace) */
|
||||
|
||||
/****
|
||||
* #define RS_USE_PGPSSL 1
|
||||
***/
|
||||
|
||||
#define RS_USE_PGPSSL 1
|
||||
|
||||
class RsInit
|
||||
{
|
||||
public:
|
||||
/* Commandline/Directory options */
|
||||
/* reorganised RsInit system */
|
||||
|
||||
static const char *RsConfigDirectory() ;
|
||||
/* PreLogin */
|
||||
static void InitRsConfig() ;
|
||||
static int InitRetroShare(int argc, char **argv);
|
||||
|
||||
|
||||
static bool setStartMinimised() ;
|
||||
static int InitRetroShare(int argcIgnored, char **argvIgnored) ;
|
||||
static int LoadCertificates(bool autoLoginNT) ;
|
||||
/* Account Details (Combined GPG+SSL Setup) */
|
||||
static bool getPreferedAccountId(std::string &id);
|
||||
static bool getAccountIds(std::list<std::string> &ids);
|
||||
static bool getAccountDetails(std::string id,
|
||||
std::string &gpgId, std::string &gpgName,
|
||||
std::string &gpgEmail, std::string &sslName);
|
||||
|
||||
static bool ValidateCertificate(std::string &userName) ;
|
||||
static bool ValidateTrustedUser(std::string fname, std::string &userName) ;
|
||||
static bool LoadPassword(std::string passwd) ;
|
||||
static bool RsGenerateCertificate(std::string name, std::string org, std::string loc, std::string country, std::string passwd, std::string &errString);
|
||||
static void load_check_basedir() ;
|
||||
static int create_configinit() ;
|
||||
|
||||
|
||||
/* Generating GPGme Account */
|
||||
static int GetPGPLogins(std::list<std::string> &pgpIds);
|
||||
static int GetPGPLoginDetails(std::string id, std::string &name, std::string &email);
|
||||
static bool GeneratePGPCertificate(std::string name, std::string comment, std::string email, std::string passwd, std::string &pgpId, std::string &errString);
|
||||
|
||||
/* Login PGP */
|
||||
static bool SelectGPGAccount(std::string id);
|
||||
static bool LoadGPGPassword(std::string passwd);
|
||||
|
||||
/* Create SSL Certificates */
|
||||
static bool GenerateSSLCertificate(std::string name, std::string org, std::string loc, std::string country, std::string passwd, std::string &sslId, std::string &errString);
|
||||
|
||||
/* Login SSL */
|
||||
static bool LoadPassword(std::string id, std::string passwd) ;
|
||||
|
||||
/* Final Certificate load. This can be called if:
|
||||
* a) InitRetroshare() returns true -> autoLoad/password Set.
|
||||
* b) SelectGPGAccount() && LoadPassword()
|
||||
*/
|
||||
static int LoadCertificates(bool autoLoginNT) ;
|
||||
|
||||
|
||||
/* Post Login Options */
|
||||
static std::string RsConfigDirectory();
|
||||
static bool setStartMinimised() ;
|
||||
|
||||
|
||||
private:
|
||||
/* PreLogin */
|
||||
static std::string getHomePath() ;
|
||||
static void setupBaseDir();
|
||||
|
||||
/* Account Details */
|
||||
static bool get_configinit(std::string dir, std::string &id);
|
||||
static bool create_configinit(std::string dir, std::string id);
|
||||
|
||||
static bool setupAccount(std::string accountdir);
|
||||
|
||||
/* Auto Login */
|
||||
static bool RsStoreAutoLogin() ;
|
||||
static bool RsTryAutoLogin() ;
|
||||
static bool RsClearAutoLogin(std::string basedir) ;
|
||||
static void InitRsConfig() ;
|
||||
static bool RsClearAutoLogin() ;
|
||||
|
||||
static std::string getHomePath() ;
|
||||
|
||||
/* PGPSSL init functions */
|
||||
|
||||
#ifdef RS_USE_PGPSSL
|
||||
static bool LoadGPGPassword(std::string id, std::string passwd);
|
||||
static int GetLogins(std::list<std::string> &pgpIds);
|
||||
static int GetLoginDetails(std::string id, std::string &name, std::string &email);
|
||||
|
||||
static std::string gpgPasswd;
|
||||
#endif
|
||||
|
||||
/* Key Parameters that must be set before
|
||||
* RetroShare will start up:
|
||||
*/
|
||||
static std::string load_cert;
|
||||
static std::string load_key;
|
||||
static std::string passwd;
|
||||
|
||||
static bool havePasswd; /* for Commandline password */
|
||||
static bool autoLogin; /* autoLogin allowed */
|
||||
static bool startMinimised; /* Icon or Full Window */
|
||||
|
||||
/* Win/Unix Differences */
|
||||
static char dirSeperator;
|
||||
|
||||
/* Directories */
|
||||
static std::string basedir;
|
||||
static std::string homePath;
|
||||
|
||||
/* Listening Port */
|
||||
static bool forceExtPort;
|
||||
static bool forceLocalAddr;
|
||||
static unsigned short port;
|
||||
static char inet[256];
|
||||
|
||||
/* Logging */
|
||||
static bool haveLogFile;
|
||||
static bool outStderr;
|
||||
static bool haveDebugLevel;
|
||||
static int debugLevel;
|
||||
static char logfname[1024];
|
||||
|
||||
static bool firsttime_run;
|
||||
static bool load_trustedpeer;
|
||||
static std::string load_trustedpeer_file;
|
||||
|
||||
static bool udpListenerOnly;
|
||||
};
|
||||
|
||||
|
||||
#endif
|
||||
|
@ -7,7 +7,8 @@ RS_TOP_DIR = ..
|
||||
include $(RS_TOP_DIR)/scripts/config.mk
|
||||
###############################################################
|
||||
|
||||
RSOBJ = p3peers.o \
|
||||
RSOBJ = rsinit.o \
|
||||
p3peers.o \
|
||||
p3rank.o \
|
||||
p3photo.o \
|
||||
p3msgs.o \
|
||||
@ -15,7 +16,6 @@ RSOBJ = p3peers.o \
|
||||
p3discovery.o \
|
||||
p3face-server.o \
|
||||
p3face-config.o \
|
||||
p3face-startup.o \
|
||||
p3face-msgs.o \
|
||||
rsiface.o \
|
||||
rstypes.o
|
||||
|
@ -105,8 +105,6 @@ class RsServer: public RsControl, public RsThread
|
||||
/* p3face-msg Operations */
|
||||
|
||||
public:
|
||||
virtual const std::string& certificateFileName() ;
|
||||
|
||||
/* Flagging Persons / Channels / Files in or out of a set (CheckLists) */
|
||||
virtual int SetInChat(std::string id, bool in); /* friend : chat msgs */
|
||||
virtual int SetInMsg(std::string id, bool in); /* friend : msg receipients */
|
||||
|
@ -28,7 +28,11 @@
|
||||
|
||||
#include "rsiface/rsiface.h"
|
||||
#include "util/rsdir.h"
|
||||
|
||||
|
||||
/* global variable */
|
||||
RsIface *rsiface = NULL;
|
||||
|
||||
|
||||
/* set to true */
|
||||
bool RsIface::setChanged(DataFlags set)
|
||||
{
|
||||
@ -97,7 +101,8 @@ private:
|
||||
|
||||
RsIface *createRsIface(NotifyBase &cb)
|
||||
{
|
||||
return new RsIfaceReal(cb);
|
||||
rsiface = new RsIfaceReal(cb);
|
||||
return rsiface;
|
||||
}
|
||||
|
||||
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -9,7 +9,7 @@ endif
|
||||
|
||||
# flags for components....
|
||||
#PQI_USE_SSLONLY = 1
|
||||
PQI_USE_XPGP = 1
|
||||
#PQI_USE_XPGP = 1
|
||||
|
||||
|
||||
#PQI_USE_PROXY = 1
|
||||
|
@ -15,12 +15,12 @@ RSOBJ += tcppacket.o tcpstream.o tou.o $(BIOOBJ)
|
||||
EXECS = librs udpsock_test udpsort_test udp_server
|
||||
#test_tou pair_tou reset_tou internal_tou largefile_tou
|
||||
|
||||
#TESTOBJ = udpsock_test.o udpsort_test.o udp_server.o test_tou.o
|
||||
#TESTOBJ += pair_tou.o reset_tou.o largefile_tou.o
|
||||
TESTOBJ = udpsock_test.o udpsort_test.o udp_server.o test_tou.o
|
||||
TESTOBJ += pair_tou.o reset_tou.o largefile_tou.o
|
||||
#internal_tou.o
|
||||
|
||||
#TESTS = udpsock_test udpsort_test udp_server test_tou
|
||||
#TESTS += pair_tou reset_tou largefile_tou
|
||||
TESTS = udpsock_test udpsort_test udp_server test_tou
|
||||
TESTS += pair_tou reset_tou largefile_tou
|
||||
#internal_tou
|
||||
|
||||
all: librs tests
|
||||
|
Loading…
Reference in New Issue
Block a user