Git-Mirrors/RetroShare
1
0
Fork 0
mirror of https://github.com/RetroShare/RetroShare.git synced 2024-12-29 09:26:18 -05:00
Code Issues Actions Packages Projects Releases Wiki Activity

added display of IP address for incoming failed connexion attempts

Browse Source 
git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@5532 b45a01b8-16f6-495d-af2f-9b41ad6348cc
This commit is contained in:
csoler 2012-09-09 20:25:39 +00:00
parent 24a3fb58d4
commit b8cee76fa5
10 changed files with 97 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

74
libretroshare/src/pqi/authssl.cc
View File

@ -968,14 +968,17 @@ static int verify_x509_callback(int preverify_ok, X509_STORE_CTX *ctx)
std::cerr << std::endl; std::cerr << std::endl;
#endif #endif
int verify = AuthSSL::getAuthSSL()->VerifyX509Callback(preverify_ok, ctx); int verify = AuthSSL::getAuthSSL()->VerifyX509Callback(preverify_ok, ctx);
if (!verify)
{
/* Process as FAILED Certificate */
/* Start as INCOMING, as outgoing is already captured */
struct sockaddr_in addr;
sockaddr_clear(&addr);
AuthSSL::getAuthSSL()->FailedCertificate(X509_STORE_CTX_get_current_cert(ctx), addr, true); X509 *x509 = X509_STORE_CTX_get_current_cert(ctx) ;
if(x509 != NULL)
{
std::string gpgid = getX509CNString(x509->cert_info->issuer);
std::string sslcn = getX509CNString(x509->cert_info->subject);
std::string sslid ;
getX509id(x509,sslid);
AuthSSL::getAuthSSL()->registerConnexionAttempt_ids(gpgid,sslid,sslcn) ;
} }
return verify; return verify;
@ -1286,18 +1289,41 @@ bool AuthSSLimpl::decrypt(void *&out, int &outlen, const void *in, int inlen)
/********************************************************************************/ /********************************************************************************/
/********************************************************************************/ /********************************************************************************/
/* store for discovery */ void AuthSSLimpl::registerConnexionAttempt_ids(const std::string& gpg_id,const std::string& ssl_id,const std::string& ssl_cn)
bool AuthSSLimpl::FailedCertificate(X509 *x509, const struct sockaddr_in &/*addr*/, bool incoming)
{ {
std::string peerId = "UnknownSSLID"; std::cerr << "AuthSSL: registering connexion attempt from:" << std::endl;
if(!getX509id(x509, peerId)) std::cerr << " GPG id: " << gpg_id << std::endl;
std::cerr << " SSL id: " << ssl_id << std::endl;
std::cerr << " SSL cn: " << ssl_cn << std::endl;
_last_gpgid_to_connect = gpg_id ;
_last_sslid_to_connect = ssl_id ;
_last_sslcn_to_connect = ssl_cn ;
}
/* store for discovery */
bool AuthSSLimpl::FailedCertificate(X509 *x509, const struct sockaddr_in& addr, bool incoming)
{
std::string gpgid = "Unknown GPG Id" ;
std::string sslcn = "Unknown SSL location" ;
std::string sslid = "Unknown SSL Id" ;
if(x509 != NULL)
{
if(!getX509id(x509, sslid))
{ {
std::cerr << "AuthSSLimpl::FailedCertificate() ERROR cannot extract X509id from certificate"; std::cerr << "AuthSSLimpl::FailedCertificate() ERROR cannot extract X509id from certificate";
std::cerr << std::endl; std::cerr << std::endl;
} }
std::string gpgid = getX509CNString(x509->cert_info->issuer); gpgid = getX509CNString(x509->cert_info->issuer);
std::string sslcn = getX509CNString(x509->cert_info->subject); sslcn = getX509CNString(x509->cert_info->subject);
}
else if(incoming)
{
gpgid = _last_gpgid_to_connect ;
sslcn = _last_sslcn_to_connect ;
sslid = _last_sslid_to_connect ;
}
std::cerr << "AuthSSLimpl::FailedCertificate() "; std::cerr << "AuthSSLimpl::FailedCertificate() ";
if (incoming) if (incoming)
@ -1309,16 +1335,18 @@ bool AuthSSLimpl::FailedCertificate(X509 *x509, const struct sockaddr_in &/*a
std::cerr << " Outgoing to: "; std::cerr << " Outgoing to: ";
} }
std::cerr << "GpgId: " << gpgid << " SSLcn: " << sslcn << " peerId: " << peerId;
std::cerr << std::endl;
// Hacky - adding IpAddress to SSLId. // Hacky - adding IpAddress to SSLId.
// rs_sprintf_append(peerId, "/%s:%u", rs_inet_ntoa(addr.sin_addr).c_str(), ntohs(addr.sin_port));
std::string ip_address ;
rs_sprintf_append(ip_address, "%s:%u", rs_inet_ntoa(addr.sin_addr).c_str(), ntohs(addr.sin_port));
std::cerr << "GpgId: " << gpgid << " SSLcn: " << sslcn << " peerId: " << sslid << ", ip address: " << ip_address;
std::cerr << std::endl;
uint32_t notifyType = 0; uint32_t notifyType = 0;
/* if auths -> store */ /* if auths -> store */
if (AuthX509WithGPG(x509)) if(x509 != NULL && AuthX509WithGPG(x509))
{ {
std::cerr << "AuthSSLimpl::FailedCertificate() Cert Checked Out, so passing to Notify"; std::cerr << "AuthSSLimpl::FailedCertificate() Cert Checked Out, so passing to Notify";
std::cerr << std::endl; std::cerr << std::endl;
@ -1326,14 +1354,14 @@ bool AuthSSLimpl::FailedCertificate(X509 *x509, const struct sockaddr_in &/*a
if (incoming) if (incoming)
{ {
notifyType = RS_FEED_ITEM_SEC_CONNECT_ATTEMPT; notifyType = RS_FEED_ITEM_SEC_CONNECT_ATTEMPT;
getPqiNotify()->AddPopupMessage(RS_POPUP_CONNECT_ATTEMPT, gpgid, sslcn, peerId); getPqiNotify()->AddPopupMessage(RS_POPUP_CONNECT_ATTEMPT, gpgid, sslcn, sslid);
} }
else else
{ {
notifyType = RS_FEED_ITEM_SEC_AUTH_DENIED; notifyType = RS_FEED_ITEM_SEC_AUTH_DENIED;
} }
getPqiNotify()->AddFeedItem(notifyType, gpgid, peerId, sslcn); getPqiNotify()->AddFeedItem(notifyType, gpgid, sslid, sslcn, ip_address);
LocalStoreCert(x509); LocalStoreCert(x509);
return true; return true;
@ -1343,15 +1371,15 @@ bool AuthSSLimpl::FailedCertificate(X509 *x509, const struct sockaddr_in &/*a
/* unknown peer! */ /* unknown peer! */
if (incoming) if (incoming)
{ {
notifyType = RS_FEED_ITEM_SEC_UNKNOWN_IN; notifyType = RS_FEED_ITEM_SEC_CONNECT_ATTEMPT;
getPqiNotify()->AddPopupMessage(RS_POPUP_CONNECT_ATTEMPT, gpgid, sslcn, peerId); getPqiNotify()->AddPopupMessage(RS_POPUP_CONNECT_ATTEMPT, gpgid, sslcn, sslid);
} }
else else
{ {
notifyType = RS_FEED_ITEM_SEC_UNKNOWN_OUT; notifyType = RS_FEED_ITEM_SEC_UNKNOWN_OUT;
} }
getPqiNotify()->AddFeedItem(notifyType, gpgid, peerId, sslcn); getPqiNotify()->AddFeedItem(notifyType, gpgid, sslid, sslcn, ip_address);
} }

5
libretroshare/src/pqi/authssl.h
View File

@ -152,6 +152,7 @@ virtual bool ValidateCertificate(X509 *x509, std::string &peerId) = 0; /* valid
virtual SSL_CTX *getCTX() = 0; virtual SSL_CTX *getCTX() = 0;
/* Restored these functions: */ /* Restored these functions: */
virtual void registerConnexionAttempt_ids(const std::string& gpg_id,const std::string& ssl_id,const std::string& ssl_cn) = 0 ;
virtual bool FailedCertificate(X509 *x509, const struct sockaddr_in &addr, bool incoming) = 0; /* store for discovery */ virtual bool FailedCertificate(X509 *x509, const struct sockaddr_in &addr, bool incoming) = 0; /* store for discovery */
virtual bool CheckCertificate(std::string peerId, X509 *x509) = 0; /* check that they are exact match */ virtual bool CheckCertificate(std::string peerId, X509 *x509) = 0; /* check that they are exact match */
}; };
@ -226,6 +227,7 @@ virtual bool ValidateCertificate(X509 *x509, std::string &peerId); /* validate
virtual SSL_CTX *getCTX(); virtual SSL_CTX *getCTX();
/* Restored these functions: */ /* Restored these functions: */
virtual void registerConnexionAttempt_ids(const std::string& gpg_id,const std::string& ssl_id,const std::string& ssl_cn) ;
virtual bool FailedCertificate(X509 *x509, const struct sockaddr_in &addr, bool incoming); /* store for discovery */ virtual bool FailedCertificate(X509 *x509, const struct sockaddr_in &addr, bool incoming); /* store for discovery */
virtual bool CheckCertificate(std::string peerId, X509 *x509); /* check that they are exact match */ virtual bool CheckCertificate(std::string peerId, X509 *x509); /* check that they are exact match */
@ -257,6 +259,9 @@ bool locked_FindCert(std::string id, sslcert **cert);
std::map<std::string, sslcert *> mCerts; std::map<std::string, sslcert *> mCerts;
std::string _last_gpgid_to_connect ;
std::string _last_sslcn_to_connect ;
std::string _last_sslid_to_connect ;
}; };
#endif // MRK_AUTH_SSL_HEADER #endif // MRK_AUTH_SSL_HEADER

8
libretroshare/src/pqi/p3notify.cc
View File

@ -193,6 +193,14 @@ bool p3Notify::GetFeedItem(RsFeedItem &item)
} }
bool p3Notify::AddFeedItem(uint32_t type, const std::string& id1, const std::string& id2, const std::string& id3, const std::string& id4)
{
RsStackMutex stack(noteMtx); /************* LOCK MUTEX ************/
pendingNewsFeed.push_back(RsFeedItem(type, id1, id2, id3, id4));
return true;
}
bool p3Notify::AddFeedItem(uint32_t type, const std::string& id1, const std::string& id2, const std::string& id3) bool p3Notify::AddFeedItem(uint32_t type, const std::string& id1, const std::string& id2, const std::string& id3)
{ {
RsStackMutex stack(noteMtx); /************* LOCK MUTEX ************/ RsStackMutex stack(noteMtx); /************* LOCK MUTEX ************/

1
libretroshare/src/pqi/p3notify.h
View File

@ -88,6 +88,7 @@ virtual bool AddPopupMessage(uint32_t ptype, const std::string& name, const std:
virtual bool AddSysMessage(uint32_t sysid, uint32_t type, const std::string& title, const std::string& msg); virtual bool AddSysMessage(uint32_t sysid, uint32_t type, const std::string& title, const std::string& msg);
virtual bool AddLogMessage(uint32_t sysid, uint32_t type, const std::string& title, const std::string& msg); virtual bool AddLogMessage(uint32_t sysid, uint32_t type, const std::string& title, const std::string& msg);
virtual bool AddFeedItem(uint32_t type, const std::string& id1, const std::string& id2, const std::string& id3); virtual bool AddFeedItem(uint32_t type, const std::string& id1, const std::string& id2, const std::string& id3);
virtual bool AddFeedItem(uint32_t type, const std::string& id1, const std::string& id2, const std::string& id3,const std::string& id4);
virtual bool ClearFeedItems(uint32_t type); virtual bool ClearFeedItems(uint32_t type);
private: private:

1
libretroshare/src/pqi/pqinotify.h
View File

@ -44,6 +44,7 @@ virtual bool AddPopupMessage(uint32_t ptype, const std::string& name, const std:
virtual bool AddSysMessage(uint32_t sysid, uint32_t type, const std::string& title, const std::string& msg) = 0; virtual bool AddSysMessage(uint32_t sysid, uint32_t type, const std::string& title, const std::string& msg) = 0;
virtual bool AddLogMessage(uint32_t sysid, uint32_t type, const std::string& title, const std::string& msg) = 0; virtual bool AddLogMessage(uint32_t sysid, uint32_t type, const std::string& title, const std::string& msg) = 0;
virtual bool AddFeedItem(uint32_t type, const std::string& id1, const std::string& id2, const std::string& id3) = 0; virtual bool AddFeedItem(uint32_t type, const std::string& id1, const std::string& id2, const std::string& id3) = 0;
virtual bool AddFeedItem(uint32_t type, const std::string& id1, const std::string& id2, const std::string& id3, const std::string& id4) = 0;
virtual bool ClearFeedItems(uint32_t type) = 0; virtual bool ClearFeedItems(uint32_t type) = 0;
}; };

2
libretroshare/src/pqi/pqissllistener.cc
View File

@ -477,6 +477,7 @@ int pqissllistenbase::Extract_Failed_SSL_Certificate(SSL *ssl, struct sockaddr_
std::string out; std::string out;
rs_sprintf(out, "pqissllistenbase::Extract_Failed_SSL_Certificate() from: %s:%u ERROR Peer didn't give Cert!", rs_inet_ntoa(addr->sin_addr).c_str(), ntohs(addr->sin_port)); rs_sprintf(out, "pqissllistenbase::Extract_Failed_SSL_Certificate() from: %s:%u ERROR Peer didn't give Cert!", rs_inet_ntoa(addr->sin_addr).c_str(), ntohs(addr->sin_port));
std::cerr << out << std::endl; std::cerr << out << std::endl;
AuthSSL::getAuthSSL()->FailedCertificate(peercert, *addr, true);
pqioutput(PQL_WARNING, pqissllistenzone, out); pqioutput(PQL_WARNING, pqissllistenzone, out);
return -1; return -1;
@ -491,6 +492,7 @@ int pqissllistenbase::Extract_Failed_SSL_Certificate(SSL *ssl, struct sockaddr_
std::cerr << out << std::endl; std::cerr << out << std::endl;
pqioutput(PQL_WARNING, pqissllistenzone, out); pqioutput(PQL_WARNING, pqissllistenzone, out);
std::cerr << out << std::endl;
} }
// save certificate... (and ip locations) // save certificate... (and ip locations)

7
libretroshare/src/retroshare/rsnotify.h
View File

@ -98,16 +98,19 @@ const uint32_t RS_MESSAGE_CONNECT_ATTEMPT = 0x0001;
class RsFeedItem class RsFeedItem
{ {
public: public:
RsFeedItem(uint32_t type, std::string id1, std::string id2, std::string id3) RsFeedItem(uint32_t type, const std::string& id1, const std::string& id2, const std::string& id3)
:mType(type), mId1(id1), mId2(id2), mId3(id3) :mType(type), mId1(id1), mId2(id2), mId3(id3)
{ {
return; return;
} }
RsFeedItem(uint32_t type, const std::string& id1, const std::string& id2, const std::string& id3,const std::string& id4)
:mType(type), mId1(id1), mId2(id2), mId3(id3), mId4(id4) {}
RsFeedItem() :mType(0) { return; } RsFeedItem() :mType(0) { return; }
uint32_t mType; uint32_t mType;
std::string mId1, mId2, mId3; std::string mId1, mId2, mId3, mId4;
}; };

8
retroshare-gui/src/gui/NewsFeed.cpp
View File

@ -497,7 +497,7 @@ void NewsFeed::addFeedItemPeerNew(RsFeedItem &fi)
void NewsFeed::addFeedItemSecurityConnectAttempt(RsFeedItem &fi) void NewsFeed::addFeedItemSecurityConnectAttempt(RsFeedItem &fi)
{ {
/* make new widget */ /* make new widget */
SecurityItem *pi = new SecurityItem(this, NEWSFEED_SECLIST, fi.mId1, fi.mId2, SEC_TYPE_CONNECT_ATTEMPT, false); SecurityItem *pi = new SecurityItem(this, NEWSFEED_SECLIST, fi.mId1, fi.mId2, fi.mId4, SEC_TYPE_CONNECT_ATTEMPT, false);
/* store */ /* store */
@ -513,7 +513,7 @@ void NewsFeed::addFeedItemSecurityConnectAttempt(RsFeedItem &fi)
void NewsFeed::addFeedItemSecurityAuthDenied(RsFeedItem &fi) void NewsFeed::addFeedItemSecurityAuthDenied(RsFeedItem &fi)
{ {
/* make new widget */ /* make new widget */
SecurityItem *pi = new SecurityItem(this, NEWSFEED_SECLIST, fi.mId1, fi.mId2, SEC_TYPE_AUTH_DENIED, false); SecurityItem *pi = new SecurityItem(this, NEWSFEED_SECLIST, fi.mId1, fi.mId2, fi.mId4, SEC_TYPE_AUTH_DENIED, false);
/* store */ /* store */
@ -529,7 +529,7 @@ void NewsFeed::addFeedItemSecurityAuthDenied(RsFeedItem &fi)
void NewsFeed::addFeedItemSecurityUnknownIn(RsFeedItem &fi) void NewsFeed::addFeedItemSecurityUnknownIn(RsFeedItem &fi)
{ {
/* make new widget */ /* make new widget */
SecurityItem *pi = new SecurityItem(this, NEWSFEED_SECLIST, fi.mId1, fi.mId2, SEC_TYPE_UNKNOWN_IN, false); SecurityItem *pi = new SecurityItem(this, NEWSFEED_SECLIST, fi.mId1, fi.mId2, fi.mId4, SEC_TYPE_UNKNOWN_IN, false);
/* store */ /* store */
@ -545,7 +545,7 @@ void NewsFeed::addFeedItemSecurityUnknownIn(RsFeedItem &fi)
void NewsFeed::addFeedItemSecurityUnknownOut(RsFeedItem &fi) void NewsFeed::addFeedItemSecurityUnknownOut(RsFeedItem &fi)
{ {
/* make new widget */ /* make new widget */
SecurityItem *pi = new SecurityItem(this, NEWSFEED_SECLIST, fi.mId1, fi.mId2, SEC_TYPE_UNKNOWN_OUT, false); SecurityItem *pi = new SecurityItem(this, NEWSFEED_SECLIST, fi.mId1, fi.mId2, fi.mId4, SEC_TYPE_UNKNOWN_OUT, false);
/* store */ /* store */

13
retroshare-gui/src/gui/feeds/SecurityItem.cpp
View File

@ -42,9 +42,9 @@
****/ ****/
/** Constructor */ /** Constructor */
SecurityItem::SecurityItem(FeedHolder *parent, uint32_t feedId, const std::string &gpgId, const std::string &sslId, uint32_t type, bool isHome) SecurityItem::SecurityItem(FeedHolder *parent, uint32_t feedId, const std::string &gpgId, const std::string &sslId, const std::string& ip_address,uint32_t type, bool isHome)
:QWidget(NULL), mParent(parent), mFeedId(feedId), :QWidget(NULL), mParent(parent), mFeedId(feedId),
mSslId(sslId), mGpgId(gpgId), mType(type), mIsHome(isHome) mSslId(sslId), mGpgId(gpgId), mType(type), mIsHome(isHome), mIP(ip_address)
{ {
/* Invoke the Qt Designer generated object setup routine */ /* Invoke the Qt Designer generated object setup routine */
setupUi(this); setupUi(this);
@ -187,7 +187,7 @@ void SecurityItem::updateItem()
statusLabel->setText(tr("Unknown Peer")); statusLabel->setText(tr("Unknown Peer"));
trustLabel->setText(tr("Unknown Peer")); trustLabel->setText(tr("Unknown Peer"));
locLabel->setText(tr("Unknown Peer")); locLabel->setText(tr("Unknown Peer"));
ipLabel->setText(tr("Unknown Peer")); ipLabel->setText(QString::fromStdString(mIP)) ; //tr("Unknown Peer"));
connLabel->setText(tr("Unknown Peer")); connLabel->setText(tr("Unknown Peer"));
chatButton->hide(); chatButton->hide();
@ -205,8 +205,9 @@ void SecurityItem::updateItem()
peerNameLabel->setText(QString::fromUtf8(details.name.c_str())); peerNameLabel->setText(QString::fromUtf8(details.name.c_str()));
/* expanded Info */ /* expanded Info */
nameLabel->setText(QString::fromUtf8(details.name.c_str())); nameLabel->setText(QString::fromUtf8(details.name.c_str()) + " (" + QString::fromStdString(mGpgId) + ")");
idLabel->setText(QString::fromStdString(details.id)); //idLabel->setText(QString::fromStdString(details.id));
idLabel->setText(QString::fromStdString(mSslId));
locLabel->setText(QString::fromUtf8(details.location.c_str())); locLabel->setText(QString::fromUtf8(details.location.c_str()));
/* top Level info */ /* top Level info */
@ -223,7 +224,7 @@ void SecurityItem::updateItem()
statusLabel->setText(status); statusLabel->setText(status);
trustLabel->setText(QString::fromStdString(RsPeerTrustString(details.trustLvl))); trustLabel->setText(QString::fromStdString(RsPeerTrustString(details.trustLvl)));
ipLabel->setText(QString("%1:%2/%3:%4").arg(QString::fromStdString(details.localAddr)).arg(details.localPort).arg(QString::fromStdString(details.extAddr)).arg(details.extPort)); ipLabel->setText(QString::fromStdString(mIP)) ; //QString("%1:%2/%3:%4").arg(QString::fromStdString(details.localAddr)).arg(details.localPort).arg(QString::fromStdString(details.extAddr)).arg(details.extPort));
connLabel->setText(StatusDefs::connectStateString(details)); connLabel->setText(StatusDefs::connectStateString(details));

3
retroshare-gui/src/gui/feeds/SecurityItem.h
View File

@ -38,7 +38,7 @@ class SecurityItem : public QWidget, private Ui::SecurityItem
public: public:
/** Default Constructor */ /** Default Constructor */
SecurityItem(FeedHolder *parent, uint32_t feedId, const std::string &gpgId, const std::string &sslId, uint32_t type, bool isHome); SecurityItem(FeedHolder *parent, uint32_t feedId, const std::string &gpgId, const std::string &sslId, const std::string& ip_addr,uint32_t type, bool isHome);
void updateItemStatic(); void updateItemStatic();
void small(); void small();
@ -69,6 +69,7 @@ private:
std::string mSslId; std::string mSslId;
std::string mGpgId; std::string mGpgId;
std::string mIP;
uint32_t mType; uint32_t mType;
bool mIsHome; bool mIsHome;
}; };