From e4e80778e41bdde1688cf88e80d8ecdadf188b8c Mon Sep 17 00:00:00 2001 From: drbob Date: Fri, 25 Jun 2010 21:50:46 +0000 Subject: [PATCH] Networking REWORK (cont) AuthSSL / AuthGPG: Bits and pieces still need fixing up. AuthSSL will be rechecked later ;) * Mutex bug in authGPG (not very serious one). * removed _locked() suffix from functions (as they do the locking now). * added dummy FailedCertificate / CheckCertificate fns to AuthSSL * removed last bits of awful SSL_ex_data hack. git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@3213 b45a01b8-16f6-495d-af2f-9b41ad6348cc --- libretroshare/src/pqi/authgpg.cc | 86 ++++++++++++++++++-------------- libretroshare/src/pqi/authgpg.h | 9 ++-- libretroshare/src/pqi/authssl.cc | 18 +++++-- libretroshare/src/pqi/authssl.h | 7 ++- 4 files changed, 69 insertions(+), 51 deletions(-) diff --git a/libretroshare/src/pqi/authgpg.cc b/libretroshare/src/pqi/authgpg.cc index 99a217b7a..755f71ba1 100644 --- a/libretroshare/src/pqi/authgpg.cc +++ b/libretroshare/src/pqi/authgpg.cc @@ -196,7 +196,7 @@ bool AuthGPG::InitAuth () gpgmeInit = true; - storeAllKeys_locked(); + storeAllKeys(); #ifdef GPG_DEBUG printAllKeys_locked(); #endif @@ -287,7 +287,7 @@ int AuthGPG::GPGInit(std::string ownId) mOwnGpgId = ownId; } - storeAllKeys_locked(); + storeAllKeys(); int lvl = 0; @@ -317,21 +317,28 @@ int AuthGPG::GPGInit(std::string ownId) { } -bool AuthGPG::storeAllKeys_timed() { +bool AuthGPG::storeAllKeys_tick() { #ifdef GPG_DEBUG - std::cerr << "AuthGPG::storeAllKeys_timed() called." << std::endl; + std::cerr << "AuthGPG::storeAllKeys_tick() called." << std::endl; #endif - if ((time(NULL) - mStoreKeyTime) > STORE_KEY_TIMEOUT) { - storeAllKeys_locked(); + time_t timeSinceStore = 0; + { + RsStackMutex stack(gpgMtx); + timeSinceStore = time(NULL) - mStoreKeyTime; + } + + if (timeSinceStore > STORE_KEY_TIMEOUT) + { + storeAllKeys(); } return true ; } // store all keys in map mKeyList to avoid callin gpgme exe repeatedly -bool AuthGPG::storeAllKeys_locked() +bool AuthGPG::storeAllKeys() { #ifdef GPG_DEBUG - std::cerr << "AuthGPG::storeAllKeys_locked()" << std::endl; + std::cerr << "AuthGPG::storeAllKeys()" << std::endl; #endif std::list gpg_change_trust_list; @@ -341,12 +348,12 @@ bool AuthGPG::storeAllKeys_locked() gpg_error_t ERR; if (!gpgmeInit) { - std::cerr << "AuthGPG::storeAllKeys_locked() Error since GPG is not initialised" << std::endl; + std::cerr << "AuthGPG::storeAllKeys() Error since GPG is not initialised" << std::endl; return false; } #ifdef GPG_DEBUG - std::cerr << "AuthGPG::storeAllKeys_locked() clearing existing ones" << std::endl; + std::cerr << "AuthGPG::storeAllKeys() clearing existing ones" << std::endl; #endif /* enable SIG mode */ @@ -361,7 +368,7 @@ bool AuthGPG::storeAllKeys_locked() /* Initiates a key listing 0 = All Keys */ if (GPG_ERR_NO_ERROR != gpgme_op_keylist_start (CTX, "", 0)) { - std::cerr << "AuthGPG::storeAllKeys_locked() Error iterating through KeyList" << std::endl; + std::cerr << "AuthGPG::storeAllKeys() Error iterating through KeyList" << std::endl; // if (rsicontrol != NULL) { // rsicontrol->getNotify().notifyErrorMsg(0,0,"Error reading gpg keyring, cannot acess key list."); // } @@ -373,7 +380,7 @@ bool AuthGPG::storeAllKeys_locked() mStoreKeyTime = time(NULL); ERR = gpgme_op_keylist_next (CTX, &KEY); if (GPG_ERR_NO_ERROR != ERR) { - std::cerr << "AuthGPG::storeAllKeys_locked() didn't find any gpg key in the keyring" << std::endl; + std::cerr << "AuthGPG::storeAllKeys() didn't find any gpg key in the keyring" << std::endl; // if (rsicontrol != NULL) { // rsicontrol->getNotify().notifyErrorMsg(0,0,"Error reading gpg keyring, cannot find any key in the list."); // } @@ -395,7 +402,7 @@ bool AuthGPG::storeAllKeys_locked() if ((!KEY->subkeys) || (!KEY->uids)) { - std::cerr << "AuthGPG::storeAllKeys_locked() Invalid Key in List... skipping" << std::endl; + std::cerr << "AuthGPG::storeAllKeys() Invalid Key in List... skipping" << std::endl; continue; } @@ -701,7 +708,7 @@ void print_pgpme_verify_summary(unsigned int summary) } -bool AuthGPG::DoOwnSignature_locked(const void *data, unsigned int datalen, void *buf_sigout, unsigned int *outl) +bool AuthGPG::DoOwnSignature(const void *data, unsigned int datalen, void *buf_sigout, unsigned int *outl) { RsStackMutex stack(gpgMtx); /******* LOCKED ******/ /* setup signers */ @@ -791,7 +798,7 @@ bool AuthGPG::DoOwnSignature_locked(const void *data, unsigned int datalen, void /* import to GnuPG and other Certificates */ -bool AuthGPG::VerifySignature_locked(const void *data, int datalen, const void *sig, unsigned int siglen, std::string withfingerprint) +bool AuthGPG::VerifySignature(const void *data, int datalen, const void *sig, unsigned int siglen, std::string withfingerprint) { gpgme_data_t gpgmeSig; gpgme_data_t gpgmeData; @@ -935,7 +942,7 @@ bool AuthGPG::CloseAuth() /**** These Two are common */ std::string AuthGPG::getGPGName(GPG_id id) { - storeAllKeys_timed(); + storeAllKeys_tick(); RsStackMutex stack(gpgMtx); /******* LOCKED ******/ @@ -949,7 +956,7 @@ std::string AuthGPG::getGPGName(GPG_id id) /**** These Two are common */ std::string AuthGPG::getGPGEmail(GPG_id id) { - storeAllKeys_timed(); + storeAllKeys_tick(); RsStackMutex stack(gpgMtx); /******* LOCKED ******/ @@ -976,7 +983,7 @@ std::string AuthGPG::getGPGOwnName() bool AuthGPG::getGPGAllList(std::list &ids) { - storeAllKeys_timed(); + storeAllKeys_tick(); RsStackMutex stack(gpgMtx); /******* LOCKED ******/ /* add an id for each pgp certificate */ @@ -994,7 +1001,7 @@ bool AuthGPG::getGPGDetails(std::string id, RsPeerDetails &d) std::cerr << "AuthGPG::getPGPDetails() called for : " << id << std::endl; #endif - storeAllKeys_timed(); + storeAllKeys_tick(); RsStackMutex stack(gpgMtx); /******* LOCKED ******/ /* add an id for each pgp certificate */ @@ -1065,7 +1072,7 @@ bool AuthGPG::encryptText(gpgme_data_t PLAIN, gpgme_data_t CIPHER) { bool AuthGPG::getGPGValidList(std::list &ids) { - storeAllKeys_timed(); + storeAllKeys_tick(); RsStackMutex stack(gpgMtx); /******* LOCKED ******/ /* add an id for each pgp certificate */ certmap::iterator it; @@ -1080,7 +1087,7 @@ bool AuthGPG::getGPGValidList(std::list &ids) bool AuthGPG::getGPGAcceptedList(std::list &ids) { - storeAllKeys_timed(); + storeAllKeys_tick(); RsStackMutex stack(gpgMtx); /******* LOCKED ******/ certmap::iterator it; for(it = mKeyList.begin(); it != mKeyList.end(); it++) @@ -1095,7 +1102,7 @@ bool AuthGPG::getGPGAcceptedList(std::list &ids) bool AuthGPG::getGPGSignedList(std::list &ids) { - storeAllKeys_timed(); + storeAllKeys_tick(); RsStackMutex stack(gpgMtx); /******* LOCKED ******/ certmap::iterator it; for(it = mKeyList.begin(); it != mKeyList.end(); it++) @@ -1110,7 +1117,7 @@ bool AuthGPG::getGPGSignedList(std::list &ids) bool AuthGPG::isGPGValid(GPG_id id) { - storeAllKeys_timed(); + storeAllKeys_tick(); RsStackMutex stack(gpgMtx); /******* LOCKED ******/ certmap::iterator it; if (mKeyList.end() != (it = mKeyList.find(id))) { @@ -1123,7 +1130,7 @@ bool AuthGPG::isGPGValid(GPG_id id) bool AuthGPG::isGPGId(GPG_id id) { - storeAllKeys_timed(); + storeAllKeys_tick(); RsStackMutex stack(gpgMtx); /******* LOCKED ******/ certmap::iterator it; if (mKeyList.end() != (it = mKeyList.find(id))) { @@ -1136,7 +1143,7 @@ bool AuthGPG::isGPGId(GPG_id id) bool AuthGPG::isGPGSigned(GPG_id id) { - storeAllKeys_timed(); + storeAllKeys_tick(); RsStackMutex stack(gpgMtx); /******* LOCKED ******/ certmap::iterator it; if (mKeyList.end() != (it = mKeyList.find(id))) @@ -1148,7 +1155,7 @@ bool AuthGPG::isGPGSigned(GPG_id id) bool AuthGPG::isGPGAccepted(GPG_id id) { - storeAllKeys_timed(); + storeAllKeys_tick(); RsStackMutex stack(gpgMtx); /******* LOCKED ******/ certmap::iterator it; if (mKeyList.end() != (it = mKeyList.find(id))) @@ -1176,7 +1183,7 @@ std::string AuthGPG::SaveCertificateToString(std::string id) return ""; } - storeAllKeys_timed(); + storeAllKeys_tick(); RsStackMutex stack(gpgMtx); /******* LOCKED ******/ std::string tmp; @@ -1281,7 +1288,7 @@ bool AuthGPG::LoadCertificateFromString(std::string str, std::string &gpg_id) /* extract id(s)! (only if we actually imported one) */ if (imported) { - storeAllKeys_locked(); + storeAllKeys(); } //retrieve the id of the key certmap::iterator it; @@ -1327,7 +1334,7 @@ bool AuthGPG::setAcceptToConnectGPGCertificate(std::string gpg_id, bool acceptan #endif /* reload stuff now ... */ - storeAllKeys_locked(); + storeAllKeys(); { RsStackMutex stack(gpgMtx); certmap::iterator it; @@ -1337,7 +1344,7 @@ bool AuthGPG::setAcceptToConnectGPGCertificate(std::string gpg_id, bool acceptan it->second.accept_connection = acceptance; mAcceptToConnectMap[gpg_id] = acceptance; } - storeAllKeys_locked(); + storeAllKeys(); IndicateConfigChanged(); @@ -1354,12 +1361,12 @@ bool AuthGPG::SignCertificateLevel0(GPG_id id) if (1 != privateSignCertificate(id)) { - storeAllKeys_locked(); + storeAllKeys(); return false; } /* reload stuff now ... */ - storeAllKeys_locked(); + storeAllKeys(); return true; } @@ -1381,15 +1388,17 @@ bool AuthGPG::TrustCertificate(std::string id, int trustlvl) #endif if (1 != privateTrustCertificate(id, trustlvl)) { - storeAllKeys_locked(); + storeAllKeys(); return false; } /* reload stuff now ... */ - storeAllKeys_locked(); + storeAllKeys(); return true; } +#if 0 +/* remove otherwise will cause bugs */ bool AuthGPG::SignData(std::string input, std::string &sign) { return false; @@ -1405,14 +1414,15 @@ bool AuthGPG::SignDataBin(std::string input, unsigned char *sign, unsigned int * { return false; } +#endif bool AuthGPG::SignDataBin(const void *data, unsigned int datalen, unsigned char *sign, unsigned int *signlen) { - return DoOwnSignature_locked(data, datalen, + return DoOwnSignature(data, datalen, sign, signlen); } bool AuthGPG::VerifySignBin(const void *data, uint32_t datalen, unsigned char *sign, unsigned int signlen, std::string withfingerprint) { - return VerifySignature_locked(data, datalen, + return VerifySignature(data, datalen, sign, signlen, withfingerprint); } @@ -1505,7 +1515,7 @@ int AuthGPG::privateTrustCertificate(std::string id, int trustlvl) trustCert.key = NULL; } - storeAllKeys_locked(); + storeAllKeys(); return 1; } @@ -2199,7 +2209,7 @@ bool AuthGPG::loadList(std::list load) std::cerr << "AuthGPG::loadList() Item Count: " << load.size() << std::endl; #endif - storeAllKeys_locked(); + storeAllKeys(); RsStackMutex stack(gpgMtx); /******* LOCKED ******/ /* load the list of accepted gpg keys */ diff --git a/libretroshare/src/pqi/authgpg.h b/libretroshare/src/pqi/authgpg.h index 8e505d333..813b31e42 100644 --- a/libretroshare/src/pqi/authgpg.h +++ b/libretroshare/src/pqi/authgpg.h @@ -98,8 +98,8 @@ class AuthGPG : public p3Config private: /* Internal functions */ - bool DoOwnSignature_locked(const void *, unsigned int, void *, unsigned int *); - bool VerifySignature_locked(const void *data, int datalen, const void *sig, unsigned int siglen, std::string withfingerprint); + bool DoOwnSignature(const void *, unsigned int, void *, unsigned int *); + bool VerifySignature(const void *data, int datalen, const void *sig, unsigned int siglen, std::string withfingerprint); /* Sign/Trust stuff */ int privateSignCertificate(GPG_id id); @@ -107,8 +107,9 @@ class AuthGPG : public p3Config int privateTrustCertificate(GPG_id id, int trustlvl); // store all keys in map mKeyList to avoid calling gpgme exe repeatedly - bool storeAllKeys_locked(); - bool storeAllKeys_timed(); + bool storeAllKeys(); + bool storeAllKeys_tick(); + // Not used anymore // bool updateTrustAllKeys_locked(); diff --git a/libretroshare/src/pqi/authssl.cc b/libretroshare/src/pqi/authssl.cc index e924a97e0..2dc592a55 100644 --- a/libretroshare/src/pqi/authssl.cc +++ b/libretroshare/src/pqi/authssl.cc @@ -1601,11 +1601,19 @@ bool AuthSSL::ValidateCertificate(X509 *x509, std::string &peerId) } /* store for discovery */ -//bool AuthSSL::FailedCertificate(X509 *x509, bool incoming) -//{ -// std::string id; -// return ProcessX509(x509, id); -//} +bool AuthSSL::FailedCertificate(X509 *x509, bool incoming) +{ + //std::string id; + //return ProcessX509(x509, id); + return true; +} + +bool AuthSSL::CheckCertificate(std::string id, X509 *x509) +{ + //std::string id; + //return ProcessX509(x509, id); + return true; +} bool AuthSSL::encrypt(void *&out, int &outlen, const void *in, int inlen, std::string peerId) { diff --git a/libretroshare/src/pqi/authssl.h b/libretroshare/src/pqi/authssl.h index 40ae47c61..4b251bd41 100644 --- a/libretroshare/src/pqi/authssl.h +++ b/libretroshare/src/pqi/authssl.h @@ -176,11 +176,10 @@ virtual bool ValidateCertificate(X509 *x509, std::string &peerId); /* validate public: /* SSL specific functions used in pqissl/pqissllistener */ SSL_CTX *getCTX(); -static int ex_data_ctx_index; //used to pass the peer id in the ssl context - -//bool FailedCertificate(X509 *x509, bool incoming); /* store for discovery */ -//bool CheckCertificate(std::string peerId, X509 *x509); /* check that they are exact match */ +/* Restored these functions: */ +bool FailedCertificate(X509 *x509, bool incoming); /* store for discovery */ +bool CheckCertificate(std::string peerId, X509 *x509); /* check that they are exact match */ /* Special Config Loading (backwards compatibility) */ //bool loadCertificates(bool &oldFormat, std::map &keyValueMap);