Git-Mirrors/RetroShare
1
0
Fork 0
mirror of https://github.com/RetroShare/RetroShare.git synced 2025-05-04 15:15:15 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

merged upstream/master

Browse source
This commit is contained in:
csoler 2017-01-04 20:24:08 +01:00
commit f72399f2a8
20 changed files with 362 additions and 178 deletions
Download patch file Download diff file Expand all files Collapse all files

7
libretroshare/src/gxs/gxssecurity.cc
View file

@ -386,7 +386,7 @@ bool GxsSecurity::validateNxsMsg(const RsNxsMsg& msg, const RsTlvKeySignature& s
std::cerr << std::endl;
std::cerr << "RsNxsMsg :";
std::cerr << std::endl;
msg.print(std::cerr, 10);
const_cast<RsNxsMsg*>(&msg)->print(std::cerr, 10);
std::cerr << std::endl;
#endif
@ -788,8 +788,7 @@ bool GxsSecurity::decrypt(uint8_t *& out, uint32_t & outlen, const uint8_t *in,
else
{
#ifdef GXS_SECURITY_DEBUG
std::cerr << "GxsSecurity(): Could not generate publish key " << grpId
<< std::endl;
std::cerr << "GxsSecurity(): Could not generate RSA private key " << key.keyId << std::endl;
#endif
return false;
}
@ -1019,7 +1018,7 @@ bool GxsSecurity::validateNxsGrp(const RsNxsGrp& grp, const RsTlvKeySignature& s
std::cerr << std::endl;
std::cerr << "RsNxsGrp :";
std::cerr << std::endl;
grp.print(std::cerr, 10);
const_cast<RsNxsGrp*>(&grp)->print(std::cerr, 10);
std::cerr << std::endl;
#endif

87
libretroshare/src/gxs/rsgenexchange.cc
View file

@ -758,7 +758,7 @@ int RsGenExchange::createMessage(RsNxsMsg* msg)
}
}
int RsGenExchange::validateMsg(RsNxsMsg *msg, const uint32_t& grpFlag, const uint32_t& signFlag, RsTlvSecurityKeySet& grpKeySet)
int RsGenExchange::validateMsg(RsNxsMsg *msg, const uint32_t& grpFlag, const uint32_t& /*signFlag*/, RsTlvSecurityKeySet& grpKeySet)
{
bool needIdentitySign = false;
bool needPublishSign = false;
@ -799,41 +799,52 @@ int RsGenExchange::validateMsg(RsNxsMsg *msg, const uint32_t& grpFlag, const uin
RsGxsMsgMetaData& metaData = *(msg->metaData);
if(needPublishSign)
{
RsTlvKeySignature sign = metaData.signSet.keySignSet[INDEX_AUTHEN_PUBLISH];
{
RsTlvKeySignature sign = metaData.signSet.keySignSet[INDEX_AUTHEN_PUBLISH];
std::map<RsGxsId, RsTlvPublicRSAKey>& keys = grpKeySet.public_keys;
std::map<RsGxsId, RsTlvPublicRSAKey>::iterator mit = keys.begin();
std::map<RsGxsId, RsTlvPublicRSAKey>& keys = grpKeySet.public_keys;
std::map<RsGxsId, RsTlvPublicRSAKey>::iterator mit = keys.begin();
RsGxsId keyId;
for(; mit != keys.end() ; ++mit)
{
RsTlvPublicRSAKey& key = mit->second;
RsGxsId keyId;
for(; mit != keys.end() ; ++mit)
{
RsTlvPublicRSAKey& key = mit->second;
if(key.keyFlags & RSTLV_KEY_DISTRIB_PUBLIC_deprecated)
{
keyId = key.keyId;
std::cerr << "WARNING: old style publish key with flags " << key.keyFlags << std::endl;
std::cerr << " this cannot be fixed, but RS will deal with it." << std::endl;
break ;
}
if(key.keyFlags & RSTLV_KEY_DISTRIB_PUBLISH) // we might have the private key, but we still should be able to check the signature
{
keyId = key.keyId;
break;
}
}
if(key.keyFlags & RSTLV_KEY_DISTRIB_PUBLIC_deprecated)
{
keyId = key.keyId;
std::cerr << "WARNING: old style publish key with flags " << key.keyFlags << std::endl;
std::cerr << " this cannot be fixed, but RS will deal with it." << std::endl;
break ;
}
if(key.keyFlags & RSTLV_KEY_DISTRIB_PUBLISH) // we might have the private key, but we still should be able to check the signature
{
keyId = key.keyId;
break;
}
}
if(!keyId.isNull())
{
RsTlvPublicRSAKey& key = keys[keyId];
publishValidate &= GxsSecurity::validateNxsMsg(*msg, sign, key);
}
else
{
publishValidate = false;
}
}
if(!keyId.isNull())
{
RsTlvPublicRSAKey& key = keys[keyId];
publishValidate &= GxsSecurity::validateNxsMsg(*msg, sign, key);
}
else
{
std::cerr << "(EE) public publish key not found in group that require publish key validation. This should not happen! msgId=" << metaData.mMsgId << ", grpId=" << metaData.mGroupId << std::endl;
std::cerr << "(EE) public keys available for this group are: " << std::endl;
for(std::map<RsGxsId, RsTlvPublicRSAKey>::const_iterator it(grpKeySet.public_keys.begin());it!=grpKeySet.public_keys.end();++it)
std::cerr << "(EE) " << it->first << std::endl;
std::cerr << "(EE) private keys available for this group are: " << std::endl;
for(std::map<RsGxsId, RsTlvPrivateRSAKey>::const_iterator it(grpKeySet.private_keys.begin());it!=grpKeySet.private_keys.end();++it)
std::cerr << "(EE) " << it->first << std::endl;
publishValidate = false;
}
}
else
{
publishValidate = true;
@ -888,14 +899,10 @@ int RsGenExchange::validateMsg(RsNxsMsg *msg, const uint32_t& grpFlag, const uin
if(details.mReputation.mOverallReputationLevel == RsReputations::REPUTATION_LOCALLY_NEGATIVE)
{
#ifdef GEN_EXCH_DEBUG
std::cerr << "RsGenExchange::validateMsg(): message from " << metaData.mAuthorId << ", rejected because reputation score (" << details.mReputation.mOverallReputationLevel <<") is below the accepted threshold (" << reputation_threshold << ")" << std::endl;
std::cerr << "RsGenExchange::validateMsg(): message from " << metaData.mAuthorId << ", rejected because reputation level (" << details.mReputation.mOverallReputationLevel <<") indicate that you banned this ID." << std::endl;
#endif
idValidate = false ;
}
#ifdef GEN_EXCH_DEBUG
else
std::cerr << "RsGenExchange::validateMsg(): message from " << metaData.mAuthorId << ", accepted. Reputation score (" << details.mReputation.mOverallReputationScore <<") is above accepted threshold (" << reputation_threshold << ")" << std::endl;
#endif
}
}
@ -2745,6 +2752,8 @@ void RsGenExchange::processRecvdMessages()
if(mit != grpMetas.end())
{
grpMeta = mit->second;
GxsSecurity::createPublicKeysFromPrivateKeys(grpMeta->keys); // make sure we have the public keys that correspond to the private ones, as it happens. Most of the time this call does nothing.
validateReturn = validateMsg(msg, grpMeta->mGroupFlags, grpMeta->mSignFlags, grpMeta->keys);
#ifdef GEN_EXCH_DEBUG
@ -2907,7 +2916,7 @@ void RsGenExchange::processRecvdGroups()
if(deserialOk && acceptNewGroup(meta))
{
#ifdef GEN_EXCH_DEBUG
std::cerr << " processing validation for group " << meta->mGroupId << ", attempts number " << gpsi.mAttempts << std::endl;
std::cerr << " processing validation for group " << meta->mGroupId << ", original attempt time: " << time(NULL) - gpsi.mFirstTryTS << " seconds ago" << std::endl;
#endif
grp->metaData = meta;
uint8_t ret = validateGrp(grp);
@ -3118,6 +3127,8 @@ bool RsGenExchange::updateValid(RsGxsGrpMetaData& oldGrpMeta, RsNxsGrp& newGrp)
RsTlvKeySignature adminSign = mit->second;
GxsSecurity::createPublicKeysFromPrivateKeys(oldGrpMeta.keys); // make sure we have the public keys that correspond to the private ones, as it happens. Most of the time this call does nothing.
std::map<RsGxsId, RsTlvPublicRSAKey>& keys = oldGrpMeta.keys.public_keys;
std::map<RsGxsId, RsTlvPublicRSAKey>::iterator keyMit = keys.find(RsGxsId(oldGrpMeta.mGroupId));

37
libretroshare/src/gxs/rsgxsnetservice.cc
View file

@ -2031,7 +2031,7 @@ void RsGxsNetService::updateServerSyncTS()
if(mGrpServerUpdate.grpUpdateTS < grpMeta->mRecvTS)
{
#ifdef NXS_NET_DEBUG_0
GXSNETDEBUG__G(grpId) << " updated msgUpdateTS to last RecvTS = " << time(NULL) - grpMeta->mRecvTS << " secs ago for group "<< grpId << ". This is probably because an update has been received." << std::endl;
GXSNETDEBUG__G(grpMeta->mGroupId) << " updated msgUpdateTS to last RecvTS = " << time(NULL) - grpMeta->mRecvTS << " secs ago for group "<< grpMeta->mGroupId << ". This is probably because an update has been received." << std::endl;
#endif
mGrpServerUpdate.grpUpdateTS = grpMeta->mRecvTS;
change = true;
@ -4218,24 +4218,29 @@ void RsGxsNetService::handleRecvSyncMessage(RsNxsSyncMsgReqItem *item,bool item_
{
RsGxsMsgMetaData* m = *vit;
RsIdentityDetails details ;
// Check reputation
if(!rsIdentity->getIdDetails(m->mAuthorId,details))
{
std::cerr << /* GXSNETDEBUG_PG(item->PeerId(),item->grpId) << */ " not sending grp message ID " << (*vit)->mMsgId << ", because the identity of the author is not accessible (unknown/not cached)" << std::endl;
continue ;
}
if(details.mReputation.mOverallReputationLevel < minReputationForForwardingMessages(grpMeta->mSignFlags, details.mFlags))
if(!m->mAuthorId.isNull())
{
//#ifdef NXS_NET_DEBUG_0
std::cerr << /* GXSNETDEBUG_PG(item->PeerId(),item->grpId) << */ " not sending item ID " << (*vit)->mMsgId << ", because the author is flags " << std::hex << details.mFlags << std::dec << " and reputation level " << details.mReputation.mOverallReputationLevel << std::endl;
//#endif
continue ;
RsIdentityDetails details ;
if(!rsIdentity->getIdDetails(m->mAuthorId,details))
{
std::cerr << /* GXSNETDEBUG_PG(item->PeerId(),item->grpId) << */ " not sending grp message ID " << (*vit)->mMsgId << ", because the identity of the author (" << m->mAuthorId << ") is not accessible (unknown/not cached)" << std::endl;
continue ;
}
if(details.mReputation.mOverallReputationLevel < minReputationForForwardingMessages(grpMeta->mSignFlags, details.mFlags))
{
//#ifdef NXS_NET_DEBUG_0
std::cerr << /* GXSNETDEBUG_PG(item->PeerId(),item->grpId) << */ " not sending item ID " << (*vit)->mMsgId << ", because the author is flags " << std::hex << details.mFlags << std::dec << " and reputation level " << details.mReputation.mOverallReputationLevel << std::endl;
//#endif
continue ;
}
}
// Check publish TS
if(item->createdSinceTS > (*vit)->mPublishTs || (*vit)->mPublishTs + max_send_delay < now)
if(item->createdSinceTS > (*vit)->mPublishTs || ((max_send_delay > 0) && (*vit)->mPublishTs + max_send_delay < now))
{
#ifdef NXS_NET_DEBUG_0
GXSNETDEBUG_PG(item->PeerId(),item->grpId) << " not sending item ID " << (*vit)->mMsgId << ", because it is too old (publishTS = " << (time(NULL)-(*vit)->mPublishTs)/86400 << " days ago" << std::endl;
@ -4750,7 +4755,7 @@ void RsGxsNetService::handleRecvPublishKeys(RsNxsGroupPublishKeyItem *item)
#ifdef NXS_NET_DEBUG_3
GXSNETDEBUG_PG(item->PeerId(),item->grpId) << " PeerId : " << item->PeerId() << std::endl;
GXSNETDEBUG_PG(item->PeerId(),item->grpId) << " GrpId: " << item->grpId << std::endl;
GXSNETDEBUG_PG(item->PeerId(),item->grpId) << " Got key Item: " << item->key.keyId << std::endl;
GXSNETDEBUG_PG(item->PeerId(),item->grpId) << " Got key Item: " << item->private_key.keyId << std::endl;
#endif
// Get the meta data for this group Id
@ -4778,7 +4783,7 @@ void RsGxsNetService::handleRecvPublishKeys(RsNxsGroupPublishKeyItem *item)
bool publi = (item->private_key.keyFlags & RSTLV_KEY_DISTRIB_PUBLISH) && (item->private_key.keyFlags & RSTLV_KEY_TYPE_FULL) ;
#ifdef NXS_NET_DEBUG_3
GXSNETDEBUG_PG(item->PeerId(),item->grpId)<< " Key id = " << item->key.keyId << " admin=" << admin << ", publish=" << publi << " ts=" << item->key.endTS << std::endl;
GXSNETDEBUG_PG(item->PeerId(),item->grpId)<< " Key id = " << item->private_key.keyId << " admin=" << admin << ", publish=" << publi << " ts=" << item->private_key.endTS << std::endl;
#endif
if(!(!admin && publi))

37
libretroshare/src/retroshare/rsgxsflags.h
View file

@ -19,9 +19,9 @@ namespace GXS_SERV {
/** START privacy **/
static const uint32_t FLAG_PRIVACY_MASK = 0x0000000f;
static const uint32_t FLAG_PRIVACY_PRIVATE = 0x00000001; // pub key encrypted
static const uint32_t FLAG_PRIVACY_RESTRICTED = 0x00000002; // publish private key needed to publish
static const uint32_t FLAG_PRIVACY_PUBLIC = 0x00000004; // anyone can publish, publish key pair not needed
static const uint32_t FLAG_PRIVACY_PRIVATE = 0x00000001; // pub key encrypted. No-one can read unless he has the key to decrypt the publish key.
static const uint32_t FLAG_PRIVACY_RESTRICTED = 0x00000002; // publish private key needed to publish. Typical usage: channels.
static const uint32_t FLAG_PRIVACY_PUBLIC = 0x00000004; // anyone can publish, publish key pair not needed. Typical usage: forums.
/** END privacy **/
@ -30,11 +30,11 @@ namespace GXS_SERV {
/** START author authentication flags **/
static const uint32_t FLAG_AUTHOR_AUTHENTICATION_MASK = 0x0000ff00;
static const uint32_t FLAG_AUTHOR_AUTHENTICATION_NONE = 0x00000000;
static const uint32_t FLAG_AUTHOR_AUTHENTICATION_GPG = 0x00000100;
static const uint32_t FLAG_AUTHOR_AUTHENTICATION_GPG = 0x00000100; // Anti-spam feature. Allows to ask higher reputation to anonymous IDs
static const uint32_t FLAG_AUTHOR_AUTHENTICATION_REQUIRED = 0x00000200;
static const uint32_t FLAG_AUTHOR_AUTHENTICATION_IFNOPUBSIGN = 0x00000400;
static const uint32_t FLAG_AUTHOR_AUTHENTICATION_TRACK_MESSAGES = 0x00000800; // not used anymore
static const uint32_t FLAG_AUTHOR_AUTHENTICATION_GPG_KNOWN = 0x00001000;
static const uint32_t FLAG_AUTHOR_AUTHENTICATION_GPG_KNOWN = 0x00001000; // Anti-spam feature. Allows to ask higher reputation to unknown IDs and anonymous IDs
static const uint32_t FLAG_GROUP_SIGN_PUBLISH_MASK = 0x000000ff;
static const uint32_t FLAG_GROUP_SIGN_PUBLISH_ENCRYPTED = 0x00000001;
@ -45,24 +45,25 @@ namespace GXS_SERV {
/** START msg authentication flags **/
static const uint8_t MSG_AUTHEN_MASK = 0x0f;
static const uint8_t MSG_AUTHEN_ROOT_PUBLISH_SIGN = 0x01;
static const uint8_t MSG_AUTHEN_CHILD_PUBLISH_SIGN = 0x02;
static const uint8_t MSG_AUTHEN_ROOT_AUTHOR_SIGN = 0x04;
static const uint8_t MSG_AUTHEN_CHILD_AUTHOR_SIGN = 0x08;
static const uint8_t MSG_AUTHEN_ROOT_PUBLISH_SIGN = 0x01; // means: new threads need to be signed by the publish signature of the group. Typical use: posts in channels.
static const uint8_t MSG_AUTHEN_CHILD_PUBLISH_SIGN = 0x02; // means: all messages need to be signed by the publish signature of the group. Typical use: channels were comments are restricted to the publisher.
static const uint8_t MSG_AUTHEN_ROOT_AUTHOR_SIGN = 0x04; // means: new threads need to be signed by the author of the message. Typical use: forums, since posts are signed.
static const uint8_t MSG_AUTHEN_CHILD_AUTHOR_SIGN = 0x08; // means: all messages need to be signed by the author of the message. Typical use: forums since response to posts are signed, and signed comments in channels.
/** END msg authentication flags **/
/** START group options flag **/
static const uint8_t GRP_OPTION_AUTHEN_AUTHOR_SIGN = 0x01;
static const uint8_t GRP_OPTION_AUTHEN_AUTHOR_SIGN = 0x01; // means: the group options (serialised grp data) needs to be signed by a specific author stored in GroupMeta.mAuthorId
// note that it is always signed by the *admin* (means the creator) of the group. This author signature is just an option here.
/** END group options flag **/
/** START Subscription Flags. (LOCAL) **/
static const uint32_t GROUP_SUBSCRIBE_ADMIN = 0x01;
static const uint32_t GROUP_SUBSCRIBE_PUBLISH = 0x02;
static const uint32_t GROUP_SUBSCRIBE_SUBSCRIBED = 0x04;
static const uint32_t GROUP_SUBSCRIBE_ADMIN = 0x01;// means: you have the admin key for this group
static const uint32_t GROUP_SUBSCRIBE_PUBLISH = 0x02;// means: you have the publish key for thiss group. Typical use: publish key in channels are shared with specific friends.
static const uint32_t GROUP_SUBSCRIBE_SUBSCRIBED = 0x04;// means: you are subscribed to a group, which makes you a source for this group to your friend nodes.
static const uint32_t GROUP_SUBSCRIBE_NOT_SUBSCRIBED = 0x08;
/*!
@ -82,11 +83,11 @@ namespace GXS_SERV {
* NOTE: RsGxsCommentService uses 0x000f0000.
*/
static const uint32_t GXS_MSG_STATUS_GEN_MASK = 0x0000ffff;
static const uint32_t GXS_MSG_STATUS_UNPROCESSED = 0x00000001;
static const uint32_t GXS_MSG_STATUS_GUI_UNREAD = 0x00000002;
static const uint32_t GXS_MSG_STATUS_GUI_NEW = 0x00000004;
static const uint32_t GXS_MSG_STATUS_KEEP = 0x00000008;
static const uint32_t GXS_MSG_STATUS_DELETE = 0x00000020;
static const uint32_t GXS_MSG_STATUS_UNPROCESSED = 0x00000001; // Flags to store the read/process status of group messages.
static const uint32_t GXS_MSG_STATUS_GUI_UNREAD = 0x00000002; // The actual meaning may depend on the type of service.
static const uint32_t GXS_MSG_STATUS_GUI_NEW = 0x00000004; //
static const uint32_t GXS_MSG_STATUS_KEEP = 0x00000008; //
static const uint32_t GXS_MSG_STATUS_DELETE = 0x00000020; //
/** END GXS Msg status flags **/

2
libretroshare/src/retroshare/rsgxsifacetypes.h
View file

@ -59,7 +59,7 @@ public:
RsGxsGroupId mGroupId;
std::string mGroupName;
uint32_t mGroupFlags;
uint32_t mGroupFlags; // Combination of FLAGS_PRIVACY_PRIVATE | FLAGS_PRIVACY_RESTRICTED | FLAGS_PRIVACY_PUBLIC
uint32_t mSignFlags; // Combination of RSGXS_GROUP_SIGN_PUBLISH_MASK & RSGXS_GROUP_SIGN_AUTHOR_MASK.
time_t mPublishTs; // Mandatory.

10
libretroshare/src/services/p3gxscircles.cc
View file

@ -159,21 +159,17 @@ RsServiceInfo p3GxsCircles::getServiceInfo()
uint32_t p3GxsCircles::circleAuthenPolicy()
{
uint32_t policy = 0;
uint8_t flag = 0;
//flag = GXS_SERV::MSG_AUTHEN_ROOT_PUBLISH_SIGN;
//flag = GXS_SERV::MSG_AUTHEN_CHILD_PUBLISH_SIGN;
//flag = GXS_SERV::MSG_AUTHEN_ROOT_AUTHOR_SIGN;
//flag = GXS_SERV::MSG_AUTHEN_CHILD_AUTHOR_SIGN;
flag = GXS_SERV::MSG_AUTHEN_ROOT_AUTHOR_SIGN | GXS_SERV::MSG_AUTHEN_CHILD_AUTHOR_SIGN;
RsGenExchange::setAuthenPolicyFlag(flag, policy, RsGenExchange::PUBLIC_GRP_BITS);
flag |= GXS_SERV::MSG_AUTHEN_ROOT_PUBLISH_SIGN | GXS_SERV::MSG_AUTHEN_CHILD_PUBLISH_SIGN;
RsGenExchange::setAuthenPolicyFlag(flag, policy, RsGenExchange::RESTRICTED_GRP_BITS);
RsGenExchange::setAuthenPolicyFlag(flag, policy, RsGenExchange::PRIVATE_GRP_BITS);
flag = 0;
//flag = GXS_SERV::GRP_OPTION_AUTHEN_AUTHOR_SIGN;
RsGenExchange::setAuthenPolicyFlag(flag, policy, RsGenExchange::GRP_OPTION_BITS);
return policy;

6
libretroshare/src/services/p3gxsreputation.cc
View file

@ -1347,13 +1347,13 @@ void Reputation::updateReputation()
for(std::map<RsPeerId,RsReputations::Opinion>::const_iterator it(mOpinions.begin());it!=mOpinions.end();++it)
{
if(it->second == RsReputations::OPINION_NEGATIVE)
if( it->second == RsReputations::OPINION_NEGATIVE)
++mFriendsNegative ;
if(it->second == RsReputations::OPINION_POSITIVE)
if( it->second == RsReputations::OPINION_POSITIVE)
++mFriendsPositive ;
friend_total += it->second - 1;
friend_total += it->second - 1 ;
}
if(mOpinions.empty()) // includes the case of no friends!