mirror of
https://github.com/RetroShare/RetroShare.git
synced 2025-08-18 10:58:43 -04:00
merged upstream/master
This commit is contained in:
csoler
commit
f72399f2a8
20 changed files with 362 additions and 178 deletions
|
|
@ -386,7 +386,7 @@ bool GxsSecurity::validateNxsMsg(const RsNxsMsg& msg, const RsTlvKeySignature& s
|
|||
std::cerr << std::endl;
|
||||
std::cerr << "RsNxsMsg :";
|
||||
std::cerr << std::endl;
|
||||
msg.print(std::cerr, 10);
|
||||
const_cast<RsNxsMsg*>(&msg)->print(std::cerr, 10);
|
||||
std::cerr << std::endl;
|
||||
#endif
|
||||
|
||||
|
|
@ -788,8 +788,7 @@ bool GxsSecurity::decrypt(uint8_t *& out, uint32_t & outlen, const uint8_t *in,
|
|||
else
|
||||
{
|
||||
#ifdef GXS_SECURITY_DEBUG
|
||||
std::cerr << "GxsSecurity(): Could not generate publish key " << grpId
|
||||
<< std::endl;
|
||||
std::cerr << "GxsSecurity(): Could not generate RSA private key " << key.keyId << std::endl;
|
||||
#endif
|
||||
return false;
|
||||
}
|
||||
|
|
@ -1019,7 +1018,7 @@ bool GxsSecurity::validateNxsGrp(const RsNxsGrp& grp, const RsTlvKeySignature& s
|
|||
std::cerr << std::endl;
|
||||
std::cerr << "RsNxsGrp :";
|
||||
std::cerr << std::endl;
|
||||
grp.print(std::cerr, 10);
|
||||
const_cast<RsNxsGrp*>(&grp)->print(std::cerr, 10);
|
||||
std::cerr << std::endl;
|
||||
#endif
|
||||
|
||||
|
|
|
|||
|
|
@ -758,7 +758,7 @@ int RsGenExchange::createMessage(RsNxsMsg* msg)
|
|||
}
|
||||
}
|
||||
|
||||
int RsGenExchange::validateMsg(RsNxsMsg *msg, const uint32_t& grpFlag, const uint32_t& signFlag, RsTlvSecurityKeySet& grpKeySet)
|
||||
int RsGenExchange::validateMsg(RsNxsMsg *msg, const uint32_t& grpFlag, const uint32_t& /*signFlag*/, RsTlvSecurityKeySet& grpKeySet)
|
||||
{
|
||||
bool needIdentitySign = false;
|
||||
bool needPublishSign = false;
|
||||
|
|
@ -799,41 +799,52 @@ int RsGenExchange::validateMsg(RsNxsMsg *msg, const uint32_t& grpFlag, const uin
|
|||
RsGxsMsgMetaData& metaData = *(msg->metaData);
|
||||
|
||||
if(needPublishSign)
|
||||
{
|
||||
RsTlvKeySignature sign = metaData.signSet.keySignSet[INDEX_AUTHEN_PUBLISH];
|
||||
{
|
||||
RsTlvKeySignature sign = metaData.signSet.keySignSet[INDEX_AUTHEN_PUBLISH];
|
||||
|
||||
std::map<RsGxsId, RsTlvPublicRSAKey>& keys = grpKeySet.public_keys;
|
||||
std::map<RsGxsId, RsTlvPublicRSAKey>::iterator mit = keys.begin();
|
||||
std::map<RsGxsId, RsTlvPublicRSAKey>& keys = grpKeySet.public_keys;
|
||||
std::map<RsGxsId, RsTlvPublicRSAKey>::iterator mit = keys.begin();
|
||||
|
||||
RsGxsId keyId;
|
||||
for(; mit != keys.end() ; ++mit)
|
||||
{
|
||||
RsTlvPublicRSAKey& key = mit->second;
|
||||
RsGxsId keyId;
|
||||
for(; mit != keys.end() ; ++mit)
|
||||
{
|
||||
RsTlvPublicRSAKey& key = mit->second;
|
||||
|
||||
if(key.keyFlags & RSTLV_KEY_DISTRIB_PUBLIC_deprecated)
|
||||
{
|
||||
keyId = key.keyId;
|
||||
std::cerr << "WARNING: old style publish key with flags " << key.keyFlags << std::endl;
|
||||
std::cerr << " this cannot be fixed, but RS will deal with it." << std::endl;
|
||||
break ;
|
||||
}
|
||||
if(key.keyFlags & RSTLV_KEY_DISTRIB_PUBLISH) // we might have the private key, but we still should be able to check the signature
|
||||
{
|
||||
keyId = key.keyId;
|
||||
break;
|
||||
}
|
||||
}
|
||||
if(key.keyFlags & RSTLV_KEY_DISTRIB_PUBLIC_deprecated)
|
||||
{
|
||||
keyId = key.keyId;
|
||||
std::cerr << "WARNING: old style publish key with flags " << key.keyFlags << std::endl;
|
||||
std::cerr << " this cannot be fixed, but RS will deal with it." << std::endl;
|
||||
break ;
|
||||
}
|
||||
if(key.keyFlags & RSTLV_KEY_DISTRIB_PUBLISH) // we might have the private key, but we still should be able to check the signature
|
||||
{
|
||||
keyId = key.keyId;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if(!keyId.isNull())
|
||||
{
|
||||
RsTlvPublicRSAKey& key = keys[keyId];
|
||||
publishValidate &= GxsSecurity::validateNxsMsg(*msg, sign, key);
|
||||
}
|
||||
else
|
||||
{
|
||||
publishValidate = false;
|
||||
}
|
||||
}
|
||||
if(!keyId.isNull())
|
||||
{
|
||||
RsTlvPublicRSAKey& key = keys[keyId];
|
||||
publishValidate &= GxsSecurity::validateNxsMsg(*msg, sign, key);
|
||||
}
|
||||
else
|
||||
{
|
||||
std::cerr << "(EE) public publish key not found in group that require publish key validation. This should not happen! msgId=" << metaData.mMsgId << ", grpId=" << metaData.mGroupId << std::endl;
|
||||
std::cerr << "(EE) public keys available for this group are: " << std::endl;
|
||||
|
||||
for(std::map<RsGxsId, RsTlvPublicRSAKey>::const_iterator it(grpKeySet.public_keys.begin());it!=grpKeySet.public_keys.end();++it)
|
||||
std::cerr << "(EE) " << it->first << std::endl;
|
||||
|
||||
std::cerr << "(EE) private keys available for this group are: " << std::endl;
|
||||
|
||||
for(std::map<RsGxsId, RsTlvPrivateRSAKey>::const_iterator it(grpKeySet.private_keys.begin());it!=grpKeySet.private_keys.end();++it)
|
||||
std::cerr << "(EE) " << it->first << std::endl;
|
||||
|
||||
publishValidate = false;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
publishValidate = true;
|
||||
|
|
@ -888,14 +899,10 @@ int RsGenExchange::validateMsg(RsNxsMsg *msg, const uint32_t& grpFlag, const uin
|
|||
if(details.mReputation.mOverallReputationLevel == RsReputations::REPUTATION_LOCALLY_NEGATIVE)
|
||||
{
|
||||
#ifdef GEN_EXCH_DEBUG
|
||||
std::cerr << "RsGenExchange::validateMsg(): message from " << metaData.mAuthorId << ", rejected because reputation score (" << details.mReputation.mOverallReputationLevel <<") is below the accepted threshold (" << reputation_threshold << ")" << std::endl;
|
||||
std::cerr << "RsGenExchange::validateMsg(): message from " << metaData.mAuthorId << ", rejected because reputation level (" << details.mReputation.mOverallReputationLevel <<") indicate that you banned this ID." << std::endl;
|
||||
#endif
|
||||
idValidate = false ;
|
||||
}
|
||||
#ifdef GEN_EXCH_DEBUG
|
||||
else
|
||||
std::cerr << "RsGenExchange::validateMsg(): message from " << metaData.mAuthorId << ", accepted. Reputation score (" << details.mReputation.mOverallReputationScore <<") is above accepted threshold (" << reputation_threshold << ")" << std::endl;
|
||||
#endif
|
||||
}
|
||||
|
||||
}
|
||||
|
|
@ -2745,6 +2752,8 @@ void RsGenExchange::processRecvdMessages()
|
|||
if(mit != grpMetas.end())
|
||||
{
|
||||
grpMeta = mit->second;
|
||||
GxsSecurity::createPublicKeysFromPrivateKeys(grpMeta->keys); // make sure we have the public keys that correspond to the private ones, as it happens. Most of the time this call does nothing.
|
||||
|
||||
validateReturn = validateMsg(msg, grpMeta->mGroupFlags, grpMeta->mSignFlags, grpMeta->keys);
|
||||
|
||||
#ifdef GEN_EXCH_DEBUG
|
||||
|
|
@ -2907,7 +2916,7 @@ void RsGenExchange::processRecvdGroups()
|
|||
if(deserialOk && acceptNewGroup(meta))
|
||||
{
|
||||
#ifdef GEN_EXCH_DEBUG
|
||||
std::cerr << " processing validation for group " << meta->mGroupId << ", attempts number " << gpsi.mAttempts << std::endl;
|
||||
std::cerr << " processing validation for group " << meta->mGroupId << ", original attempt time: " << time(NULL) - gpsi.mFirstTryTS << " seconds ago" << std::endl;
|
||||
#endif
|
||||
grp->metaData = meta;
|
||||
uint8_t ret = validateGrp(grp);
|
||||
|
|
@ -3118,6 +3127,8 @@ bool RsGenExchange::updateValid(RsGxsGrpMetaData& oldGrpMeta, RsNxsGrp& newGrp)
|
|||
|
||||
RsTlvKeySignature adminSign = mit->second;
|
||||
|
||||
GxsSecurity::createPublicKeysFromPrivateKeys(oldGrpMeta.keys); // make sure we have the public keys that correspond to the private ones, as it happens. Most of the time this call does nothing.
|
||||
|
||||
std::map<RsGxsId, RsTlvPublicRSAKey>& keys = oldGrpMeta.keys.public_keys;
|
||||
std::map<RsGxsId, RsTlvPublicRSAKey>::iterator keyMit = keys.find(RsGxsId(oldGrpMeta.mGroupId));
|
||||
|
||||
|
|
|
|||
|
|
@ -2031,7 +2031,7 @@ void RsGxsNetService::updateServerSyncTS()
|
|||
if(mGrpServerUpdate.grpUpdateTS < grpMeta->mRecvTS)
|
||||
{
|
||||
#ifdef NXS_NET_DEBUG_0
|
||||
GXSNETDEBUG__G(grpId) << " updated msgUpdateTS to last RecvTS = " << time(NULL) - grpMeta->mRecvTS << " secs ago for group "<< grpId << ". This is probably because an update has been received." << std::endl;
|
||||
GXSNETDEBUG__G(grpMeta->mGroupId) << " updated msgUpdateTS to last RecvTS = " << time(NULL) - grpMeta->mRecvTS << " secs ago for group "<< grpMeta->mGroupId << ". This is probably because an update has been received." << std::endl;
|
||||
#endif
|
||||
mGrpServerUpdate.grpUpdateTS = grpMeta->mRecvTS;
|
||||
change = true;
|
||||
|
|
@ -4218,24 +4218,29 @@ void RsGxsNetService::handleRecvSyncMessage(RsNxsSyncMsgReqItem *item,bool item_
|
|||
{
|
||||
RsGxsMsgMetaData* m = *vit;
|
||||
|
||||
RsIdentityDetails details ;
|
||||
// Check reputation
|
||||
|
||||
if(!rsIdentity->getIdDetails(m->mAuthorId,details))
|
||||
{
|
||||
std::cerr << /* GXSNETDEBUG_PG(item->PeerId(),item->grpId) << */ " not sending grp message ID " << (*vit)->mMsgId << ", because the identity of the author is not accessible (unknown/not cached)" << std::endl;
|
||||
continue ;
|
||||
}
|
||||
|
||||
if(details.mReputation.mOverallReputationLevel < minReputationForForwardingMessages(grpMeta->mSignFlags, details.mFlags))
|
||||
if(!m->mAuthorId.isNull())
|
||||
{
|
||||
//#ifdef NXS_NET_DEBUG_0
|
||||
std::cerr << /* GXSNETDEBUG_PG(item->PeerId(),item->grpId) << */ " not sending item ID " << (*vit)->mMsgId << ", because the author is flags " << std::hex << details.mFlags << std::dec << " and reputation level " << details.mReputation.mOverallReputationLevel << std::endl;
|
||||
//#endif
|
||||
continue ;
|
||||
RsIdentityDetails details ;
|
||||
|
||||
if(!rsIdentity->getIdDetails(m->mAuthorId,details))
|
||||
{
|
||||
std::cerr << /* GXSNETDEBUG_PG(item->PeerId(),item->grpId) << */ " not sending grp message ID " << (*vit)->mMsgId << ", because the identity of the author (" << m->mAuthorId << ") is not accessible (unknown/not cached)" << std::endl;
|
||||
continue ;
|
||||
}
|
||||
|
||||
if(details.mReputation.mOverallReputationLevel < minReputationForForwardingMessages(grpMeta->mSignFlags, details.mFlags))
|
||||
{
|
||||
//#ifdef NXS_NET_DEBUG_0
|
||||
std::cerr << /* GXSNETDEBUG_PG(item->PeerId(),item->grpId) << */ " not sending item ID " << (*vit)->mMsgId << ", because the author is flags " << std::hex << details.mFlags << std::dec << " and reputation level " << details.mReputation.mOverallReputationLevel << std::endl;
|
||||
//#endif
|
||||
continue ;
|
||||
}
|
||||
}
|
||||
// Check publish TS
|
||||
|
||||
if(item->createdSinceTS > (*vit)->mPublishTs || (*vit)->mPublishTs + max_send_delay < now)
|
||||
if(item->createdSinceTS > (*vit)->mPublishTs || ((max_send_delay > 0) && (*vit)->mPublishTs + max_send_delay < now))
|
||||
{
|
||||
#ifdef NXS_NET_DEBUG_0
|
||||
GXSNETDEBUG_PG(item->PeerId(),item->grpId) << " not sending item ID " << (*vit)->mMsgId << ", because it is too old (publishTS = " << (time(NULL)-(*vit)->mPublishTs)/86400 << " days ago" << std::endl;
|
||||
|
|
@ -4750,7 +4755,7 @@ void RsGxsNetService::handleRecvPublishKeys(RsNxsGroupPublishKeyItem *item)
|
|||
#ifdef NXS_NET_DEBUG_3
|
||||
GXSNETDEBUG_PG(item->PeerId(),item->grpId) << " PeerId : " << item->PeerId() << std::endl;
|
||||
GXSNETDEBUG_PG(item->PeerId(),item->grpId) << " GrpId: " << item->grpId << std::endl;
|
||||
GXSNETDEBUG_PG(item->PeerId(),item->grpId) << " Got key Item: " << item->key.keyId << std::endl;
|
||||
GXSNETDEBUG_PG(item->PeerId(),item->grpId) << " Got key Item: " << item->private_key.keyId << std::endl;
|
||||
#endif
|
||||
|
||||
// Get the meta data for this group Id
|
||||
|
|
@ -4778,7 +4783,7 @@ void RsGxsNetService::handleRecvPublishKeys(RsNxsGroupPublishKeyItem *item)
|
|||
bool publi = (item->private_key.keyFlags & RSTLV_KEY_DISTRIB_PUBLISH) && (item->private_key.keyFlags & RSTLV_KEY_TYPE_FULL) ;
|
||||
|
||||
#ifdef NXS_NET_DEBUG_3
|
||||
GXSNETDEBUG_PG(item->PeerId(),item->grpId)<< " Key id = " << item->key.keyId << " admin=" << admin << ", publish=" << publi << " ts=" << item->key.endTS << std::endl;
|
||||
GXSNETDEBUG_PG(item->PeerId(),item->grpId)<< " Key id = " << item->private_key.keyId << " admin=" << admin << ", publish=" << publi << " ts=" << item->private_key.endTS << std::endl;
|
||||
#endif
|
||||
|
||||
if(!(!admin && publi))
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue