Bugfix for gpg connections.

added missing files to Makefiles



git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@1331 b45a01b8-16f6-495d-af2f-9b41ad6348cc
This commit is contained in:
drbob 2009-07-07 21:53:06 +00:00
parent cfc2aa89c7
commit fec470c774
6 changed files with 8 additions and 635 deletions

View File

@ -14,6 +14,7 @@ librs:
make -C pqi librs
make -C dbase librs
make -C services librs
make -C turtle librs
make -C dht librs
make -C upnp librs
make -C ft librs
@ -29,6 +30,7 @@ tests:
make -C pqi tests
make -C dbase tests
make -C services tests
make -C turtle tests
make -C dht tests
make -C upnp tests
make -C ft tests
@ -44,6 +46,7 @@ clean:
make -C pqi clean
make -C dbase clean
make -C services clean
make -C turtle clean
make -C dht clean
make -C upnp clean
make -C ft clean
@ -59,6 +62,7 @@ clobber:
make -C pqi clobber
make -C dbase clobber
make -C services clobber
make -C turtle clobber
make -C dht clobber
make -C upnp clobber
make -C server clobber

View File

@ -1652,6 +1652,8 @@ bool GPGAuthMgr::ValidateCertificate(X509 *x509, std::string &peerId)
{
return getX509id(x509, peerId);
}
/* be sure to get the id anyway */
getX509id(x509, peerId);
return false;
}

View File

@ -1,413 +0,0 @@
/*
* libretroshare/src gpgauthmgr.cc
*
* GPG interface for RetroShare.
*
* Copyright 2008-2009 by Raghu Dev R
*
* This library is free software; you can redistribute it and/or
* modify it under the termsf the GNU Library General Public
* License Version 2 as published by the Free Software Foundation.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library General Public License for more details.
*
* You should have received a copy of the GNU Library General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
* USA.
*
* Please report all bugs and problems to "retroshare@lunamutt.com".
* o
*/
#include <iostream>
#include "gpgauthmgr.h"
GPGAuthMgr::GPGAuthMgr()
:gpgmeInit(false)
{
setlocale(LC_ALL, "");
gpgme_check_version(NULL);
gpgme_set_locale(NULL, LC_CTYPE, setlocale (LC_CTYPE, NULL));
#ifndef HAVE_W32_SYSTEM
gpgme_set_locale(NULL, LC_MESSAGES, setlocale (LC_MESSAGES, NULL));
#endif
if (GPG_ERR_NO_ERROR != gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP))
{
std::cerr << "Error check engine version";
std::cerr << std::endl;
return;
}
if (GPG_ERR_NO_ERROR != gpgme_get_engine_info(&INFO))
{
std::cerr << "Error getting engine info";
std::cerr << std::endl;
return;
}
/* Create New Contexts */
if (GPG_ERR_NO_ERROR != gpgme_new(&CTX))
{
std::cerr << "Error creating GPGME Context";
std::cerr << std::endl;
return;
}
/* setup the protocol */
if (GPG_ERR_NO_ERROR != gpgme_set_protocol(CTX, GPGME_PROTOCOL_OpenPGP))
{
std::cerr << "Error creating Setting Protocol";
std::cerr << std::endl;
return;
}
/* if we get to here -> we have inited okay */
gpgmeInit = true;
// return storeAllKeys();
}
GPGAuthMgr::~GPGAuthMgr()
{
}
// store all keys in map mKeyList to avoid callin gpgme exe repeatedly
bool GPGAuthMgr::storeAllKeys()
{
gpg_error_t ERR;
if (!gpgmeInit)
{
std::cerr << "Error since GPG is not initialised";
std::cerr << std::endl;
return false;
}
/* store keys */
gpgme_key_t KEY = NULL;
/* Initiates a key listing */
if (GPG_ERR_NO_ERROR != gpgme_op_keylist_start (CTX, "", 1))
{
std::cerr << "Error iterating through KeyList";
std::cerr << std::endl;
return false;
}
/* Loop until end of key */
for(int i = 0;(GPG_ERR_NO_ERROR == (ERR = gpgme_op_keylist_next (CTX, &KEY))); i++)
{
/* store in pqiAuthDetails */
pqiAuthDetails entryDetails;
entryDetails.id = (KEY->subkeys) ? KEY->subkeys->keyid : NULL;
entryDetails.fpr= (KEY->subkeys) ? KEY->subkeys->fpr : NULL;
entryDetails.name = (KEY->uids) ? KEY->uids->name : NULL;
entryDetails.email = (KEY->uids) ? KEY->uids->email : NULL;
// entryDetails.location = "here";
// entryDetails.org = "me.com";
entryDetails.trustLvl = KEY->owner_trust;
entryDetails.ownsign = KEY->can_sign;
entryDetails.trusted = KEY->can_certify;
/* store in map */
mKeyList.insert(std::make_pair(entryDetails.id,entryDetails));
/* release key */
gpgme_key_release (KEY);
}
return true;
}
bool GPGAuthMgr:: active()
{
return gpgmeInit;
}
int GPGAuthMgr::InitAuth(const char *srvr_cert, const char *priv_key,
const char *passwd)
{
return 1;
}
bool GPGAuthMgr::CloseAuth()
{
return true;
}
int GPGAuthMgr::setConfigDirectories(std::string confFile, std::string neighDir)
{
return 1;
}
std::string GPGAuthMgr::OwnId()
{
return mOwnId;
}
bool GPGAuthMgr::getAllList(std::list<std::string> &ids)
{
std::cout << "344444555533333333" << std::endl ;
std::map<std::string, pqiAuthDetails>::iterator it;
for(it = mKeyList.begin(); it != mKeyList.end(); it++)
{
ids.push_back(it->first);
}
return true;
}
bool GPGAuthMgr::getAuthenticatedList(std::list<std::string> &ids)
{
std::map<std::string, pqiAuthDetails>::iterator it;
for(it = mKeyList.begin(); it != mKeyList.end(); it++)
{
if (it->second.trustLvl > 3)
{
ids.push_back(it->first);
}
}
return true;
}
bool GPGAuthMgr::getUnknownList(std::list<std::string> &ids)
{
std::map<std::string, pqiAuthDetails>::iterator it;
for(it = mKeyList.begin(); it != mKeyList.end(); it++)
{
if (it->second.trustLvl <= 3)
{
ids.push_back(it->first);
}
}
return true;
}
bool GPGAuthMgr::isValid(std::string id)
{
std::map<std::string, pqiAuthDetails>::iterator it;
return (mKeyList.end() != mKeyList.find(id));
}
bool GPGAuthMgr::isAuthenticated(std::string id)
{
std::map<std::string, pqiAuthDetails>::iterator it;
if (mKeyList.end() != (it = mKeyList.find(id)))
{
return (it->second.trustLvl > 3);
}
return false;
}
std::string GPGAuthMgr::getName(std::string id)
{
std::map<std::string, pqiAuthDetails>::iterator it;
if (mKeyList.end() != (it = mKeyList.find(id)))
{
return it->second.name;
}
std::string empty("");
return empty;
}
bool GPGAuthMgr::getDetails(std::string id, pqiAuthDetails &details)
{
std::map<std::string, pqiAuthDetails>::iterator it;
if (mKeyList.end() != (it = mKeyList.find(id)))
{
details = it->second;
return true;
}
return false;
}
bool GPGAuthMgr::FinalSaveCertificates()
{
return false;
}
bool GPGAuthMgr::CheckSaveCertificates()
{
return false;
}
bool GPGAuthMgr::saveCertificates()
{
return false;
}
bool GPGAuthMgr::loadCertificates()
{
return false;
}
bool GPGAuthMgr::LoadCertificateFromString(std::string pem, std::string &id)
{
return false;
}
std::string GPGAuthMgr::SaveCertificateToString(std::string id)
{
std::string dummy("CERT STRING");
return dummy;
}
bool GPGAuthMgr::LoadCertificateFromFile(std::string filename, std::string &id)
{
return false;
}
bool GPGAuthMgr::SaveCertificateToFile(std::string id, std::string filename)
{
return false;
}
bool GPGAuthMgr::LoadCertificateFromBinary(const uint8_t *ptr, uint32_t len, std::string &id)
{
return false;
}
bool GPGAuthMgr::SaveCertificateToBinary(std::string id, uint8_t **ptr, uint32_t *len)
{
return false;
}
/* Signatures */
bool GPGAuthMgr::AuthCertificate(std::string id)
{
return false;
}
bool GPGAuthMgr::SignCertificate(std::string id)
{
return false;
}
bool GPGAuthMgr::RevokeCertificate(std::string id)
{
return false;
}
bool GPGAuthMgr::TrustCertificate(std::string id, bool trust)
{
return false;
}
bool GPGAuthMgr::SignData(std::string input, std::string &sign)
{
return false;
}
bool GPGAuthMgr::SignData(const void *data, const uint32_t len, std::string &sign)
{
return false;
}
bool GPGAuthMgr::SignDataBin(std::string input, unsigned char *sign, unsigned int *signlen)
{
return false;
}
bool GPGAuthMgr::SignDataBin(const void *data, const uint32_t len,
unsigned char *sign, unsigned int *signlen)
{
return false;
}
#if 0
bool setupSSL(SSL_CTX *ctx)
{
/* signer is done by pgp, so we have to manually authenticate the certificate.
*/
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, verify_pgp_callback);
SSL_CTX_set_verify_depth(1);
/* generate a certificate */
}
static int verify_pgp_callback(int preverify_ok, X509_STORE_CTX *ctx)
{
char buf[256];
X509 *err_cert;
int err, depth;
SSL *ssl;
mydata_t *mydata;
err_cert = X509_STORE_CTX_get_current_cert(ctx);
err = X509_STORE_CTX_get_error(ctx);
depth = X509_STORE_CTX_get_error_depth(ctx);
/*
* Retrieve the pointer to the SSL of the connection currently treated
* and the application specific data stored into the SSL object.
*/
ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
mydata = SSL_get_ex_data(ssl, mydata_index);
X509_NAME_oneline(X509_get_subject_name(err_cert), buf, 256);
/*
* Catch a too long certificate chain. The depth limit set using
* SSL_CTX_set_verify_depth() is by purpose set to "limit+1" so
* that whenever the "depth>verify_depth" condition is met, we
* have violated the limit and want to log this error condition.
* We must do it here, because the CHAIN_TOO_LONG error would not
* be found explicitly; only errors introduced by cutting off the
* additional certificates would be logged.
*/
if (depth > mydata->verify_depth) {
preverify_ok = 0;
err = X509_V_ERR_CERT_CHAIN_TOO_LONG;
X509_STORE_CTX_set_error(ctx, err);
}
if (!preverify_ok) {
printf("verify error:num=%d:%s:depth=%d:%s\n", err,
X509_verify_cert_error_string(err), depth, buf);
}
else if (mydata->verbose_mode)
{
printf("depth=%d:%s\n", depth, buf);
}
/*
* At this point, err contains the last verification error. We can use
* it for something special
*/
if (!preverify_ok && (err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT))
{
X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), buf, 256);
printf("issuer= %s\n", buf);
}
if (mydata->always_continue)
return 1;
else
return preverify_ok;
}
#endif

View File

@ -1,219 +0,0 @@
/*
* libretroshare/src/ : gpgauthmgr.h
*
* GPG interface for RetroShare.
*
* Copyright 2008-2009 by Raghu Dev R.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Library General Public
* License Version 2 as published by the Free Software Foundation.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library General Public License for more details.
*
* You should have received a copy of the GNU Library General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
* USA.
*
* Please report all bugs and problems to "retroshare@lunamutt.com".
*
*/
#ifndef RS_GPG_AUTH_HEADER
#define RS_GPG_AUTH_HEADER
#include "p3authmgr.h"
#include <gpgme.h>
class GPGAuthMgr: public p3AuthMgr
{
public:
GPGAuthMgr();
~GPGAuthMgr();
/*********************************************************************************/
/************************* STAGE 1 ***********************************************/
/*********************************************************************************/
/*****
* STAGE 1: Initialisation.... As we are switching to OpenPGP the init functions
* will be different. Just move the initialisation functions over....
*
* As GPGMe requires external calls to the GPG executable, which could potentially
* be expensive, We'll want to cache the GPG keys in this class.
* This should be done at initialisation, and saved in a map.
* (see storage at the end of the class)
*
****/
/* initialisation -> done by derived classes */
bool active();
int InitAuth(const char *srvr_cert, const char *priv_key,
const char *passwd);
bool CloseAuth();
int setConfigDirectories(std::string confFile, std::string neighDir);
// store all keys in map mKeyList to avoid calling gpgme exe repeatedly
bool storeAllKeys();
/*********************************************************************************/
/************************* STAGE 2 ***********************************************/
/*********************************************************************************/
/*****
* STAGE 2: These are some of the most commonly used functions in Retroshare.
*
* provide access to the cache list that was created in stage 1.
*
****/
/* get Certificate Ids */
std::string OwnId();
bool getAllList(std::list<std::string> &ids);
bool getAuthenticatedList(std::list<std::string> &ids);
bool getUnknownList(std::list<std::string> &ids);
/*********************************************************************************/
/************************* STAGE 3 ***********************************************/
/*********************************************************************************/
/*****
* STAGE 3: These are some of the most commonly used functions in Retroshare.
*
* More commonly used functions.
*
* provide access to details in cache list.
*
****/
/* get Details from the Certificates */
bool isValid(std::string id);
bool isAuthenticated(std::string id);
std::string getName(std::string id);
bool getDetails(std::string id, pqiAuthDetails &details);
/*********************************************************************************/
/************************* STAGE 4 ***********************************************/
/*********************************************************************************/
/*****
* STAGE 4: Loading and Saving Certificates. (Strings and Files)
*
****/
/* Load/Save certificates */
bool LoadCertificateFromString(std::string pem, std::string &id);
std::string SaveCertificateToString(std::string id);
bool LoadCertificateFromFile(std::string filename, std::string &id);
bool SaveCertificateToFile(std::string id, std::string filename);
/*********************************************************************************/
/************************* STAGE 5 ***********************************************/
/*********************************************************************************/
/*****
* STAGE 5: Loading and Saving Certificates (Binary)
*
* The existing function arguments are based on OpenSSL functions.
* Feel free to change this format if required.
*
****/
bool LoadCertificateFromBinary(const uint8_t *ptr, uint32_t len, std::string &id);
bool SaveCertificateToBinary(std::string id, uint8_t **ptr, uint32_t *len);
/*********************************************************************************/
/************************* STAGE 6 ***********************************************/
/*********************************************************************************/
/*****
* STAGE 6: Authentication, Trust and Signing.
*
* This is some of the harder functions, but they should have been
* done in gpgroot already.
*
****/
/* Signatures */
bool AuthCertificate(std::string uid);
bool SignCertificate(std::string id);
bool RevokeCertificate(std::string id); /* Particularly hard - leave for later */
bool TrustCertificate(std::string id, bool trust);
/*********************************************************************************/
/************************* STAGE 7 ***********************************************/
/*********************************************************************************/
/*****
* STAGE 7: Signing Data.
*
* There should also be Encryption Functions... (do later).
*
****/
virtual bool SignData(std::string input, std::string &sign);
virtual bool SignData(const void *data, const uint32_t len, std::string &sign);
virtual bool SignDataBin(std::string input, unsigned char *sign, unsigned int *signlen);
virtual bool SignDataBin(const void *data, const uint32_t len,
unsigned char *sign, unsigned int *signlen);
/*********************************************************************************/
/************************* PGP Specific functions ********************************/
/*********************************************************************************/
/*
* These support the authentication process.
*
*/
/*
*
*/
bool checkSignature(std::string id, std::string hash, std::string signature);
/*********************************************************************************/
/************************* OTHER FUNCTIONS ***************************************/
/*********************************************************************************/
/*****
* We don't need these functions - as GPG stores the keys for us.
****/
/* High Level Load/Save Configuration */
bool FinalSaveCertificates();
bool CheckSaveCertificates();
bool saveCertificates();
bool loadCertificates();
private:
/* Example Storage - Change as needed */
std::string mOwnId;
std::map<std::string, pqiAuthDetails> mKeyList;
bool gpgmeInit;
gpgme_engine_info_t INFO;
gpgme_ctx_t CTX;
};
/*****
*
* Support Functions for OpenSSL verification.
*
*/
int verify_pgp_callback(int preverify_ok, X509_STORE_CTX *ctx);
#endif

View File

@ -15,8 +15,7 @@ RSOBJ = p3service.o p3chatservice.o p3msgservice.o \
p3Qblog.o \
p3forums.o \
p3channels.o \
p3portservice.o \
p3turtle.o
p3portservice.o
# dummy forums interface.
# p3forums-dummy.o \

View File

@ -7,7 +7,7 @@ RS_TOP_DIR = ..
include $(RS_TOP_DIR)/scripts/config.mk
###############################################################
RSOBJ = rsthreads.o rsprint.o rsnet.o rsdebug.o rsdir.o
RSOBJ = rsthreads.o rsprint.o rsnet.o rsdebug.o rsdir.o rsversion.o
TESTOBJ = dirtest.o dir2test.o