From fec470c77413bfb70198f604bd0a0ae05d1e6da8 Mon Sep 17 00:00:00 2001 From: drbob Date: Tue, 7 Jul 2009 21:53:06 +0000 Subject: [PATCH] Bugfix for gpg connections. added missing files to Makefiles git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@1331 b45a01b8-16f6-495d-af2f-9b41ad6348cc --- libretroshare/src/Makefile | 4 + libretroshare/src/pqi/authgpg.cc | 2 + libretroshare/src/pqi/gpgauthmgr.cc | 413 ---------------------------- libretroshare/src/pqi/gpgauthmgr.h | 219 --------------- libretroshare/src/services/Makefile | 3 +- libretroshare/src/util/Makefile | 2 +- 6 files changed, 8 insertions(+), 635 deletions(-) delete mode 100644 libretroshare/src/pqi/gpgauthmgr.cc delete mode 100644 libretroshare/src/pqi/gpgauthmgr.h diff --git a/libretroshare/src/Makefile b/libretroshare/src/Makefile index 8ec1c2995..8363deb13 100644 --- a/libretroshare/src/Makefile +++ b/libretroshare/src/Makefile @@ -14,6 +14,7 @@ librs: make -C pqi librs make -C dbase librs make -C services librs + make -C turtle librs make -C dht librs make -C upnp librs make -C ft librs @@ -29,6 +30,7 @@ tests: make -C pqi tests make -C dbase tests make -C services tests + make -C turtle tests make -C dht tests make -C upnp tests make -C ft tests @@ -44,6 +46,7 @@ clean: make -C pqi clean make -C dbase clean make -C services clean + make -C turtle clean make -C dht clean make -C upnp clean make -C ft clean @@ -59,6 +62,7 @@ clobber: make -C pqi clobber make -C dbase clobber make -C services clobber + make -C turtle clobber make -C dht clobber make -C upnp clobber make -C server clobber diff --git a/libretroshare/src/pqi/authgpg.cc b/libretroshare/src/pqi/authgpg.cc index 189b8ddc7..1b3865d54 100644 --- a/libretroshare/src/pqi/authgpg.cc +++ b/libretroshare/src/pqi/authgpg.cc @@ -1652,6 +1652,8 @@ bool GPGAuthMgr::ValidateCertificate(X509 *x509, std::string &peerId) { return getX509id(x509, peerId); } + /* be sure to get the id anyway */ + getX509id(x509, peerId); return false; } diff --git a/libretroshare/src/pqi/gpgauthmgr.cc b/libretroshare/src/pqi/gpgauthmgr.cc deleted file mode 100644 index 86d5b7d0e..000000000 --- a/libretroshare/src/pqi/gpgauthmgr.cc +++ /dev/null @@ -1,413 +0,0 @@ -/* - * libretroshare/src gpgauthmgr.cc - * - * GPG interface for RetroShare. - * - * Copyright 2008-2009 by Raghu Dev R - * - * This library is free software; you can redistribute it and/or - * modify it under the termsf the GNU Library General Public - * License Version 2 as published by the Free Software Foundation. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Library General Public License for more details. - * - * You should have received a copy of the GNU Library General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 - * USA. - * - * Please report all bugs and problems to "retroshare@lunamutt.com". - * o - */ -#include -#include "gpgauthmgr.h" - - -GPGAuthMgr::GPGAuthMgr() - :gpgmeInit(false) -{ - - setlocale(LC_ALL, ""); - gpgme_check_version(NULL); - gpgme_set_locale(NULL, LC_CTYPE, setlocale (LC_CTYPE, NULL)); - - #ifndef HAVE_W32_SYSTEM - gpgme_set_locale(NULL, LC_MESSAGES, setlocale (LC_MESSAGES, NULL)); - #endif - - if (GPG_ERR_NO_ERROR != gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP)) - { - std::cerr << "Error check engine version"; - std::cerr << std::endl; - return; - } - - if (GPG_ERR_NO_ERROR != gpgme_get_engine_info(&INFO)) - { - std::cerr << "Error getting engine info"; - std::cerr << std::endl; - return; - } - - /* Create New Contexts */ - if (GPG_ERR_NO_ERROR != gpgme_new(&CTX)) - { - std::cerr << "Error creating GPGME Context"; - std::cerr << std::endl; - return; - } - - /* setup the protocol */ - if (GPG_ERR_NO_ERROR != gpgme_set_protocol(CTX, GPGME_PROTOCOL_OpenPGP)) - { - std::cerr << "Error creating Setting Protocol"; - std::cerr << std::endl; - return; - } - - /* if we get to here -> we have inited okay */ - gpgmeInit = true; - -// return storeAllKeys(); -} - - GPGAuthMgr::~GPGAuthMgr() -{ -} - -// store all keys in map mKeyList to avoid callin gpgme exe repeatedly -bool GPGAuthMgr::storeAllKeys() -{ - gpg_error_t ERR; - if (!gpgmeInit) - { - std::cerr << "Error since GPG is not initialised"; - std::cerr << std::endl; - return false; - } - - /* store keys */ - gpgme_key_t KEY = NULL; - - /* Initiates a key listing */ - if (GPG_ERR_NO_ERROR != gpgme_op_keylist_start (CTX, "", 1)) - { - std::cerr << "Error iterating through KeyList"; - std::cerr << std::endl; - return false; - } - - /* Loop until end of key */ - for(int i = 0;(GPG_ERR_NO_ERROR == (ERR = gpgme_op_keylist_next (CTX, &KEY))); i++) - { - /* store in pqiAuthDetails */ - pqiAuthDetails entryDetails; - entryDetails.id = (KEY->subkeys) ? KEY->subkeys->keyid : NULL; - entryDetails.fpr= (KEY->subkeys) ? KEY->subkeys->fpr : NULL; - entryDetails.name = (KEY->uids) ? KEY->uids->name : NULL; - entryDetails.email = (KEY->uids) ? KEY->uids->email : NULL; - // entryDetails.location = "here"; - // entryDetails.org = "me.com"; - - entryDetails.trustLvl = KEY->owner_trust; - entryDetails.ownsign = KEY->can_sign; - entryDetails.trusted = KEY->can_certify; - - /* store in map */ - mKeyList.insert(std::make_pair(entryDetails.id,entryDetails)); - - /* release key */ - gpgme_key_release (KEY); - } - return true; - -} - - -bool GPGAuthMgr:: active() -{ - return gpgmeInit; -} - -int GPGAuthMgr::InitAuth(const char *srvr_cert, const char *priv_key, - const char *passwd) -{ - return 1; -} - -bool GPGAuthMgr::CloseAuth() -{ - return true; -} - -int GPGAuthMgr::setConfigDirectories(std::string confFile, std::string neighDir) -{ - return 1; -} - -std::string GPGAuthMgr::OwnId() -{ - return mOwnId; -} - -bool GPGAuthMgr::getAllList(std::list &ids) -{ - std::cout << "344444555533333333" << std::endl ; - std::map::iterator it; - for(it = mKeyList.begin(); it != mKeyList.end(); it++) - { - ids.push_back(it->first); - } - return true; -} - -bool GPGAuthMgr::getAuthenticatedList(std::list &ids) -{ - std::map::iterator it; - for(it = mKeyList.begin(); it != mKeyList.end(); it++) - { - if (it->second.trustLvl > 3) - { - ids.push_back(it->first); - } - } - return true; -} - -bool GPGAuthMgr::getUnknownList(std::list &ids) -{ - std::map::iterator it; - for(it = mKeyList.begin(); it != mKeyList.end(); it++) - { - if (it->second.trustLvl <= 3) - { - ids.push_back(it->first); - } - } - return true; -} - -bool GPGAuthMgr::isValid(std::string id) -{ - std::map::iterator it; - return (mKeyList.end() != mKeyList.find(id)); -} - - -bool GPGAuthMgr::isAuthenticated(std::string id) -{ - std::map::iterator it; - if (mKeyList.end() != (it = mKeyList.find(id))) - { - return (it->second.trustLvl > 3); - } - return false; -} - -std::string GPGAuthMgr::getName(std::string id) -{ - std::map::iterator it; - if (mKeyList.end() != (it = mKeyList.find(id))) - { - return it->second.name; - } - std::string empty(""); - return empty; -} - -bool GPGAuthMgr::getDetails(std::string id, pqiAuthDetails &details) -{ - std::map::iterator it; - if (mKeyList.end() != (it = mKeyList.find(id))) - { - details = it->second; - return true; - } - return false; -} - -bool GPGAuthMgr::FinalSaveCertificates() -{ - return false; -} - -bool GPGAuthMgr::CheckSaveCertificates() -{ - return false; -} - -bool GPGAuthMgr::saveCertificates() -{ - return false; -} - -bool GPGAuthMgr::loadCertificates() -{ - return false; -} - -bool GPGAuthMgr::LoadCertificateFromString(std::string pem, std::string &id) -{ - return false; -} - -std::string GPGAuthMgr::SaveCertificateToString(std::string id) -{ - std::string dummy("CERT STRING"); - return dummy; -} - -bool GPGAuthMgr::LoadCertificateFromFile(std::string filename, std::string &id) -{ - return false; -} - -bool GPGAuthMgr::SaveCertificateToFile(std::string id, std::string filename) -{ - return false; -} -bool GPGAuthMgr::LoadCertificateFromBinary(const uint8_t *ptr, uint32_t len, std::string &id) -{ - return false; -} - -bool GPGAuthMgr::SaveCertificateToBinary(std::string id, uint8_t **ptr, uint32_t *len) -{ - return false; -} - - /* Signatures */ -bool GPGAuthMgr::AuthCertificate(std::string id) -{ - return false; -} - -bool GPGAuthMgr::SignCertificate(std::string id) -{ - return false; -} - -bool GPGAuthMgr::RevokeCertificate(std::string id) -{ - return false; -} - -bool GPGAuthMgr::TrustCertificate(std::string id, bool trust) -{ - return false; -} - -bool GPGAuthMgr::SignData(std::string input, std::string &sign) -{ - return false; -} - -bool GPGAuthMgr::SignData(const void *data, const uint32_t len, std::string &sign) -{ - return false; -} - - -bool GPGAuthMgr::SignDataBin(std::string input, unsigned char *sign, unsigned int *signlen) -{ - return false; -} - -bool GPGAuthMgr::SignDataBin(const void *data, const uint32_t len, - unsigned char *sign, unsigned int *signlen) -{ - return false; -} - - - - - - - - - - -#if 0 - -bool setupSSL(SSL_CTX *ctx) -{ - /* signer is done by pgp, so we have to manually authenticate the certificate. - */ - - SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, verify_pgp_callback); - SSL_CTX_set_verify_depth(1); - - /* generate a certificate */ - -} - - -static int verify_pgp_callback(int preverify_ok, X509_STORE_CTX *ctx) -{ - char buf[256]; - X509 *err_cert; - int err, depth; - SSL *ssl; - mydata_t *mydata; - - err_cert = X509_STORE_CTX_get_current_cert(ctx); - err = X509_STORE_CTX_get_error(ctx); - depth = X509_STORE_CTX_get_error_depth(ctx); - - /* - * Retrieve the pointer to the SSL of the connection currently treated - * and the application specific data stored into the SSL object. - */ - ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx()); - mydata = SSL_get_ex_data(ssl, mydata_index); - - X509_NAME_oneline(X509_get_subject_name(err_cert), buf, 256); - - /* - * Catch a too long certificate chain. The depth limit set using - * SSL_CTX_set_verify_depth() is by purpose set to "limit+1" so - * that whenever the "depth>verify_depth" condition is met, we - * have violated the limit and want to log this error condition. - * We must do it here, because the CHAIN_TOO_LONG error would not - * be found explicitly; only errors introduced by cutting off the - * additional certificates would be logged. - */ - - - if (depth > mydata->verify_depth) { - preverify_ok = 0; - err = X509_V_ERR_CERT_CHAIN_TOO_LONG; - X509_STORE_CTX_set_error(ctx, err); - } - if (!preverify_ok) { - printf("verify error:num=%d:%s:depth=%d:%s\n", err, - X509_verify_cert_error_string(err), depth, buf); - } - else if (mydata->verbose_mode) - { - printf("depth=%d:%s\n", depth, buf); - } - - /* - * At this point, err contains the last verification error. We can use - * it for something special - */ - - if (!preverify_ok && (err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT)) - { - X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), buf, 256); - printf("issuer= %s\n", buf); - } - - if (mydata->always_continue) - return 1; - else - return preverify_ok; -} - -#endif - diff --git a/libretroshare/src/pqi/gpgauthmgr.h b/libretroshare/src/pqi/gpgauthmgr.h deleted file mode 100644 index 03dec2f91..000000000 --- a/libretroshare/src/pqi/gpgauthmgr.h +++ /dev/null @@ -1,219 +0,0 @@ -/* - * libretroshare/src/ : gpgauthmgr.h - * - * GPG interface for RetroShare. - * - * Copyright 2008-2009 by Raghu Dev R. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Library General Public - * License Version 2 as published by the Free Software Foundation. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Library General Public License for more details. - * - * You should have received a copy of the GNU Library General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 - * USA. - * - * Please report all bugs and problems to "retroshare@lunamutt.com". - * - */ - -#ifndef RS_GPG_AUTH_HEADER -#define RS_GPG_AUTH_HEADER - -#include "p3authmgr.h" -#include - -class GPGAuthMgr: public p3AuthMgr -{ - public: - - GPGAuthMgr(); - ~GPGAuthMgr(); - -/*********************************************************************************/ -/************************* STAGE 1 ***********************************************/ -/*********************************************************************************/ -/***** - * STAGE 1: Initialisation.... As we are switching to OpenPGP the init functions - * will be different. Just move the initialisation functions over.... - * - * As GPGMe requires external calls to the GPG executable, which could potentially - * be expensive, We'll want to cache the GPG keys in this class. - * This should be done at initialisation, and saved in a map. - * (see storage at the end of the class) - * - ****/ - - /* initialisation -> done by derived classes */ - bool active(); - int InitAuth(const char *srvr_cert, const char *priv_key, - const char *passwd); - bool CloseAuth(); - int setConfigDirectories(std::string confFile, std::string neighDir); - -// store all keys in map mKeyList to avoid calling gpgme exe repeatedly - bool storeAllKeys(); - -/*********************************************************************************/ -/************************* STAGE 2 ***********************************************/ -/*********************************************************************************/ -/***** - * STAGE 2: These are some of the most commonly used functions in Retroshare. - * - * provide access to the cache list that was created in stage 1. - * - ****/ - - /* get Certificate Ids */ - - std::string OwnId(); - bool getAllList(std::list &ids); - bool getAuthenticatedList(std::list &ids); - bool getUnknownList(std::list &ids); - -/*********************************************************************************/ -/************************* STAGE 3 ***********************************************/ -/*********************************************************************************/ -/***** - * STAGE 3: These are some of the most commonly used functions in Retroshare. - * - * More commonly used functions. - * - * provide access to details in cache list. - * - ****/ - - /* get Details from the Certificates */ - - bool isValid(std::string id); - bool isAuthenticated(std::string id); - std::string getName(std::string id); - bool getDetails(std::string id, pqiAuthDetails &details); - - -/*********************************************************************************/ -/************************* STAGE 4 ***********************************************/ -/*********************************************************************************/ -/***** - * STAGE 4: Loading and Saving Certificates. (Strings and Files) - * - ****/ - - - /* Load/Save certificates */ - bool LoadCertificateFromString(std::string pem, std::string &id); - std::string SaveCertificateToString(std::string id); - bool LoadCertificateFromFile(std::string filename, std::string &id); - bool SaveCertificateToFile(std::string id, std::string filename); - -/*********************************************************************************/ -/************************* STAGE 5 ***********************************************/ -/*********************************************************************************/ -/***** - * STAGE 5: Loading and Saving Certificates (Binary) - * - * The existing function arguments are based on OpenSSL functions. - * Feel free to change this format if required. - * - ****/ - - - bool LoadCertificateFromBinary(const uint8_t *ptr, uint32_t len, std::string &id); - bool SaveCertificateToBinary(std::string id, uint8_t **ptr, uint32_t *len); - -/*********************************************************************************/ -/************************* STAGE 6 ***********************************************/ -/*********************************************************************************/ -/***** - * STAGE 6: Authentication, Trust and Signing. - * - * This is some of the harder functions, but they should have been - * done in gpgroot already. - * - ****/ - - /* Signatures */ - bool AuthCertificate(std::string uid); - bool SignCertificate(std::string id); - bool RevokeCertificate(std::string id); /* Particularly hard - leave for later */ - bool TrustCertificate(std::string id, bool trust); - -/*********************************************************************************/ -/************************* STAGE 7 ***********************************************/ -/*********************************************************************************/ -/***** - * STAGE 7: Signing Data. - * - * There should also be Encryption Functions... (do later). - * - ****/ - -virtual bool SignData(std::string input, std::string &sign); -virtual bool SignData(const void *data, const uint32_t len, std::string &sign); -virtual bool SignDataBin(std::string input, unsigned char *sign, unsigned int *signlen); -virtual bool SignDataBin(const void *data, const uint32_t len, - unsigned char *sign, unsigned int *signlen); - -/*********************************************************************************/ -/************************* PGP Specific functions ********************************/ -/*********************************************************************************/ - -/* - * These support the authentication process. - * - */ - -/* - * - */ - -bool checkSignature(std::string id, std::string hash, std::string signature); - - - - -/*********************************************************************************/ -/************************* OTHER FUNCTIONS ***************************************/ -/*********************************************************************************/ -/***** - * We don't need these functions - as GPG stores the keys for us. - ****/ - - /* High Level Load/Save Configuration */ - bool FinalSaveCertificates(); - bool CheckSaveCertificates(); - bool saveCertificates(); - bool loadCertificates(); - - private: - - /* Example Storage - Change as needed */ - - std::string mOwnId; - std::map mKeyList; - - bool gpgmeInit; - gpgme_engine_info_t INFO; - gpgme_ctx_t CTX; -}; - -/***** - * - * Support Functions for OpenSSL verification. - * - */ - -int verify_pgp_callback(int preverify_ok, X509_STORE_CTX *ctx); - - -#endif - - - - diff --git a/libretroshare/src/services/Makefile b/libretroshare/src/services/Makefile index 747be5f3d..c85837f32 100644 --- a/libretroshare/src/services/Makefile +++ b/libretroshare/src/services/Makefile @@ -15,8 +15,7 @@ RSOBJ = p3service.o p3chatservice.o p3msgservice.o \ p3Qblog.o \ p3forums.o \ p3channels.o \ - p3portservice.o \ - p3turtle.o + p3portservice.o # dummy forums interface. # p3forums-dummy.o \ diff --git a/libretroshare/src/util/Makefile b/libretroshare/src/util/Makefile index e4e3ed071..70f15b3be 100644 --- a/libretroshare/src/util/Makefile +++ b/libretroshare/src/util/Makefile @@ -7,7 +7,7 @@ RS_TOP_DIR = .. include $(RS_TOP_DIR)/scripts/config.mk ############################################################### -RSOBJ = rsthreads.o rsprint.o rsnet.o rsdebug.o rsdir.o +RSOBJ = rsthreads.o rsprint.o rsnet.o rsdebug.o rsdir.o rsversion.o TESTOBJ = dirtest.o dir2test.o