Mirrors/overte-HifiExperiments
3
0
Fork 0
mirror of https://github.com/HifiExperiments/overte.git synced 2025-08-04 06:24:41 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix for pub key format returned to data-server

Browse source
This commit is contained in:
Stephen Birarda 2014-10-17 09:39:04 -07:00
parent a46610a7c1
commit d00e11541e
1 changed files with 48 additions and 47 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
domain-server/src/DomainServer.cpp
View file

@ -11,6 +11,7 @@
#include <openssl/err.h> #include <openssl/err.h>
#include <openssl/rsa.h> #include <openssl/rsa.h>
#include <openssl/x509.h>
#include <QtCore/QDir> #include <QtCore/QDir>
#include <QtCore/QJsonDocument> #include <QtCore/QJsonDocument>
@ -619,12 +620,13 @@ bool DomainServer::shouldAllowConnectionFromNode(const QString& username,
ALLOWED_USERS_SETTINGS_KEYPATH); ALLOWED_USERS_SETTINGS_KEYPATH);
static QStringList allowedUsers = allowedUsersVariant ? allowedUsersVariant->toStringList() : QStringList(); static QStringList allowedUsers = allowedUsersVariant ? allowedUsersVariant->toStringList() : QStringList();
if (allowedUsers.count() > 0) {
// this is an agent, we need to ask them to provide us with their signed username to see if they are allowed in
// we always let in a user who is sending a packet from our local socket or from the localhost address // we always let in a user who is sending a packet from our local socket or from the localhost address
if (senderSockAddr.getAddress() != LimitedNodeList::getInstance()->getLocalSockAddr().getAddress() if (senderSockAddr.getAddress() != LimitedNodeList::getInstance()->getLocalSockAddr().getAddress()
&& senderSockAddr.getAddress() != QHostAddress::LocalHost) { && senderSockAddr.getAddress() != QHostAddress::LocalHost) {
return true;
}
if (allowedUsers.count() > 0) {
if (allowedUsers.contains(username)) { if (allowedUsers.contains(username)) {
// it's possible this user can be allowed to connect, but we need to check their username signature // it's possible this user can be allowed to connect, but we need to check their username signature
@ -635,7 +637,7 @@ bool DomainServer::shouldAllowConnectionFromNode(const QString& username,
const unsigned char* publicKeyData = reinterpret_cast<const unsigned char*>(publicKeyArray.constData()); const unsigned char* publicKeyData = reinterpret_cast<const unsigned char*>(publicKeyArray.constData());
// first load up the public key into an RSA struct // first load up the public key into an RSA struct
RSA* rsaPublicKey = d2i_RSAPublicKey(NULL, &publicKeyData, publicKeyArray.size()); RSA* rsaPublicKey = d2i_RSA_PUBKEY(NULL, &publicKeyData, publicKeyArray.size());
if (rsaPublicKey) { if (rsaPublicKey) {
QByteArray decryptedArray(RSA_size(rsaPublicKey), 0); QByteArray decryptedArray(RSA_size(rsaPublicKey), 0);
@ -669,7 +671,6 @@ bool DomainServer::shouldAllowConnectionFromNode(const QString& username,
requestUserPublicKey(username); requestUserPublicKey(username);
} }
}
} else { } else {
// since we have no allowed user list, let them all in // since we have no allowed user list, let them all in
return true; return true;